mirror of https://github.com/chiteroman/PlayIntegrityFix.git synced 2025-04-29 01:22:07 +08:00

Fix Play Integrity (and SafetyNet) verdicts.

Go to file

Thisisauser6443 2b0135c2e6 Update README.md Perfection at the first attempt, as you can tell, is by no means easy. This should make it more prominent that the majority of folks don't need to follow this path		2025-03-01 19:01:01 +00:00
.github	Update FUNDING.yml	2024-11-26 22:24:57 +01:00
app	Fix warnings	2025-02-28 19:10:36 +01:00
gradle	Update Gradle, AGP, NDK, build tools	2025-02-28 19:10:22 +01:00
module	webui: limit content in one page	2025-02-25 15:45:49 +08:00
.gitattributes	Create .gitattributes	2024-10-24 22:34:35 +02:00
.gitignore	Rebase PIF	2024-07-21 18:34:45 +02:00
.gitmodules	Use JingMatrix fork of Dobby	2025-02-28 19:01:15 +01:00
build.gradle.kts	Rebase PIF	2024-07-21 18:34:45 +02:00
changelog.md	v18.6	2025-02-21 15:59:17 +01:00
gradle.properties	Rebase PIF	2024-07-21 18:34:45 +02:00
gradlew	Rebase PIF	2024-07-21 18:34:45 +02:00
gradlew.bat	Convert to Linux line endings (LF)	2024-10-22 12:15:16 +02:00
LICENSE	Create LICENSE	2024-09-15 18:27:39 +02:00
README.md	Update README.md	2025-03-01 19:01:01 +00:00
settings.gradle.kts	Rebase PIF	2024-07-21 18:34:45 +02:00
update.json	v18.6	2025-02-21 15:59:17 +01:00

README.md

Play Integrity Fix

This module tries to fix Play Integrity and SafetyNet verdicts to get a valid attestation.

NOTE

This module is not made to hide root, nor to avoid detections in other apps. It only serves to pass Device verdict in the Play Integrity tests and certify your device. All issues created to report a non-Google app not working will be closed without notice.

Tutorial

You will need root and Zygisk, so you must choose ONE of this three setups:

Magisk with Zygisk enabled.
KernelSU with ZygiskNext module installed.
APatch with ZygiskNext module installed.

After flashing and reboot your device, you can check PI and SN using these apps:

Play Integrity -> https://play.google.com/store/apps/details?id=gr.nikolasspyr.integritycheck
SafetyNet -> https://play.google.com/store/apps/details?id=rikka.safetynetchecker

NOTE: if you get an error message about a limit, you need to use another app, this is because a lot of users are requesting an attestation.

NOTE: SafetyNet is obsolete, more info here: https://developer.android.com/privacy-and-security/safetynet/deprecation-timeline

Also, if you are using custom rom or custom kernel, be sure that your kernel name isn't blacklisted, you can check it running uname -r command. This is a list of banned strings: https://xdaforums.com/t/module-play-integrity-fix-safetynet-fix.4607985/post-89308909

Verdicts

After requesting an attestation, you should get this result:

MEETS_BASIC_INTEGRITY ✅
MEETS_DEVICE_INTEGRITY ✅
MEETS_STRONG_INTEGRITY ❌
MEETS_VIRTUAL_INTEGRITY ❌ (this is for emulators only)

You can know more about verdicts in this post: https://xdaforums.com/t/info-play-integrity-api-replacement-for-safetynet.4479337/

And in SafetyNet you should get this:

basicIntegrity: true
ctsProfileMatch: true
evaluationType: BASIC

A word on passing Strong Integrity

While this module only returns passing verdicts for as far up as MEETS_DEVICE_INTEGRITY, it is possible to achieve a passing verdict for MEETS_STRONG_INTEGRITY by using 5ec1cff's TrickyStore. To put simply, this allows for spoofing a valid certificate chain (Often distributed as a file named keybox.xml and just called a keybox) to your device's Trusted Execution Environment (TEE) module, in addition to spoofing the bootloader as locked.

However, it must be stressed that a keybox is hard to come by, given that they're leaked (Usually inadvertently) from OEMs and vendors. Even then, they are also often quite quickly revoked, due to a combination of people sending a deluge of server requests (Mostly for flexing their strong verdicts, which they probably didn't need anyway... You know who you are) and Google deploying specialised crawlers for automated detection. And, as quickly mentioned before, you'll likely won't even need one, since basic functions (Such as NFC payments and RCS messaging) and the vast majority of apps only mandate device integrity.

As for what happens when a keybox is eventually revoked, you'll know when you're only passing MEETS_BASIC_INTEGRITY or by checking the key itself via vvb2060's Key Attestation Demo. At this point, you'll need to find another unrevoked keybox (Strong integrity), use the publicly available AOSP keybox (Device integrity), or remove TrickyStore (Device integrity).

TL;DR: Unless it is ABSOLUTELY VITAL for your use case(s), chances are you'll be completely fine only passing up as far as MEETS_DEVICE_INTEGRITY, and not diving into this rabbit hole.

Acknowledgments

kdrag0n & Displax for the original idea.
osm0sis for his original autopif2.sh script, and backslashxx & KOWX712 for improving it (action.sh).

FAQ

https://xdaforums.com/t/pif-faq.4653307/

Download

https://github.com/chiteroman/PlayIntegrityFix/releases/latest

Donations

PayPal