v13.7

app/src/main/cpp/CMakeLists.txt

@@ -2,16 +2,14 @@ cmake_minimum_required(VERSION 3.22.1)
 
 project("playintegrityfix")
 
+find_package(cxx REQUIRED CONFIG)
+
+link_libraries(cxx::cxx)
+
 add_library(${CMAKE_PROJECT_NAME} SHARED main.cpp)
 
 add_subdirectory(Dobby)
 
 SET_OPTION(Plugin.Android.BionicLinkerUtil ON)
 
-find_package(cxx REQUIRED CONFIG)
-
-target_link_libraries(dobby cxx::cxx)
-
-target_link_libraries(dobby_static cxx::cxx)
-
-target_link_libraries(${CMAKE_PROJECT_NAME} PRIVATE cxx::cxx log dobby_static)
+target_link_libraries(${CMAKE_PROJECT_NAME} PRIVATE log dobby_static)

app/src/main/cpp/main.cpp

@@ -1,22 +1,18 @@
 #include <android/log.h>
 #include <sys/system_properties.h>
 #include <unistd.h>
+#include <string_view>
+#include <map>
+#include <vector>
 
 #include "zygisk.hpp"
 #include "dobby.h"
-#include "json.hpp"
 
 #define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, "PIF/Native", __VA_ARGS__)
 
-#define DEX_FILE_PATH "/data/adb/modules/playintegrityfix/classes.dex"
+#define FIRST_API_LEVEL "25"
 
-#define PROP_FILE_PATH "/data/adb/modules/playintegrityfix/pif.json"
-
-#define DEF_FIRST_API_LEVEL "23"
-
-#define DEF_SECURITY_PATCH "2017-08-05"
-
-static std::string SECURITY_PATCH, FIRST_API_LEVEL;
+#define SECURITY_PATCH "2017-08-05"
 
 typedef void (*T_Callback)(void *, const char *, const char *, uint32_t);
 
@@ -31,21 +27,13 @@ static void modify_callback(void *cookie, const char *name, const char *value, u
     std::string_view prop(name);
 
     if (prop.ends_with("api_level")) {
-        if (FIRST_API_LEVEL.empty()) {
-            value = nullptr;
-        } else {
-            value = FIRST_API_LEVEL.c_str();
-        }
+        value = FIRST_API_LEVEL;
+        LOGD("[%s] -> %s", name, value);
     } else if (prop.ends_with("security_patch")) {
-        if (SECURITY_PATCH.empty()) {
-            value = nullptr;
-        } else {
-            value = SECURITY_PATCH.c_str();
-        }
+        value = SECURITY_PATCH;
+        LOGD("[%s] -> %s", name, value);
     }
 
-    if (!prop.starts_with("cache") && !prop.starts_with("debug")) LOGD("[%s] -> %s", name, value);
-
     return callbacks[cookie](cookie, name, value, serial);
 }
 
@@ -102,41 +90,24 @@ public:
             return;
         }
 
-        auto rawDir = env->GetStringUTFChars(args->app_data_dir, nullptr);
-        path = rawDir;
-        env->ReleaseStringUTFChars(args->app_data_dir, rawDir);
-
         int fd = api->connectCompanion();
 
-        write(fd, path.data(), path.size());
+        long size;
+        char buffer[1024];
 
-        read(fd, nullptr, 0);
+        while ((size = read(fd, buffer, sizeof(buffer))) > 0) {
+            moduleDex.insert(moduleDex.end(), buffer, buffer + size);
+        }
 
         close(fd);
+
+        LOGD("Received from socket %lu bytes!", moduleDex.size());
     }
 
     void postAppSpecialize(const zygisk::AppSpecializeArgs *args) override {
-        if (path.empty()) return;
+        if (moduleDex.empty()) return;
 
-        std::string prop(path + "/cache/pif.json");
-        if (std::filesystem::exists(prop)) {
-            FILE *file = fopen(prop.c_str(), "r");
-            nlohmann::json json = nlohmann::json::parse(file, nullptr, false);
-            fclose(file);
-            LOGD("Read %d props from pif.json", static_cast<int>(json.size()));
-            SECURITY_PATCH = json["SECURITY_PATCH"].get<std::string>();
-            FIRST_API_LEVEL = json["FIRST_API_LEVEL"].get<std::string>();
-            json.clear();
-        } else {
-            LOGD("File pif.json doesn't exist, using default values");
-            SECURITY_PATCH = DEF_SECURITY_PATCH;
-            FIRST_API_LEVEL = DEF_FIRST_API_LEVEL;
-        }
-
-        std::string dex(path + "/cache/classes.dex");
-        if (std::filesystem::exists(dex)) {
-            inject();
-        }
+        inject();
 
         doHook();
     }
@@ -148,7 +119,7 @@ public:
 private:
     zygisk::Api *api = nullptr;
     JNIEnv *env = nullptr;
-    std::string path;
+    std::vector<char> moduleDex;
 
     void inject() {
         LOGD("get system classloader");
@@ -158,12 +129,12 @@ private:
         auto systemClassLoader = env->CallStaticObjectMethod(clClass, getSystemClassLoader);
 
         LOGD("create class loader");
-        auto pathClClass = env->FindClass("dalvik/system/PathClassLoader");
-        auto pathClInit = env->GetMethodID(pathClClass, "<init>",
-                                           "(Ljava/lang/String;Ljava/lang/ClassLoader;)V");
-        std::string dexPath(path + "/cache/classes.dex");
-        auto moduleDex = env->NewStringUTF(dexPath.c_str());
-        auto dexCl = env->NewObject(pathClClass, pathClInit, moduleDex, systemClassLoader);
+        auto dexClClass = env->FindClass("dalvik/system/InMemoryDexClassLoader");
+        auto dexClInit = env->GetMethodID(dexClClass, "<init>",
+                                          "(Ljava/nio/ByteBuffer;Ljava/lang/ClassLoader;)V");
+        auto buffer = env->NewDirectByteBuffer(moduleDex.data(),
+                                               static_cast<jlong>(moduleDex.size()));
+        auto dexCl = env->NewObject(dexClClass, dexClInit, buffer, systemClassLoader);
 
         LOGD("load class");
         auto loadClass = env->GetMethodID(clClass, "loadClass",
@@ -173,49 +144,34 @@ private:
 
         auto entryClass = (jclass) entryClassObj;
 
-        LOGD("read props");
-        auto readProps = env->GetStaticMethodID(entryClass, "readProps", "(Ljava/lang/String;)V");
-        std::string prop(path + "/cache/pif.json");
-        auto javaPath = env->NewStringUTF(prop.c_str());
-        env->CallStaticVoidMethod(entryClass, readProps, javaPath);
-
         LOGD("call init");
         auto entryInit = env->GetStaticMethodID(entryClass, "init", "()V");
         env->CallStaticVoidMethod(entryClass, entryInit);
 
-        path.clear();
+        moduleDex.clear();
     }
 };
 
 static void companion(int fd) {
-    char buffer[256];
-    long size = read(fd, buffer, sizeof(buffer));
+    FILE *file = fopen("/data/adb/modules/playintegrityfix/classes.dex", "rb");
 
-    std::string path(buffer, size);
-    LOGD("[ROOT] Got GMS dir: %s", path.c_str());
-
-    std::string dex(path + "/cache/classes.dex");
-    std::string prop(path + "/cache/pif.json");
-
-    if (std::filesystem::copy_file(DEX_FILE_PATH, dex,
-                                   std::filesystem::copy_options::overwrite_existing)) {
-        std::filesystem::permissions(dex, std::filesystem::perms::owner_read |
-                                          std::filesystem::perms::group_read |
-                                          std::filesystem::perms::others_read);
+    if (file == nullptr) {
+        write(fd, nullptr, 0);
+        return;
     }
 
-    if (!std::filesystem::exists(PROP_FILE_PATH)) {
-        std::filesystem::remove(prop);
-    }
+    fseek(file, 0, SEEK_END);
+    long size = ftell(file);
+    fseek(file, 0, SEEK_SET);
 
-    if (std::filesystem::copy_file(PROP_FILE_PATH, prop,
-                                   std::filesystem::copy_options::overwrite_existing)) {
-        std::filesystem::permissions(prop, std::filesystem::perms::owner_read |
-                                           std::filesystem::perms::group_read |
-                                           std::filesystem::perms::others_read);
-    }
+    std::vector<char> vector(size);
+    fread(vector.data(), 1, size, file);
 
-    write(fd, nullptr, 0);
+    fclose(file);
+
+    write(fd, vector.data(), size);
+
+    vector.clear();
 }
 
 REGISTER_ZYGISK_MODULE(PlayIntegrityFix)

app/src/main/java/es/chiteroman/playintegrityfix/EntryPoint.java

@@ -1,54 +1,29 @@
 package es.chiteroman.playintegrityfix;
 
 import android.os.Build;
-import android.util.JsonReader;
 import android.util.Log;
 
-import java.io.File;
-import java.io.FileReader;
-import java.io.IOException;
 import java.lang.reflect.Field;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.KeyStoreSpi;
 import java.security.Provider;
 import java.security.Security;
-import java.util.HashMap;
-import java.util.Map;
 
 public final class EntryPoint {
-    private static final Map<String, String> map = new HashMap<>();
-
-    private static void defaultProps() {
-        map.putIfAbsent("PRODUCT", "bullhead");
-        map.putIfAbsent("DEVICE", "bullhead");
-        map.putIfAbsent("MANUFACTURER", "LGE");
-        map.putIfAbsent("BRAND", "google");
-        map.putIfAbsent("MODEL", "Nexus 5X");
-        map.putIfAbsent("FINGERPRINT", "google/bullhead/bullhead:8.0.0/OPR6.170623.013/4283548:user/release-keys");
-        map.putIfAbsent("SECURITY_PATCH", "2017-08-05");
-    }
+    private static final String PRODUCT = "sailfish";
+    private static final String DEVICE = "sailfish";
+    private static final String MANUFACTURER = "Google";
+    private static final String BRAND = "google";
+    private static final String MODEL = "Pixel";
+    private static final String FINGERPRINT = "google/sailfish/sailfish:7.1.2/NZH54D/4146044:user/release-keys";
+    private static final String SECURITY_PATCH = "2017-08-05";
 
     public static void init() {
         spoofProvider();
         spoofDevice();
     }
 
-    public static void readProps(String path) {
-        LOG("Read from Zygisk lib path: " + path);
-        File file = new File(path);
-        try (JsonReader reader = new JsonReader(new FileReader(file))) {
-            reader.beginObject();
-            while (reader.hasNext()) {
-                map.put(reader.nextName(), reader.nextString());
-            }
-            reader.endObject();
-        } catch (IOException e) {
-            LOG("Couldn't read pif.prop file: " + e);
-            defaultProps();
-        }
-    }
-
     private static void spoofProvider() {
         final String KEYSTORE = "AndroidKeyStore";
 
@@ -76,14 +51,14 @@ public final class EntryPoint {
         }
     }
 
-    public static void spoofDevice() {
-        setProp("PRODUCT", map.get("PRODUCT"));
-        setProp("DEVICE", map.get("DEVICE"));
-        setProp("MANUFACTURER", map.get("MANUFACTURER"));
-        setProp("BRAND", map.get("BRAND"));
-        setProp("MODEL", map.get("MODEL"));
-        setProp("FINGERPRINT", map.get("FINGERPRINT"));
-        setVersionProp("SECURITY_PATCH", map.get("SECURITY_PATCH"));
+    static void spoofDevice() {
+        setProp("PRODUCT", PRODUCT);
+        setProp("DEVICE", DEVICE);
+        setProp("MANUFACTURER", MANUFACTURER);
+        setProp("BRAND", BRAND);
+        setProp("MODEL", MODEL);
+        setProp("FINGERPRINT", FINGERPRINT);
+        setVersionProp("SECURITY_PATCH", SECURITY_PATCH);
     }
 
     private static void setProp(String name, String value) {
@@ -120,7 +95,7 @@ public final class EntryPoint {
         }
     }
 
-    public static void LOG(String msg) {
+    static void LOG(String msg) {
         Log.d("PIF/Java", msg);
     }
 }

changelog.md

@@ -2,12 +2,16 @@ We have a Telegram channel!
 If you want to share your knowledge join:
 https://t.me/playintegrityfix
 
-Also, if Google blacklist the fingerprint (again), you can post your custom pif.json and I will update the module.
+# v13.7
 
-# v13.6
+- Removed custom resetprop.
+- Removed custom props spoof.
+- Removed weird code.
 
-- New code!
-- Added custom resetprop.
+If you want an undetectable resetprop, use Kitsune Magisk.
+If you want to spoof your own props, modify the props in source code and build by yourself.
+Should work and don't crash nothing.
 
-Can read a custom pif.json file to spoof device props.
-Example file: module/pif.json on GitHub repo.
+Maybe in a future I do a custom spoof version... But I won't release it as stable build.
+
+I recommend to clear GMS data and cache before reboot.

module/customize.sh

@@ -5,16 +5,6 @@ fi
 
 # safetynet-fix module is incompatible
 if [ -d "/data/adb/modules/safetynet-fix" ]; then
-    ui_print "!!! safetynet-fix module removed!"
     touch "/data/adb/modules/safetynet-fix/remove"
+	ui_print "!!! safetynet-fix module removed!"
 fi
-
-# Backup old pif.prop
-if [ -e "/data/adb/modules/playintegrityfix/pif.prop" ]; then
-	ui_print "- Backup old pif.prop."
-    mv "/data/adb/modules/playintegrityfix/pif.prop" "/data/adb/pif.prop.old"
-fi
-
-# use our resetprop
-mv -f "$MODPATH/bin/$ABI/resetprop" "$MODPATH"
-rm -rf "$MODPATH/bin"

module/module.prop

@@ -1,7 +1,7 @@
 id=playintegrityfix
 name=Play Integrity Fix
-version=v13.6
-versionCode=136
+version=v13.7
+versionCode=137
 author=chiteroman
 description=Fix CTS profile (SafetyNet) and DEVICE verdict (Play Integrity).
 updateJson=https://raw.githubusercontent.com/chiteroman/PlayIntegrityFix/main/update.json

module/pif.json

@@ -1,10 +0,0 @@
-{
-  "PRODUCT": "taimen",
-  "DEVICE": "taimen",
-  "MANUFACTURER": "Google",
-  "BRAND": "google",
-  "MODEL": "Pixel 2 XL",
-  "FINGERPRINT": "google/taimen/taimen:10/QQ2A.200501.001.B3/6396602:user/release-keys",
-  "SECURITY_PATCH": "2020-05-05",
-  "FIRST_API_LEVEL": "25"
-}

module/service.sh

@@ -1,23 +1,12 @@
 # Sensitive properties
 
-RESETPROP="${0%/*}/resetprop"
-
-chmod 755 $RESETPROP
-
-check_resetprop() {
-  local NAME=$1
-  local EXPECTED=$2
-  local VALUE=$(resetprop $NAME)
-  [ -z $VALUE ] || [ $VALUE = $EXPECTED ] || $RESETPROP -n $NAME $EXPECTED
-}
-
 maybe_set_prop() {
     local prop="$1"
     local contains="$2"
     local value="$3"
 
     if [[ "$(getprop "$prop")" == *"$contains"* ]]; then
-        $RESETPROP -n "$prop" "$value"
+        resetprop "$prop" "$value"
     fi
 }
 
@@ -26,41 +15,32 @@ maybe_set_prop ro.bootmode recovery unknown
 maybe_set_prop ro.boot.mode recovery unknown
 maybe_set_prop vendor.boot.mode recovery unknown
 
-# Reset props after boot completed to avoid breaking some weird devices/ROMs...
+# Hiding SELinux | Permissive status
+resetprop --delete ro.build.selinux
+
+# Hiding SELinux | Use toybox to protect *stat* access time reading
+if [[ "$(toybox cat /sys/fs/selinux/enforce)" == "0" ]]; then
+    chmod 640 /sys/fs/selinux/enforce
+    chmod 440 /sys/fs/selinux/policy
+fi
+
+# Late props which must be set after boot_completed
 {
     until [[ "$(getprop sys.boot_completed)" == "1" ]]; do
         sleep 1
     done
 
     # SafetyNet/Play Integrity | Avoid breaking Realme fingerprint scanners
-    check_resetprop ro.boot.flash.locked 1
+    resetprop ro.boot.flash.locked 1
 
     # SafetyNet/Play Integrity | Avoid breaking Oppo fingerprint scanners
-    check_resetprop ro.boot.vbmeta.device_state locked
+    resetprop ro.boot.vbmeta.device_state locked
 
     # SafetyNet/Play Integrity | Avoid breaking OnePlus display modes/fingerprint scanners
-    check_resetprop vendor.boot.verifiedbootstate green
+    resetprop vendor.boot.verifiedbootstate green
 
     # SafetyNet/Play Integrity | Avoid breaking OnePlus display modes/fingerprint scanners on OOS 12
-    check_resetprop ro.boot.verifiedbootstate green
-    check_resetprop ro.boot.veritymode enforcing
-    check_resetprop vendor.boot.vbmeta.device_state locked
-
-    # RootBeer, Microsoft
-    check_resetprop ro.build.tags release-keys
-
-    # Samsung
-    check_resetprop ro.boot.warranty_bit 0
-    check_resetprop ro.vendor.boot.warranty_bit 0
-    check_resetprop ro.vendor.warranty_bit 0
-    check_resetprop ro.warranty_bit 0
-
-    # OnePlus
-    check_resetprop ro.is_ever_orange 0
-
-    # Other
-    check_resetprop ro.build.type user
-    check_resetprop ro.debuggable 0
-    check_resetprop ro.secure 1
-
+    resetprop ro.boot.verifiedbootstate green
+    resetprop ro.boot.veritymode enforcing
+    resetprop vendor.boot.vbmeta.device_state locked
 }&

module/system.prop

@@ -0,0 +1,16 @@
+# RootBeer, Microsoft
+ro.build.tags=release-keys
+
+# Samsung
+ro.boot.warranty_bit=0
+ro.vendor.boot.warranty_bit=0
+ro.vendor.warranty_bit=0
+ro.warranty_bit=0
+
+# OnePlus
+ro.is_ever_orange=0
+
+# Other
+ro.build.type=user
+ro.debuggable=0
+ro.secure=1

update.json

@@ -1,6 +1,6 @@
 {
-    "version": "v13.6",
-    "versionCode": 136,
-    "zipUrl": "https://github.com/chiteroman/PlayIntegrityFix/releases/download/v13.6/PlayIntegrityFix_v13.6.zip",
+    "version": "v13.7",
+    "versionCode": 137,
+    "zipUrl": "https://github.com/chiteroman/PlayIntegrityFix/releases/download/v13.7/PlayIntegrityFix_v13.7.zip",
     "changelog": "https://raw.githubusercontent.com/chiteroman/PlayIntegrityFix/main/changelog.md"
 }