microg / remotedroidguard Goto Github PK
View Code? Open in Web Editor NEWService to run Google's DroidGuard binary in an isolated environment
Service to run Google's DroidGuard binary in an isolated environment
Hi, i got this error when running SaftyNet Helper.
Android 7.1.1
January Security Patch Level
Resurrection Remix OS 5.8.0-20170121-h815-Unofficial_tyler
05:06:11.827 7072 7197 E AndroidRuntime: FATAL EXCEPTION: Thread-2
01-28 05:06:11.827 7072 7197 E AndroidRuntime: Process: com.google.android.gms.unstable, PID: 7072
01-28 05:06:11.827 7072 7197 E AndroidRuntime: java.lang.UnsatisfiedLinkError: dalvik.system.PathClassLoader[DexPathList[[zip file "/system/priv-app/org.microg.gms.droidguard.apk"],nativeLibraryDirectories=[/system/lib64/org.microg.gms.droidguard, /system/fake-libs64, /system/priv-app/org.microg.gms.droidguard.apk!/lib/arm64-v8a, /system/lib64, /vendor/lib64, /system/lib64, /vendor/lib64]]] couldn't find "libarthook_native.so"
01-28 05:06:11.827 7072 7197 E AndroidRuntime: at java.lang.Runtime.loadLibrary0(Runtime.java:984)
01-28 05:06:11.827 7072 7197 E AndroidRuntime: at java.lang.System.loadLibrary(System.java:1530)
01-28 05:06:11.827 7072 7197 E AndroidRuntime: at de.larma.arthook.Native.<clinit>(Native.java:22)
01-28 05:06:11.827 7072 7197 E AndroidRuntime: at de.larma.arthook.Native.is64Bit(Native.java:45)
01-28 05:06:11.827 7072 7197 E AndroidRuntime: at de.larma.arthook.ArtHook.<clinit>(ArtHook.java:46)
01-28 05:06:11.827 7072 7197 E AndroidRuntime: at de.larma.arthook.ArtHook.hook(ArtHook.java:75)
01-28 05:06:11.827 7072 7197 E AndroidRuntime: at org.microg.gms.droidguard.SysHook.activate(SysHook.java:52)
01-28 05:06:11.827 7072 7197 E AndroidRuntime: at org.microg.gms.droidguard.DroidguardHelper.guard(DroidguardHelper.java:91)
01-28 05:06:11.827 7072 7197 E AndroidRuntime: at org.microg.gms.droidguard.RemoteDroidGuardService$1$1.run(RemoteDroidGuardService.java:23)
01-28 05:06:11.827 7072 7197 E AndroidRuntime: at java.lang.Thread.run(Thread.java:761)
kind regards
Describe the bug
Latest version of microG + RemoteDroidGuard isn't working.
{"nonce":"","timestampMs":1635290903792,"ctsProfileMatch":false,"apkCertificateDigestSha256":[],"basicIntegrity":false,"advice":"RESTORE_TO_FACTORY_ROM","evaluationType":"BASIC"}
Both basic and CTS are returning false
, I've successfully applied kdrag0n's AOSP patches listed here, so the Build.Fingerprint etc APIs are indeed being hooked, as well as verifiedboot state.
It's at a point where both CTS and Basic should be passing successfully, is there a specific package name for DroidGuard? Currently I'm hooking calls to build flags if the package name is org.microg.gms.droidguard
or com.google.android.gms
.
This issue seems to be a specific issue with RemoteDroidGuard, standard GMS is reported to be working, does anyone know how this actually works? It looks like it's downloading an APK from somewhere then executing it?
Please advise.
System
Android 12
Could someone fix the microg lineage builds to pass safetynet? Now I need to root lineage and copy the apk to /system/priv-app/ myself and then unroot it to pass.
microG: 0.2.10.19420
on lineage-16.0-20191226-microG-oneplus3
This happens some times, but I can't reproduce it reliably; best way I found so far is to cold start Uber, then cold start Lyft while Uber is in the background.
12-30 17:25:03.505 4469 4469 E ActivityThread: Service org.microg.gms.snet.SafetyNetClientService has leaked ServiceConnection org.microg.gms.droidguard.RemoteDroidGuardCo
nnector$Connection@3f8846a that was originally bound here
12-30 17:25:03.505 4469 4469 E ActivityThread: android.app.ServiceConnectionLeaked: Service org.microg.gms.snet.SafetyNetClientService has leaked ServiceConnection org.mic
rog.gms.droidguard.RemoteDroidGuardConnector$Connection@3f8846a that was originally bound here
12-30 17:25:03.505 4469 4469 E ActivityThread: at android.app.LoadedApk$ServiceDispatcher.<init>(LoadedApk.java:1610)
12-30 17:25:03.505 4469 4469 E ActivityThread: at android.app.LoadedApk.getServiceDispatcher(LoadedApk.java:1502)
12-30 17:25:03.505 4469 4469 E ActivityThread: at android.app.ContextImpl.bindServiceCommon(ContextImpl.java:1659)
12-30 17:25:03.505 4469 4469 E ActivityThread: at android.app.ContextImpl.bindService(ContextImpl.java:1612)
12-30 17:25:03.505 4469 4469 E ActivityThread: at android.content.ContextWrapper.bindService(ContextWrapper.java:698)
12-30 17:25:03.505 4469 4469 E ActivityThread: at org.microg.gms.droidguard.RemoteDroidGuardConnector.connectForTask(Unknown Source:25)
12-30 17:25:03.505 4469 4469 E ActivityThread: at org.microg.gms.droidguard.RemoteDroidGuardConnector.guard(Unknown Source:22)
12-30 17:25:03.505 4469 4469 E ActivityThread: at org.microg.gms.snet.SafetyNetClientServiceImpl$1.run(Unknown Source:63)
12-30 17:25:03.505 4469 4469 E ActivityThread: at java.lang.Thread.run(Thread.java:764)
Hi,
I'm on a Nexus 5 (hammerhead) running the latest LineageOS 7.1.1 build. com.google.android.gms-10087435.apk
and org.microg.gms.droidguard-8.apk
are installed in /system/priv-app
, and the su addon, while it was once installed, has been removed.
The relevant portion of logcat's output when running a safetynet test is:
03-03 13:31:08.376 4394 4394 D c : apkCertificateDigests:[FJZqNb3u3c9XbWF4NmmpNkUzP/q2q9IW+5LyS/P86/s=]
03-03 13:31:08.421 4394 4394 D c : apkDigest:Nu7iBqfVPKJocBAen1etJeEVrbU/CrKE8f2bzPIv08c=
03-03 13:31:08.425 4394 4394 E Ads : This app is using a lightweight version of the Google Mobile Ads SDK that requires the latest Google Play services to be installed, but Google Play services is either missing or out of date.
03-03 13:31:08.430 3384 6317 D SafeParcel: Unknown field num 9 in com.google.android.gms.common.internal.GetServiceRequest, skipping.
03-03 13:31:08.430 3384 6317 D GmsSafetyNetClientSvc: bound by: GetServiceRequest{serviceId=SAFETY_NET_CLIENT, gmsVersion=10084000, packageName='org.freeandroidtools.safetynettest', extras=Bundle[{}]}
03-03 13:31:08.441 4394 4394 V c : Google play services connected
03-03 13:31:08.441 4394 4394 V c : running SafetyNet.API Test
03-03 13:31:08.489 4589 6544 D GmsDroidguardHelper: -- Request --
03-03 13:31:08.489 4589 6544 D GmsDroidguardHelper: DGRequest{usage=DGUsage{type=attest, packageName=com.google.android.gms}, info=[KeyValuePair{key=BOARD, val=hammerhead}, KeyValuePair{key=BOOTLOADER, val=HHZ20h}, KeyValuePair{key=BRAND, val=google}, KeyValuePair{key=CPU_ABI, val=armeabi-v7a}, KeyValuePair{key=CPU_ABI2, val=armeabi}, KeyValuePair{key=DEVICE, val=hammerhead}, KeyValuePair{key=DISPLAY, val=lineage_hammerhead-userdebug 7.1.1 NOF26W c16dd0a420}, KeyValuePair{key=FINGERPRINT, val=google/hammerhead/hammerhead:6.0.1/M4B30Z/3437181:user/release-keys}, KeyValuePair{key=HARDWARE, val=hammerhead}, KeyValuePair{key=HOST, val=phenom.zifnab.net}, KeyValuePair{key=ID, val=NOF26W}, KeyValuePair{key=MANUFACTURER, val=LGE}, KeyValuePair{key=MODEL, val=Nexus 5}, KeyValuePair{key=PRODUCT, val=hammerhead}, KeyValuePair{key=RADIO, val=M8974A-2.0.50.2.30}, KeyValuePair{key=SERIAL, val=03abe5e2094772e2}, KeyValuePair{key=TAGS, val=release-keys}, KeyValuePair{key=TIME, val=1488258759000}, KeyValuePair{key=TYPE, val=user}, KeyValuePair{key=USER, val=jenkins}, KeyValuePair{key=CODENAME, val=REL}, KeyValuePair{key=INCREMENTAL, val=c16dd0a420}, KeyValuePair{key=RELEASE, val=7.1.1}, KeyValuePair{key=SDK, val=25}, KeyValuePair{key=SDK_INT, val=25}], versionNamePrefix=10.0.84 (430-, isGoogleCn=false, enableInlineVm=true, cached=[ByteString[size=20 md5=10c9039e3b03bbcf21b4cbe38464b3c0]], currentVersion=3, arch=armv7l}
03-03 13:31:08.739 4589 6544 D GmsDroidguardHelper: Using cached file from /data/user/0/org.microg.gms.droidguard/app_dg_cache/728c52bb3c15b9bc06d2d3bdeab4dbceb7306c79/the.apk
03-03 13:31:08.743 4589 6544 E linker : readlink("/proc/self/fd/46") failed: No such file or directory [fd=46]
03-03 13:31:08.743 4589 6544 E linker : warning: unable to get realpath for the library "/data/user/0/org.microg.gms.droidguard/app_dg_cache/728c52bb3c15b9bc06d2d3bdeab4dbceb7306c79/lib/libdBF914251138C.so". Will use given path.
03-03 13:31:08.885 6544 6544 W Thread-4: type=1400 audit(0.0:28): avc: denied { read } for name="/" dev="tmpfs" ino=7172 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=dir permissive=0
03-03 13:31:08.916 3233 3233 D KP2AAF : OnAccEvent
03-03 13:31:08.916 3233 3233 D KP2AAF : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:08.916 3233 3233 D KP2AAF : no com.android.systemui
03-03 13:31:08.920 3233 3233 D KP2AAF : Cancel notif
03-03 13:31:08.922 3233 3233 D KP2AAF : OnAccEvent
03-03 13:31:08.922 3233 3233 D KP2AAF : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:08.922 3233 3233 D KP2AAF : no com.android.systemui
03-03 13:31:08.925 3233 3233 D KP2AAF : Cancel notif
03-03 13:31:08.995 4589 6544 D GmsDroidguardHelper: b -> 4248316063309356145
03-03 13:31:08.995 6544 6544 W Thread-4: type=1400 audit(0.0:29): avc: denied { read } for name="address" dev="sysfs" ino=20239 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_mac_address:s0 tclass=file permissive=0
03-03 13:31:09.003 4589 6544 D GmsDroidguardHelper: c -> com.google.android.gms
03-03 13:31:09.007 4589 6544 I Adreno-EGL: <qeglDrvAPI_eglInitialize:379>: QUALCOMM Build: 10/21/15, 369a2ea, I96aee987eb
03-03 13:31:09.042 4589 6544 D GmsDroidguardHelper: a: DMuISYaK+q0io/0+ygI7o4VhjQ4RsFzkElF/mvv7ybaUO7EDau5H0IM/Cyu5W9c9rNMrTHHxitzEroV0UdrSbA== -> 5=b13be5fe2cc2762b4a7ae73a0dd371167d3e1d07
03-03 13:31:09.042 4589 6544 D GmsDroidguardHelper: 7=Qualcomm:Adreno (TM) 330
03-03 13:31:09.042 4589 6544 D GmsDroidguardHelper: 8=-7479576191701395881
03-03 13:31:09.042 4589 6544 D GmsDroidguardHelper: 9=-9192185862579480407
03-03 13:31:09.046 4589 6544 I Adreno-EGL: <qeglDrvAPI_eglInitialize:379>: QUALCOMM Build: 10/21/15, 369a2ea, I96aee987eb
03-03 13:31:09.082 4589 6544 D GmsDroidguardHelper: a: wCMeQIFDuvk/GTVS2nZCUivMs//OxtszFTnlp89/VXdXRqnxNlx+tY3NdhX+bC1leKhdsBBRBV0frquiYVdyoQ== -> 5=b13be5fe2cc2762b4a7ae73a0dd371167d3e1d07
03-03 13:31:09.082 4589 6544 D GmsDroidguardHelper: 7=Qualcomm:Adreno (TM) 330
03-03 13:31:09.082 4589 6544 D GmsDroidguardHelper: 8=354111959722915893
03-03 13:31:09.082 4589 6544 D GmsDroidguardHelper: 9=3622246987746052370
03-03 13:31:09.254 4394 4394 D d : decodedJWTPayload json:{"extension":"CQl2cO+bLite","apkCertificateDigestSha256":[],"error":"internal_error"}
03-03 13:31:09.255 4394 4394 E c : invalid nonce, expected = "fVXSgXQRvLDfNhDEcLp1JOHTh3omZfPJYbIeO3S0/BI="
03-03 13:31:09.255 4394 4394 E c : invalid nonce, response = "null"
03-03 13:31:09.359 3233 3233 D KP2AAF : OnAccEvent
03-03 13:31:09.359 3233 3233 D KP2AAF : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.359 3233 3233 D KP2AAF : no com.android.systemui
03-03 13:31:09.367 3233 3233 D KP2AAF : Cancel notif
03-03 13:31:09.368 3233 3233 D KP2AAF : OnAccEvent
03-03 13:31:09.368 3233 3233 D KP2AAF : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.368 3233 3233 D KP2AAF : no com.android.systemui
03-03 13:31:09.374 3233 3233 D KP2AAF : Cancel notif
03-03 13:31:09.377 3233 3233 D KP2AAF : OnAccEvent
03-03 13:31:09.377 3233 3233 D KP2AAF : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.377 3233 3233 D KP2AAF : no com.android.systemui
03-03 13:31:09.385 3233 3233 D KP2AAF : Cancel notif
03-03 13:31:09.388 3233 3233 D KP2AAF : OnAccEvent
03-03 13:31:09.388 3233 3233 D KP2AAF : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.388 3233 3233 D KP2AAF : no com.android.systemui
03-03 13:31:09.396 3233 3233 D KP2AAF : Cancel notif
03-03 13:31:09.399 3233 3233 D KP2AAF : OnAccEvent
03-03 13:31:09.400 3233 3233 D KP2AAF : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.400 3233 3233 D KP2AAF : no com.android.systemui
03-03 13:31:09.406 3233 3233 D KP2AAF : Cancel notif
03-03 13:31:09.409 3233 3233 D KP2AAF : OnAccEvent
03-03 13:31:09.409 3233 3233 D KP2AAF : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.409 3233 3233 D KP2AAF : no com.android.systemui
03-03 13:31:09.418 3233 3233 D KP2AAF : Cancel notif
FWIW: this exact combination of software is working just fine on my Nexus 7 2013 (flo). I'm suspecting there's a mislabeled selinux context somewhere (I'm not seeing the avc denials on the Nexus 7), but don't know enough about the guts of this to have a good idea where to start digging.
Any ideas, or additional information I could add that would help?
It seems pretty stable.
Is it possible to do a new stable release (not preview release)?
Google seems to have pushed out an update to SafetyNet that breaks it on MicroG
Hello!
I installed all the latest MicroG components on my oreo phone, everything works... Except one single, very annoying, thing... Whenever I try to test Safetynet with either Magisk or "Safetynet Test" app, "Droidguard Helper has stopped working" and ofc it fails. This means I can't download Netflix or login to Snapchat for example. Does anyone have a workaround as Safetynet is relatively important nowadays.
DroidGuard Helper force closed when running SafetyNet check. Tested on Google Pixel Android 8.1 stock 64bit.
java.lang.UnsatisfiedLinkError: dlopen failed: "/data/data/org.microg.gms.droidguard/app_dg_cache/060a8a22981ed66858a6c5ae81d080f1910911f1/libd623F13F0E0A4.so" is 32-bit instead of 64-bit
at java.lang.Runtime.load0(Runtime.java:928)
at java.lang.System.load(System.java:1621)
at com.google.ccc.abuse.droidguard.DroidGuard.<clinit>(Unknown Source:225)
at java.lang.reflect.Constructor.newInstance0(Native Method)
at java.lang.reflect.Constructor.newInstance(Constructor.java:334)
at org.microg.gms.droidguard.DroidguardHelper.invoke(Unknown Source:42)
at org.microg.gms.droidguard.DroidguardHelper.guard(Unknown Source:218)
at org.microg.gms.droidguard.RemoteDroidGuardService$1$1.run(Unknown Source:8)
at java.lang.Thread.run(Thread.java:764)
First I want to thank you for your amazing work.
I just saw the DroidGuard Helper coming up and wanted to give it a try.
Samsung Galaxy S2 (gt-i9100)
cm13.0 nightly20160924
with Xposed
I got the "SafetyNet Helper" app from the PlayStore and started the test, but DroidGuard helper crashed and the test failed.
I saved the log via Catlog, maybe it is helpfull for you.
2016-09-25-18-45-43.txt
Hi,
I installed microG for LineageOS on both my S9+ and S7 Edge but even when I enable SafetyNet and installed the Droid Guard Helper from Fdroid I can't pass the test.
I've read that you might need to push files to /system/priv-app/ and other things but I have no idea how to do that and if I should.
Please add support for API 9
I get Response validation: fail
.
Logcat: DroidGuard-log.txt
ROM: LineageOS based on Android 7.1.1 with su binary removed.
I haven't been able to get microG or DroidGuard to work with SafetyNet on a LineageOS 14.1 install with and without Magsik. When I try LineageOS 14.1 with OpenGapps and Magisk instead it works fine and SafetyNet passes.
System
Moto X Pure (clark)
LineageOS 14.1
Is it possible to do the same as done in this change but without change the ROM?
Since today SafetyNet has stopped working for me. I used superSu and xposed but now I wiped the whole phone (system, data, cach, dalvik) installed clean omnirom 6.0.1 and microG: Services Core, Services Framework, DroidGuardHelper an BlankStore. In SafetyNet Helper I now get:
Response signature validation: error
Error Msg:
Response signature validation error: https://www.googleapis.com/androidcheck/v1/attestations/veryfie?key=AlzaSyATMqwT6E0ndqZa43uQNhFOWjQi9RoVQlc
As title said.
Please set automatic builds of RemoteDroidGuard on every commit.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.