Update 04.01.2023: I've updated/added additional steps to make this tutorial work again.
This question was asked many times and often all the answers did not work:
How do I get Magisk to work with Microsoft Apps like Microsoft Teams, Microsoft Outlook etc (protected by Microsoft Intune)?
With Magisk 24.1 it is finally possible to bypass the protection of Microsoft Intune. Here are the instructions on how to proceed. The solution requires root!
- First of all you need the latest Magisk version (24.2 or higher).
After installation select:
- Settings -> Hide the Magisk app : Select a new name of your choice (I use 'MM' for 'Magisk Manager')
- After Magisk has been hidden open 'Settings' and enable 'Zygisk (Beta)'
- uncheck Force Denylist in Magisk settings
- Select 'Configure DenyList'
- Use the magnifying glass and search for "Microsoft". You will find "Company Portal" (also known as Microsoft Intune).
Important: Expand the view by clicking on the entry. You will see something like this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
- Now, with the expaned view, click the entry. It will look like this:
- Repeat these step (first expand, then clicking the button) on each other Microsoft App - e.g. Microsoft Teams, Microsoft Outlook, ...
Important: If you do not expand the view it will not work!
Now, to make sure that this solution is really working ....
- Install YASNAC - Yet Another SafetyNet Attestation Checker from the Google Play Store.
- Run the SafetyNet Attestation on YASNAC
When it fails is shows something like this:
Fix Basic integrity
- To fix the Basic integrity you need to install the latest Universal SafetyNet Fix from Github.
- Download the ZIP and install it as a module in Magisk (24.1 or higher).
- Reboot again and restart the YASNAC - Yet Another SafetyNet Attestation Checker. It should now pass (at least) the Basic integration.
If this is not the case you might also need to fix your CTS profile match. You can resolve this by doing the following steps:
- Download and install the latest release of MagiskHide Props Config from Github in Magisk as a Module.
- Restart your Phone!
- Launch a Terminal of your choice (e.g. Termux, Android Terminal Emulator, ...).
- Type 'su' (enter) and agree to the root dialog.
- Now type 'props' (enter) ...
... select '1' for Edit device fingerprints
... select 'f' for Pick a certified fingerprint
... select a vendor of your phone (e.g. Xiaomi, Poco, Google, Samsung, Oneplus ...)
... select your phone (if available) or a phone which is next to your phone with your installed Android version (for example 9,10,11).
- After selecting the fingerprint for your device, and when the program ends, reboot your device
After reboot another check of YASNAC - Yet Another SafetyNet Attestation Checker should the look like this:
Update 04.01.2023:
- Install Shamiko and make sure that you uncheck Force Denylist in Magisk settings
Important:
Once YASNAC shows Pass on Basic integrity and CTS profile match you can use any Banking App (e.g. Google Pay, N26, DKB, Sparkasse, Revolut, bunq, <whatever>) by repeating the inital steps for each of these Apps and it should not detect root. You might need to clear the data before the app stops complaining about a rooted device (example Google Pay).
If you find this tutorial helpful please leave a like for this post - thanks in advance.
More Informations / Background / How does this work:
Magisk: The Age of Zygsik
[Discussion] Magisk - The Age of Zygisk.
This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com
Magisk Hide Props Config - SafetyNet
[MODULE] [DEPRECATED] MagiskHide Props Config - SafetyNet, prop edits, and more - v6.1.2
MagiskHide Props Config v6.1.2 Note: This project is dead, and has been for some time. I have not been involved in the Android modding scene for some time and I no longer have the energy to take it up again. If anyone feels like taking over...
forum.xda-developers.com
Hi @GoodSoul nice method- same as my posting from back 2+ weeks ago
Thanks for the repost! It's a proven working method
Zygisk (Alpha channel) + Magisk Hide app stting + DenyList + (MagiskHide Props Config (add fingerprint) + Universal SafetyNet Fix)
Click to expand...
Click to collapse
skuppej said:
Hi @GoodSoul nice method- same as my posting from back 2+ weeks ago
Thanks for the repost! It's a proven working method
Click to expand...
Click to collapse
Hey skuppej, did not see your post, sorry. Was it also (mainly) about Microsoft Intune? Because Magisk Hide did work well in the past on Banking Apps and Google Pay but somehow not well on MS Intune.
Oh, this method is what you should use to hide root from anything
tldr:
Zygisk (Alpha channel) + Magisk Hide app stting + DenyList + (MagiskHide Props Config (add fingerprint) + Universal SafetyNet Fix)
Click to expand...
Click to collapse
Hi,
I've exactly followed the steps mentioned but InTune still detects root.
I've InTune v5.0.5421 installed and Magisk v24.1 installed.
The only difference from your screenshots is that you've evaluation type HARDWARE_BACKED, I've BASIC. The rest is same. My phone is S9 with Stock Android 10 installed.
Do you have any suggestion to check?
This did work, but for some reason as soon as I enable Enforce Deny list, I get extreme lag. Without that option enabled phone woks fine but intune detects root and blocks. I really wish there was a better solution, this never was an issue with MagiskHide
hmm. Update. For literally no reason with nothing changed it just stopped working...No idea why
elite-fusion said:
has anyone had luck with this lately?
I tried the 5067 version and it worked, but teams and outlook still stated that the intune is out of date, so still unusable.
Click to expand...
Click to collapse
persmash said:
Hi,
I've exactly followed the steps mentioned but InTune still detects root.
I've InTune v5.0.5421 installed and Magisk v24.1 installed.
The only difference from your screenshots is that you've evaluation type HARDWARE_BACKED, I've BASIC. The rest is same. My phone is S9 with Stock Android 10 installed.
Do you have any suggestion to check?
Click to expand...
Click to collapse
Make sure you guys clear data in your intune/teams apps, first. Also, delete any work accounts that might pre-exist, if you have them.
skuppej said:
Make sure you guys clear data in your intune/teams apps, first. Also, delete any work accounts that might pre-exist, if you have them.
Click to expand...
Click to collapse
Hi,
Thanks for your reply but InTune doesn't give an error related to rooting. It says the OS is modified and I think that is because of system status is "Custom". I'm searching for a way to make it "Official" again without loosing root but couldn't find anything.
I am on zygisk denylist + shamiko + ticking all processes in denylist
I have also installed universal safetynet but removed it as it doesnot make a difference and i donot have an issue to fail safetynet for now
I am passing intune and Outlook app only
However Onedrive , Office and Teams says i am having policy error and refuse to log in
I would appreciate any assistance as it is crucial for my work environment
Have people gotten this to work on the latest version of Intune (5.0.5421.0)? Root is still being detected on my Google Pixel 4a and 5. I read in the other thread to use an older version of Intune, but my company Intune policy will not allow it (get a Company portal out of date message).
My Intune is updated to 5.0.5421.0 and Teams is still working on all my devices (Oneplus 7, Samsung Tablet A6, Samsung Galaxy S8+ - all with LineageOS 18.1).
For those who have problems: What does 'adb logcat' says in the moment when you launch teams?
GoodSoul said:
My Intune is updated to 5.0.5421.0 and Teams is still working on all my devices (Oneplus 7, Samsung Tablet A6, Samsung Galaxy S8+ - all with LineageOS 18.1).
For those who have problems: What does 'adb logcat' says in the moment when you launch teams?
Click to expand...
Click to collapse
Hi,
I don't have that much technical knowledge. Could you please guide me how can I record the logs so that I can share it here?
Thanks.
persmash said:
I don't have that much technical knowledge. Could you please guide me how can I record the logs so that I can share it here?
Click to expand...
Click to collapse
Try one of these tutorials.
Hey,
I am still using Magisk 23.0 and recently also my Outlook and Teams started crying about my rooted devices. But I have a strange behavior: If I click away this message 2-3 times everything works fine ¯\_(ツ)_/¯.
Anybody else who notices this behavior?
@GoodSoul Is this meant to be work also within the Android Enterprise environment? I mean this thing which is encapsulated from the rest of the system like I would create another user.
tiga05 said:
@GoodSoul Is this meant to be work also within the Android Enterprise environment? I mean this thing which is encapsulated from the rest of the system like I would create another user.
Click to expand...
Click to collapse
I don't know why it should not.
GoodSoul said:
Try one of these tutorials.
Click to expand...
Click to collapse
I used Android Studio to get the logs. Please find them below. To be honest, I didn't undestand anything from them
Code:
2022-03-15 19:04:20.037 6529-6529/? E/[IndicatorGarden]Presenter: onGardenApplyWindowInsets() New DisplayCutout is NULL!!
2022-03-15 19:04:20.041 6203-7029/? E/WindowManager: win=Window{d677566 u0 com.microsoft.windowsintune.companyportal/com.microsoft.omadm.client.OMADMAwaitActivity} destroySurfaces: appStopped=true win.mWindowRemovalAllowed=false win.mRemoveOnExit=false win.mViewVisibility=8 caller=com.android.server.wm.AppWindowToken.destroySurfaces:1249 com.android.server.wm.AppWindowToken.destroySurfaces:1230 com.android.server.wm.AppWindowToken.notifyAppStopped:1285 com.android.server.wm.ActivityRecord.activityStoppedLocked:2776 com.android.server.wm.ActivityTaskManagerService.activityStopped:2512 android.app.IActivityTaskManager$Stub.onTransact:2280 android.os.Binder.execTransactInternal:1056
2022-03-15 19:04:20.061 6529-6529/? E/[IndicatorGarden]Presenter: onGardenApplyWindowInsets() New DisplayCutout is NULL!!
2022-03-15 19:04:20.064 6529-6529/? E/SystemUIImageView: set Image Drawable!!
2022-03-15 19:04:20.064 6529-6529/? E/SystemUIImageView: set Background Drawable!!
2022-03-15 19:04:20.070 6529-6529/? E/[IndicatorGarden]Presenter: onGardenApplyWindowInsets() New DisplayCutout is NULL!!
2022-03-15 19:04:20.495 6814-6814/? E/ApduServiceInfo: Not adding <aid-group> with empty or invalid AIDs
2022-03-15 19:04:20.607 526-1088/? E/BufferQueueProducer: [com.android.systemui.infinity.InfinityWallpaperBlue$_6721#0] disconnect: not connected (req=1)
2022-03-15 19:04:20.609 526-2814/? E/BufferQueueProducer: [com.microsoft.windowsintune.companyportal/com.microsoft.windowsintune.companyportal.views.EnrollmentActivity$_20093#0] disconnect: not connected (req=1)
2022-03-15 19:04:20.681 32192-32192/? E/Zygote: isWhitelistProcess - Process is Whitelisted
2022-03-15 19:04:20.681 32192-32192/? E/Zygote: accessInfo : 1
2022-03-15 19:04:20.683 6203-8084/? E/WindowManager: win=Window{7796f62 u0 com.microsoft.windowsintune.companyportal/com.microsoft.windowsintune.companyportal.views.EnrollmentActivity} destroySurfaces: appStopped=true win.mWindowRemovalAllowed=false win.mRemoveOnExit=false win.mViewVisibility=8 caller=com.android.server.wm.AppWindowToken.destroySurfaces:1249 com.android.server.wm.AppWindowToken.destroySurfaces:1230 com.android.server.wm.AppWindowToken.notifyAppStopped:1285 com.android.server.wm.ActivityRecord.activityStoppedLocked:2776 com.android.server.wm.ActivityTaskManagerService.activityStopped:2512 android.app.IActivityTaskManager$Stub.onTransact:2280 android.os.Binder.execTransactInternal:1056
2022-03-15 19:04:20.713 32192-32192/? E/nder:appservic: Not starting debugger since process cannot load the jdwp agent.
2022-03-15 19:04:22.298 7354-8693/? E/BtGatt.ContextMap: remove() - removed: 7
2022-03-15 19:04:22.341 7354-7521/? E/BtGatt.GattService: [GSIM LOG]: gsimLogHandler, msg: MESSAGE_SCAN_STOP, appName: android.uid.system, scannerId: 7, reportDelayMillis=0
2022-03-15 19:04:22.433 7354-7521/? E/BtGatt.GattService: [GSIM LOG]: gsimLogHandler, msg: MESSAGE_SCAN_START, appName: android.uid.system, scannerId: 7, reportDelayMillis=0
2022-03-15 19:04:22.582 2892-2913/? E/perfsdkserver: [Interface] BpPerfSDKService::connectionRequest()
2022-03-15 19:04:27.585 2892-2913/? E/perfsdkserver: [Interface] BpPerfSDKService::connectionRequest()
2022-03-15 19:04:28.568 6203-6233/? E/Watchdog: [email protected]: 772 heap: 95 / 96 [2022-03-15 19:04:28.567] sdogWay: softdog
2022-03-15 19:04:32.591 2892-2913/? E/perfsdkserver: [Interface] BpPerfSDKService::connectionRequest()
2022-03-15 19:04:37.597 2892-2913/? E/perfsdkserver: [Interface] BpPerfSDKService::connectionRequest()
2022-03-15 19:04:42.603 2892-2913/? E/perfsdkserver: [Interface] BpPerfSDKService::connectionRequest()
2022-03-15 19:04:47.585 32243-32243/? E/Zygote: isWhitelistProcess - Process is Whitelisted
2022-03-15 19:04:47.586 32243-32243/? E/Zygote: accessInfo : 1
Hi,
I followed the guide, but the second time I fire up YASNAC it still fails the SafteyNet fix. I tried everything, rebooted every time, no dice.
GoodSoul said:
My Intune is updated to 5.0.5421.0 and Teams is still working on all my devices (Oneplus 7, Samsung Tablet A6, Samsung Galaxy S8+ - all with LineageOS 18.1).
For those who have problems: What does 'adb logcat' says in the moment when you launch teams?
Click to expand...
Click to collapse
Any luck for you to check my logcat?
I haven't seen this shared anywhere but it's really quite straightforward if you know what you're doing. Maybe it helps someone to post it here. The next section is only for completeness, feel free to skip past it to get to the gist of it.
Background
Android by design depends for full functionality on Google services. These are normally provided by a proprietary application package com.google.android.gms. MicroG is an open-source replacement for Google services, allowing the user to take advantage of working notifications, location backends, installer, and other essential services, without compromising privacy and giving Google a backdoor to your device.
To operate properly, MicroG needs the ability to pretend it is the actual Google services application package, signed by Google. Hence the need for signature spoofing.
Official LineageOS builds do not include the ability to spoof signatures. Thus, using LineageOS with MicroG takes extra steps such as building patched LineageOS locally (a resource-consuming endeavor), or taking advantage of the LineageOS for MicroG builds helpfully provided in collaboration with the MicroG team (which however, due to resource constraints, are updated less often and lag behind the official builds).
A third solution is to patch an already-built system at installation time. This was initially implemented with Needle by souramoo, forked and improved upon as Tingle by @ale5000, which eventually inspired a wholly different approach with DexPatcher by @Lanchon, a tool allowing flexible patching of Dalvik executables, in particular services.jar, where signature spoofing is commonly implemented. Relevant patches for DexPatcher were authored by Lanchon himself up to Android 9. Later on, @oF2pks picked up the work to provide patches for Android 11.
Unfortunately, no such patch to be used with DexPatcher has existed from Android 12 onwards. One other option includes installing the FakeGApps Xposed module as forked and updated by whiz-inc. While it's great it exists, and the author's work should be appreciated, it's a complication and an unnecessary burden in many scenarios to depend on Xposed (and thus Magisk and LSPosed or the like) as a prerequisite for the patch to work. It's also worth it to be aware that the implementation makes it less secure than the traditional signature spoofing method.
The DexPatcher approach has several advantages. The patch can be more flexible and continues to apply as the underlying code changes. In comparison, the simple approach presented here is much more primitive and might require readjustment as new versions emerge over time. However it might still be good to know it works.
This way you can use the latest official LineageOS with MicroG, and update at will, as soon as new builds become available.
Patching
This is not a walkthrough, and I'm not going to explain everything step-by-step. Rather, the purpose is to give you the general idea what to do, which you can then adjust to your specific use case.
Obtain the file services.jar to patch. For example:
Pull it from your device: adb pull /system/framework/services.jar – or –
Extract it from a LineageOS image: payload-dumper-go -p system payload.bin and imgextractor system.img
Extract the file with APK Tool: apktool2 d -o services services.jar
Make the changes that allow signature spoofing. Either:
Apply the patch attached to this post: patch -i services.diff -p0 – or –
As of current LOS 19.1 builds (Nov 2022), you can just replace the single file: smali_classes2/com/android/server/pm/PackageManagerService$ComputerEngine.smali with the one attached to this post.
Note: this might not always hold in the future. You might even need to apply the patch manually if the source changes too much. Either approach works for now.
Recompile the modified framework: apktool2 b -c -f -o services.jar services
Note: This will overwrite the original services.jar. The -c flag to APK Tool is important as it keeps all the original META-INF inside it intact.
Copy services.jar over to the device: adb push services.jar /system/framework/ and you probably also have to adjust the permissions accordingly
This approach should work for any Android version in principle, although the exact patch might differ. However, since better options exist for Android 11 and below, you are probably interested in applying this to Android 12 or higher only.
One More Thing
For Android 12, an extra step is critical to ensure no bootloop on subsequent boot (2nd and then on), since oat_file_manager.cc now includes a check if OAT (.odex/.vdex) files are loaded from "trusted" locations only (effectively, the /system partition). You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:
dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex
The .vdex file will be created as well (these files already exist but should be overwritten, check the timestamps or you might want to delete them beforehand just to be sure). If you skip this step, the device will boot the 1st time but then the optimization files will be generated and saved in /data/dalvik-cache/. On any subsequent boot, an attempt to load these files from an "untrusted" location by the system will throw a fatal error and the Zygote process will die with the message: "Executing untrusted code from [...]". If you somehow find yourself in this predicament, delete the following files and reboot to temporarily make it work one more time:
/data/dalvik-cache/arm64/[email protected][email protected]@classes.dex
/data/dalvik-cache/arm64/[email protected][email protected]@classes.vdex
Further Steps
These are not all the required steps to install MicroG on an official LineageOS installation. You still want to, in particular:
Install at least the main MicroG app (GmsCore) and a dummy signature spoofing APK (also attached to this post) as priv-apps
Set up the priv-app permissions accordingly – otherwise you'll get a bootloop
Likely also install FakeStore, Aurora Store/F-Droid, and location backends of your choice, etc.
However: this is a simple solution to perhaps the most cumbersome aspect of signature spoofing. It's not necessary to resort to Xposed modules to get it working on Android 12, or to depend on a special build with the spoofing patched in at compilation time.
Credit: The patch .smali code has been reverse-engineered from the spoofing patch for LineageOS for MicroG builds.
Aqq123 said:
Patching
This is not a walkthrough, and I'm not going to explain everything step-by-step. Rather, the purpose is to give you the general idea what to do, which you can then adjust to your specific use case.
Obtain the file services.jarto patch. For example:
Pull it from your device: adb pull /system/framework/services.jar – or –
Extract it from a LineageOS image: payload-dumper-go -p system payload.bin and imgextractor system.img
Click to expand...
Click to collapse
can i do this method for android 12 one ui 4.1 s10e? it says extract lineage os from system image but how do i do that in one ui?
kullanici32 said:
can i do this method for android 12 one ui 4.1 s10e? it says extract lineage os from system image but how do i do that in one ui?
Click to expand...
Click to collapse
I don't know anything about Samsung but try here:
[TUTORIAL] How to Edit Unpack & Repack Samsung system.img or system.img.ext4
Follow https://stackoverflow.com/questions/58541074/how-to-unpack-modify-pack-and-flash-system-img-ext4-file-using-odin a) Modifying With simg2img system.img.ext4 system.img, you will get a raw image file named system.img With mkdir system...
forum.xda-developers.com
Alternatively you can just take services.jar from a live (running) system.
kullanici32 said:
can i do this method for android 12 one ui 4.1 s10e? it says extract lineage os from system image but how do i do that in one ui?
Click to expand...
Click to collapse
There are many good custom Rom for s10e. Why do you want to start with one UI ?
kurtn said:
There are many good custom Rom for s10e. Why do you want to start with one UI ?
Click to expand...
Click to collapse
due to some dysfunctions and design change, I will debloat one UI 4.1 and turn off google and samsung services in the back and make it like lineage os as much as possible, but the main services I use will be samsung applications. so i have a dream
kullanici32 said:
due to some dysfunctions and design change, I will debloat one UI 4.1 and turn off google and samsung services in the back and make it like lineage os as much as possible, but the main services I use will be samsung applications. so i have a dream
Click to expand...
Click to collapse
I've seen people doing similar things on android 12
Signature Spoofing on unsuported Android 11 (R) Roms
How to get Signature Spoofing working on Android 11 (R) Roms that have no support for Signature Spoofing? In my Case here I use a Samsung Galaxy S8 with an unofficial LineageOS 18.1 (Android 11) by stricted I use TWRP recovery but this should...
forum.xda-developers.com
kurtn said:
I've seen people doing similar things on android 12
Signature Spoofing on unsuported Android 11 (R) Roms
How to get Signature Spoofing working on Android 11 (R) Roms that have no support for Signature Spoofing? In my Case here I use a Samsung Galaxy S8 with an unofficial LineageOS 18.1 (Android 11) by stricted I use TWRP recovery but this should...
forum.xda-developers.com
Click to expand...
Click to collapse
because once you use samsung software, you can't quit. (of course debloated) I have used my phone without root until now, only by disabling system applications. now I'm trying to remove as much samsung/google as possible from the system or whatever services are unnecessary for me, I will do just like micro g for lineage os, the only difference is by using quality applications such as gallery phone application, because lineage os is very lousy.
Aqq123 said:
As of current LOS 19.1 builds (Nov 2022), you can just replace the single file: smali_classes2/com/android/server/pm/PackageManagerService$ComputerEngine.smali with the one attached to this post.
Note: this might not always hold in the future. You might even need to apply the patch manually if the source changes too much. Either approach works for now
Click to expand...
Click to collapse
How can I manually edit this file? because the attached file is 288kb and the one in samsung is 390kb.
so how do i open this file and where do i patch it?
kullanici32 said:
How can I manually edit this file? because the attached file is 288kb and the one in samsung is 390kb.
so how do i open this file and where do i patch it?
Click to expand...
Click to collapse
Of course. The patch is against current LOS 19.1, and this is the only situation where you can replace the whole .smali file instead of reapplying the patch. On other flavors of Android you'd have to redo the equivalent manually. In some cases it might even take a different patch altogether.
These are all text files. Just use any text editor, preferably with syntax highlighting, such as Notepad++. First look at services.diff. This is the code you want to add.
Now, in the APK you decompiled, look for where .method public final generatePackageInfo(Lcom/android/server/pm/PackageSetting;II)Landroid/content/pm/PackageInfo; is defined. The patch works by adding two private methods:
.method private static applyFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;Landroid/content/pm/PackageInfo;Ljava/util/SetLandroid/content/pm/PackageInfo;
.method private static getRequestedFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackageLjava/lang/String;
These can really be added anywhere but preferably within the same .smali file.
Finally, you change the code for generatePackageInfo(...) accordingly so that: (1) signature faking is added (OR-ed) to computed permissions for apps that have this permission granted, and the fake signature is returned where applicable instead of the actual one with applyFakeSignature(...).
Maybe it's easier to understand if you look at the original code, not the decompiled one: https://github.com/lineageos4microg..._patches/android_frameworks_base-S.patch#L128 This is why I linked to it in the top post.
Again, I don't know anything about Samsung One UI. The implementation might be different. So another approach would be to find a version of Samsung's services.jar patched for signature spoofing (possibly for an earlier version of Android) and decompile it to see how it's done there.
Aqq123 said:
Now, in the APK you decompiled, look for where .method public final generatePackageInfo(Lcom/android/server/pm/PackageSetting;II)Landroid/content/pm/PackageInfo; is defined.
Click to expand...
Click to collapse
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
.method private static applyFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;Landroid/content/pm/PackageInfo;Ljava/util/SetLandroid/content/pm/PackageInfo;
.method private static getRequestedFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackageLjava/lang/String;
I just write this code you say?
Or should I search for the code you provided in services.diff and copy the places marked in blue and copy the entire blue one into my original compiled file?
Aqq123 said:
Finally, you change the code for generatePackageInfo(...) accordingly so that: (1) signature faking is added (OR-ed) to computed permissions for apps that have this permission granted, and the fake signature is returned where applicable instead of the actual one with applyFakeSignature(...).
Click to expand...
Click to collapse
I hardly understand what you mean here.
i'm a bit of a novice
EDİT:
I added the blue parts after I found the red part, now I'll compile and test (I've probably missed something, but I'll have a look)
EDİT2:
generatePackageInfo
I searched for the code you said, but there were 3-4 (there was 1 that continued as L, and I deleted the one in this picture)
and i replaced it with this
I'll compile it now, probably won't, but...
This is the first time I've been in such a complicated business.
EDİT3: (FİXED EDİT 4 I went inside the extracted folder and solved this problem now it keeps compiling)
It gives such an error, why? (apktool2 command didn't work when extracting the file, it worked when I made apktool, ignore it) but now when recompiling it gives an error as in the picture.
EDİT5:
such an error???
EDİT6:
now that this did not happen, after extracting the jar file, I packed it again without making any changes, the original 30 mb file decreased to 20 mb and transferred to the device with mtp, then I copied it with root browser, the device system ui restarted and opened, the permissions were something like rw rw rw, maybe rw rw is Then I rebooted but the phone bootlooped. that is, if I decompile the original file and repackage it without doing anything else, it breaks down. :/
Aqq123 said:
I haven't seen this shared anywhere but it's really quite straightforward if you know what you're doing. Maybe it helps someone to post it here. The next section is only for completeness, feel free to skip past it to get to the gist of it.
Background
Android by design depends for full functionality on Google services. These are normally provided by a proprietary application package com.google.android.gms. MicroG is an open-source replacement for Google services, allowing the user to take advantage of working notifications, location backends, installer, and other essential services, without compromising privacy and giving Google a backdoor to your device.
To operate properly, MicroG needs the ability to pretend it is the actual Google services application package, signed by Google. Hence the need for signature spoofing.
Official LineageOS builds do not include the ability to spoof signatures. Thus, using LineageOS with MicroG takes extra steps such as building patched LineageOS locally (a resource-consuming endeavor), or taking advantage of the LineageOS for MicroG builds helpfully provided in collaboration with the MicroG team (which however, due to resource constraints, are updated less often and lag behind the official builds).
A third solution is to patch an already-built system at installation time. This was initially implemented with Needle by souramoo, forked and improved upon as Tingle by @ale5000, which eventually inspired a wholly different approach with DexPatcher by @Lanchon, a tool allowing flexible patching of Dalvik executables, in particular services.jar, where signature spoofing is commonly implemented. Relevant patches for DexPatcher were authored by Lanchon himself up to Android 9. Later on, @oF2pks picked up the work to provide patches for Android 11.
Unfortunately, no such patch to be used with DexPatcher has existed from Android 12 onwards. One other option includes installing the FakeGApps Xposed module as forked and updated by whiz-inc. While it's great it exists, and the author's work should be appreciated, it's a complication and an unnecessary burden in many scenarios to depend on Xposed (and thus Magisk and LSPosed or the like) as a prerequisite for the patch to work. It's also worth it to be aware that the implementation makes it less secure than the traditional signature spoofing method.
The DexPatcher approach has several advantages. The patch can be more flexible and continues to apply as the underlying code changes. In comparison, the simple approach presented here is much more primitive and might require readjustment as new versions emerge over time. However it might still be good to know it works.
This way you can use the latest official LineageOS with MicroG, and update at will, as soon as new builds become available.
Patching
This is not a walkthrough, and I'm not going to explain everything step-by-step. Rather, the purpose is to give you the general idea what to do, which you can then adjust to your specific use case.
Obtain the file services.jarto patch. For example:
Pull it from your device: adb pull /system/framework/services.jar – or –
Extract it from a LineageOS image: payload-dumper-go -p system payload.bin and imgextractor system.img
Extract the file with APK Tool: apktool2 d -o services services.jar
Make the changes that allow signature spoofing. Either:
Apply the patch attached to this post: patch -i services.diff -p0 – or –
As of current LOS 19.1 builds (Nov 2022), you can just replace the single file: smali_classes2/com/android/server/pm/PackageManagerService$ComputerEngine.smali with the one attached to this post.
Note: this might not always hold in the future. You might even need to apply the patch manually if the source changes too much. Either approach works for now.
Recompile the modified framework: apktool2 b -c -f -o services.jar services
Note: This will overwrite the original services.jar. The -c flag to APK Tool is important as it keeps all the original META-INF inside it intact.
Copy services.jar over to the device: adb push services.jar /system/framework/ and you probably also have to adjust the permissions accordingly
This approach should work for any Android version in principle, although the exact patch might differ. However, since better options exist for Android 11 and below, you are probably interested in applying this to Android 12 or higher only.
One More Thing
For Android 12, an extra step is critical to ensure no bootloop on subsequent boot (2nd and then on), since oat_file_manager.cc now includes a check if OAT (.odex/.vdex) files are loaded from "trusted" locations only (effectively, the /system partition). You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:
dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex
The .vdex file will be created as well (these files already exist but should be overwritten, check the timestamps or you might want to delete them beforehand just to be sure). If you skip this step, the device will boot the 1st time but then the optimization files will be generated and saved in /data/dalvik-cache/. On any subsequent boot, an attempt to load these files from an "untrusted" location by the system will throw a fatal error and the Zygote process will die with the message: "Executing untrusted code from [...]". If you somehow find yourself in this predicament, delete the following files and reboot to temporarily make it work one more time:
/data/dalvik-cache/arm64/s[email protected][email protected]@classes.dex
/data/dalvik-cache/arm64/[email protected][email protected]@classes.vdex
Further Steps
These are not all the required steps to install MicroG on an official LineageOS installation. You still want to, in particular:
Install at least the main MicroG app (GmsCore) and a dummy signature spoofing APK (also attached to this post) as priv-apps
Set up the priv-app permissions accordingly – otherwise you'll get a bootloop
Likely also install FakeStore, Aurora Store/F-Droid, and location backends of your choice, etc.
However: this is a simple solution to perhaps the most cumbersome aspect of signature spoofing. It's not necessary to resort to Xposed modules to get it working on Android 12, or to depend on a special build with the spoofing patched in at compilation time.
Credit: The patch .smali code has been reverse-engineered from the spoofing patch for LineageOS for MicroG builds.
Click to expand...
Click to collapse
I followed your steps for my OnePlus 8T on Lineage 19.1 and the signature spoofing app says disabled. When recompiling the system.jar with the new file copy and pasted in classes 2 the new system.jar is smaller than the original. Perhaps there is the issue with spoofing. Any information on this matter is much appreciated. Thank you for a great post btw.
Below is the attachment recompiled, perhaps some one else maybe interested in giving it a try or to just examine and find where the error may exist or to conclude it's my own error in recompiling.
JedidroidX said:
I followed your steps for my OnePlus 8T on Lineage 19.1 and the signature spoofing app says disabled. When recompiling the system.jar with the new file copy and pasted in classes 2 the new system.jar is smaller than the original. Perhaps there is the issue with spoofing. Any information on this matter is much appreciated. Thank you for a great post btw.
Below is the attachment recompiled, perhaps some one else maybe interested in giving it a try or to just examine and find where the error may exist or to conclude it's my own error in recompiling.
Click to expand...
Click to collapse
Don't use signature spoofing app. The only relevant measure of success is microG self-check. Use an installer to make microG a system app.
JedidroidX said:
I followed your steps for my OnePlus 8T on Lineage 19.1 and the signature spoofing app says disabled. When recompiling the system.jar with the new file copy and pasted in classes 2 the new system.jar is smaller than the original. Perhaps there is the issue with spoofing. Any information on this matter is much appreciated. Thank you for a great post btw.
Below is the attachment recompiled, perhaps some one else maybe interested in giving it a try or to just examine and find where the error may exist or to conclude it's my own error in recompiling.
Click to expand...
Click to collapse
I don't see any attachment (seems you edited your post) but I guess you recompiled it fine. If you didn't, the device would have ended up in a bootloop (Zygote process wouldn't start), so you'd definitely know. It should be services.jar though, not * system.jar, so maybe you didn't install it properly? Smaller file size is expected, since the repackaged version uses stronger compression as a ZIP file, so nothing to worry about. Again, if there's any problem with the modified services.jar, the device wouldn't get past the boot animation.
I'm not sure what you mean exactly by "signature spoofing app says disabled." It's not an actual app: it doesn't have any code, and won't show up in Launcher. Its only purpose is to add this permission. That being said, if you go into: Settings → Apps → See all ... apps → ⋮ → Show system → Signature Spoofing, there should be a button saying Disable (meaning it's enabled now), and not Enable (which would mean it were disabled at the time). Also, if you go further from that screen into Permissions → Additional permissions → Signature spoofing it should say Allow for this app, and when you click See all apps with this permission, it should show microG Services Core there as Allowed. If you set it up well this is all done automatically with the configuration files, you shouldn't have to go through the settings to change anything via the UI.
As I wrote in the original post, additional steps are required to fully set up MicroG, which is really outside the scope of this thread. These are, for the most part, the same steps as if you were using oF2pks's patch for Android 11 with Lanchon's DexPatcher except more recently you also have to add android.permission.MANAGE_USB to com.gooogle.android.gms (that is, MicroG Services Core) privapp-permissions, or you'll end up with a bootloop for a wholly different reason.
This topic is vast, and there are multiple ways to do it. Note that these should be installed as system apps, some of them as priv-apps, so there are many things that can go wrong. If you don't grant a priv-app all the required permissions through the configuration, now (as of Android 9 I think) you'll get a bootloop. For system apps, you also have to extract libraries (if any) from APKs and place them separately on the filesystem, and make sure you get the details right for the architecture: if you don't, you get... guess what (a bootloop). It's good to have a script automating all this: I have my own flashable ZIP specific to my needs but there are other more general solutions. Or, if you want to learn how to do this manually, one way would be to compare a vanilla LineageOS image with LineageOS for MicroG for the same device around the same build date and see what they are doing extra. On Windows you can use WinMerge to compare files and entire directory structures easily. But again, this is really outside the scope of this thread, which is about patching services.jar for signature spoofing support. No matter how you implement signature spoofing, you still have to figure out those other steps separately.
kurtn said:
Don't use signature spoofing app.
Click to expand...
Click to collapse
Actually, with this approach, Signature Spoofing app has to be used. This is to keep the patch as lean as possible (since it's easier to install a separate app rather than keep maintaining a more complicated patch).
It's not needed with LineageOS for MicroG, where it's already incorporated into the system (lines 1-82 in the patch): https://github.com/lineageos4microg...atches/android_frameworks_base-S.patch#L1-L82
Aqq123 said:
I don't see any attachment (seems you edited your post) but I guess you recompiled it fine. If you didn't, the device would have ended up in a bootloop (Zygote process wouldn't start), so you'd definitely know. It should be services.jar though, not * system.jar, so maybe you didn't install it properly? Smaller file size is expected, since the repackaged version uses stronger compression as a ZIP file, so nothing to worry about. Again, if there's any problem with the modified services.jar, the device wouldn't get past the boot animation.
I'm not sure what you mean exactly by "signature spoofing app says disabled." It's not an actual app: it doesn't have any code, and won't show up in Launcher. Its only purpose is to add this permission. That being said, if you go into: Settings → Apps → See all ... apps → ⋮ → Show system → Signature Spoofing, there should be a button saying Disable (meaning it's enabled now), and not Enable (which would mean it were disabled at the time). Also, if you go further from that screen into Permissions → Additional permissions → Signature spoofing it should say Allow for this app, and when you click See all apps with this permission, it should show microG Services Core there as Allowed. If you set it up well this is all done automatically with the configuration files, you shouldn't have to go through the settings to change anything via the UI.
As I wrote in the original post, additional steps are required to fully set up MicroG, which is really outside the scope of this thread. These are, for the most part, the same steps as if you were using oF2pks's patch for Android 11 with Lanchon's DexPatcher except more recently you also have to add android.permission.MANAGE_USB to com.gooogle.android.gms (that is, MicroG Services Core) privapp-permissions, or you'll end up with a bootloop for a wholly different reason.
This topic is vast, and there are multiple ways to do it. Note that these should be installed as system apps, some of them as priv-apps, so there are many things that can go wrong. If you don't grant a priv-app all the required permissions through the configuration, now (as of Android 9 I think) you'll get a bootloop. For system apps, you also have to extract libraries (if any) from APKs and place them separately on the filesystem, and make sure you get the details right for the architecture: if you don't, you get... guess what (a bootloop). It's good to have a script automating all this: I have my own flashable ZIP specific to my needs but there are other more general solutions. Or, if you want to learn how to do this manually, one way would be to compare a vanilla LineageOS image with LineageOS for MicroG for the same device around the same build date and see what they are doing extra. On Windows you can use WinMerge to compare files and entire directory structures easily. But again, this is really outside the scope of this thread, which is about patching services.jar for signature spoofing support. No matter how you implement signature spoofing, you still have to figure out those other steps separately.
Click to expand...
Click to collapse
Yes sir, I meant the services.jar, silly me I was writing in a rush. Sorry about that confusion.
I will try again and post the result. I guess I will use the same services.jar, however the issue with optimization. I did reboot several times after flashing a cache optimization module for magisk after I adb the services.jar because I'm not familiar on how to do the optimization manually.
The optimization module did lead to magisk not loading the modules and only booted successfully due to magisk bootloop protector module.
Also to adjust permissions to 644 I presume is already in the recompiled services.jar? As I could not view what permission with mixplorer that it had.
Btw, the signature spoofing app is an app I downloaded from f- droid that just displays the signature spoofing status, if disabled or enabled and it says disabled. Again sorry about the confusing and thank you again for your great feedback.
Hi,
would like to try on AOSP 12 GSI, installed over stock OOS10 On Nord (avicii).
@Aqq123 Do you think i can make it ? Any suggestion before starting ?
What about if i get service.jar from a GSI AOSP with google apps ? Maybe signature spoofing is altredy implemented there ?
kidronvalley said:
Hi,
would like to try on AOSP 12 GSI, installed over stock OOS10 On Nord (avicii).
@Aqq123 Do you think i can make it ? Any suggestion before starting ?
What about if i get service.jar from a GSI AOSP with google apps ? Maybe signature spoofing is altredy implemented there ?
Click to expand...
Click to collapse
Most gsi have signature spoofing feature.
Hi @kurtn
thanks,
heh, this AOSP 12 vanilla from PHH treble seems not, at least, microg is not detecting it, and one specific banking app is failing to work.
EDITED: I solved all installing PHH trebvle A12 "floss" that has signature spoofing up and running.
hi, @Aqq123 i applied the guide you wrote for lineage os 19.1 s10e (or so I think),
your attached:
I opened the PackageManagerService$ComputerEngine.smali file with notepad++,
.method private static applyFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;Landroid/content/pm/PackageInfo;Ljava/util/SetLandroid/content/pm/PackageInfo;
.method private static getRequestedFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackageLjava/lang/String;
I copied the code to where it says .end method and pasted it anywhere in my services.jar.
I deleted the next text where it says generatePackageInfo( and added the code that says applyFakeSignature( after it), and saved it and repackaged it as you said above.
I put it in the phone's memory and gave rw r r permissions in the system fremework with root explorer and restarted it. but the system went into bootloop.
I did a lineage os install from scratch after failing here.
I copied the PackageManagerService$ComputerEngine.smali file you provided,
I deleted the original PackageManagerService$ComputerEngine.sma in services.jar.
I pasted yours and repackaged it with the packaging code you wrote above (only apktool2 does not work for me, it works as apktool, does that cause the problem?) and I added the system to fremework and restarted the device once the device turned on but micro g and spoofing checker apk shows signature patch not applied .
and on the 2nd reboot, it naturally enters the bootloop as you said.
i didn't understand how to implement the following path, if i did that it wouldn't go into bootloop.
QUOTE: You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:
dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex
now i have 3 questions:
1. why did my patch to original smali fail (bootloop even on first boot)?
2. Why isn't the smali file you provided spoofing?
3. The file you gave does not bootloop the 1st time, but it does it for the 2nd time. What should I do to fully understand the above fix code?
ahmadmahmood2048 said:
hi, @Aqq123 i applied the guide you wrote for lineage os 19.1 s10e (or so I think),
your attached:
I opened the PackageManagerService$ComputerEngine.smali file with notepad++,
.method private static applyFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;Landroid/content/pm/PackageInfo;Ljava/util/SetLandroid/content/pm/PackageInfo;
.method private static getRequestedFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackageLjava/lang/String;
I copied the code to where it says .end method and pasted it anywhere in my services.jar.
I deleted the next text where it says generatePackageInfo( and added the code that says applyFakeSignature( after it), and saved it and repackaged it as you said above.
I put it in the phone's memory and gave rw r r permissions in the system fremework with root explorer and restarted it. but the system went into bootloop.
I did a lineage os install from scratch after failing here.
I copied the PackageManagerService$ComputerEngine.smali file you provided,
I deleted the original PackageManagerService$ComputerEngine.sma in services.jar.
I pasted yours and repackaged it with the packaging code you wrote above (only apktool2 does not work for me, it works as apktool, does that cause the problem?) and I added the system to fremework and restarted the device once the device turned on but micro g and spoofing checker apk shows signature patch not applied .
and on the 2nd reboot, it naturally enters the bootloop as you said.
i didn't understand how to implement the following path, if i did that it wouldn't go into bootloop.
QUOTE: You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:
dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex
now i have 3 questions:
1. why did my patch to original smali fail (bootloop even on first boot)?
2. Why isn't the smali file you provided spoofing?
3. The file you gave does not bootloop the 1st time, but it does it for the 2nd time. What should I do to fully understand the above fix code?
Click to expand...
Click to collapse
Use lineage.microg.org