Fix for Oreo 8.1.0 and Lineage 15.1
Closed this issue ยท 19 comments
Versions
- OS: Android Oreo 8.1.0 / LineageOS 15.1
- Haystack Version version: 9fcfa61 on 1 Oct 2017
Steps to reproduce the problem
- System with Android Oreo 8.1.0 / LineageOS 15.1
- Unlock developer settings by tapping build number
- Activate USB Debugging and ADB Root
- Use haystack to patch the files
- Search for additional Signature Spoofing switch in Developer settings ==> MISSING
- Install Singature Spoofing Checker App https://github.com/Lanchon/sigspoof-checker
- Check Siganture Spoofing with the App ==> NO SIGNATURE SPOOFING
Expected behavior
- Signature Spoofing switch in developer settings
- Signature spoofing activateable
Actual behavior
- No Signature Spoofing setting in Developer settings
- No signature spoofing possible
Background information
- Android changed the menu structure of the settings, so that the setting patching "haystack/patches-src/sigspoof-ui-global-7.0-7.1/Settings.apk/DevelopmentSettings.java" does not work anymore
Tried solutions:
- (failed) Evasion: Do not check for the Signature Spoofing setting and activate always
- "haystack/patches-src/sigspoof-core/services.jar/GeneratePackageInfoHook.java"
- Exchange lines 42, 43:
return Settings.Secure.getInt(context.getContentResolver(), FakeSignatureGlobalUI.SECURE_SETTING, 0) != 0;
by
return true; - Execute "haystack/bulk-patch-builder/build-all"
- Try patching of system files via haystack on a new system (without prior haystack patching)
- Result: Signature spoofing app ==> NO SIGNATURE SPOOFING
- Result: Test signaure spoofing with microg and app requiring GSF ==> NOT WORKING
hi! haystack doesn't support oreo so far. i won't even look at it before smali/dexlib2 properly supports oreo. as a workaround, you can refrain from applying the UI patch, which has always been optional.
Smali supports Oreo now: https://github.com/JesusFreke/smali/wiki
2018-06-12 smali/baksmali v2.2.4 is out. This version adds support for dex versions 037 and 038
(037 and 038 are Android 8.0 and 8.1 respectively)
Smali was updated: https://github.com/JesusFreke/smali
The version is still 2.2.4, but I read that he has worked on deodexing for Oreo.
dexlib2 v2.2.5 supports Oreo and i've pushed updates to multidexlib2 and DexPatcher:
https://github.com/DexPatcher/dexpatcher-tool/releases
unfortunately i'm lying at the beach and can't be bothered with haystack right now :) this will need to wait for a month or so, sorry guys!
@Lanchon any chance for a quick fix here?
hey! yeah, i need to take a look in here and fix this
can anybody volunteer to test patching android 8.0, 8.1, and/or 9?
I could test patching android 8.1 running on SailfishXA2 in an lxc container ;)
have you tried patching your rom? if you did and it failed, can you post the output?
(and btw have you had success patching older roms with this tool?)
I am actually not quite fond with your tool, but used it earlier to patch their android 4.4? release (some time ago).
But they changed the whole architecture with the latest android 8.1 release to run in lxc.
Anyway, this is basically about dodexing/patching so should work anyhow.
What I tried:
# use vdexExtractor to dodex everything
cd /vdexExtractor/bin && ./vdexExtractor -i /sailfish
# use haystack
root@personal:/# /haystack/patch-fileset /haystack/patches/sigspoof-hook-4.1-6.0 27 /sailfish/framework /hook
>>> target directory: /hook
>>> apply patch: services.jar
>>> dexpatcher --api-level 27 --verbose --output /hook/tmp/services.jar/patched-dex --multi-dex /sailfish/framework/services.jar /haystack/patches/sigspoof-hook-4.1-6.0/services.jar.dex
info: read '/sailfish/framework/services.jar'
fatal: exception: lanchon.multidexlib2.EmptyMultiDexContainerException: /sailfish/framework/services.jar
# try newer version
root@personal:/# /haystack/patch-fileset /haystack/patches/sigspoof-hook-7.0-7.1 27 /sailfish/framework /hook
>>> target directory: /hook
>>> apply patch: services.jar
>>> dexpatcher --api-level 27 --verbose --output /hook/tmp/services.jar/patched-dex --multi-dex /sailfish/framework/services.jar /haystack/patches/sigspoof-hook-7.0-7.1/services.jar.dex
info: read '/sailfish/framework/services.jar'
fatal: exception: lanchon.multidexlib2.EmptyMultiDexContainerException: /sailfish/framework/services.jar
your dex-obtaining procedure is failing. your 'framework/services.jar' file does not contain dex files. open it with your favorite zip navigation tool and check. this is not an issue with haystack.
thank you for the slap in the face...
somehow vdexExtractor does work a bit differnt on android 8.1 and did add classes.dex to my services.jar automatically...
This is how i fixed my services.jar (based on https://github.com/Nanolx/NanoDroid/blob/master/doc/DeodexServices.md#vdex):
./vdexExtractor -i /sailfish --ignore-crc-error
cp /sailfish/framework/oat/arm/services_classes.dex /tmp/classes.dex
zip -j /sailfish/framework/services.jar /tmp/classes.dex
After that, your haystack worked like a charm:
root@personal:/haystack# rm -rf /hook; /haystack/patch-fileset /haystack/patches/sigspoof-hook-7.0-7.1 27 /sailfish/framework /hook
>>> target directory: /hook
>>> apply patch: services.jar
>>> dexpatcher --api-level 27 --verbose --output /hook/tmp/services.jar/patched-dex --multi-dex /sailfish/framework/services.jar /haystack/patches/sigspoof-hook-7.0-7.1/services.jar.dex
info: read '/sailfish/framework/services.jar'
info: read '/haystack/patches/sigspoof-hook-7.0-7.1/services.jar.dex'
info: type 'com.android.server.pm.PackageManagerService': direct method '<init>():void': (PackageManagerService.java:28): implicit ignore of trivial default constructor
info: write '/hook/tmp/services.jar/patched-dex'
0 error(s), 0 warning(s)
>>> repack: services.jar
deleting: classes.dex
adding: classes.dex (deflated 56%)
*** patch-fileset: success
root@personal:/haystack# /haystack/patch-fileset /haystack/patches/sigspoof-core 27 /hook /hook_core
>>> target directory: /hook_core
>>> apply patch: services.jar
>>> dexpatcher --api-level 27 --verbose --output /hook_core/tmp/services.jar/patched-dex --multi-dex /hook/services.jar /haystack/patches/sigspoof-core/services.jar.dex
info: read '/hook/services.jar'
info: read '/haystack/patches/sigspoof-core/services.jar.dex'
info: type 'com.android.server.pm.GeneratePackageInfoHook': direct method '<init>():void': (GeneratePackageInfoHook.java:35): implicit ignore of trivial default constructor
info: write '/hook_core/tmp/services.jar/patched-dex'
0 error(s), 0 warning(s)
>>> repack: services.jar
deleting: classes.dex
adding: classes.dex (deflated 56%)
*** patch-fileset: success
After I rebuild my image with the patched file, signature spoofing works!
Thanks again!
can anybody volunteer to test patching android 8.0, 8.1, and/or 9?
I tried patching android 9 and get the following error:
>>> target directory: tissot-los16__sigspoof-hook-7.0-7.1
>>> apply patch: services.jar
>>> dexpatcher --api-level 28 --verbose --output tissot-los16__sigspoof-hook-7.0-7.1/tmp/services.jar/patched-dex --multi-dex tissot-los16/services.jar patches/sigspoof-hook-7.0-7.1/services.jar.dex
info: read 'tissot-los16/services.jar'
fatal: exception: org.jf.dexlib2.util.DexUtil$UnsupportedFile: Dex version 039 is not supported
Am I doing something wrong?
I was accidentally using an old version of dexpatcher. With the new version the sigspoof-hook-7.0-7.1 and sigspoof-core applied cleanly. Yay!
Patch sigspoof-ui-global-7.0-7.1 failed with the output (after step apply patch: services.jar succeeded):
>>> apply patch: Settings.apk
>>> dexpatcher --api-level 28 --verbose --output tissot-los16__sigspoof-hook-7.0-7.1__sigspoof-core__sigspoof-ui-global-7.0-7.1/tmp/Settings.apk/patched-dex --multi-dex tissot-los16__sigspoof-hook-7.0-7.1__sigspoof-core/Settings.apk patches/sigspoof-ui-global-7.0-7.1/Settings.apk.dex
DexPatcher version 1.6.2 by Lanchon (https://dexpatcher.github.io/)
info: read 'tissot-los16__sigspoof-hook-7.0-7.1__sigspoof-core/Settings.apk'
info: read 'patches/sigspoof-ui-global-7.0-7.1/Settings.apk.dex'
error: type 'com.android.settings.DevelopmentSettings': (DevelopmentSettings.java:0): target not found
1 error(s), 0 warning(s)
as stated before, the UI patch is optional. if you dont apply the UI patch you should get always-on sig spoofing. try it by repeating the patching procedure from zero.
i pushed updates to formally support Oreo, including UI patches.
before, the 7.x hook patch applied on 8.x -without any formal verification- but not the UI patch. also, the dexpatcher tool version was stale and incapable of operating on oreo and has been updated.
the 8.x patches MIGHT on android 9, but they can't be formally checked due to a bug in the javac compiler:
An exception has occurred in the compiler (1.8.0_51). Please file a bug at the Java Developer Connection (http://java.sun.com/webapps/bugreport) after checking the Bug Parade for duplicates. Include your program and the following diagnostic in your report. Thank you.
java.lang.NullPointerException
at com.sun.tools.javac.code.Symbol$ClassSymbol.isSubClass(Symbol.java:1020)
it seems to be this bug:
https://stackoverflow.com/questions/33302349/java-compiler-fails-when-compiling-simple-program
it happens using the open-jdk 8 and open-jdk 9 compilers... :(