Cannot pass strong integrity because of XiaomiEU Injector?

[mkcs121]

I have a valid keybox to work with Tricky Store. It can pass strong integrity on stock rom. However, it never passes on xiaomi.eu roms even though XiaomiEU injector is uninstalled for current user (still exist in system but cannot be totally removed).

Is it possible to get rid of the injector from the ROM by default? Also the injector could be flawed that props modification is detected. Some apps wouldn't work for tampered environment although device integrity is spoofed to be present.

 

[Igor Eisberg]

The injector modifies fields, and if you disabled or uninstalled it, then it's inactive.
Some props (not fields) are modified by init script, which could be the reason. No way to disable that.

 

[mkcs121]

The injector modifies fields, and if you disabled or uninstalled it, then it's inactive.
Some props (not fields) are modified by init script, which could be the reason. No way to disable that.

Are those props necessary to have? Wouldn't it be better to leave it for third party modules to achieve a close to perfect spoof?

 

[ingbrzy]

Are those props necessary to have? Wouldn't it be better to leave it for third party modules to achieve a close to perfect spoof?

they are needed to pass DEVICE integrity for our users without any other 3rd party hacks or modules..

 

[Igor Eisberg]

Are those props necessary to have? Wouldn't it be better to leave it for third party modules to achieve a close to perfect spoof?

You're making the assumption that everybody root their phone, something most of our users don't do.

 

[mkcs121]

they are needed to pass DEVICE integrity for our users without any other 3rd party hacks or modules..

This is ideal if Google would not make further troubles. What if sailfish no longer works? Also, things are getting complicated that many apps not only banking have the ability to detect a tampered environment, apps list or permission granted. This make the difference between rooted and non-rooted device insignificant when the environment is already tampered. As a result, relying on modules for better hiding or spoofing are necessary where root is required.

An example of app where there is excessive detection: https://apk.support/app/com.octopuscards.nfc_reader

 

[Igor Eisberg]

This is ideal if Google would not make further troubles. What if sailfish no longer works? Also, things are getting complicated that many apps not only banking have the ability to detect a tampered environment, apps list or permission granted. This make the difference between rooted and non-rooted device insignificant when the environment is already tampered. As a result, relying on modules for better hiding or spoofing are necessary where root is required.

An example of app where there is excessive detection: https://apk.support/app/com.octopuscards.nfc_reader

Where root is required is the rooter's business.

 

[AlfaX]

Hey @Igor Eisberg
Would it be possible to know what modifications were made that prevents Tricky Store to pass Strong Integrity apart from the disabled app?
That would be useful to make a Magisk module that nukes the props for example.

Thanks

 

[AlfaX]

The injector modifies fields, and if you disabled or uninstalled it, then it's inactive.
Some props (not fields) are modified by init script, which could be the reason. No way to disable that.

Can you please tell me which init script(s) modified some props? It can 100% be reverted by a magisk module since magisk has it's own init scripts, so just putting a module that reverts the changes right after the other init script will fix it if that's the issue.
Everything is possible. And please, stop being rude to rooted users and try to make our life easier unlike Google.

 

[JiaiJ]

And please, stop being rude to rooted users and try to make our life easier unlike Google.

Hé is not being rude, he is just saying that it is not his role to assist rooted users. That's all

 

[AlfaX]

Hé is not being rude, he is just saying that it is not his role to assist rooted users. That's all

He kind of is in a way, he could just say what is breaking strong integrity because it seems he knows where the problem comes from instead of saying there is no way to modify init scripts (which is not entirely true).

 

[Igor Eisberg]

He kind of is in a way, he could just say what is breaking strong integrity because it seems he knows where the problem comes from instead of saying there is no way to modify init scripts (which is not entirely true).

I don't owe you any explanations on how any of our mods work. That's not being rude, we just don't talk about it.
If you're rooted then I assume that you're an experienced user, so you should be able to figure it out.
If you're not an experienced user, then you shouldn't be rooted.

 

[AlfaX]

I don't owe you any explanations on how any of our mods work. That's not being rude, we just don't talk about it.
If you're rooted then I assume that you're an experienced user, so you should be able to figure it out.
If you're not an experienced user, then you shouldn't be rooted.

If that's not being rude, I don't know what is.
Also, your assumption is wrong, if I don't know what I'm searching for, I can't find it. And I don't have enough information to find that, all I know is my device doesn't pass strong integrity and I know it should. You're saying there is something in the init scripts but there are over a hundred of them and as you might know, I don't want to search each (long) file one by one. Yes I could use find or grep but if I don't even have a key word that's going to be hard (I tried "Xiaomi", "inject", "module" but I found nothing).
I don't see what's wrong with giving information on "how any of your mods work", especially since your mods are used by all your users technically and I don't think they will all be happy about the fact that you're hiding how mods people installed work, and except if it's a trojan or a spyware, I don't see the reason why you don't want to give at least a hint or a key word for me to find what's preventing the whole rooted community using xiaomi.eu (and trust me, there are a lot of people, probably more than half of your users) to pass strong integrity on their device.

 

[Igor Eisberg]

If that's not being rude, I don't know what is.

If not capitulating to your requests is being rude, then I'm OK with that.

I don't see what's wrong with giving information on "how any of your mods work", especially since your mods are used by all your users technically and I don't think they will all be happy about the fact that you're hiding how mods people installed work, and except if it's a trojan or a spyware, I don't see the reason why you don't want to give at least a hint or a key word for me to find what's preventing the whole rooted community using xiaomi.eu (and trust me, there are a lot of people, probably more than half of your users) to pass strong integrity on their device.

That can be said about any closed-source project, including official MIUI/HyperOS.
Completely invalid point. We don't owe revealing anything that could get copied by some 12 y.o. "ROM cooker" later on.
If you have any reason to believe we shove trojans in our ROMs, you're welcome to prove it - the burden of proof is on the accuser.
Also, I never said that I have any idea why your module doesn't work, I only said that there's more to our workaround than just injecting fields, like hiding the bootloader being unlocked, and that cannot be disabled with any module.

 

[AlfaX]

If not capitulating to your requests is being rude, then I'm OK with that.


That can be said about any closed-source project, including official MIUI/HyperOS.
Completely invalid point. We don't owe revealing anything that could get copied by some 12 y.o. "ROM cooker" later on.
If you have any reason to believe we shove trojans in our ROMs, you're welcome to prove it - the burden of proof is on the accuser.
Also, I never said that I have any idea why your module doesn't work, I only said that there's more to our workaround than just injecting fields, like hiding the bootloader being unlocked, and that cannot be disabled with any module.

Did I tell you to give me the source code of your mods? No, that's completely off topic. I don't care that your mods are closed source, that's not my problem.
What I care about is the following:
Where is your script that does modifications related to play integrity?
There is nothing about source code here.
The only thing I'm asking is where is your script?
And I know there is more to your script than injecting fields. By the way, I know that the inject module app is only there to set sailfish build fingerprint (for the current version).
And also since your script is inside the ROMs you share, I assume you know that any "12 y.o. ROM cooker" can copy the scripts so just telling me where that is located isn't going to change much on that matter. Also, Tricky Store probably does the same modifications as yours except it's open source so that is not really relevant here.
If there is something else that prevents you from sharing that, tell me, it won't hurt anybody.

 

[AlfaX]

@Igor Eisberg I might have found something, in /system_ext/etc/init/, there is a file named init.xeu.ext. rc containing the following:

on property:sys.boot_completed=1
    exec u:r:init:s0 root root -- /system_ext/xbin/resetprop ro.boot.flash.locked 1
    exec u:r:init:s0 root root -- /system_ext/xbin/resetprop ro.boot.verifiedbootstate green
    exec u:r:init:s0 root root -- /system_ext/xbin/resetprop ro.product.first_api_level 32

Is it what could be causing strong integrity to not pass or there is more?
If yes then why did you want to hide it from me?

 

[Igor Eisberg]

Is it what could be causing strong integrity to not pass or there is more?

Maybe, I don't know. I don't make arbitrary guesses.

If yes then why did you want to hide it from me?

Hide? I just said that we don't discuss our methods and you're welcome to look for yourself.
This isn't a modding community. We don't provide support for modifications to our ROMs or rooted devices.
We provide the ROMs and support for them as-is.

 

[AlfaX]

Maybe, I don't know. I don't make arbitrary guesses.


Hide? I just said that we don't discuss our methods and you're welcome to look for yourself.
This isn't a modding community. We don't provide support for modifications to our ROMs or rooted devices.
We provide the ROMs and support for them as-is.

Well I tried to remove the props and it did not change much do I guess this is not the main cause.
Technically, that is not modifying the ROM because it is done systemlessly (so the ROM stays unchanged).
Can you at least give an indication on what other modifications has been done please?

 

[AlfaX]

@Igor Eisberg I have found a solution that could satisfy both you and me.
See this part of the Tricky Store readme, you can probably add the commit to the ROM (if source built, else idk) and people without root can use your mods and people with root can use Tricky Store.

 

[Igor Eisberg]

@Igor Eisberg I have found a solution that could satisfy both you and me.
See this part of the Tricky Store readme, you can probably add the commit to the ROM (if source built, else idk) and people without root can use your mods and people with root can use Tricky Store.

Nope, patching engineGetCertificateChain is required and I'm not about to add "persist.sys.pixelprops.pi", this prop has nothing to do with our ROM.
Also, the fact that you said "if source built" means you don't even know that MIUI/HyperOS-based ROMs are not built from source (it doesn't publicly exist).
I'll reiterate what I said: We provide the ROMs as-is, if you're trying to use a pirated keybox to pass Strong Integrity, have fun, we don't endorse it and definitely don't provide support for it. Adding that prop will imply that we endorse illegal usage of leaked keyboxes.

 

[AlfaX]

Nope, patching engineGetCertificateChain is required and I'm not about to add "persist.sys.pixelprops.pi", this prop has nothing to do with our ROM.
Also, the fact that you said "if source built" means you don't even know that MIUI/HyperOS-based ROMs are not built from source (it doesn't publicly exist).
I'll reiterate what I said: We provide the ROMs as-is, if you're trying to use a pirated keybox to pass Strong Integrity, have fun, we don't endorse it and definitely don't provide support for it. Adding that prop will imply that we endorse illegal usage of leaked keyboxes.

I know that MIUI/HyperOS is closed source but I said that because I know xiaomi.eu (and certainly all Chinese MIUI/HyperOS ROMs) is based on AOSP which IS open source so maybe that part of the system could have been open source (and it's not so it's ok)...
I'll try to make a magisk module that adds that prop on my own then (maybe with more people if someone can help since I don't have much experience in patching these things)

 

[Coziness9968]

I'll try to make a magisk module that adds that prop on my own then (maybe with more people if someone can help since I don't have much experience in patching these things)

I came across the following in the xda-forum:

Reverse_Pixelfy

It could possibly be a start to realize your module.

 

[AlfaX]

I came across the following in the xda-forum:

Reverse_Pixelfy

It could possibly be a start to realize your module.

Nice, thanks I'm going to try

 

[AlfaX]

I came across the following in the xda-forum:

Reverse_Pixelfy

It could possibly be a start to realize your module.

It seems xiaomi.eu works differently than the ROMs this module is supposed to be used on. I'll try to search more to find something maybe

 

[Kacper Skrzypek]

I know that MIUI/HyperOS is closed source but I said that because I know xiaomi.eu (and certainly all Chinese MIUI/HyperOS ROMs) is based on AOSP which IS open source so maybe that part of the system could have been open source (and it's not so it's ok)...

If xiaomi.eu were AOSP-based, then very likely we wouldn't wait for Xiaomi to release their ROMs...