Cannot pass strong integrity because of XiaomiEU Injector?


AlfaX said:
[ro.product.system_ext.model]: [AOSP on ARM64]

I suppose this is a lie then...
Click to expand...
It comes from Qualcomm/Xiaomi, we don't change it...
1723627808973.png
 
Yes, you are not right. Everything regarding MIUI/HyperOS base is closed source, we don't have any access to Xiaomi sources. Even if system_ext is based on AOSP, there are still many changes on Xiaomi's side (and it's not necessarily to be purely AOSP, Qualcomm also modifies AOSP code).
 
Kacper Skrzypek said:
Yes, you are not right. Everything regarding MIUI/HyperOS base is closed source, we don't have any access to Xiaomi sources. Even if system_ext is based on AOSP, there are still many changes on Xiaomi's side (and it's not necessarily to be purely AOSP, Qualcomm also modifies AOSP code).
Click to expand...
I didn't say it was open source, I said it is based on AOSP which is true, you even said it yourself. I didn't say it was AOSP without any modifications obviously
 
Igor Eisberg said:
Nope, patching engineGetCertificateChain is required and I'm not about to add "persist.sys.pixelprops.pi", this prop has nothing to do with our ROM.
Also, the fact that you said "if source built" means you don't even know that MIUI/HyperOS-based ROMs are not built from source (it doesn't publicly exist).
I'll reiterate what I said: We provide the ROMs as-is, if you're trying to use a pirated keybox to pass Strong Integrity, have fun, we don't endorse it and definitely don't provide support for it. Adding that prop will imply that we endorse illegal usage of leaked keyboxes.
Click to expand...
Your comment makes no sense. Since trickystore works just fine on stock and it seems that XEU way of injecting a fingerprint is what messes up the usage of keyboxes. So you choose to endorse illegal use of fingerprint and condone the use of keyboxes? Kind of hypocritical.
 
  • Like
Reactions: timeholder, sh2dow and AlfaX
ekzeshka said:
Your comment makes no sense. Since trickystore works just fine on stock and it seems that XEU way of injecting a fingerprint is what messes up the usage of keyboxes. So you choose to endorse illegal use of fingerprint and condone the use of keyboxes? Kind of hypocritical.
Click to expand...
Yes, your ignorance is the reason you don't differentiate between these two things.
A build fingerprint is not a piece of copyrighted material that's cryptographically protected. It's completely exposed to the phone user.
A keybox is [supposed to be] a highly protected piece of data that should never reach the public's eyes, because its leakage means the devices that use it are exposed to malicious intrusion.
Do your homework before you reply, I'm not a teacher.

P.S. I asked ChatGPT to give a summary for why using a leaked keybox is essentially piracy, enjoy.
Using a leaked keybox from one phone on another can be considered a form of piracy or unauthorized access. The keybox contains cryptographic keys that are intended to secure a device's data and operations, and using it without proper authorization could be illegal. It can violate intellectual property laws and the terms of service or end-user license agreements set by the device manufacturer.

If you're exploring this topic for legitimate reasons, like security research, it's important to follow the proper legal channels, such as working under a responsible disclosure agreement or in a controlled, lawful environment.
Click to expand...
 
  • Like
Reactions: darki, kikmyaz, gogocar62 and 2 others
Igor Eisberg said:
Yes, your ignorance is the reason you don't differentiate between these two things.
Click to expand...
Thank you for the lesson, I understand the difference just fine. No one's asking you to include leaked keyboxes in your build, just so it works the same way as in stock ROM. After that it's up to users to do as they please and no concern of yours.
 
  • Like
Reactions: timeholder and Coziness9968
Yeah saw the other thread too and the props change does seem sketchy - what if G turns around and start blocking that prop. Might just become another rabbit hole from there. Totally see XEU's point - seems good thinking.

But maybe a middle ground is to just let the users decide what works? I mean with the dev branch being discontinued some users might be left strangled with the current non-stock way of removing DG's access. If G suddenly decides to push an update to GMS tomorrow removing passing device altogether it kinda would be extremely unfortunate for normal XEU users. Not a very professional opinion but just my two cents.
 
kikmyaz said:
But maybe a middle ground is to just let the users decide what works?
Click to expand...
That was always my point. For example, I was against adding the inject inside the ROM, but XEU did that, breaking some other stuff in the process even if you never use it and disable/delete it.
 
kikmyaz said:
Yeah saw the other thread too and the props change does seem sketchy - what if G turns around and start blocking that prop. Might just become another rabbit hole from there. Totally see XEU's point - seems good thinking.

But maybe a middle ground is to just let the users decide what works? I mean with the dev branch being discontinued some users might be left strangled with the current non-stock way of removing DG's access. If G suddenly decides to push an update to GMS tomorrow removing passing device altogether it kinda would be extremely unfortunate for normal XEU users. Not a very professional opinion but just my two cents.
Click to expand...
ekzeshka said:
That was always my point. For example, I was against adding the inject inside the ROM, but XEU did that, breaking some other stuff in the process even if you never use it and disable/delete it.
Click to expand...
Our only priority is unrooted users. If you're rooted, you can patch out anything you want and make a module out of it.
Any "solution" you can think of will eventually be blocked. That's why I was always against including ANY kind of workaround in the ROMs.
Oh, and if that would have affected the "popularity" of the ROM, I personally would not care, not trying to be a celebrity.
My solution to Google Pay not working has always been not using Google Pay. I can live with a card, I don't see the problem with that.
 
  • Like
Reactions: MeiGuddet and kikmyaz
Igor Eisberg said:
Our only priority is unrooted users. If you're rooted, you can patch out anything you want and make a module out of it.
Any "solution" you can think of will eventually be blocked. That's why I was always against including ANY kind of workaround in the ROMs.
Oh, and if that would have affected the "popularity" of the ROM, I personally would not care, not trying to be a celebrity.
My solution to Google Pay not working has always been not using Google Pay. I can live with a card, I don't see the problem with that.
Click to expand...
It's not only Google Wallet, there are many apps that requires Play Integrity, even ChatGPT for some reason.

If we're rooted, sure we can patch it and make a module, but we at least need to know where the problem comes from. FP is not an issue because it's included in the app (current one is for sailfish, just need to extract the apk to get the XML so no issue there). Now what's the issue? It's not a question of owing anything to rooted users, as you said, you don't owe us anything. It's a question of kindness.

Imagine being a stranger in a city for vacations and you're lost, you want to ask someone for directions but they reply to you "If you're here for your vacations I expect you to know where you're going" and go away, would you like this? They don't owe you to give directions but they sure can be kind and give you directions. If you're not being kind, you're being rude, which is exactly what you are to root users.

I hope you can understand that and that you don't treat strangers that asks for directions the same way you treat root users.
 
  • Like
  • Haha
Reactions: timeholder, mkcs121 and MeiGuddet
AlfaX said:
It's not only Google Wallet, there are many apps that requires Play Integrity, even ChatGPT for some reason.

If we're rooted, sure we can patch it and make a module, but we at least need to know where the problem comes from. FP is not an issue because it's included in the app (current one is for sailfish, just need to extract the apk to get the XML so no issue there). Now what's the issue? It's not a question of owing anything to rooted users, as you said, you don't owe us anything. It's a question of kindness.

Imagine being a stranger in a city for vacations and you're lost, you want to ask someone for directions but they reply to you "If you're here for your vacations I expect you to know where you're going" and go away, would you like this? They don't owe you to give directions but they sure can be kind and give you directions. If you're not being kind, you're being rude, which is exactly what you are to root users.

I hope you can understand that and that you don't treat strangers that asks for directions the same way you treat root users.
Click to expand...
This guy already pointed out where the incompatibility with Tricky Store happens.
xiaomi.eu

Future of Pixel Integrity (Google Pay, RCS chat, bank apps, etc.) and potential adaptations for the EU ROM

As we all know, Google's SafetyNet Team have been disabling the ability to fallback to device integrity for a range of devices recently. They promise to continue this trend until they completely phase out non hardware-backed attestation as per Shawn (@shawnwillden on X) which can happen as early...
xiaomi.eu xiaomi.eu
 
Igor Eisberg said:
Our only priority is unrooted users. If you're rooted, you can patch out anything you want and make a module out of it.
Any "solution" you can think of will eventually be blocked. That's why I was always against including ANY kind of workaround in the ROMs.
Oh, and if that would have affected the "popularity" of the ROM, I personally would not care, not trying to be a celebrity.
My solution to Google Pay not working has always been not using Google Pay. I can live with a card, I don't see the problem with that.
Click to expand...
Thank you! This makes total sense. Actually I used to be an unrooted XEU user who only got on here because of the niceties that come with having things debloated while still being able to use my bank (which detects root sadly). However, the apps started crashing like crazy since three months ago because of the whole debacle with this play integrity. From stuff I read on xda and what the google engineers are saying on twitter, it seemed this will only get worse. Could we not please just fully rid ourselves of the half-working workarounds like how it used to be?

When the old injected fps expired I had to repeatedly temporarily root and then get shamiko and pif to get around these issues - at this point it seems we might as well just resort to external methods as the sources all say the fps won't last us very long. I had a think about this last month and was going to get on the weeklies to do this more easily, but they were just recently discontinued. I wonder if there could be another way out here?
 
Last edited:
Basically it seems unfair on the devs for having to deal with this stuff at all, and you end up upsetting innocent users when things broke too. Just seems to be a lose-lose situation where it'd have been way better to just set the users' expectation straight from the beginning.

I mean... I bet most of the people had to go through the trouble of BL unlock to get here. Surely won't be that hard for them to understand google won't certify ROMs not originated from the OEM? Unless we were trying to make a case to compete with Xiaomi's ROMs here.
 
kikmyaz said:
please just fully rid ourselves of the half-working workarounds like how it used to be?
Click to expand...
I just hope the devs do it before EOL of my device or I'll be stuck with a broken Play Integrity without a way of fixing it myself because of the way XEU has implemented a workaround. With the only option of switching to other ROM of course. If they don't want to mess with PI, keyboxes and Google, that's completely fine by me. I even welcome this, I'd rather have a clean ROM instead of having to disable inject after install. My only hope is they don't break what's not broken.
 
  • Like
Reactions: kikmyaz
ekzeshka said:
I just hope the devs do it before EOL of my device or I'll be stuck with a broken Play Integrity without a way of fixing it myself because of the way XEU has implemented a workaround. With the only option of switching to other ROM of course. If they don't want to mess with PI, keyboxes and Google, that's completely fine by me. I even welcome this, I'd rather have a clean ROM instead of having to disable inject after install. My only hope is they don't break what's not broken.
Click to expand...
You don't represent the majority of our users who are not interested in messing with root.
And again, you do have a way of "fixing" it if you patch the framework JAR yourself.
"I'd rather have a clean ROM", but you still root? That makes no sense.
In any case, the fate of our Play Integrity workaround is not in my hands.
I'm not the one who benefits from spoofing Play Integrity or bootloader unlock status.
 
  • Like
  • Haha
  • Sad
Reactions: xMarvin732, Bec de Xorbin, kikmyaz and 1 other person
Pepitp said:
If it can help someone https://droidwin.com/how-to-pass-strong-integrity-on-unlocked-bootloader-root/
Click to expand...
Unfortunately, your link does not have much to do with the topic discussed here.

Your link describes the normal way of using trickystore and playintegrity fix to get STRONG integrity.

But that is not the point here. xiaomi.eu uses a proprietary patch to get DEVICE integrity, which prevents the way shown here from working.

The way you described only works on xiaomi.eu by removing this patch from framework.jar.
 
  • Like
Reactions: ekzeshka and AlfaX
Hey guys, chill. I am just thinking what if Xiaomi.eu just do it like Crdroid and creating a toggle and keep it on for those who don't root so that those who root can still achieve strong integrity on their own? It's a win win situation and can save the developer time in the long run.

By the way, is sharing how to get strong integrity on EU ROM by modifying the jar permitted on Xiaomi.eu ROM forum?
 
kennethyha said:
Hey guys, chill. I am just thinking what if Xiaomi.eu just do it like Crdroid and creating a toggle and keep it on for those who don't root so that those who root can still achieve strong integrity on their own? It's a win win situation and can save the developer time in the long run.

By the way, is sharing how to get strong integrity on EU ROM by modifying the jar permitted on Xiaomi.eu ROM forum?
Click to expand...
I don't think devs want to do this for some reason unfortunately... It would be really great though. Let's see if @Igor Eisberg changes his mind one day.

Sharing how to get strong integrity here might not be permitted but it would be on XDA I guess. (Mind sharing in PM if you come up with anything? ;) )
 
AlfaX said:
I don't think devs want to do this for some reason unfortunately... It would be really great though. Let's see if @Igor Eisberg changes his mind one day.

Sharing how to get strong integrity here might not be permitted but it would be on XDA I guess. (Mind sharing in PM if you come up with anything? ;) )
Click to expand...
Just pmed you. Hope it helps!
 
  • Like
Reactions: AlfaX
AlfaX said:
Sharing how to get strong integrity here might not be permitted ...
Click to expand...
Because the only legal way to do that is stock ROM + locked bootloader.
The non-legal way requires using a leaked keybox, which is piracy.
I don't see why I should "change my mind" on something I don't even consider ethical practice.
The ethical way to fight abusive policies by companies like Google, is to boycott the affected services and apps.
 
  • Like
Reactions: JiaiJ
You must log in or register to reply here.
Top Bottom
Back