FORUMS

[INDEX] How to get Signature Spoofing support

361 posts
Thanks Meter: 300
 
Post Reply Email Thread
20th March 2020, 11:06 AM |#191  
kurtn's Avatar
Senior Member
Flag Small town in Bavaria
Thanks Meter: 1,263
 
More
Quote:
Originally Posted by vanbinsbergen

Hi,

I'm coming from [ROM][BETA][UNOFFICIAL] LineageOS 17.1 for Galaxy A70https://forum.xda-developers.com/gal...3989807/page19

Hence the question get too specific for that topic, i'm posting it here.

Everything went well so now it's time for Signature spoofing so microG can be installed.

But now i see this topic is years old and the guide Is a little out dated.

- Xposed guy has gone up in the wind as i understand. Back then he didn't support Android 10.
- As for all the Nanodroid patches, they don't work for Android 10.
- Haystack go's to android 9
- Needle mashes up magisk

There's also tingle. But that one doesn't have that much documentation to know if it's gonna work. https://github.com/ale5000-git/tingle

Anyone knows how to help Lingeage OS 17.1 users on a Samsung A70 to a Google victory?

Thanks!

Smali patcher
20th March 2020, 01:56 PM |#192  
Junior Member
Thanks Meter: 2
 
More
Thanks!!

Smali patcher states :


Quote:

CERTAIN PATCHES WILL NOT WORK WITH ANDROID 10, ANDROID 10 SUPPORT IS CONSIDERED ALPHA.. YOU HAVE BEEN WARNED.

Little scary to me. Anyone knows if the spoofing module works?

Thanks again. Victory is near
20th March 2020, 03:13 PM |#193  
kurtn's Avatar
Senior Member
Flag Small town in Bavaria
Thanks Meter: 1,263
 
More
Quote:
Originally Posted by vanbinsbergen

Thanks!!

Smali patcher states :




Little scary to me. Anyone knows if the spoofing module works?

Thanks again. Victory is near

Worked for me. More scary: people report the windows program makes strange internet connections. And the module is not restrictive concerning what apps to allow spoofing.
20th March 2020, 04:02 PM |#194  
Junior Member
Thanks Meter: 2
 
More
Quote:
Originally Posted by kurtn

Worked for me. More scary: people report the windows program makes strange internet connections. And the module is not restrictive concerning what apps to allow spoofing.

Yeah man. That's it with all the rooting developers. You need to trust them. I don't. It's a risk.

https://www.hybrid-analysis.com/samp...ironmentId=120

Incident Response
Risk Assessment
Fingerprint
Queries kernel debugger information
Reads the active computer name
Reads the cryptographic machine GUID
Evasive
Possibly tries to evade analysis by sleeping many times
Network Behavior
Contacts 4 hosts.
MITRE ATT&CK™ Techniques Detection
This report has 15 indicators that were mapped to 11 attack techniques and 9 tactics.

Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

Malicious Indicators4
External Systems
Sample was identified as malicious by at least one Antivirus engine
Network Related
Malicious artifacts seen in the context of a contacted host
Multiple malicious artifacts seen in the context of different hosts
Uses network protocols on unusual ports
Suspicious Indicators15
Anti-Detection/Stealthyness
Queries kernel debugger information
Anti-Reverse Engineering
Creates guarded memory regions (anti-debugging trick to avoid memory dumping)
PE file has unusual entropy sections
Environment Awareness
Possibly tries to evade analysis by sleeping many times
Reads the active computer name
Reads the cryptographic machine GUID
External Systems
Found an IP/URL artifact that was identified as malicious by at least one reputation engine
General
Reads configuration files
Installation/Persistance
Monitors specific registry key for changes
System Security
Modifies Software Policy Settings
Unusual Characteristics
Installs hooks/patches the running process
Reads information about supported languages
Hiding 3 Suspicious Indicators
All indicators are available only in the private webservice or standalone version
Informative15
Environment Awareness
Queries volume information
General
Accesses Software Policy Settings
Accesses System Certificates Settings
Contacts server
Contains PDB pathways
Creates mutants
Drops files marked as clean
Loads the .NET runtime environment
Installation/Persistance
Connects to LPC ports
Dropped files
Touches files in the Windows directory
Network Related
Found potential URL in binary/memory
System Security
Creates or modifies windows services
Opens the Kernel Security Device Driver (KsecDD) of Windows
Unusual Characteristics
Matched Compiler/Packer signature
File Details
All Details:
SmaliPatcher.exe
Filename
SmaliPatcher.exe
Size
961KiB (983552 bytes)
Type
peexe assembly executable
Description
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Architecture
WINDOWS
SHA256
d6300b7db5076e5a1c290b98dace01b42ffa01082ec24f3367 ef68b48a3380b9Copy SHA256 to clipboard
Compiler/Packer
Microsoft visual C# v7.0 / Basic .NET
PDB Timestamp
02/03/2019 10:32:44 (UTC)
PDB Pathway
C:\Users\Pauly\Documents\Visual Studio 2015\Projects\SmaliPatcher\obj\Release\SmaliPatche r.pdb
Resources
Language
NEUTRAL
Icon
Sample Icon
Visualization
Input File (PortEx)
PE Visualization
Version Info
Translation
0x0000 0x04b0
LegalCopyright
Copyright 2017
Assembly Version
0.0.3.7
InternalName
SmaliPatcher.exe
FileVersion
0.0.3.7
CompanyName
fOmey
LegalTrademarks
-
Comments
-
ProductName
SmaliPatcher
ProductVersion
0.0.3.7
FileDescription
SmaliPatcher
OriginalFilename
SmaliPatcher.exe
24th March 2020, 09:25 PM |#195  
Setialpha's Avatar
Senior Member
Flag Nürnberg
Thanks Meter: 5,644
 
Donate to Me
More
Quote:
Originally Posted by vanbinsbergen

Hi,

I'm coming from [ROM][BETA][UNOFFICIAL] LineageOS 17.1 for Galaxy A70https://forum.xda-developers.com/gal...3989807/page19

Hence the question get too specific for that topic, i'm posting it here.

Everything went well so now it's time for Signature spoofing so microG can be installed.

But now i see this topic is years old and the guide Is a little out dated.

- Xposed guy has gone up in the wind as i understand. Back then he didn't support Android 10.
- As for all the Nanodroid patches, they don't work for Android 10.
- Haystack go's to android 9
- Needle mashes up magisk

There's also tingle. But that one doesn't have that much documentation to know if it's gonna work. https://github.com/ale5000-git/tingle

Anyone knows how to help Lingeage OS 17.1 users on a Samsung A70 to a Google victory?

Thanks!

NanoDroid Patcher is a frontend for Haystack, just for your information. So they have the same compat level.
24th March 2020, 09:47 PM |#196  
Junior Member
Thanks Meter: 2
 
More
Thanks mate,

For everyone who's reading: signature proofing can also be done with SMALI PATCHER

---------- Post added at 09:47 PM ---------- Previous post was at 09:47 PM ----------

Thanks mate,

For everyone who's reading: signature proofing can also be done with SMALI PATCHER
Post Reply Subscribe to Thread

Tags
custom roms, microg, signature faking, signature spoofing

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes