[Android 12 / LineageOS 19.1] Manual patch to services.jar for signature spoofing

Search This thread
By:
Advanced…
Aqq123

Aqq123

Senior Member
Aug 27, 2009
288
346
Google Nexus 4
Nexus 7
I haven't seen this shared anywhere but it's really quite straightforward if you know what you're doing. Maybe it helps someone to post it here. The next section is only for completeness, feel free to skip past it to get to the gist of it.

Background

Android by design depends for full functionality on Google services. These are normally provided by a proprietary application package com.google.android.gms. MicroG is an open-source replacement for Google services, allowing the user to take advantage of working notifications, location backends, installer, and other essential services, without compromising privacy and giving Google a backdoor to your device.

To operate properly, MicroG needs the ability to pretend it is the actual Google services application package, signed by Google. Hence the need for signature spoofing.

Official LineageOS builds do not include the ability to spoof signatures. Thus, using LineageOS with MicroG takes extra steps such as building patched LineageOS locally (a resource-consuming endeavor), or taking advantage of the LineageOS for MicroG builds helpfully provided in collaboration with the MicroG team (which however, due to resource constraints, are updated less often and lag behind the official builds).

A third solution is to patch an already-built system at installation time. This was initially implemented with Needle by souramoo, forked and improved upon as Tingle by @ale5000, which eventually inspired a wholly different approach with DexPatcher by @Lanchon, a tool allowing flexible patching of Dalvik executables, in particular services.jar, where signature spoofing is commonly implemented. Relevant patches for DexPatcher were authored by Lanchon himself up to Android 9. Later on, @oF2pks picked up the work to provide patches for Android 11.

Unfortunately, no such patch to be used with DexPatcher has existed from Android 12 onwards. One other option includes installing the FakeGApps Xposed module as forked and updated by whiz-inc. While it's great it exists, and the author's work should be appreciated, it's a complication and an unnecessary burden in many scenarios to depend on Xposed (and thus Magisk and LSPosed or the like) as a prerequisite for the patch to work. It's also worth it to be aware that the implementation makes it less secure than the traditional signature spoofing method.

The DexPatcher approach has several advantages. The patch can be more flexible and continues to apply as the underlying code changes. In comparison, the simple approach presented here is much more primitive and might require readjustment as new versions emerge over time. However it might still be good to know it works.

This way you can use the latest official LineageOS with MicroG, and update at will, as soon as new builds become available.

Patching

This is not a walkthrough, and I'm not going to explain everything step-by-step. Rather, the purpose is to give you the general idea what to do, which you can then adjust to your specific use case.
  • Obtain the file services.jar to patch. For example:
    • Pull it from your device: adb pull /system/framework/services.jar – or –
    • Extract it from a LineageOS image: payload-dumper-go -p system payload.bin and imgextractor system.img
  • Extract the file with APK Tool: apktool2 d -o services services.jar
  • Make the changes that allow signature spoofing. Either:
    • Apply the patch attached to this post: patch -i services.diff -p0 – or –
    • As of current LOS 19.1 builds (Nov 2022), you can just replace the single file: smali_classes2/com/android/server/pm/PackageManagerService$ComputerEngine.smali with the one attached to this post.
      Note: this might not always hold in the future. You might even need to apply the patch manually if the source changes too much. Either approach works for now.
  • Recompile the modified framework: apktool2 b -c -f -o services.jar services
    Note: This will overwrite the original services.jar. The -c flag to APK Tool is important as it keeps all the original META-INF inside it intact.
  • Copy services.jar over to the device: adb push services.jar /system/framework/ and you probably also have to adjust the permissions accordingly
This approach should work for any Android version in principle, although the exact patch might differ. However, since better options exist for Android 11 and below, you are probably interested in applying this to Android 12 or higher only.

One More Thing

For Android 12, an extra step is critical to ensure no bootloop on subsequent boot (2nd and then on), since oat_file_manager.cc now includes a check if OAT (.odex/.vdex) files are loaded from "trusted" locations only (effectively, the /system partition). You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:

dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex

The .vdex file will be created as well (these files already exist but should be overwritten, check the timestamps or you might want to delete them beforehand just to be sure). If you skip this step, the device will boot the 1st time but then the optimization files will be generated and saved in /data/dalvik-cache/. On any subsequent boot, an attempt to load these files from an "untrusted" location by the system will throw a fatal error and the Zygote process will die with the message: "Executing untrusted code from [...]". If you somehow find yourself in this predicament, delete the following files and reboot to temporarily make it work one more time:

/data/dalvik-cache/arm64/[email protected][email protected]@classes.dex
/data/dalvik-cache/arm64/[email protected][email protected]@classes.vdex

Further Steps

These are not all the required steps to install MicroG on an official LineageOS installation. You still want to, in particular:
  • Install at least the main MicroG app (GmsCore) and a dummy signature spoofing APK (also attached to this post) as priv-apps
  • Set up the priv-app permissions accordingly – otherwise you'll get a bootloop
  • Likely also install FakeStore, Aurora Store/F-Droid, and location backends of your choice, etc.
However: this is a simple solution to perhaps the most cumbersome aspect of signature spoofing. It's not necessary to resort to Xposed modules to get it working on Android 12, or to depend on a special build with the spoofing patched in at compilation time.

Credit: The patch .smali code has been reverse-engineered from the spoofing patch for LineageOS for MicroG builds.
 

Attachments

  • services.diff
    8.7 KB · Views: 109
  • services_replace.zip
    30.1 KB · Views: 69
  • SignatureSpoofing.apk
    4.8 KB · Views: 81
  • Like
Reactions: kullanici32, JedidroidX and kurtn
K

kullanici32

Senior Member
Dec 24, 2019
178
61
İstanbul
Samsung Galaxy Star
Samsung Galaxy S7 Edge
Aqq123 said:
Patching

This is not a walkthrough, and I'm not going to explain everything step-by-step. Rather, the purpose is to give you the general idea what to do, which you can then adjust to your specific use case.
  • Obtain the file services.jarto patch. For example:
    • Pull it from your device: adb pull /system/framework/services.jar – or –
    • Extract it from a LineageOS image: payload-dumper-go -p system payload.bin and imgextractor system.img
Click to expand...
Click to collapse
can i do this method for android 12 one ui 4.1 s10e? it says extract lineage os from system image but how do i do that in one ui?
 
Aqq123

Aqq123

Senior Member
Aug 27, 2009
288
346
Google Nexus 4
Nexus 7
kullanici32 said:
can i do this method for android 12 one ui 4.1 s10e? it says extract lineage os from system image but how do i do that in one ui?
Click to expand...
Click to collapse
I don't know anything about Samsung but try here:
forum.xda-developers.com

[TUTORIAL] How to Edit Unpack & Repack Samsung system.img or system.img.ext4

Follow https://stackoverflow.com/questions/58541074/how-to-unpack-modify-pack-and-flash-system-img-ext4-file-using-odin a) Modifying With simg2img system.img.ext4 system.img, you will get a raw image file named system.img With mkdir system...
forum.xda-developers.com forum.xda-developers.com

Alternatively you can just take services.jar from a live (running) system.
 
kurtn

kurtn

Senior Member
Jan 28, 2017
4,858
2,181
Small town in Bavaria
POCO M2 Pro
kullanici32 said:
due to some dysfunctions and design change, I will debloat one UI 4.1 and turn off google and samsung services in the back and make it like lineage os as much as possible, but the main services I use will be samsung applications. so i have a dream :)
Click to expand...
Click to collapse
I've seen people doing similar things on android 12
forum.xda-developers.com

Signature Spoofing on unsuported Android 11 (R) Roms

How to get Signature Spoofing working on Android 11 (R) Roms that have no support for Signature Spoofing? In my Case here I use a Samsung Galaxy S8 with an unofficial LineageOS 18.1 (Android 11) by stricted I use TWRP recovery but this should...
forum.xda-developers.com forum.xda-developers.com
 
K

kullanici32

Senior Member
Dec 24, 2019
178
61
İstanbul
Samsung Galaxy Star
Samsung Galaxy S7 Edge
kurtn said:
I've seen people doing similar things on android 12
forum.xda-developers.com

Signature Spoofing on unsuported Android 11 (R) Roms

How to get Signature Spoofing working on Android 11 (R) Roms that have no support for Signature Spoofing? In my Case here I use a Samsung Galaxy S8 with an unofficial LineageOS 18.1 (Android 11) by stricted I use TWRP recovery but this should...
forum.xda-developers.com forum.xda-developers.com
Click to expand...
Click to collapse
because once you use samsung software, you can't quit. (of course debloated) I have used my phone without root until now, only by disabling system applications. now I'm trying to remove as much samsung/google as possible from the system or whatever services are unnecessary for me, I will do just like micro g for lineage os, the only difference is by using quality applications such as gallery phone application, because lineage os is very lousy.
 
K

kullanici32

Senior Member
Dec 24, 2019
178
61
İstanbul
Samsung Galaxy Star
Samsung Galaxy S7 Edge
Aqq123 said:
As of current LOS 19.1 builds (Nov 2022), you can just replace the single file: smali_classes2/com/android/server/pm/PackageManagerService$ComputerEngine.smali with the one attached to this post.
Note: this might not always hold in the future. You might even need to apply the patch manually if the source changes too much. Either approach works for now
Click to expand...
Click to collapse
How can I manually edit this file? because the attached file is 288kb and the one in samsung is 390kb.
so how do i open this file and where do i patch it?
 

Attachments

  • OneUI4.1_S10ePackageManagerService$ComputerEngine.zip
    50.3 KB · Views: 11
Aqq123

Aqq123

Senior Member
Aug 27, 2009
288
346
Google Nexus 4
Nexus 7
kullanici32 said:
How can I manually edit this file? because the attached file is 288kb and the one in samsung is 390kb.
so how do i open this file and where do i patch it?
Click to expand...
Click to collapse
Of course. The patch is against current LOS 19.1, and this is the only situation where you can replace the whole .smali file instead of reapplying the patch. On other flavors of Android you'd have to redo the equivalent manually. In some cases it might even take a different patch altogether.

These are all text files. Just use any text editor, preferably with syntax highlighting, such as Notepad++. First look at services.diff. This is the code you want to add.

Now, in the APK you decompiled, look for where .method public final generatePackageInfo(Lcom/android/server/pm/PackageSetting;II)Landroid/content/pm/PackageInfo; is defined. The patch works by adding two private methods:
  • .method private static applyFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;Landroid/content/pm/PackageInfo;Ljava/util/Set;)Landroid/content/pm/PackageInfo;
  • .method private static getRequestedFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;)Ljava/lang/String;
These can really be added anywhere but preferably within the same .smali file.

Finally, you change the code for generatePackageInfo(...) accordingly so that: (1) signature faking is added (OR-ed) to computed permissions for apps that have this permission granted, and the fake signature is returned where applicable instead of the actual one with applyFakeSignature(...).

Maybe it's easier to understand if you look at the original code, not the decompiled one: https://github.com/lineageos4microg..._patches/android_frameworks_base-S.patch#L128 This is why I linked to it in the top post.

Again, I don't know anything about Samsung One UI. The implementation might be different. So another approach would be to find a version of Samsung's services.jar patched for signature spoofing (possibly for an earlier version of Android) and decompile it to see how it's done there.
 
  • Like
Reactions: kullanici32
K

kullanici32

Senior Member
Dec 24, 2019
178
61
İstanbul
Samsung Galaxy Star
Samsung Galaxy S7 Edge
Aqq123 said:
Now, in the APK you decompiled, look for where .method public final generatePackageInfo(Lcom/android/server/pm/PackageSetting;II)Landroid/content/pm/PackageInfo; is defined.
Click to expand...
Click to collapse
orignal services.png


  • .method private static applyFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;Landroid/content/pm/PackageInfo;Ljava/util/Set;)Landroid/content/pm/PackageInfo;
  • .method private static getRequestedFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;)Ljava/lang/String;

I just write this code you say?
Or should I search for the code you provided in services.diff and copy the places marked in blue and copy the entire blue one into my original compiled file?



1..png 2..png

Aqq123 said:
Finally, you change the code for generatePackageInfo(...) accordingly so that: (1) signature faking is added (OR-ed) to computed permissions for apps that have this permission granted, and the fake signature is returned where applicable instead of the actual one with applyFakeSignature(...).
Click to expand...
Click to collapse
I hardly understand what you mean here.
i'm a bit of a novice :)




EDİT:


mark.png
I added the blue parts after I found the red part, now I'll compile and test (I've probably missed something, but I'll have a look)



EDİT2:

generatePackageInfo

I searched for the code you said, but there were 3-4 (there was 1 that continued as L, and I deleted the one in this picture)
fakesignature original.png

and i replaced it with this

fakesignature.png


I'll compile it now, probably won't, but...
This is the first time I've been in such a complicated business. :D




EDİT3: (FİXED EDİT 4 I went inside the extracted folder and solved this problem now it keeps compiling)
It gives such an error, why? (apktool2 command didn't work when extracting the file, it worked when I made apktool, ignore it) but now when recompiling it gives an error as in the picture.

pathnotexist.png



EDİT5:
smalierror.png
such an error???

EDİT6:
now that this did not happen, after extracting the jar file, I packed it again without making any changes, the original 30 mb file decreased to 20 mb and transferred to the device with mtp, then I copied it with root browser, the device system ui restarted and opened, the permissions were something like rw rw rw, maybe rw rw is Then I rebooted but the phone bootlooped. that is, if I decompile the original file and repackage it without doing anything else, it breaks down. :/
 
Last edited:
J

JedidroidX

Senior Member
Jan 30, 2015
182
67
Aqq123 said:
I haven't seen this shared anywhere but it's really quite straightforward if you know what you're doing. Maybe it helps someone to post it here. The next section is only for completeness, feel free to skip past it to get to the gist of it.

Background

Android by design depends for full functionality on Google services. These are normally provided by a proprietary application package com.google.android.gms. MicroG is an open-source replacement for Google services, allowing the user to take advantage of working notifications, location backends, installer, and other essential services, without compromising privacy and giving Google a backdoor to your device.

To operate properly, MicroG needs the ability to pretend it is the actual Google services application package, signed by Google. Hence the need for signature spoofing.

Official LineageOS builds do not include the ability to spoof signatures. Thus, using LineageOS with MicroG takes extra steps such as building patched LineageOS locally (a resource-consuming endeavor), or taking advantage of the LineageOS for MicroG builds helpfully provided in collaboration with the MicroG team (which however, due to resource constraints, are updated less often and lag behind the official builds).

A third solution is to patch an already-built system at installation time. This was initially implemented with Needle by souramoo, forked and improved upon as Tingle by @ale5000, which eventually inspired a wholly different approach with DexPatcher by @Lanchon, a tool allowing flexible patching of Dalvik executables, in particular services.jar, where signature spoofing is commonly implemented. Relevant patches for DexPatcher were authored by Lanchon himself up to Android 9. Later on, @oF2pks picked up the work to provide patches for Android 11.

Unfortunately, no such patch to be used with DexPatcher has existed from Android 12 onwards. One other option includes installing the FakeGApps Xposed module as forked and updated by whiz-inc. While it's great it exists, and the author's work should be appreciated, it's a complication and an unnecessary burden in many scenarios to depend on Xposed (and thus Magisk and LSPosed or the like) as a prerequisite for the patch to work. It's also worth it to be aware that the implementation makes it less secure than the traditional signature spoofing method.

The DexPatcher approach has several advantages. The patch can be more flexible and continues to apply as the underlying code changes. In comparison, the simple approach presented here is much more primitive and might require readjustment as new versions emerge over time. However it might still be good to know it works.

This way you can use the latest official LineageOS with MicroG, and update at will, as soon as new builds become available.

Patching

This is not a walkthrough, and I'm not going to explain everything step-by-step. Rather, the purpose is to give you the general idea what to do, which you can then adjust to your specific use case.
  • Obtain the file services.jarto patch. For example:
    • Pull it from your device: adb pull /system/framework/services.jar – or –
    • Extract it from a LineageOS image: payload-dumper-go -p system payload.bin and imgextractor system.img
  • Extract the file with APK Tool: apktool2 d -o services services.jar
  • Make the changes that allow signature spoofing. Either:
    • Apply the patch attached to this post: patch -i services.diff -p0 – or –
    • As of current LOS 19.1 builds (Nov 2022), you can just replace the single file: smali_classes2/com/android/server/pm/PackageManagerService$ComputerEngine.smali with the one attached to this post.
      Note: this might not always hold in the future. You might even need to apply the patch manually if the source changes too much. Either approach works for now.
  • Recompile the modified framework: apktool2 b -c -f -o services.jar services
    Note: This will overwrite the original services.jar. The -c flag to APK Tool is important as it keeps all the original META-INF inside it intact.
  • Copy services.jar over to the device: adb push services.jar /system/framework/ and you probably also have to adjust the permissions accordingly
This approach should work for any Android version in principle, although the exact patch might differ. However, since better options exist for Android 11 and below, you are probably interested in applying this to Android 12 or higher only.

One More Thing

For Android 12, an extra step is critical to ensure no bootloop on subsequent boot (2nd and then on), since oat_file_manager.cc now includes a check if OAT (.odex/.vdex) files are loaded from "trusted" locations only (effectively, the /system partition). You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:

dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex

The .vdex file will be created as well (these files already exist but should be overwritten, check the timestamps or you might want to delete them beforehand just to be sure). If you skip this step, the device will boot the 1st time but then the optimization files will be generated and saved in /data/dalvik-cache/. On any subsequent boot, an attempt to load these files from an "untrusted" location by the system will throw a fatal error and the Zygote process will die with the message: "Executing untrusted code from [...]". If you somehow find yourself in this predicament, delete the following files and reboot to temporarily make it work one more time:

/data/dalvik-cache/arm64/[email protected][email protected]@classes.dex
/data/dalvik-cache/arm64/[email protected][email protected]@classes.vdex

Further Steps

These are not all the required steps to install MicroG on an official LineageOS installation. You still want to, in particular:
  • Install at least the main MicroG app (GmsCore) and a dummy signature spoofing APK (also attached to this post) as priv-apps
  • Set up the priv-app permissions accordingly – otherwise you'll get a bootloop
  • Likely also install FakeStore, Aurora Store/F-Droid, and location backends of your choice, etc.
However: this is a simple solution to perhaps the most cumbersome aspect of signature spoofing. It's not necessary to resort to Xposed modules to get it working on Android 12, or to depend on a special build with the spoofing patched in at compilation time.

Credit: The patch .smali code has been reverse-engineered from the spoofing patch for LineageOS for MicroG builds.
Click to expand...
Click to collapse
I followed your steps for my OnePlus 8T on Lineage 19.1 and the signature spoofing app says disabled. When recompiling the system.jar with the new file copy and pasted in classes 2 the new system.jar is smaller than the original. Perhaps there is the issue with spoofing. Any information on this matter is much appreciated. Thank you for a great post btw.

Below is the attachment recompiled, perhaps some one else maybe interested in giving it a try or to just examine and find where the error may exist or to conclude it's my own error in recompiling.
 
Last edited:
kurtn

kurtn

Senior Member
Jan 28, 2017
4,858
2,181
Small town in Bavaria
POCO M2 Pro
JedidroidX said:
I followed your steps for my OnePlus 8T on Lineage 19.1 and the signature spoofing app says disabled. When recompiling the system.jar with the new file copy and pasted in classes 2 the new system.jar is smaller than the original. Perhaps there is the issue with spoofing. Any information on this matter is much appreciated. Thank you for a great post btw.

Below is the attachment recompiled, perhaps some one else maybe interested in giving it a try or to just examine and find where the error may exist or to conclude it's my own error in recompiling.
Click to expand...
Click to collapse
Don't use signature spoofing app. The only relevant measure of success is microG self-check. Use an installer to make microG a system app.
 
Aqq123

Aqq123

Senior Member
Aug 27, 2009
288
346
Google Nexus 4
Nexus 7
JedidroidX said:
I followed your steps for my OnePlus 8T on Lineage 19.1 and the signature spoofing app says disabled. When recompiling the system.jar with the new file copy and pasted in classes 2 the new system.jar is smaller than the original. Perhaps there is the issue with spoofing. Any information on this matter is much appreciated. Thank you for a great post btw.

Below is the attachment recompiled, perhaps some one else maybe interested in giving it a try or to just examine and find where the error may exist or to conclude it's my own error in recompiling.
Click to expand...
Click to collapse
I don't see any attachment (seems you edited your post) but I guess you recompiled it fine. If you didn't, the device would have ended up in a bootloop (Zygote process wouldn't start), so you'd definitely know. It should be services.jar though, not * system.jar, so maybe you didn't install it properly? Smaller file size is expected, since the repackaged version uses stronger compression as a ZIP file, so nothing to worry about. Again, if there's any problem with the modified services.jar, the device wouldn't get past the boot animation.

I'm not sure what you mean exactly by "signature spoofing app says disabled." It's not an actual app: it doesn't have any code, and won't show up in Launcher. Its only purpose is to add this permission. That being said, if you go into: SettingsAppsSee all ... apps → ⋮ → Show systemSignature Spoofing, there should be a button saying Disable (meaning it's enabled now), and not Enable (which would mean it were disabled at the time). Also, if you go further from that screen into PermissionsAdditional permissionsSignature spoofing it should say Allow for this app, and when you click See all apps with this permission, it should show microG Services Core there as Allowed. If you set it up well this is all done automatically with the configuration files, you shouldn't have to go through the settings to change anything via the UI.

As I wrote in the original post, additional steps are required to fully set up MicroG, which is really outside the scope of this thread. These are, for the most part, the same steps as if you were using oF2pks's patch for Android 11 with Lanchon's DexPatcher except more recently you also have to add android.permission.MANAGE_USB to com.gooogle.android.gms (that is, MicroG Services Core) privapp-permissions, or you'll end up with a bootloop for a wholly different reason.

This topic is vast, and there are multiple ways to do it. Note that these should be installed as system apps, some of them as priv-apps, so there are many things that can go wrong. If you don't grant a priv-app all the required permissions through the configuration, now (as of Android 9 I think) you'll get a bootloop. For system apps, you also have to extract libraries (if any) from APKs and place them separately on the filesystem, and make sure you get the details right for the architecture: if you don't, you get... guess what (a bootloop). It's good to have a script automating all this: I have my own flashable ZIP specific to my needs but there are other more general solutions. Or, if you want to learn how to do this manually, one way would be to compare a vanilla LineageOS image with LineageOS for MicroG for the same device around the same build date and see what they are doing extra. On Windows you can use WinMerge to compare files and entire directory structures easily. But again, this is really outside the scope of this thread, which is about patching services.jar for signature spoofing support. No matter how you implement signature spoofing, you still have to figure out those other steps separately.
 
Aqq123

Aqq123

Senior Member
Aug 27, 2009
288
346
Google Nexus 4
Nexus 7
kurtn said:
Don't use signature spoofing app.
Click to expand...
Click to collapse
Actually, with this approach, Signature Spoofing app has to be used. This is to keep the patch as lean as possible (since it's easier to install a separate app rather than keep maintaining a more complicated patch).

It's not needed with LineageOS for MicroG, where it's already incorporated into the system (lines 1-82 in the patch): https://github.com/lineageos4microg...atches/android_frameworks_base-S.patch#L1-L82
 
  • Like
Reactions: kurtn
J

JedidroidX

Senior Member
Jan 30, 2015
182
67
Aqq123 said:
I don't see any attachment (seems you edited your post) but I guess you recompiled it fine. If you didn't, the device would have ended up in a bootloop (Zygote process wouldn't start), so you'd definitely know. It should be services.jar though, not * system.jar, so maybe you didn't install it properly? Smaller file size is expected, since the repackaged version uses stronger compression as a ZIP file, so nothing to worry about. Again, if there's any problem with the modified services.jar, the device wouldn't get past the boot animation.

I'm not sure what you mean exactly by "signature spoofing app says disabled." It's not an actual app: it doesn't have any code, and won't show up in Launcher. Its only purpose is to add this permission. That being said, if you go into: SettingsAppsSee all ... apps → ⋮ → Show systemSignature Spoofing, there should be a button saying Disable (meaning it's enabled now), and not Enable (which would mean it were disabled at the time). Also, if you go further from that screen into PermissionsAdditional permissionsSignature spoofing it should say Allow for this app, and when you click See all apps with this permission, it should show microG Services Core there as Allowed. If you set it up well this is all done automatically with the configuration files, you shouldn't have to go through the settings to change anything via the UI.

As I wrote in the original post, additional steps are required to fully set up MicroG, which is really outside the scope of this thread. These are, for the most part, the same steps as if you were using oF2pks's patch for Android 11 with Lanchon's DexPatcher except more recently you also have to add android.permission.MANAGE_USB to com.gooogle.android.gms (that is, MicroG Services Core) privapp-permissions, or you'll end up with a bootloop for a wholly different reason.

This topic is vast, and there are multiple ways to do it. Note that these should be installed as system apps, some of them as priv-apps, so there are many things that can go wrong. If you don't grant a priv-app all the required permissions through the configuration, now (as of Android 9 I think) you'll get a bootloop. For system apps, you also have to extract libraries (if any) from APKs and place them separately on the filesystem, and make sure you get the details right for the architecture: if you don't, you get... guess what (a bootloop). It's good to have a script automating all this: I have my own flashable ZIP specific to my needs but there are other more general solutions. Or, if you want to learn how to do this manually, one way would be to compare a vanilla LineageOS image with LineageOS for MicroG for the same device around the same build date and see what they are doing extra. On Windows you can use WinMerge to compare files and entire directory structures easily. But again, this is really outside the scope of this thread, which is about patching services.jar for signature spoofing support. No matter how you implement signature spoofing, you still have to figure out those other steps separately.
Click to expand...
Click to collapse
Yes sir, I meant the services.jar, silly me I was writing in a rush. Sorry about that confusion.

I will try again and post the result. I guess I will use the same services.jar, however the issue with optimization. I did reboot several times after flashing a cache optimization module for magisk after I adb the services.jar because I'm not familiar on how to do the optimization manually.

The optimization module did lead to magisk not loading the modules and only booted successfully due to magisk bootloop protector module.

Also to adjust permissions to 644 I presume is already in the recompiled services.jar? As I could not view what permission with mixplorer that it had.

Btw, the signature spoofing app is an app I downloaded from f- droid that just displays the signature spoofing status, if disabled or enabled and it says disabled. Again sorry about the confusing and thank you again for your great feedback.
 
Last edited:
K

kidronvalley

Senior Member
Apr 20, 2012
51
2
Hi,

would like to try on AOSP 12 GSI, installed over stock OOS10 On Nord (avicii).

@Aqq123 Do you think i can make it ? Any suggestion before starting ?

What about if i get service.jar from a GSI AOSP with google apps ? Maybe signature spoofing is altredy implemented there ?
 
K

kidronvalley

Senior Member
Apr 20, 2012
51
2
Hi @kurtn

thanks,
heh, this AOSP 12 vanilla from PHH treble seems not, at least, microg is not detecting it, and one specific banking app is failing to work.

EDITED: I solved all installing PHH trebvle A12 "floss" that has signature spoofing up and running.
 
Last edited:
ahmadmahmood2048

ahmadmahmood2048

New member
Nov 18, 2022
3
1
hi, @Aqq123 i applied the guide you wrote for lineage os 19.1 s10e (or so I think),

your attached:
I opened the PackageManagerService$ComputerEngine.smali file with notepad++,
.method private static applyFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;Landroid/content/pm/PackageInfo;Ljava/util/Set;)Landroid/content/pm/PackageInfo;

.method private static getRequestedFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;)Ljava/lang/String;

I copied the code to where it says .end method and pasted it anywhere in my services.jar.

I deleted the next text where it says generatePackageInfo( and added the code that says applyFakeSignature( after it), and saved it and repackaged it as you said above.

I put it in the phone's memory and gave rw r r permissions in the system fremework with root explorer and restarted it. but the system went into bootloop.


I did a lineage os install from scratch after failing here.
I copied the PackageManagerService$ComputerEngine.smali file you provided,
I deleted the original PackageManagerService$ComputerEngine.sma in services.jar.

I pasted yours and repackaged it with the packaging code you wrote above (only apktool2 does not work for me, it works as apktool, does that cause the problem?) and I added the system to fremework and restarted the device once the device turned on but micro g and spoofing checker apk shows signature patch not applied .
and on the 2nd reboot, it naturally enters the bootloop as you said.
i didn't understand how to implement the following path, if i did that it wouldn't go into bootloop.

QUOTE: You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:

dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex

now i have 3 questions:
1. why did my patch to original smali fail (bootloop even on first boot)?
2. Why isn't the smali file you provided spoofing?
3. The file you gave does not bootloop the 1st time, but it does it for the 2nd time. What should I do to fully understand the above fix code?
 
kurtn

kurtn

Senior Member
Jan 28, 2017
4,858
2,181
Small town in Bavaria
POCO M2 Pro
ahmadmahmood2048 said:
hi, @Aqq123 i applied the guide you wrote for lineage os 19.1 s10e (or so I think),

your attached:
I opened the PackageManagerService$ComputerEngine.smali file with notepad++,
.method private static applyFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;Landroid/content/pm/PackageInfo;Ljava/util/Set;)Landroid/content/pm/PackageInfo;

.method private static getRequestedFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;)Ljava/lang/String;

I copied the code to where it says .end method and pasted it anywhere in my services.jar.

I deleted the next text where it says generatePackageInfo( and added the code that says applyFakeSignature( after it), and saved it and repackaged it as you said above.

I put it in the phone's memory and gave rw r r permissions in the system fremework with root explorer and restarted it. but the system went into bootloop.


I did a lineage os install from scratch after failing here.
I copied the PackageManagerService$ComputerEngine.smali file you provided,
I deleted the original PackageManagerService$ComputerEngine.sma in services.jar.

I pasted yours and repackaged it with the packaging code you wrote above (only apktool2 does not work for me, it works as apktool, does that cause the problem?) and I added the system to fremework and restarted the device once the device turned on but micro g and spoofing checker apk shows signature patch not applied .
and on the 2nd reboot, it naturally enters the bootloop as you said.
i didn't understand how to implement the following path, if i did that it wouldn't go into bootloop.

QUOTE: You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:

dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex

now i have 3 questions:
1. why did my patch to original smali fail (bootloop even on first boot)?
2. Why isn't the smali file you provided spoofing?
3. The file you gave does not bootloop the 1st time, but it does it for the 2nd time. What should I do to fully understand the above fix code?
Click to expand...
Click to collapse
Use lineage.microg.org
 
  • Like
Reactions: ahmadmahmood2048 and Aqq123
You must log in or register to reply here.

Similar threads

shimp208
[TOOL]Minimal ADB and Fastboot [2-9-18]
Replies
971
Views
5M
V0latyle
V0latyle
zeppelinrox
  • Poll
[V6U9RC13]For Your Lag(4x) Do it good, Good, GOOD, GOOD! SuperCharge Your Launchaaah!
Replies
24K
Views
7M
-GREY
-GREY
B
[UTIL][WIN][MT65xx] MTK Droid Root & Tools | MediaTek Android Smartphone
Replies
2K
Views
2M
Anonymous V
Anonymous V
L
[APK] Seeder 2.0.0 entropy generator to provide significant lag reduction
Replies
4K
Views
2M
L
levin133
Chainfire
[ROOT EXPLOIT+PATCH][2012.12.19] ExynosAbuse APK v1.40
Replies
1K
Views
2M
D
djanielle

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 3
    Aqq123
    Aqq123
    I haven't seen this shared anywhere but it's really quite straightforward if you know what you're doing. Maybe it helps someone to post it here. The next section is only for completeness, feel free to skip past it to get to the gist of it.

    Background

    Android by design depends for full functionality on Google services. These are normally provided by a proprietary application package com.google.android.gms. MicroG is an open-source replacement for Google services, allowing the user to take advantage of working notifications, location backends, installer, and other essential services, without compromising privacy and giving Google a backdoor to your device.

    To operate properly, MicroG needs the ability to pretend it is the actual Google services application package, signed by Google. Hence the need for signature spoofing.

    Official LineageOS builds do not include the ability to spoof signatures. Thus, using LineageOS with MicroG takes extra steps such as building patched LineageOS locally (a resource-consuming endeavor), or taking advantage of the LineageOS for MicroG builds helpfully provided in collaboration with the MicroG team (which however, due to resource constraints, are updated less often and lag behind the official builds).

    A third solution is to patch an already-built system at installation time. This was initially implemented with Needle by souramoo, forked and improved upon as Tingle by @ale5000, which eventually inspired a wholly different approach with DexPatcher by @Lanchon, a tool allowing flexible patching of Dalvik executables, in particular services.jar, where signature spoofing is commonly implemented. Relevant patches for DexPatcher were authored by Lanchon himself up to Android 9. Later on, @oF2pks picked up the work to provide patches for Android 11.

    Unfortunately, no such patch to be used with DexPatcher has existed from Android 12 onwards. One other option includes installing the FakeGApps Xposed module as forked and updated by whiz-inc. While it's great it exists, and the author's work should be appreciated, it's a complication and an unnecessary burden in many scenarios to depend on Xposed (and thus Magisk and LSPosed or the like) as a prerequisite for the patch to work. It's also worth it to be aware that the implementation makes it less secure than the traditional signature spoofing method.

    The DexPatcher approach has several advantages. The patch can be more flexible and continues to apply as the underlying code changes. In comparison, the simple approach presented here is much more primitive and might require readjustment as new versions emerge over time. However it might still be good to know it works.

    This way you can use the latest official LineageOS with MicroG, and update at will, as soon as new builds become available.

    Patching

    This is not a walkthrough, and I'm not going to explain everything step-by-step. Rather, the purpose is to give you the general idea what to do, which you can then adjust to your specific use case.
    • Obtain the file services.jar to patch. For example:
      • Pull it from your device: adb pull /system/framework/services.jar – or –
      • Extract it from a LineageOS image: payload-dumper-go -p system payload.bin and imgextractor system.img
    • Extract the file with APK Tool: apktool2 d -o services services.jar
    • Make the changes that allow signature spoofing. Either:
      • Apply the patch attached to this post: patch -i services.diff -p0 – or –
      • As of current LOS 19.1 builds (Nov 2022), you can just replace the single file: smali_classes2/com/android/server/pm/PackageManagerService$ComputerEngine.smali with the one attached to this post.
        Note: this might not always hold in the future. You might even need to apply the patch manually if the source changes too much. Either approach works for now.
    • Recompile the modified framework: apktool2 b -c -f -o services.jar services
      Note: This will overwrite the original services.jar. The -c flag to APK Tool is important as it keeps all the original META-INF inside it intact.
    • Copy services.jar over to the device: adb push services.jar /system/framework/ and you probably also have to adjust the permissions accordingly
    This approach should work for any Android version in principle, although the exact patch might differ. However, since better options exist for Android 11 and below, you are probably interested in applying this to Android 12 or higher only.

    One More Thing

    For Android 12, an extra step is critical to ensure no bootloop on subsequent boot (2nd and then on), since oat_file_manager.cc now includes a check if OAT (.odex/.vdex) files are loaded from "trusted" locations only (effectively, the /system partition). You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:

    dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex

    The .vdex file will be created as well (these files already exist but should be overwritten, check the timestamps or you might want to delete them beforehand just to be sure). If you skip this step, the device will boot the 1st time but then the optimization files will be generated and saved in /data/dalvik-cache/. On any subsequent boot, an attempt to load these files from an "untrusted" location by the system will throw a fatal error and the Zygote process will die with the message: "Executing untrusted code from [...]". If you somehow find yourself in this predicament, delete the following files and reboot to temporarily make it work one more time:

    /data/dalvik-cache/arm64/[email protected][email protected]@classes.dex
    /data/dalvik-cache/arm64/[email protected][email protected]@classes.vdex

    Further Steps

    These are not all the required steps to install MicroG on an official LineageOS installation. You still want to, in particular:
    • Install at least the main MicroG app (GmsCore) and a dummy signature spoofing APK (also attached to this post) as priv-apps
    • Set up the priv-app permissions accordingly – otherwise you'll get a bootloop
    • Likely also install FakeStore, Aurora Store/F-Droid, and location backends of your choice, etc.
    However: this is a simple solution to perhaps the most cumbersome aspect of signature spoofing. It's not necessary to resort to Xposed modules to get it working on Android 12, or to depend on a special build with the spoofing patched in at compilation time.

    Credit: The patch .smali code has been reverse-engineered from the spoofing patch for LineageOS for MicroG builds.
    View
    2
    kurtn
    kurtn
    ahmadmahmood2048 said:
    hi, @Aqq123 i applied the guide you wrote for lineage os 19.1 s10e (or so I think),

    your attached:
    I opened the PackageManagerService$ComputerEngine.smali file with notepad++,
    .method private static applyFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;Landroid/content/pm/PackageInfo;Ljava/util/Set;)Landroid/content/pm/PackageInfo;

    .method private static getRequestedFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;)Ljava/lang/String;

    I copied the code to where it says .end method and pasted it anywhere in my services.jar.

    I deleted the next text where it says generatePackageInfo( and added the code that says applyFakeSignature( after it), and saved it and repackaged it as you said above.

    I put it in the phone's memory and gave rw r r permissions in the system fremework with root explorer and restarted it. but the system went into bootloop.


    I did a lineage os install from scratch after failing here.
    I copied the PackageManagerService$ComputerEngine.smali file you provided,
    I deleted the original PackageManagerService$ComputerEngine.sma in services.jar.

    I pasted yours and repackaged it with the packaging code you wrote above (only apktool2 does not work for me, it works as apktool, does that cause the problem?) and I added the system to fremework and restarted the device once the device turned on but micro g and spoofing checker apk shows signature patch not applied .
    and on the 2nd reboot, it naturally enters the bootloop as you said.
    i didn't understand how to implement the following path, if i did that it wouldn't go into bootloop.

    QUOTE: You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:

    dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex

    now i have 3 questions:
    1. why did my patch to original smali fail (bootloop even on first boot)?
    2. Why isn't the smali file you provided spoofing?
    3. The file you gave does not bootloop the 1st time, but it does it for the 2nd time. What should I do to fully understand the above fix code?
    Click to expand...
    Click to collapse
    Use lineage.microg.org
    View
    1
    Aqq123
    Aqq123
    kullanici32 said:
    How can I manually edit this file? because the attached file is 288kb and the one in samsung is 390kb.
    so how do i open this file and where do i patch it?
    Click to expand...
    Click to collapse
    Of course. The patch is against current LOS 19.1, and this is the only situation where you can replace the whole .smali file instead of reapplying the patch. On other flavors of Android you'd have to redo the equivalent manually. In some cases it might even take a different patch altogether.

    These are all text files. Just use any text editor, preferably with syntax highlighting, such as Notepad++. First look at services.diff. This is the code you want to add.

    Now, in the APK you decompiled, look for where .method public final generatePackageInfo(Lcom/android/server/pm/PackageSetting;II)Landroid/content/pm/PackageInfo; is defined. The patch works by adding two private methods:
    • .method private static applyFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;Landroid/content/pm/PackageInfo;Ljava/util/Set;)Landroid/content/pm/PackageInfo;
    • .method private static getRequestedFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;)Ljava/lang/String;
    These can really be added anywhere but preferably within the same .smali file.

    Finally, you change the code for generatePackageInfo(...) accordingly so that: (1) signature faking is added (OR-ed) to computed permissions for apps that have this permission granted, and the fake signature is returned where applicable instead of the actual one with applyFakeSignature(...).

    Maybe it's easier to understand if you look at the original code, not the decompiled one: https://github.com/lineageos4microg..._patches/android_frameworks_base-S.patch#L128 This is why I linked to it in the top post.

    Again, I don't know anything about Samsung One UI. The implementation might be different. So another approach would be to find a version of Samsung's services.jar patched for signature spoofing (possibly for an earlier version of Android) and decompile it to see how it's done there.
    View
    1
    Aqq123
    Aqq123
    kurtn said:
    Don't use signature spoofing app.
    Click to expand...
    Click to collapse
    Actually, with this approach, Signature Spoofing app has to be used. This is to keep the patch as lean as possible (since it's easier to install a separate app rather than keep maintaining a more complicated patch).

    It's not needed with LineageOS for MicroG, where it's already incorporated into the system (lines 1-82 in the patch): https://github.com/lineageos4microg...atches/android_frameworks_base-S.patch#L1-L82
    View
    1
    Aqq123
    Aqq123
    ahmadmahmood2048 said:
    i applied the guide you wrote for lineage os 19.1 s10e (or so I think) [...] I pasted yours and repackaged it with the packaging code you wrote above (only apktool2 does not work for me, it works as apktool, does that cause the problem?) and I added the system to fremework and restarted the device once the device turned on but micro g and spoofing checker apk shows signature patch not applied and on the 2nd reboot, it naturally enters the bootloop as you said. [...]

    1. why did my patch to original smali fail (bootloop even on first boot)?
    2. Why isn't the smali file you provided spoofing?
    3. The file you gave does not bootloop the 1st time, but it does it for the 2nd time. What should I do to fully understand the above fix code?
    Click to expand...
    Click to collapse
    Always use the latest APK Tool, which is currently the 2.x.x series. I named it apktool2 since I also keep the last apktool from the 1.x.x series for legacy systems.

    If the patch doesn't work for you, you can create your own by running a diff between the decompiled services.jar from the official LineageOS and the one from LineageOS for MicroG (preferably around the same date to minimize other differences). That's how I got this patch, which still worked for me on lemonadep as of 2022-12-27 (last build before the device was switched to LOS 20). Mind you, there will be other differences like resource IDs, which you shouldn't change, so the scope of the patch has to be adjusted manually. But from the rest of your post, it seems like it works in the end?

    Once you have the recompiled services.jar, copy it to your device and run dex2oat on it to generate the two files: services.odex and services.vdex. Place them in the correct location on the /system partition. Make sure the permissions match the other files in the same location. Delete any equivalent system.jar cache files from /data/dalvik-cache/ since they'll prevent your device from booting.

    I think this is all covered in the OP step-by-step already, not sure what else can be said. Maybe if you already booted the device the 1st time, you can skip running dex2oat and directly move and rename the OAT cache files from /data/ to /system/.

    Not sure what went wrong but note that even when there is an issue and the screen is black, it's just the Android Runtime crashing, so you can still ADB into the system (if you had it set up beforehand) and run adb root, adb shell stop, apply any fixes, and adb shell start to immediately check if they work. You can also run adb logcat during boot to see what exactly is failing.

    To make signature spoofing work, you also have to install the SignatureSpoofing.apk "app" (it's not really an app since it doesn't have any code, just a declaration of this permission). It's attached to the OP. Have you installed it?

    This just gives you signature spoofing support, installing MicroG takes a couple of extra steps as well (installing APKs and granting them permissions). If you install system priv-apps but don't grant them the required permissions, the device will also bootloop. It can be tricky to get it all right the first time. You really need to be able to get such information from adb logcat yourself if you want to set it all up it on your own. Once you get it partly running though, the MicroG app has an excellent self-check feature to see what's missing.

    Setting this all up is another thing altogether, and not covered here. For starters, if you want to learn it, I suggest comparing the system, system_ext and product partitions of LOS and LOS for MicroG. You can then use the same files they're using (plus the SignatureSpoofing.apk which is not required in LOS for MicroG). In particular take a look at the configuration files that go into etc/default-permissions, etc/permissions and etc/sysconfig on the respective partitions.

    Or maybe you can try the NanoDroid installer: https://github.com/Nanolx/NanoDroid
    View

New posts