• We are moving to xdaforums.com!

    Posts made between now and when the migration is complete will not be carried over.
    You will be automatically redirected once the migration is complete.

[Android 12 / LineageOS 19.1] Manual patch to services.jar for signature spoofing

Search This thread
By:
Advanced…
Aqq123

Aqq123

Senior Member
Aug 27, 2009
291
351
Google Nexus 4
Nexus 7
ahmadmahmood2048 said:
i applied the guide you wrote for lineage os 19.1 s10e (or so I think) [...] I pasted yours and repackaged it with the packaging code you wrote above (only apktool2 does not work for me, it works as apktool, does that cause the problem?) and I added the system to fremework and restarted the device once the device turned on but micro g and spoofing checker apk shows signature patch not applied and on the 2nd reboot, it naturally enters the bootloop as you said. [...]

1. why did my patch to original smali fail (bootloop even on first boot)?
2. Why isn't the smali file you provided spoofing?
3. The file you gave does not bootloop the 1st time, but it does it for the 2nd time. What should I do to fully understand the above fix code?
Click to expand...
Click to collapse
Always use the latest APK Tool, which is currently the 2.x.x series. I named it apktool2 since I also keep the last apktool from the 1.x.x series for legacy systems.

If the patch doesn't work for you, you can create your own by running a diff between the decompiled services.jar from the official LineageOS and the one from LineageOS for MicroG (preferably around the same date to minimize other differences). That's how I got this patch, which still worked for me on lemonadep as of 2022-12-27 (last build before the device was switched to LOS 20). Mind you, there will be other differences like resource IDs, which you shouldn't change, so the scope of the patch has to be adjusted manually. But from the rest of your post, it seems like it works in the end?

Once you have the recompiled services.jar, copy it to your device and run dex2oat on it to generate the two files: services.odex and services.vdex. Place them in the correct location on the /system partition. Make sure the permissions match the other files in the same location. Delete any equivalent system.jar cache files from /data/dalvik-cache/ since they'll prevent your device from booting.

I think this is all covered in the OP step-by-step already, not sure what else can be said. Maybe if you already booted the device the 1st time, you can skip running dex2oat and directly move and rename the OAT cache files from /data/ to /system/.

Not sure what went wrong but note that even when there is an issue and the screen is black, it's just the Android Runtime crashing, so you can still ADB into the system (if you had it set up beforehand) and run adb root, adb shell stop, apply any fixes, and adb shell start to immediately check if they work. You can also run adb logcat during boot to see what exactly is failing.

To make signature spoofing work, you also have to install the SignatureSpoofing.apk "app" (it's not really an app since it doesn't have any code, just a declaration of this permission). It's attached to the OP. Have you installed it?

This just gives you signature spoofing support, installing MicroG takes a couple of extra steps as well (installing APKs and granting them permissions). If you install system priv-apps but don't grant them the required permissions, the device will also bootloop. It can be tricky to get it all right the first time. You really need to be able to get such information from adb logcat yourself if you want to set it all up it on your own. Once you get it partly running though, the MicroG app has an excellent self-check feature to see what's missing.

Setting this all up is another thing altogether, and not covered here. For starters, if you want to learn it, I suggest comparing the system, system_ext and product partitions of LOS and LOS for MicroG. You can then use the same files they're using (plus the SignatureSpoofing.apk which is not required in LOS for MicroG). In particular take a look at the configuration files that go into etc/default-permissions, etc/permissions and etc/sysconfig on the respective partitions.

Or maybe you can try the NanoDroid installer: https://github.com/Nanolx/NanoDroid
 
  • Like
Reactions: kullanici32
ahmadmahmood2048

ahmadmahmood2048

New member
Nov 18, 2022
3
1
Aqq123 said:
Always use the latest APK Tool, which is currently the 2.x.x series. I named it apktool2 since I also keep the last apktool from the 1.x.x series for legacy systems.

If the patch doesn't work for you, you can create your own by running a diff between the decompiled services.jar from the official LineageOS and the one from LineageOS for MicroG (preferably around the same date to minimize other differences). That's how I got this patch, which still worked for me on lemonadep as of 2022-12-27 (last build before the device was switched to LOS 20). Mind you, there will be other differences like resource IDs, which you shouldn't change, so the scope of the patch has to be adjusted manually. But from the rest of your post, it seems like it works in the end?

Once you have the recompiled services.jar, copy it to your device and run dex2oat on it to generate the two files: services.odex and services.vdex. Place them in the correct location on the /system partition. Make sure the permissions match the other files in the same location. Delete any equivalent system.jar cache files from /data/dalvik-cache/ since they'll prevent your device from booting.

I think this is all covered in the OP step-by-step already, not sure what else can be said. Maybe if you already booted the device the 1st time, you can skip running dex2oat and directly move and rename the OAT cache files from /data/ to /system/.

Not sure what went wrong but note that even when there is an issue and the screen is black, it's just the Android Runtime crashing, so you can still ADB into the system (if you had it set up beforehand) and run adb root, adb shell stop, apply any fixes, and adb shell start to immediately check if they work. You can also run adb logcat during boot to see what exactly is failing.

To make signature spoofing work, you also have to install the SignatureSpoofing.apk "app" (it's not really an app since it doesn't have any code, just a declaration of this permission). It's attached to the OP. Have you installed it?

This just gives you signature spoofing support, installing MicroG takes a couple of extra steps as well (installing APKs and granting them permissions). If you install system priv-apps but don't grant them the required permissions, the device will also bootloop. It can be tricky to get it all right the first time. You really need to be able to get such information from adb logcat yourself if you want to set it all up it on your own. Once you get it partly running though, the MicroG app has an excellent self-check feature to see what's missing.

Setting this all up is another thing altogether, and not covered here. For starters, if you want to learn it, I suggest comparing the system, system_ext and product partitions of LOS and LOS for MicroG. You can then use the same files they're using (plus the SignatureSpoofing.apk which is not required in LOS for MicroG). In particular take a look at the configuration files that go into etc/default-permissions, etc/permissions and etc/sysconfig on the respective partitions.

Or maybe you can try the NanoDroid installer: https://github.com/Nanolx/NanoDroid
Click to expand...
Click to collapse
Thank you very much. very descriptive information indeed. but i'm a bit unfamiliar with this stuff, anyway now i will try to compare LOS4MicroG with the official version, then i will learn how dex2oat works and update my apktool,
i hope i can do something on this way by myself, anyway thank you very much for your help :)

kurtn said:
My problem with xposed (LSPosed) is not resource usage but security doubt.

Anyways: you can build lineage4microg yourself.
Click to expand...
Click to collapse
actually i mean it is a security problem for me too, many settings need to be opened root, zygisk and lsposed. without opening them and i am looking for a safe way and i hope i succeed :)
 
  • Like
Reactions: Aqq123
idGEN

idGEN

New member
Feb 11, 2023
1
0
hi, need to ask something

follow ur tutorial with samsung n xiaomi official rom for bypassmock.
working and can use for spooflocation after edit some method at service.jar original
but the problem is like ur post, after 2nd boot stuck and bootloop.
any advice? should service.jar signed or something? how to do that

thanks
 
Aqq123

Aqq123

Senior Member
Aug 27, 2009
291
351
Google Nexus 4
Nexus 7
idGEN said:
but the problem is like ur post, after 2nd boot stuck and bootloop.
any advice? should service.jar signed or something?
Click to expand...
Click to collapse
It's all in the OP:
Aqq123 said:
One More Thing

For Android 12, an extra step is critical to ensure no bootloop on subsequent boot (2nd and then on), since oat_file_manager.cc now includes a check if OAT (.odex/.vdex) files are loaded from "trusted" locations only (effectively, the /system partition). You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:

dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex

The .vdex file will be created as well (these files already exist but should be overwritten, check the timestamps or you might want to delete them beforehand just to be sure). If you skip this step, the device will boot the 1st time but then the optimization files will be generated and saved in /data/dalvik-cache/. On any subsequent boot, an attempt to load these files from an "untrusted" location by the system will throw a fatal error and the Zygote process will die with the message: "Executing untrusted code from [...]". If you somehow find yourself in this predicament, delete the following files and reboot to temporarily make it work one more time:

/data/dalvik-cache/arm64/system@[email protected]@classes.dex
/data/dalvik-cache/arm64/system@[email protected]@classes.vdex
Click to expand...
Click to collapse
Have you done any of this? What does the log say?
Renate said:
Probably the patch massacred the smali file?
Click to expand...
Click to collapse
On 2nd boot?
 
Aqq123

Aqq123

Senior Member
Aug 27, 2009
291
351
Google Nexus 4
Nexus 7
Aqq123 said:
For Android 12, an extra step is critical to ensure no bootloop on subsequent boot (2nd and then on)
Click to expand...
Click to collapse
Since a couple of people have had issues with this, I'll try to explain what's going on here in more detail. Maybe the following helps:

The background
  • Android runtime (ART) uses cache to execute the virtual machine (Dalvik/"Java") code faster.
  • This is called ahead-of-time optimization (OAT).
  • The cache for system apps and the system itself is generated at build time. It is preinstalled on the system partition.
  • Any remaining cache (such as for user apps) is generated when needed. It is saved on the (user) data partition.
  • This is transparent to the user except you might notice a newly-installed app takes longer to run the 1st time (and a lot of messages about it if you check the logs).
What happens when you modify the system
  • When you modify a system APK or JAR, any prebuilt cache for it stored on the system partition (that came as part of the installation image) is no longer valid.
  • Any missing cache files for a system component are then generated and saved on the data partition to be reused.
Why this is an issue
  • The "cache" is actually precompiled code, which comes with all the caveats. For system components, it runs with system privileges.
  • If you have write access to where the cache is stored, you could craft a special file to execute completely different code with the privileges of any installed app, and make it do whatever you want.
  • If the cache for a system app is read from the data partition (which the user can modify), it means one could execute arbitrary code with the privileges of any system app, thus bypassing the Android security model.
  • So with Android 12 there is now a boot-time check that makes the Android runtime fail to start if any cache for system components is read from an "untrusted" location, such as the data partition.
What this means for anyone who wants to modify code on the system partition

Two things:
  1. First, you need to delete any cache for system components from the data partition. This guarantees the system will boot one more time (and generate these cache files again while doing so).
  2. Second, you need to place all the required cache files on the system partition, so that they are never generated automatically and placed on the data partition. This solves the problem completely and ensures the system will boot every time from then on (or if it doesn't, it's not for this reason anymore).
Hope this is useful to understand what has to be done. As for how to do it, see the One More Thing section of the OP.
 
  • Like
Reactions: kullanici32
K

kullanici32

Senior Member
Dec 24, 2019
195
67
İstanbul
Samsung Galaxy Star
Samsung Galaxy S7 Edge
finally... i've been trying to figure out how to do it occasionally since this post was posted, and i've finally figured out how to do it by repeatedly reading the posts here. now i can use micro g signature spoofing with official lineage os 19.1.

very very thanks @Aqq123

quote:
You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:

dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex

i just don't understand how to run this dex2oat
I can only boot once for now.
Then I can delete the part you said from the data cache and restart it.
how do i run dex2oat for this services.jar? termux? adb shell? Or is it another way?
 
  • Like
Reactions: Aqq123
Aqq123

Aqq123

Senior Member
Aug 27, 2009
291
351
Google Nexus 4
Nexus 7
kullanici32 said:
i just don't understand how to run this dex2oat
I can only boot once for now.
Then I can delete the part you said from the data cache and restart it.
how do i run dex2oat for this services.jar? termux? adb shell? Or is it another way?
Click to expand...
Click to collapse
It's an executable on the device. So adb shell is fine. Terminal should also work if you don't mind the typing.

If you already have these files though (booted once), it should be enough to rename and move them to the right location.

Either way, when you're done make sure the permissions allow them to be read by anyone (chmod 644 /system/framework/oat/arm64/services.*) and that the owner and group are correct (chown 0.0 /system/framework/oat/arm64/services.*). And you're good to go.
 
  • Like
Reactions: kullanici32
K

kullanici32

Senior Member
Dec 24, 2019
195
67
İstanbul
Samsung Galaxy Star
Samsung Galaxy S7 Edge
Aqq123 said:
It's an executable on the device. So adb shell is fine. Terminal should also work if you don't mind the typing.

If you already have these files though (booted once), it should be enough to rename and move them to the right location.

Either way, when you're done make sure the permissions allow them to be read by anyone (chmod 644 /system/framework/oat/arm64/services.*) and that the owner and group are correct (chown 0.0 /system/framework/oat/arm64/services.*). And you're good to go.
Click to expand...
Click to collapse
It had occurred to me to replace the optimization files created in the 1st boot with the ones in the system. but the file sizes were quite different, the odex file was 40 mb the newly formed file was 160 kb, the vdex 281 kb the newly formed file was 19 mb. I gave up on changing them. but now I said you can replace the files in this system with newly created files, I tried and it worked, now I can forge signature without any problem, I will try to do it in one ui in the future. And finally, I would like to thank you once again for this topic. see you later...
 
  • Like
Reactions: Aqq123
K

kullanici32

Senior Member
Dec 24, 2019
195
67
İstanbul
Samsung Galaxy Star
Samsung Galaxy S7 Edge
@Aqq123 i bother you again... sorry...

Now I'm trying for one UI, but how can I add the codes in the services.diff file from the place shown in the picture? I added the top 2 big patch codes and the device shows signature spoof permission. do you have any solution? If I can add all the code in services.diff to the right place, I think it will work in one ui 4.1
Ekran Görüntüsü (32).png Screenshot_20230214_001609_microG Services Core.jpgScreenshot_20230214_003607_Permission controller.jpg
 

Attachments

  • Screenshot_20230214_001617_microG Services Core.jpg
    Screenshot_20230214_001617_microG Services Core.jpg
    464.2 KB · Views: 31
Last edited:
Aqq123

Aqq123

Senior Member
Aug 27, 2009
291
351
Google Nexus 4
Nexus 7
kullanici32 said:
Now I'm trying for one UI, but how can I add the codes in the services.diff file from the place shown in the picture? I added the top 2 big patch codes and the device shows signature spoof permission. do you have any solution?
Click to expand...
Click to collapse
This patch is for LOS. I think for Samsung's One UI you might need something different altogether unfortunately.

Coming up with an edit like this from scratch as a .smali file is non-trivial.

What I'd do is find an older patched version of Samsung's services.jar. Then find an unpatched clean version matching the same build. Or maybe find a DexPatcher patch for Samsung and patch a version of services.jar on which it still worked (Android 11?). Either way, decompile and compare the two. This should get you started where the patch should go.

As far as I recall, Samsung changes the Package Manager code too much from vanilla.
 
TheRealModder

TheRealModder

Senior Member
Sep 2, 2018
627
614
Hello, i have a question that somehow relates to this Signature Spoofing thread but it's not about Signature Spoofing, it's about Signature Verification.

You guys have a guide for disabling signature verification on Android 12 and up? SmaliPatcher is no no way since it didn't get updated for months, and the forbidden lucky tool didn't work. Tried to do the Android 10 way of disabling signature verification but, it does not work and after a second boot, i got a bootloop. and i guess now i know why the phone got bootloop the second time i rebooted the phone because of this thread.

And no, i didn't want to use corepatch since i need the signature verification patch baked into the rom.

Sorry for the out-of-topic question but, i've been searching for signature verification patch for android 12 and up on xda, and the only thing shows up is corepatch, corepatch and corepatch.
 
kurtn

kurtn

Senior Member
Jan 28, 2017
5,061
2,284
Small town in Bavaria
POCO M2 Pro
OnePlus Nord N10 5G
TheRealModder said:
Hello, i have a question that somehow relates to this Signature Spoofing thread but it's not about Signature Spoofing, it's about Signature Verification.

You guys have a guide for disabling signature verification on Android 12 and up? SmaliPatcher is no no way since it didn't get updated for months, and the forbidden lucky tool didn't work. Tried to do the Android 10 way of disabling signature verification but, it does not work and after a second boot, i got a bootloop. and i guess now i know why the phone got bootloop the second time i rebooted the phone because of this thread.

And no, i didn't want to use corepatch since i need the signature verification patch baked into the rom.

Sorry for the out-of-topic question but, i've been searching for signature verification patch for android 12 and up on xda, and the only thing shows up is corepatch, corepatch and corepatch.
Click to expand...
Click to collapse
You are talking about app signatures and their verification when installing updates? That's far out of this topic.
 
Aqq123

Aqq123

Senior Member
Aug 27, 2009
291
351
Google Nexus 4
Nexus 7
fbalder18 said:
@Aqq123 , do you think that your approach can still work for Android 13? I have Windows Subsystem for Android 2307.40000.3.0 and want to integrate microG. How to get services.diff and services_replace.zip for A13?
Click to expand...
Click to collapse
It should work but you need to make your own .diff. The easiest way to do so is by comparing the decompiled services.jar from both the regular LineageOS and LineageOS for MicroG. You can then apply the said .diff directly.

In this scenario, you do not use services_replace.zip at all.
 
Q

q2n

Senior Member
Jun 4, 2010
113
30
Rather than allowing signature spoofing across the board, is it possible to allow only the necessary MicroG file(s)?

Given that MicroG fits with Lineage's core mission so much better than the Google-provided files, how has MicroG not been worked in as the default? (...which would make all the extra work here obsolete, though thank you for doing it.)
 
You must log in or register to reply here.

Similar threads

Snoop05
[OFFICIAL][TOOL][WINDOWS] ADB, Fastboot and Drivers - 15 seconds ADB Installer v1.4.3
Replies
2K
Views
7M
Z
zlaer
shimp208
[TOOL]Minimal ADB and Fastboot [2-9-18]
Replies
976
Views
5M
Sysop_PNW
Sysop_PNW
zeppelinrox
  • Poll
[V6U9RC13]For Your Lag(4x) Do it good, Good, GOOD, GOOD! SuperCharge Your Launchaaah!
Replies
24K
Views
7M
rodken
rodken
B
[UTIL][WIN][MT65xx] MTK Droid Root & Tools | MediaTek Android Smartphone
Replies
2K
Views
2M
ZG089
ZG089
L
[APK] Seeder 2.0.0 entropy generator to provide significant lag reduction
Replies
4K
Views
3M
rirozizo
rirozizo

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 1
    K
    kullanici32
    JessyGlory said:
    please tell me clearly..i have already booted once but unable to create services.odex,services.vdex in system parttion ..i could see only optimization files in data /dalvik-cache and deleted those files for rebooting the system ..Please help me out how to create odex,vdex files in system partition ..thank you
    Click to expand...
    Click to collapse
    As far as I remember,
    You should put the file created for dalvik (dex vdex files) in this location.
    In other words, boot once and add the resulting optimization files there:
    system/framework/oat/arm64/services.odex

    And as far as I remember, this was the location of the resulting optimization files:
    /data/dalvik-cache/arm64/system@[email protected]@classes.dex
    /data/dalvik-cache/arm64/system@[email protected]@classes.vdex

    and I deleted these complicated texts and made the other one services.dex and the other one services.vdex, and added them here:
    system/framework/oat/arm64/services.odex change this, with dalvik optimization file
    system/framework/oat/arm64/services.vdex change this, with dalvik optimization file


    But like I said, I don't remember exactly
    View
    1
    K
    kullanici32
    kurtn said:
    We are talking in circles. One ui is the samsung stock rom. You have magisk? Go the fakegapos route.
    Click to expand...
    Click to collapse
    Ah, I guess we didn't communicate fully, I can already upload it, So I don't need any help.
    Only the old versions of micro g were not functional (the sign in with google buttons in the applications were not working) That's why I didn't use it.

    but now the update has arrived and it says it will work, I just installed it now but I haven't tried it yet. Anyway, I don't have any problems with the installation right now, I just wish we had patched the framework instead of the module and had a working function, it would have been great, I wouldn't have used it with root and lsposed.
    View
  • 5
    Aqq123
    Aqq123
    I haven't seen this shared anywhere but it's really quite straightforward if you know what you're doing. Maybe it helps someone to post it here. The next section is only for completeness, feel free to skip past it to get to the gist of it.

    Background

    Android by design depends for full functionality on Google services. These are normally provided by a proprietary application package com.google.android.gms. MicroG is an open-source replacement for Google services, allowing the user to take advantage of working notifications, location backends, installer, and other essential services, without compromising privacy and giving Google a backdoor to your device.

    To operate properly, MicroG needs the ability to pretend it is the actual Google services application package, signed by Google. Hence the need for signature spoofing.

    Official LineageOS builds do not include the ability to spoof signatures. Thus, using LineageOS with MicroG takes extra steps such as building patched LineageOS locally (a resource-consuming endeavor), or taking advantage of the LineageOS for MicroG builds helpfully provided in collaboration with the MicroG team (which however, due to resource constraints, are updated less often and lag behind the official builds).

    A third solution is to patch an already-built system at installation time. This was initially implemented with Needle by souramoo, forked and improved upon as Tingle by @ale5000, which eventually inspired a wholly different approach with DexPatcher by @Lanchon, a tool allowing flexible patching of Dalvik executables, in particular services.jar, where signature spoofing is commonly implemented. Relevant patches for DexPatcher were authored by Lanchon himself up to Android 9. Later on, @oF2pks picked up the work to provide patches for Android 11.

    Unfortunately, no such patch to be used with DexPatcher has existed from Android 12 onwards. One other option includes installing the FakeGApps Xposed module as forked and updated by whiz-inc. While it's great it exists, and the author's work should be appreciated, it's a complication and an unnecessary burden in many scenarios to depend on Xposed (and thus Magisk and LSPosed or the like) as a prerequisite for the patch to work. It's also worth it to be aware that the implementation makes it less secure than the traditional signature spoofing method.

    The DexPatcher approach has several advantages. The patch can be more flexible and continues to apply as the underlying code changes. In comparison, the simple approach presented here is much more primitive and might require readjustment as new versions emerge over time. However it might still be good to know it works.

    This way you can use the latest official LineageOS with MicroG, and update at will, as soon as new builds become available.

    Patching

    This is not a walkthrough, and I'm not going to explain everything step-by-step. Rather, the purpose is to give you the general idea what to do, which you can then adjust to your specific use case.
    • Obtain the file services.jar to patch. For example:
      • Pull it from your device: adb pull /system/framework/services.jar – or –
      • Extract it from a LineageOS image: payload-dumper-go -p system payload.bin and imgextractor system.img
    • Extract the file with APK Tool: apktool2 d -o services services.jar
    • Make the changes that allow signature spoofing. Either:
      • Apply the patch attached to this post: patch -i services.diff -p0 – or –
      • As of current LOS 19.1 builds (Nov 2022), you can just replace the single file: smali_classes2/com/android/server/pm/PackageManagerService$ComputerEngine.smali with the one attached to this post.
        Note: this might not always hold in the future. You might even need to apply the patch manually if the source changes too much. Either approach works for now.
    • Recompile the modified framework: apktool2 b -c -f -o services.jar services
      Note: This will overwrite the original services.jar. The -c flag to APK Tool is important as it keeps all the original META-INF inside it intact.
    • Copy services.jar over to the device: adb push services.jar /system/framework/ and you probably also have to adjust the permissions accordingly
    This approach should work for any Android version in principle, although the exact patch might differ. However, since better options exist for Android 11 and below, you are probably interested in applying this to Android 12 or higher only.

    One More Thing

    For Android 12, an extra step is critical to ensure no bootloop on subsequent boot (2nd and then on), since oat_file_manager.cc now includes a check if OAT (.odex/.vdex) files are loaded from "trusted" locations only (effectively, the /system partition). You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:

    dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex

    The .vdex file will be created as well (these files already exist but should be overwritten, check the timestamps or you might want to delete them beforehand just to be sure). If you skip this step, the device will boot the 1st time but then the optimization files will be generated and saved in /data/dalvik-cache/. On any subsequent boot, an attempt to load these files from an "untrusted" location by the system will throw a fatal error and the Zygote process will die with the message: "Executing untrusted code from [...]". If you somehow find yourself in this predicament, delete the following files and reboot to temporarily make it work one more time:

    /data/dalvik-cache/arm64/system@[email protected]@classes.dex
    /data/dalvik-cache/arm64/system@[email protected]@classes.vdex

    Further Steps

    These are not all the required steps to install MicroG on an official LineageOS installation. You still want to, in particular:
    • Install at least the main MicroG app (GmsCore) and a dummy signature spoofing APK (also attached to this post) as priv-apps
    • Set up the priv-app permissions accordingly – otherwise you'll get a bootloop
    • Likely also install FakeStore, Aurora Store/F-Droid, and location backends of your choice, etc.
    However: this is a simple solution to perhaps the most cumbersome aspect of signature spoofing. It's not necessary to resort to Xposed modules to get it working on Android 12, or to depend on a special build with the spoofing patched in at compilation time.

    Credit: The patch .smali code has been reverse-engineered from the spoofing patch for LineageOS for MicroG builds.
    View
    2
    Renate
    Renate
    fbalder18 said:
    I'm still stuck.
    Click to expand...
    Click to collapse
    Damn, this is screwed up.
    It's 35°C here and I have to figure out what regression error crept in.
    Hold on...

    Edit: So I'm an idjit.
    That comes of typing Smali annotations by hand.
    Try this:
    View
    2
    kurtn
    kurtn
    ahmadmahmood2048 said:
    hi, @Aqq123 i applied the guide you wrote for lineage os 19.1 s10e (or so I think),

    your attached:
    I opened the PackageManagerService$ComputerEngine.smali file with notepad++,
    .method private static applyFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;Landroid/content/pm/PackageInfo;Ljava/util/Set;)Landroid/content/pm/PackageInfo;

    .method private static getRequestedFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;)Ljava/lang/String;

    I copied the code to where it says .end method and pasted it anywhere in my services.jar.

    I deleted the next text where it says generatePackageInfo( and added the code that says applyFakeSignature( after it), and saved it and repackaged it as you said above.

    I put it in the phone's memory and gave rw r r permissions in the system fremework with root explorer and restarted it. but the system went into bootloop.


    I did a lineage os install from scratch after failing here.
    I copied the PackageManagerService$ComputerEngine.smali file you provided,
    I deleted the original PackageManagerService$ComputerEngine.sma in services.jar.

    I pasted yours and repackaged it with the packaging code you wrote above (only apktool2 does not work for me, it works as apktool, does that cause the problem?) and I added the system to fremework and restarted the device once the device turned on but micro g and spoofing checker apk shows signature patch not applied .
    and on the 2nd reboot, it naturally enters the bootloop as you said.
    i didn't understand how to implement the following path, if i did that it wouldn't go into bootloop.

    QUOTE: You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:

    dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex

    now i have 3 questions:
    1. why did my patch to original smali fail (bootloop even on first boot)?
    2. Why isn't the smali file you provided spoofing?
    3. The file you gave does not bootloop the 1st time, but it does it for the 2nd time. What should I do to fully understand the above fix code?
    Click to expand...
    Click to collapse
    Use lineage.microg.org
    View
    2
    Aqq123
    Aqq123
    Renate said:
    Now, I can't be bothered to figure out the intent of what the single line modifications to generatePackageInfo() do.
    If somebody can post what the finished product should look like...
    Click to expand...
    Click to collapse
    It's all in the first post, inside services_replace.zip. Java source is available as well:
    Aqq123 said:
    Credit: The patch .smali code has been reverse-engineered from the spoofing patch for LineageOS for MicroG builds.
    Click to expand...
    Click to collapse
    View
    1
    Aqq123
    Aqq123
    kullanici32 said:
    How can I manually edit this file? because the attached file is 288kb and the one in samsung is 390kb.
    so how do i open this file and where do i patch it?
    Click to expand...
    Click to collapse
    Of course. The patch is against current LOS 19.1, and this is the only situation where you can replace the whole .smali file instead of reapplying the patch. On other flavors of Android you'd have to redo the equivalent manually. In some cases it might even take a different patch altogether.

    These are all text files. Just use any text editor, preferably with syntax highlighting, such as Notepad++. First look at services.diff. This is the code you want to add.

    Now, in the APK you decompiled, look for where .method public final generatePackageInfo(Lcom/android/server/pm/PackageSetting;II)Landroid/content/pm/PackageInfo; is defined. The patch works by adding two private methods:
    • .method private static applyFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;Landroid/content/pm/PackageInfo;Ljava/util/Set;)Landroid/content/pm/PackageInfo;
    • .method private static getRequestedFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;)Ljava/lang/String;
    These can really be added anywhere but preferably within the same .smali file.

    Finally, you change the code for generatePackageInfo(...) accordingly so that: (1) signature faking is added (OR-ed) to computed permissions for apps that have this permission granted, and the fake signature is returned where applicable instead of the actual one with applyFakeSignature(...).

    Maybe it's easier to understand if you look at the original code, not the decompiled one: https://github.com/lineageos4microg..._patches/android_frameworks_base-S.patch#L128 This is why I linked to it in the top post.

    Again, I don't know anything about Samsung One UI. The implementation might be different. So another approach would be to find a version of Samsung's services.jar patched for signature spoofing (possibly for an earlier version of Android) and decompile it to see how it's done there.
    View

New posts