You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+10-10Lines changed: 10 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,7 +35,7 @@ You can fill out the included template [example.pif.prop](https://raw.githubuser
35
35
36
36
Note this is just a template with the current suggested default entries, but with this fork you can include as few or as many android.os.Build class fields and Android system properties as needed to pass DEVICE integrity now and in the future if the checks enforced by Play Integrity change.
37
37
38
-
As a general rule you can't use values from recent devices due to them only being allowed with full hardware backed attestation, but sets of these values can still be found which pass DEVICE integrity, and still others can also pass STRONG integrity when setup correctly (see the spoofing Advanced Settings section below). These are known as "private fingerprints" since widely publicly shared ones will get banned by Google. A script to extract a random latest Pixel Beta fingerprint is included with the module; see the autopif2 section below for usage and caveats, and expand the Resources below for information and scripts to help find a working private fingerprint.
38
+
As a general rule you can't use values from recent devices due to them only being allowed with full hardware backed attestation, but sets of these values can still be found which pass DEVICE integrity, and still others can also pass STRONG integrity when setup correctly (see the spoofing Advanced Settings section below). These are known as "private fingerprints" since widely publicly shared ones will get banned by Google. A script to extract a random latest Pixel Canary fingerprint is included with the module; see the autopif4 section below for usage and caveats, and expand the Resources below for information and scripts to help find a working private fingerprint.
39
39
40
40
The previous custom.pif.json format is still supported but no longer the default since prop is easier to use, and will not be force migrated to prop but may be migrated manually (see below). Older formatted custom.pif.json files from cross-forks and previous releases will be automatically migrated to the latest json format; simply ensure the filename is custom.pif.json and place it in the module directory before upgrading.
41
41
@@ -58,7 +58,7 @@ A migration may also be performed manually in the module directory with a custom
58
58
-[settings.sh](https://github.com/Vagelis1608/The-Pot/blob/main/pifork/settings.sh) - Script to change the PIFork Advanced Settings from the command line
59
59
60
60
- Apps:
61
-
-[FP BETA Checker](https://xdaforums.com/t/tricky-store-bootloader-keybox-spoofing.4683446/post-89754890) - Tasker App to check the estimated expiry of the Pixel Beta fingerprint and trigger autopif2.sh to update
61
+
-[FP BETA Checker](https://xdaforums.com/t/tricky-store-bootloader-keybox-spoofing.4683446/post-89754890) - Tasker App to check the estimated expiry of the Pixel Beta/Canary fingerprint and trigger autopif4.sh to update
62
62
-[spoofVendingSdk QSTile](https://xdaforums.com/t/tricky-store-bootloader-keybox-spoofing.4683446/post-90118016) - Tasker App to quickly toggle spoofVendingSdk on and off temporarily for PI verdict testing purposes
63
63
64
64
</details>
@@ -67,11 +67,11 @@ A migration may also be performed manually in the module directory with a custom
67
67
68
68
You can customize the included default [app_replace_list.txt](https://raw.githubusercontent.com/osm0sis/PlayIntegrityFork/refs/heads/main/module/app_replace_list.txt) then rename it to custom.app_replace_list.txt to systemlessly replace any additional conflicting custom ROM spoof injection app paths to disable them. Changes take effect after a reboot.
69
69
70
-
### About 'autopif2.sh' and 'killpi.sh' script files
70
+
### About 'autopif4.sh' and 'killpi.sh' script files
71
71
72
-
There's intentionally no pif.prop in the module because the goal remains to be futureproof, and including something that may be banned/expired within days of release would be contrary to that goal. If you don't care to have your own private fingerprint to use or don't have time to look for one currently (since very few remain) then simply run the generation script from a root manager app that supports the module Action button, or by running autopif2.sh with the `-s` or `--strong` arguments in a file explorer app or with `sh autopif2.sh --strong` in a root shell. For arm/x86 devices wget2 is required but may be installed via [addon module](https://xdaforums.com/t/tools-zips-scripts-osm0sis-odds-and-ends-multiple-devices-platforms.2239421/post-89991315).
72
+
There's intentionally no pif.prop in the module because the goal remains to be futureproof, and including something that may be banned/expired within days of release would be contrary to that goal. If you don't care to have your own private fingerprint to use or don't have time to look for one currently (since very few remain) then simply run the generation script from a root manager app that supports the module Action button, or by running autopif4.sh with the `-s` or `--strong` arguments in a file explorer app or with `sh autopif4.sh --strong` in a root shell.
73
73
74
-
The autopif2 script generates a random device fingerprint from the latest Pixel Beta, ideally only to test an initial setup, since they expire roughly every 6 weeks from the Pixel Beta release date (dates included in the generated fingerprint), and the public mass-used ones from other modules or custom ROMs may also get banned, or may be banned for RCS use while otherwise passing Play Integrity in that time. In addition, unfortunately Pixel Beta fingerprints have changed and can no longer pass DEVICE integrity, so can now only be used for STRONG integrity setups (see the spoofing Advanced Settings section below). Notable advanced command line arguments are: `-m` or `--match` matches the Pixel Beta fingerprint to the device when run on a current Pixel device; `-s` or `--strong` forces the fingerprint to be configured for STRONG integrity (default if no existing file); `-t #` or `--top #` chooses the top level depth to crawl down the Android version list when there are multiple active Betas, e.g. when Android 16 QPR1 is concurrent with Android 15 QPR3 the default value of 1 would get the first listed (A16) and `-t 2` would force it to get the second listed (A15); and `-d #` or `--depth #` chooses the depth to crawl down the QPR Betas list when there are multiple active Betas, e.g. when QPR2 is concurrent with QPR1 within the same Android version, the default value of 1 would get the first listed (QPR2) and `-d 2` would force it to get the second listed (QPR1).
74
+
The autopif4 script generates a random device fingerprint from the latest Pixel Canary, ideally only to test an initial setup, since they expire roughly every 6 weeks from the Pixel Canary release date (dates included in the generated fingerprint), and the public mass-used ones from other modules or custom ROMs may also get banned, or may be banned for RCS use while otherwise passing Play Integrity in that time. In addition, unfortunately Pixel Beta/Canary fingerprints have changed and can no longer pass DEVICE integrity, so can now only be used for STRONG integrity setups (see the spoofing Advanced Settings section below). Notable advanced command line arguments are: `-m` or `--match` matches the Pixel Canary fingerprint to the device when run on a current Pixel device; `-s` or `--strong` forces the fingerprint to be configured for STRONG integrity (default if no existing file).
75
75
76
76
The killpi script forces the Google Play Services DroidGuard (com.google.android.gms.unstable) and Play Store (com.android.vending) processes to end, making them restart with the next attestation attempt; useful for testing out different fingerprints without requiring a reboot in between.
77
77
@@ -107,13 +107,13 @@ Note: Some modules which modify system (e.g. Xposed) can trigger DroidGuard dete
107
107
108
108
- Check the ROM signing keys with command `adb shell unzip -l /system/etc/security/otacerts.zip` or `unzip -l /system/etc/security/otacerts.zip`
109
109
- If the output shows the ROM is signed with the AOSP testkey then inform your ROM maintainer to start signing their builds with a private key for their next build and ideally also provide a ROM signature migration build to allow users to update to it without requiring a data wipe
110
-
- Pixel Beta fingerprints and some private fingerprints appear to be exempt from this testkey ROM ban
110
+
- Pixel Beta/Canary fingerprints and some private fingerprints appear to be exempt from this testkey ROM ban
111
111
- There is an experimental advanced feature to attempt to work around this by spoofing the ROM signature in Package Manager, see the spoofing Advanced Settings section below
112
112
- You may also try a different custom ROM, or go back to the stock ROM for your device, if available/possible
113
113
114
114
### Failing A13+ PI DEVICE integrity (especially on custom ROM)
115
115
116
-
- Check the ROM FINGERPRINT by enabling spoofVendingFinger in Advanced Settings of the config file with the current Pixel Beta fingerprint, run killpi.sh and test again
116
+
- Check the ROM FINGERPRINT by enabling spoofVendingFinger in Advanced Settings of the config file with the current Pixel Canary fingerprint, run killpi.sh and test again
117
117
- If the verdict improves then your ROM FINGERPRINT is likely on the A13+ PI banned fingerprint list; if on a custom ROM then inform your ROM maintainer to change the stock ROM FINGERPRINT they have set globally, or if on a stock ROM or EOL custom ROM then you will need to use spoofVendingFinger permanently or change the ROM FINGERPRINT globally by changing build.prop files, using resetprop or a global property module like MagiskHide Props Config (MHPC)
118
118
119
119
Note: Please see the spoofing Advanced Settings section below for important caveats to using the spoofVendingFinger feature.
@@ -162,17 +162,17 @@ The advanced spoofing options add granular control over what exactly gets spoofe
162
162
<details>
163
163
<summary><strong>Details</strong></summary>
164
164
165
-
- The Advanced Settings entries are present by default from autopif2 or migrate (during installation), but may be added to any fingerprint by running migrate.sh with the `-f -a` or `--force --advanced` arguments in a file explorer app or with `sh migrate.sh --force --advanced` in a root shell. They may also be configured directly for Tricky Store to achieve <A13 PI STRONG or A13+ PI DEVICE/STRONG integrity (see below) by running autopif2.sh with the `-s` or `--strong` arguments in a file explorer app or with `sh autopif2.sh --strong` in a root shell. Other than for the "verboseLogs" entry (see above), they are all 0 (disabled) or 1 (enabled).
165
+
- The Advanced Settings entries are present by default from autopif4 or migrate (during installation), but may be added to any fingerprint by running migrate.sh with the `-f -a` or `--force --advanced` arguments in a file explorer app or with `sh migrate.sh --force --advanced` in a root shell. They may also be configured directly for Tricky Store to achieve <A13 PI STRONG or A13+ PI DEVICE/STRONG integrity (see below) by running autopif4.sh with the `-s` or `--strong` arguments in a file explorer app or with `sh autopif4.sh --strong` in a root shell. Other than for the "verboseLogs" entry (see above), they are all 0 (disabled) or 1 (enabled).
166
166
167
167
- The "spoofBuild" entry (default 1) controls spoofing the Build Fields from the fingerprint; the "spoofProps" entry (default 1) controls spoofing the System Properties from the fingerprint; the "spoofProvider" entry (default 1) controls spoofing the Keystore Provider; the "spoofSignature" entry (default 0) controls spoofing the ROM Signature; the "spoofVendingFinger" entry (default 0) controls spoofing ROM FINGERPRINT to the Play Store (com.android.vending) when set to 1, or may be set to a custom FINGERPRINT value; and the "spoofVendingSdk" entry (default 0) controls spoofing ROM SDK_INT/sdkVersion 32 to the Play Store (com.android.vending) to force Play Integrity to use the <A13 PI verdicts.
168
168
169
169
- Changing spoofVendingFinger to a value from a device too dissimilar to your device is NOT recommended; potential negative side effects of spoofing a different device's FINGERPRINT to Play Store include different app availability, incorrect app variants being served and/or loss of device exclusive apps/features. If your ROM does not have a working one it would be best to try to find a different working FINGERPRINT from the same (or similar) device's stock ROM to ensure all will continue to work as expected.
170
170
171
171
- Leaving spoofVendingSdk enabled is NOT recommended, it [will break](https://github.com/osm0sis/PlayIntegrityFork/pull/30) the behavior of the Play Store to some extent (back gesture/navbar button for all, account sign-in and downloads for higher original ROM SDK_INT) and could have other unintended effects like incorrect app variants being served, crashes, etc. Play Store must be fully set up before (and data not cleared during) enabling spoofVendingSdk or it and PI checks will only crash/hang. It may crash multiple times with various errors before returning a verdict. See the Resources section above for a helpful spoofVendingSdk QSTile toggle app.
172
172
173
-
- For spoofing locked bootloader and attempting to pass <A13 PI STRONG integrity, or A13+ PI DEVICE or STRONG integrity, I only recommend using the latest official [Tricky Store](https://github.com/5ec1cff/TrickyStore), [Tricky Store OSS](https://github.com/beakthoven/TrickyStoreOSS) or [TEESimulator](https://github.com/JingMatrix/TEESimulator) release.
173
+
- For spoofing locked bootloader and attempting to pass <A13 PI STRONG integrity, or A13+ PI DEVICE or STRONG integrity, I only recommend using the latest official [Tricky Store](https://github.com/5ec1cff/TrickyStore) or [TEESimulator](https://github.com/JingMatrix/TEESimulator) release.
174
174
175
-
- Note: Using Tricky Store to achieve <A13 PI STRONG integrity (with an unrevoked hardware keybox.xml), requires the Advanced Settings "spoofProvider" disabled and sometimes the "\*.security_patch" entry commented out (often unless spoofing a matching OS Patch Level with system= or all= or Simple date in Tricky Store's security_patch.txt; autopif2 will do this automatically if Tricky Store's directory exists), and a fingerprint with "\*api_level" value >25 (usually 26-32). To achieve <A13 PI DEVICE integrity (with Tricky Store default AOSP software keybox.xml) requires at least "spoofProps" enabled, and some fingerprints may also require "spoofProvider" enabled, and a fingerprint with "\*api_level" value <26 (usually 21-25). More known working private fingerprints can achieve <A13 PI DEVICE/STRONG integrity on more devices using these Advanced Settings in conjunction with Tricky Store than was possible with Tricky Store alone since they require fingerprint props spoofing.
175
+
- Note: Using Tricky Store to achieve <A13 PI STRONG integrity (with an unrevoked hardware keybox.xml), requires the Advanced Settings "spoofProvider" disabled and sometimes the "\*.security_patch" entry commented out (often unless spoofing a matching OS Patch Level with system= or all= or Simple date in Tricky Store's security_patch.txt; autopif4 will do this automatically if Tricky Store's directory exists), and a fingerprint with "\*api_level" value >25 (usually 26-32). To achieve <A13 PI DEVICE integrity (with Tricky Store default AOSP software keybox.xml) requires at least "spoofProps" enabled, and some fingerprints may also require "spoofProvider" enabled, and a fingerprint with "\*api_level" value <26 (usually 21-25). More known working private fingerprints can achieve <A13 PI DEVICE/STRONG integrity on more devices using these Advanced Settings in conjunction with Tricky Store than was possible with Tricky Store alone since they require fingerprint props spoofing.
0 commit comments