Fix typo in README.md (#40)

0 = disabled
1 = enabled and use FINGERPRINT from json for vending (Play Store)
<string> = enabled and use <string> as FINGERPRINT for vending (Play Store)

.github/workflows/android.yml

@@ -22,7 +22,7 @@ jobs:
         fetch-depth: 0
 
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         distribution: 'temurin'
         java-version: 21

.gitmodules

@@ -1,6 +1,9 @@
 [submodule "Dobby"]
 	path = app/src/main/cpp/Dobby
 	url = https://github.com/JingMatrix/Dobby
+[submodule "local_cxa_atexit_finalize_impl"]
+	path = app/src/main/cpp/local_cxa_atexit_finalize_impl
+	url = https://github.com/5ec1cff/local_cxa_atexit_finalize_impl
 [submodule "json"]
 	path = app/src/main/cpp/json
 	url = https://github.com/nlohmann/json

README.md

@@ -161,7 +161,7 @@ The advanced spoofing options add granular control over what exactly gets spoofe
 
 - For spoofing locked bootloader and attempting to pass <A13 PI STRONG integrity, or A13+ PI DEVICE or STRONG integrity, I only recommend using the latest official [Tricky Store](https://github.com/5ec1cff/TrickyStore) or [Tricky Store OSS](https://github.com/beakthoven/TrickyStoreOSS) release.
 
-- Note: Using Tricky Store to achieve <A13 PI STRONG integrtiy (with an unrevoked hardware keybox.xml), requires the Advanced Settings "spoofProvider" disabled and sometimes the "\*.security_patch" entry commented out (often unless spoofing a matching OS Patch Level with system= or all= or Simple date in Tricky Store's security_patch.txt; autopif2 will do this automatically if security_patch.txt exists in the Tricky Store directory), and/or "\*api_level" entry set >25 (usually 26-32). To achieve <A13 PI DEVICE integrity (with Tricky Store default AOSP software keybox.xml) requires at least "spoofProps" enabled, and some fingerprints may also require "spoofProvider" enabled and/or "\*api_level" entry lowered to <26 (usually 21-25). More known working private fingerprints can achieve <A13 PI DEVICE/STRONG integrity on more devices using these Advanced Settings in conjunction with Tricky Store than was possible with Tricky Store alone since they require fingerprint props spoofing.
+- Note: Using Tricky Store to achieve <A13 PI STRONG integrity (with an unrevoked hardware keybox.xml), requires the Advanced Settings "spoofProvider" disabled and sometimes the "\*.security_patch" entry commented out (often unless spoofing a matching OS Patch Level with system= or all= or Simple date in Tricky Store's security_patch.txt; autopif2 will do this automatically if security_patch.txt exists in the Tricky Store directory), and/or "\*api_level" entry set >25 (usually 26-32). To achieve <A13 PI DEVICE integrity (with Tricky Store default AOSP software keybox.xml) requires at least "spoofProps" enabled, and some fingerprints may also require "spoofProvider" enabled and/or "\*api_level" entry lowered to <26 (usually 21-25). More known working private fingerprints can achieve <A13 PI DEVICE/STRONG integrity on more devices using these Advanced Settings in conjunction with Tricky Store than was possible with Tricky Store alone since they require fingerprint props spoofing.
 
 </details>
 

app/src/main/cpp/CMakeLists.txt

@@ -6,7 +6,7 @@ find_package(cxx REQUIRED CONFIG)
 
 link_libraries(cxx::cxx)
 
-add_library(${CMAKE_PROJECT_NAME} SHARED ${CMAKE_SOURCE_DIR}/main.cpp)
+add_library(${CMAKE_PROJECT_NAME} SHARED main.cpp local_cxa_atexit_finalize_impl/atexit.cpp)
 
 add_subdirectory(Dobby)
 

app/src/main/cpp/main.cpp

@@ -12,6 +12,7 @@
 
 #define JSON_FILE_PATH "/data/adb/modules/playintegrityfix/pif.json"
 #define CUSTOM_JSON_FILE_PATH "/data/adb/modules/playintegrityfix/custom.pif.json"
+
 #define VENDING_PACKAGE "com.android.vending"
 #define DROIDGUARD_PACKAGE "com.google.android.gms.unstable"
 
@@ -20,6 +21,7 @@ static int spoofBuild = 1;
 static int spoofProps = 1;
 static int spoofProvider = 1;
 static int spoofSignature = 0;
+static int spoofVendingFinger = 0;
 static int spoofVendingSdk = 0;
 
 static std::map<std::string, std::string> jsonProps;
@@ -165,11 +167,11 @@ public:
 
         readJson();
 
-        if (pkgName == VENDING_PACKAGE) spoofProps = spoofBuild = spoofProvider = spoofSignature = 0;
-        else spoofVendingSdk = 0;
+        if (pkgName == VENDING_PACKAGE) spoofBuild = spoofProps = spoofProvider = spoofSignature = 0;
+        else spoofVendingFinger = spoofVendingSdk = 0;
 
         if (spoofProps > 0) doHook();
-        if (spoofBuild + spoofProvider + spoofSignature + spoofVendingSdk > 0) inject();
+        if (spoofBuild + spoofProvider + spoofSignature + spoofVendingFinger + spoofVendingSdk > 0) inject();
 
         dexVector.clear();
         json.clear();
@@ -185,6 +187,7 @@ private:
     std::vector<char> dexVector;
     nlohmann::json json;
     std::string pkgName;
+    std::string vendingFingerprintValue;
 
     void readJson() {
         LOGD("JSON contains %d keys!", static_cast<int>(json.size()));
@@ -200,7 +203,7 @@ private:
             json.erase("verboseLogs");
         }
 
-        // Advanced spoofing settings
+        // Vending advanced spoofing settings
         if (json.contains("spoofVendingSdk")) {
             if (!json["spoofVendingSdk"].is_null() && json["spoofVendingSdk"].is_string() && json["spoofVendingSdk"] != "") {
                 spoofVendingSdk = stoi(json["spoofVendingSdk"].get<std::string>());
@@ -210,10 +213,29 @@ private:
             }
             json.erase("spoofVendingSdk");
         }
+        if (json.contains("spoofVendingFinger")) {
+            if (!json["spoofVendingFinger"].is_null() && json["spoofVendingFinger"].is_string() && json["spoofVendingFinger"] != "") {
+                if (json["spoofVendingFinger"].get<std::string>().find_first_not_of("01") != std::string::npos) {
+                    spoofVendingFinger = 1;
+                    vendingFingerprintValue = json["spoofVendingFinger"].get<std::string>();
+                } else if (json.contains("FINGERPRINT") && !json["FINGERPRINT"].is_null() && json["FINGERPRINT"].is_string() && json["FINGERPRINT"] != "") {
+                    spoofVendingFinger = stoi(json["spoofVendingFinger"].get<std::string>());
+                    vendingFingerprintValue = json["FINGERPRINT"].get<std::string>();
+                } else {
+                    LOGD("Error parsing spoofVendingFinger or FINGERPRINT field!");
+                }
+                if (verboseLogs > 0) LOGD("Spoofing Fingerprint in Play Store %s!", (spoofVendingFinger > 0) ? "enabled" : "disabled");
+            } else {
+                LOGD("Error parsing spoofVendingFinger!");
+            }
+            json.erase("spoofVendingFinger");
+        }
         if (pkgName == VENDING_PACKAGE) {
             json.clear();
             return;
         }
+
+        // DroidGuard advanced spoofing settings
         if (json.contains("spoofBuild")) {
             if (!json["spoofBuild"].is_null() && json["spoofBuild"].is_string() && json["spoofBuild"] != "") {
                 spoofBuild = stoi(json["spoofBuild"].get<std::string>());
@@ -299,8 +321,10 @@ private:
 
         if (pkgName == VENDING_PACKAGE) {
             LOGD("JNI %s: Calling EntryPointVending.init", niceName);
-            auto entryInit = env->GetStaticMethodID(entryClass, "init", "(II)V");
-            env->CallStaticVoidMethod(entryClass, entryInit, verboseLogs, spoofVendingSdk);
+            auto entryInit = env->GetStaticMethodID(entryClass, "init", "(IIILjava/lang/String;)V");
+            auto javaStr = env->NewStringUTF(vendingFingerprintValue.c_str());
+            env->CallStaticVoidMethod(entryClass, entryInit, verboseLogs, spoofVendingFinger, spoofVendingSdk, javaStr);
+            env->DeleteLocalRef(javaStr);
         } else {
             LOGD("JNI %s: Sending JSON", niceName);
             auto receiveJson = env->GetStaticMethodID(entryClass, "receiveJson", "(Ljava/lang/String;)V");
@@ -310,7 +334,15 @@ private:
             LOGD("JNI %s: Calling EntryPoint.init", niceName);
             auto entryInit = env->GetStaticMethodID(entryClass, "init", "(IIII)V");
             env->CallStaticVoidMethod(entryClass, entryInit, verboseLogs, spoofBuild, spoofProvider, spoofSignature);
+            env->DeleteLocalRef(javaStr);
         }
+        env->DeleteLocalRef(clClass);
+        env->DeleteLocalRef(systemClassLoader);
+        env->DeleteLocalRef(dexClClass);
+        env->DeleteLocalRef(buffer);
+        env->DeleteLocalRef(dexCl);
+        env->DeleteLocalRef(entryClassName);
+        env->DeleteLocalRef(entryClassObj);
     }
 };
 

app/src/main/java/es/chiteroman/playintegrityfix/EntryPointVending.java

@@ -1,40 +1,62 @@
-package es.chiteroman.playintegrityfix;
-
-import android.annotation.SuppressLint;
-import android.os.Build;
-import java.lang.reflect.Field;
-import android.util.Log;
-
-public final class EntryPointVending {
-
-    private static void LOG(String msg) {
-        Log.d("PIF/Java:PS", msg);
-    }
-
-    @SuppressLint("DefaultLocale")
-    public static void init(int verboseLogs, int spoofVendingSdk) {
-        if (spoofVendingSdk < 1) return;
-        int requestSdk = spoofVendingSdk == 1 ? 32 : spoofVendingSdk;
-        int targetSdk = Math.min(Build.VERSION.SDK_INT, requestSdk);
-        int oldValue;
-        try {
-            Field field = Build.VERSION.class.getDeclaredField("SDK_INT");
-            field.setAccessible(true);
-            oldValue = field.getInt(null);
-            if (oldValue == targetSdk) {
-                if (verboseLogs > 2) LOG(String.format("[SDK_INT]: %d (unchanged)", oldValue));
-                field.setAccessible(false);
-                return;
-            }
-            field.set(null, targetSdk);
-            field.setAccessible(false);
-            LOG(String.format("[SDK_INT]: %d -> %d", oldValue, targetSdk));
-        } catch (NoSuchFieldException e) {
-            LOG("SDK_INT field not found: " + e);
-        } catch (SecurityException | IllegalAccessException | IllegalArgumentException |
-                 NullPointerException | ExceptionInInitializerError e) {
-            LOG("SDK_INT field not accessible: " + e);
-
-        }
-    }
-}
+package es.chiteroman.playintegrityfix;
+
+import android.annotation.SuppressLint;
+import android.os.Build;
+import java.lang.reflect.Field;
+import android.util.Log;
+
+public final class EntryPointVending {
+
+    private static void LOG(String msg) {
+        Log.d("PIF/Java:PS", msg);
+    }
+
+    @SuppressLint("DefaultLocale")
+    public static void init(int verboseLogs, int spoofVendingFinger, int spoofVendingSdk, String vendingFingerprintValue) {
+        // Only spoof FINGERPRINT to Play Store if not forcing Android <13 Play Integrity verdict
+        if (spoofVendingSdk < 1) {
+            if (spoofVendingFinger < 1) return;
+            String oldValue;
+            try {
+                Field field = Build.class.getDeclaredField("FINGERPRINT");
+                field.setAccessible(true);
+                oldValue = String.valueOf(field.get(null));
+                if (oldValue.equals(vendingFingerprintValue)) {
+                    if (verboseLogs > 2) LOG(String.format("[FINGERPRINT]: %s (unchanged)", oldValue));
+                    field.setAccessible(false);
+                    return;
+                }
+                field.set(null, vendingFingerprintValue);
+                field.setAccessible(false);
+                LOG(String.format("[FINGERPRINT]: %s -> %s", oldValue, vendingFingerprintValue));
+            } catch (NoSuchFieldException e) {
+                LOG("FINGERPRINT field not found: " + e);
+            } catch (SecurityException | IllegalAccessException | IllegalArgumentException |
+                     NullPointerException | ExceptionInInitializerError e) {
+                LOG("FINGERPRINT field not accessible: " + e);
+            }
+        } else {
+            int requestSdk = spoofVendingSdk == 1 ? 32 : spoofVendingSdk;
+            int targetSdk = Math.min(Build.VERSION.SDK_INT, requestSdk);
+            int oldValue;
+            try {
+                Field field = Build.VERSION.class.getDeclaredField("SDK_INT");
+                field.setAccessible(true);
+                oldValue = field.getInt(null);
+                if (oldValue == targetSdk) {
+                    if (verboseLogs > 2) LOG(String.format("[SDK_INT]: %d (unchanged)", oldValue));
+                    field.setAccessible(false);
+                    return;
+                }
+                field.set(null, targetSdk);
+                field.setAccessible(false);
+                LOG(String.format("[SDK_INT]: %d -> %d", oldValue, targetSdk));
+            } catch (NoSuchFieldException e) {
+                LOG("SDK_INT field not found: " + e);
+            } catch (SecurityException | IllegalAccessException | IllegalArgumentException |
+                     NullPointerException | ExceptionInInitializerError e) {
+                LOG("SDK_INT field not accessible: " + e);
+            }
+        }
+    }
+}

build.gradle.kts

@@ -1,3 +1,3 @@
 plugins {
-    id("com.android.application") version "8.12.1" apply false
+    id("com.android.application") version "8.13.0" apply false
 }

module/autopif2.sh

@@ -162,7 +162,7 @@ if [ -f "$MIGRATE" ]; then
   if [ -n "$ARGS" ]; then
     grep_json() { [ -f "$2" ] && grep -m1 "$1" $2 | cut -d\" -f4; }
     verboseLogs=$(grep_json "VERBOSE_LOGS" $OLDJSON);
-    ADVSETTINGS="spoofBuild spoofProps spoofProvider spoofSignature spoofVendingSdk verboseLogs";
+    ADVSETTINGS="spoofBuild spoofProps spoofProvider spoofSignature spoofVendingFinger spoofVendingSdk verboseLogs";
     for SETTING in $ADVSETTINGS; do
       eval [ -z \"\$$SETTING\" ] \&\& $SETTING=$(grep_json "$SETTING" $OLDJSON);
       eval TMPVAL=\$$SETTING;

module/customize.sh

@@ -39,12 +39,14 @@ if [ -d "$MODPATH/zygisk" ]; then
 fi
 
 # Migrate custom.pif.json to latest defaults if needed
-if [ -f "$MODPATH/custom.pif.json" ] && ! grep -q "api_level" $MODPATH/custom.pif.json || ! grep -q "verboseLogs" $MODPATH/custom.pif.json || ! grep -q "spoofVendingSdk" $MODPATH/custom.pif.json; then
-    ui_print "- Running migration script on custom.pif.json:"
-    ui_print " "
-    chmod 755 $MODPATH/migrate.sh
-    sh $MODPATH/migrate.sh --install --force --advanced $MODPATH/custom.pif.json
-    ui_print " "
+if [ -f "$MODPATH/custom.pif.json" ]; then
+    if ! grep -q "api_level" $MODPATH/custom.pif.json || ! grep -q "verboseLogs" $MODPATH/custom.pif.json || ! grep -q "spoofVendingFinger" $MODPATH/custom.pif.json; then
+        ui_print "- Running migration script on custom.pif.json:"
+        ui_print " "
+        chmod 755 $MODPATH/migrate.sh
+        sh $MODPATH/migrate.sh --install --force --advanced $MODPATH/custom.pif.json
+        ui_print " "
+    fi
 fi
 
 # Clean up any leftover files from previous deprecated methods

module/example.app_replace.list

@@ -11,9 +11,11 @@
 /system/app/EliteDevelopmentModule
 /system/app/XInjectModule
 
-# helluvaOS, hentaiOS
+# helluvaOS
 /system_ext/app/helluvaProductDevice*
 /system_ext/app/helluvaProductSecretStub
+
+# hentaiOS
 /system_ext/app/hentaiLewdbSVTDummy
 
 # Evolution X

module/example.pif.json

@@ -31,6 +31,7 @@
     "spoofProps": "1",
     "spoofProvider": "1",
     "spoofSignature": "0",
+    "spoofVendingFinger": "0",
     "spoofVendingSdk": "0",
     "verboseLogs": "0"
 }

module/migrate.sh

@@ -114,12 +114,13 @@ if [ -z "$DEVICE_INITIAL_SDK_INT" -o "$DEVICE_INITIAL_SDK_INT" = "null" ]; then
   DEVICE_INITIAL_SDK_INT=25;
 fi;
 
-ADVSETTINGS="spoofBuild spoofProps spoofProvider spoofSignature spoofVendingSdk verboseLogs";
+ADVSETTINGS="spoofBuild spoofProps spoofProvider spoofSignature spoofVendingFinger spoofVendingSdk verboseLogs";
 
 spoofBuild=1;
 spoofProps=1;
 spoofProvider=1;
 spoofSignature=0;
+spoofVendingFinger=0;
 spoofVendingSdk=0;
 verboseLogs=0;