v14.2.1

app/src/main/cpp/Android.mk

@@ -24,5 +24,8 @@ else ifeq ($(TARGET_ARCH_ABI),arm64-v8a)
     LOCAL_C_INCLUDES += $(LOCAL_PATH)/shadowhook/arch/arm64
 endif
 
+LOCAL_STATIC_LIBRARIES := libcxx
 LOCAL_LDLIBS := -llog
-include $(BUILD_SHARED_LIBRARY)
+include $(BUILD_SHARED_LIBRARY)
+
+include $(LOCAL_PATH)/libcxx/Android.mk

app/src/main/cpp/Application.mk

@@ -1,3 +1,4 @@
-APP_STL      := system
-APP_CFLAGS   := -Oz -fvisibility=hidden -fvisibility-inlines-hidden
-APP_CPPFLAGS := -std=c++20 -fno-exceptions -fno-rtti
+APP_STL      := none
+APP_CFLAGS   := -fvisibility=hidden -fvisibility-inlines-hidden -O3 -mllvm -polly
+APP_CPPFLAGS := -std=c++20 -fno-exceptions -fno-rtti
+APP_LDFLAGS  := -O3 -mllvm -polly

app/src/main/cpp/main.cpp

@@ -3,33 +3,39 @@
 #include <unistd.h>
 #include <string_view>
 #include <vector>
+#include <map>
 
 #include "zygisk.hpp"
 #include "shadowhook.h"
 
 #define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, "PIF/Native", __VA_ARGS__)
 
+#define to_app_id(uid) (uid % 100000)
+
 typedef void (*T_Callback)(void *, const char *, const char *, uint32_t);
 
-static T_Callback o_callback = nullptr;
+static std::map<void *, T_Callback> callbacks;
 
 static void modify_callback(void *cookie, const char *name, const char *value, uint32_t serial) {
 
-    if (cookie == nullptr || name == nullptr || value == nullptr || o_callback == nullptr) return;
+    if (cookie == nullptr || name == nullptr || value == nullptr ||
+        !callbacks.contains(cookie))
+        return;
 
     std::string_view prop(name);
 
     if (prop.ends_with("api_level")) {
         value = "21";
+        LOGD("[%s]: %s", name, value);
     } else if (prop.ends_with("security_patch")) {
         value = "2020-05-05";
+        LOGD("[%s]: %s", name, value);
     } else if (prop == "ro.build.id") {
         value = "QQ2A.200501.001.B3";
+        LOGD("[%s]: %s", name, value);
     }
 
-    if (!prop.starts_with("cache") && !prop.starts_with("debug")) LOGD("[%s]: %s", name, value);
-
-    return o_callback(cookie, name, value, serial);
+    return callbacks[cookie](cookie, name, value, serial);
 }
 
 static void (*o_system_property_read_callback)(const prop_info *, T_Callback, void *);
@@ -39,7 +45,7 @@ my_system_property_read_callback(const prop_info *pi, T_Callback callback, void
     if (pi == nullptr || callback == nullptr || cookie == nullptr) {
         return o_system_property_read_callback(pi, callback, cookie);
     }
-    o_callback = callback;
+    callbacks[cookie] = callback;
     return o_system_property_read_callback(pi, modify_callback, cookie);
 }
 
@@ -55,8 +61,6 @@ static void doHook() {
     LOGD("Found '__system_property_read_callback' handle at %p", handle);
 }
 
-#define to_app_id(uid) (uid % 100000)
-
 class PlayIntegrityFix : public zygisk::ModuleBase {
 public:
     void onLoad(zygisk::Api *api, JNIEnv *env) override {
@@ -65,26 +69,28 @@ class PlayIntegrityFix : public zygisk::ModuleBase {
     }
 
     void preAppSpecialize(zygisk::AppSpecializeArgs *args) override {
-        int is_gms = 0;
+        bool isGms = false, isGmsUnstable = false;
 
         if (to_app_id(args->uid) < 10000 || to_app_id(args->uid) > 19999 || // not app process
             (args->is_child_zygote && *(args->is_child_zygote))) { // app_zygote
-            goto dlclose_module;
+
+            api->setOption(zygisk::DLCLOSE_MODULE_LIBRARY);
+            return;
         }
 
-        {
-            const auto *process = env->GetStringUTFChars(args->nice_name, nullptr);
-            const auto *app_data_dir = env->GetStringUTFChars(args->app_data_dir, nullptr);
-            is_gms += (std::string_view(app_data_dir).ends_with("/com.google.android.gms"));
-            is_gms += (is_gms && std::string_view(process) == "com.google.android.gms.unstable");
-            env->ReleaseStringUTFChars(args->nice_name, process);
-            env->ReleaseStringUTFChars(args->app_data_dir, app_data_dir);
+        auto process = env->GetStringUTFChars(args->nice_name, nullptr);
+
+        if (process) {
+            isGms = strncmp(process, "com.google.android.gms", 22) == 0;
+            isGmsUnstable = strcmp(process, "com.google.android.gms.unstable") == 0;
         }
 
-        if (is_gms) { // gms processes
+        env->ReleaseStringUTFChars(args->nice_name, process);
+
+        if (isGms) { // GMS processes
             api->setOption(zygisk::FORCE_DENYLIST_UNMOUNT);
 
-            if (is_gms == 2) { // play integrity process
+            if (isGmsUnstable) { // Unstable GMS process, which runs DroidGuard
                 long size = 0;
                 int fd = api->connectCompanion();
 
@@ -93,28 +99,29 @@ class PlayIntegrityFix : public zygisk::ModuleBase {
                 if (size > 0) {
                     vector.resize(size);
                     read(fd, vector.data(), size);
-                    close(fd);
-                    return;
+                } else {
+                    LOGD("Couldn't read classes.dex");
+                    api->setOption(zygisk::DLCLOSE_MODULE_LIBRARY);
                 }
-
-                LOGD("Couldn't read classes.dex");
+
                 close(fd);
+                return;
             }
         }
 
-        dlclose_module:
         api->setOption(zygisk::DLCLOSE_MODULE_LIBRARY);
-
     }
 
     void postAppSpecialize(const zygisk::AppSpecializeArgs *args) override {
         if (vector.empty()) return;
 
-        LOGD("Read from fd: %ld bytes!", static_cast<long>(vector.size()));
+        LOGD("Read %ld bytes of classes.dex!", static_cast<long>(vector.size()));
 
         doHook();
 
         inject();
+
+        vector.clear();
     }
 
     void preServerSpecialize(zygisk::ServerSpecializeArgs *args) override {
@@ -124,7 +131,7 @@ class PlayIntegrityFix : public zygisk::ModuleBase {
 private:
     zygisk::Api *api = nullptr;
     JNIEnv *env = nullptr;
-    std::vector<char> vector;
+    std::vector<uint8_t> vector;
 
     void inject() {
         LOGD("get system classloader");
@@ -155,7 +162,7 @@ class PlayIntegrityFix : public zygisk::ModuleBase {
 };
 
 static void companion(int fd) {
-    std::vector<char> vector;
+    std::vector<uint8_t> vector;
     long size = 0;
 
     FILE *dex = fopen("/data/adb/modules/playintegrityfix/classes.dex", "rb");

app/src/main/java/es/chiteroman/playintegrityfix/EntryPoint.java

@@ -18,7 +18,7 @@ public static void init() {
     }
 
     private static void spoofProvider() {
-        final String KEYSTORE = "AndroidKeyStore";
+        String KEYSTORE = "AndroidKeyStore";
 
         try {
             Provider provider = Security.getProvider(KEYSTORE);

changelog.md

@@ -2,8 +2,10 @@ We have a Telegram channel!
 If you want to share your knowledge join:
 https://t.me/playintegrityfix
 
-# v14.2
+# v14.2.1
 
-Plug and play version!
+- Improve code logic.
+- Fix crash issues.
+- Xiaomi.eu and EliteROMs auto remove inject app!
 
-If you want to spoof your custom props use: https://github.com/chiteroman/PlayIntegrityFix/releases/tag/DEV-v1
+Same fingerprint as v14.2

module/customize.sh

@@ -1,15 +1,42 @@
 # Error on < Android 8.
 if [ "$API" -lt 26 ]; then
-    abort "!!! You can't use this module on Android < 8.0"
+    abort "- !!! You can't use this module on Android < 8.0"
 fi
 
-# SafetyNet-Fix module is obsolete and it's incompatible with PIF.
+# safetynet-fix module is obsolete and it's incompatible with PIF.
 if [ -d /data/adb/modules/safetynet-fix ]; then
-    touch /data/adb/modules/safetynet-fix/remove
-    ui_print "!!! SafetyNet-Fix module will be removed on next reboot."
+    abort "- !!! REMOVE safetynet-fix module and do NOT install it again along PIF."
 fi
 
 # MagiskHidePropsConf module is obsolete in Android 8+ but it shouldn't give issues.
 if [ -d /data/adb/modules/MagiskHidePropsConf ]; then
-    ui_print "!!! WARNING, MagiskHidePropsConf module may cause issues with PIF"
+    ui_print "- ! WARNING, MagiskHidePropsConf module may cause issues with PIF"
+fi
+
+# Check if ROM is xiaomi.eu
+if [ "$(resetprop ro.build.host)" = "xiaomi.eu" ] || [ "$(resetprop ro.build.host)" = "EliteDevelopment" ]; then
+
+	ui_print "- ! Detected Xiaomi.eu custom ROM."
+
+	if [ -d "/product/app/XiaomiEUInject" ]; then
+
+		directory="$MODPATH/product/app/XiaomiEUInject"
+
+		[ -d "$directory" ] || mkdir -p "$directory"
+
+		touch "$directory/.replace"
+
+		ui_print "- XiaomiEUInject app removed."
+	fi
+
+	if [ -d "/system/app/XInjectModule" ]; then
+
+		directory="$MODPATH/system/app/XInjectModule"
+
+		[ -d "$directory" ] || mkdir -p "$directory"
+
+		touch "$directory/.replace"
+
+		ui_print "- XInjectModule app removed."
+	fi
 fi

module/module.prop

@@ -1,7 +1,7 @@
 id=playintegrityfix
 name=Play Integrity Fix
-version=v14.2
-versionCode=14200
+version=v14.2.1
+versionCode=14210
 author=chiteroman
 description=Fuck Play Integrity API.
 updateJson=https://raw.githubusercontent.com/chiteroman/PlayIntegrityFix/main/update.json

module/service.sh

@@ -32,11 +32,11 @@ if [ "$(toybox cat /sys/fs/selinux/enforce)" == "0" ]; then
     chmod 440 /sys/fs/selinux/policy
 fi
 
+# KernelSU handles boot completed state in different file.
 if [ -z "$KSU" ] || [ "$KSU" = false ]; then
-	# SafetyNet/Play Integrity
 	{
 		# late props which must be set after boot_completed for various OEMs
-		until [ "$(getprop sys.boot_completed)" == "1" ]; do
+		until [ "$(resetprop sys.boot_completed)" == "1" ]; do
 			sleep 1
 		done
 

update.json

@@ -1,6 +1,6 @@
 {
-    "version": "v14.2",
-    "versionCode": 14200,
-    "zipUrl": "https://github.com/chiteroman/PlayIntegrityFix/releases/download/v14.2/PlayIntegrityFix_v14.2.zip",
+    "version": "v14.2.1",
+    "versionCode": 14210,
+    "zipUrl": "https://github.com/chiteroman/PlayIntegrityFix/releases/download/v14.2.1/PlayIntegrityFix_v14.2.1.zip",
     "changelog": "https://raw.githubusercontent.com/chiteroman/PlayIntegrityFix/main/changelog.md"
 }