The app's integrity check failed

[OldWine]

Hi,
I need the "Digitales Amt" app from the Austrian authorities. The registration only works there if the device is not rooted and the bootloader is not unlocked.
Is there a way to restore or fake this state while keeping the current ROM, or do I need to do a factory reset?
My current version is MIUI 12.6 21.6.23 on MI 10. Originally the device was delivered with original China-Rom (CN/EN).

 

[Poney70]

Hello,

Xiaomi.eu already fake the bootloader state (as Xiaomi.eu ROMs are passing all SafetyNet tests).

This app could detect:

1) Magisk/root (if you installed it => Use "MagiskHide" feature should help)

2) TWRP (if you have a "TWRP" folder in root of the internal storage of your phone => Remove this folder)

3) Beta ROM => Try Stable ROM (I don't know any workaround...)

 

[OldWine]

Thank you for your quick response.

I followed all of your pointers:
ad 3) I installed the latest stable MIUI version 12.5.5
ad 1) I installed Magisk.
With the Magisk Settings I created a proxy app so that it now has a different name and activated MagiskHide.
The SafetyNet test was successful.
ad 2) TWRP folder removed.

Unfortunately none of this eliminated my problem.
The app "Digitales Amt" (from the Google Play store) continues to report "Integritätsprüfung fehlgeschlagen" when trying to register:

(Integrity check failed.
A modification was detected on your device. The app cannot be used for security reasons. Details: The device is checked for signs of root access or whether the bootloader has been unlocked...)

 

[Blastboom Strice]

Thank you for your quick response.

I followed all of your pointers:
ad 3) I installed the latest stable MIUI version 12.5.5
ad 1) I installed Magisk.
With the Magisk Settings I created a proxy app so that it now has a different name and activated MagiskHide.
The SafetyNet test was successful.
ad 2) TWRP folder removed.

Unfortunately none of this eliminated my problem.
The app "Digitales Amt" (from the Google Play store) continues to report "Integritätsprüfung fehlgeschlagen" when trying to register:

(Integrity check failed.
A modification was detected on your device. The app cannot be used for security reasons. Details: The device is checked for signs of root access or whether the bootloader has been unlocked...)

Would you like to try a possible fix? If you have dual apps enabled, clone thr app that has issues and check if it passes the check. If you don't have dual apps enabled, install island or shelter, set up the dual apps/work profile and clone it.

 

[OldWine]

Would you like to try a possible fix? If you have dual apps enabled, clone thr app that has issues and check if it passes the check. If you don't have dual apps enabled, install island or shelter, set up the dual apps/work profile and clone it.

I tried a clone (by dual apps) but this does not work better. It seems to me, the only advantage of a clone is to have it's own data/cache to use an app for different users/players.
But thank you for the hint, I didn't even know that this exists.

 

[Tadik]

I have same problem , magisk hide not helping me, AirWatch on work profile and banking app still see opened bootloader...

 

[katerpanne]

Digitales AMT:

very complex check -> for a quick check you can read the Logfiles in:

• /data/user/0/at.gv.oe.app/files/logs/

If you change authentification string or anything else, its overwritten if you start the app -> nice
If you need it on a rooted/ unlocked device pehaps FRIDA can help or put the logentries into google as example

 

[Usche]

Unfortunately i have the same problem

@ingbrzy

hi,

May i ask you if there is a Workaround to use this app.
What i have
Mi 11
Bootloader unlocked
Via TRWP i do the UPDATE to the latest XIAOMI.EU.ROMI
I do not use Magisk because i do not know what is the advantages...
I pass the SAFTY Net Check

My Problem:
With unlocked Bootloader i can not sign in into "DIGITALES AMT" https://play.google.com/store/apps/details?id=at.gv.oe.app
I always got this error ( and for sure others also) https://xiaomi.eu/community/attachments/screenshot_2021-04-01-12-55-12-406_at-gv-oe-app-1-jpg.35776/

DO you as an expert have an idea what to do?


many thanks

 

[gogocar62]

Try deleting or renaming the TWRP folder.

 

[Usche]

Try deleting or renaming the TWRP folder.

I have xiaomi.eu.rom.
Yes i deleted already the TWRP folder --> No success!
I always get this ERROR https://xiaomi.eu/community/attachments/screenshot_2021-04-01-12-55-12-406_at-gv-oe-app-1-jpg.35776/

 

[Usche]

Is there any Update how in this.
I wozld Need this App nur i cannot start IT ..

 

[B!GBOY]

Is there any Update how in this.
I wozld Need this App nur i cannot start IT ..

You can hook their checkIntegrity method to bypass the check. An easy way to do that would be to use xprivacylua.
A very short tutorial would be like this:
Install magisk enable zygisk
install lsxposed for zygisk
install xprivacylua and enable it in lsxposed also enable it for amt app
add the following hook to xprivacylua
enable the hook for amt app (only enable this one hook others can crash the app)
enjoy

xprivaylua script:

 {
      "builtin": false,
      "collection": "Privacy",
      "group": "Use.Tracking",
      "name": "DeviceIntegrityCheck\/checkIntegrity",
      "author": "B!",
      "version": 0,
      "description": "Skip asitplus device integrity check",
      "className": "at.asitplus.utils.deviceintegrity.DeviceIntegrityCheck",
      "methodName": "checkIntegrity",
      "parameterTypes": [],
      "returnType": "void",
      "minSdk": 1,
      "maxSdk": 999,
      "minApk": 0,
      "maxApk": 2147483647,
      "enabled": true,
      "optional": false,
      "usage": true,
      "notify": false,
      "luaScript": "function before(hook, param)\n  param:setResult(nil)\n  return true\nend\n"
    }

Explanation:
The "checkIntegrity" method checks for root, safetynet, bootloader status basically everything. It does not return anything but throws an exception if anything goes wrong. So we skip it all together.

Disclaimer:
This is only intended for education and so on I am not responsible for any misuse and bla bla.
Also this is the first time I used xprivacylua or xposed hooks, so if there are better ways, do it that way
I was just curious

Edit: iirc to use a single hook, you need xprivacylua pro companion app. That feature costa 3,60€ i think, but the app is pretty awesome and worth the money. If you want to not use xprivacylua you can write your own xposed module and hook the mentioned method.

 

[Usche]

You can hook their checkIntegrity method to bypass the check. An easy way to do that would be to use xprivacylua.
A very short tutorial would be like this:
Install magisk alpha enable zygisk
install lsxposed for zygisk
install xprivacylua and enable it in lsxposed also enable it for amt app
add the following hook to xprivacylua
enable the hook for amt app (only enable this one hook others can crash the app)
enjoy

xprivaylua script:

 {
      "builtin": false,
      "collection": "Privacy",
      "group": "Use.Tracking",
      "name": "DeviceIntegrityCheck\/checkIntegrity",
      "author": "B!",
      "version": 0,
      "description": "Skip asitplus device integrity check",
      "className": "at.asitplus.utils.deviceintegrity.DeviceIntegrityCheck",
      "methodName": "checkIntegrity",
      "parameterTypes": [],
      "returnType": "void",
      "minSdk": 1,
      "maxSdk": 999,
      "minApk": 0,
      "maxApk": 2147483647,
      "enabled": true,
      "optional": false,
      "usage": true,
      "notify": false,
      "luaScript": "function before(hook, param)\n  param:setResult(nil)\n  return true\nend\n"
    }

Explanation:
The "checkIntegrity" method checks for root, safetynet, bootloader status basically everything. It does not return anything but throws an exception if anything goes wrong. So we skip it all together.

Disclaimer:
This is only intended for education and so on I am not responsible for any misuse and bla bla.
Also this is the first time I used xprivacylua or xposed hooks, so if there are better ways, do it that way
I was just curious

Edit: iirc to use a single hook, you need xprivacylua pro companion app. That feature costa 3,60€ i think, but the app is pretty awesome and worth the money. If you want to not use xprivacylua you can write your own xposed module and hook the mentioned method.

First of all thanks for the hint but i think this is to complicate for me .... Unfortunately even have installed magisik hide so far
Did you try if this is working for "DIGITALES AMT"

https://xiaomi.eu/community/threads/22-1-13.64626/post-646501

 

[B!GBOY]

First of all thanks for the hint but i think this is to complicate for me .... Unfortunately even have installed magisik hide so far
Did you try if this is working for "DIGITALES AMT"

https://xiaomi.eu/community/threads/22-1-13.64626/post-646501

Yes I can see the next step where it asks you to register your phone with another device and scan the qr code. As I do not live in At i think that is as far as I can go.

I know it looks intimidating but it was way more complicated in the past

It is really nice that we can use xprivacylua instead of setting up android studio and making an xposed module or that we can pass safetynet and other checks now, even with xposed installed, considering the amount of time and energy google invested in limiting what you can do with the device you own!

 

[Usche]

Yes I can see the next step where it asks you to register your phone with another device and scan the qr code. As I do not live in At i think that is as far as I can go.

I know it looks intimidating but it was way more complicated in the past

It is really nice that we can use xprivacylua instead of setting up android studio and making an xposed module or that we can pass safetynet and other checks now, even with xposed installed, considering the amount of time and energy google invested in limiting what you can do with the device you own!

ok!
Do you have a link with a tutorial how to install magisk alpha ?

 

[katerpanne]

ok!
Do you have a link with a tutorial how to install magisk alpha ?

here we go…

https://xiaomi.eu/community/threads/howto-magisk-install-without-twrp.64511/

 

[katerpanne]

You can hook their checkIntegrity method to bypass the check. An easy way to do that would be to use xprivacylua.
A very short tutorial would be like this:
Install magisk alpha enable zygisk
install lsxposed for zygisk
install xprivacylua and enable it in lsxposed also enable it for amt app
add the following hook to xprivacylua
enable the hook for amt app (only enable this one hook others can crash the app)
enjoy

xprivaylua script:

 {
      "builtin": false,
      "collection": "Privacy",
      "group": "Use.Tracking",
      "name": "DeviceIntegrityCheck\/checkIntegrity",
      "author": "B!",
      "version": 0,
      "description": "Skip asitplus device integrity check",
      "className": "at.asitplus.utils.deviceintegrity.DeviceIntegrityCheck",
      "methodName": "checkIntegrity",
      "parameterTypes": [],
      "returnType": "void",
      "minSdk": 1,
      "maxSdk": 999,
      "minApk": 0,
      "maxApk": 2147483647,
      "enabled": true,
      "optional": false,
      "usage": true,
      "notify": false,
      "luaScript": "function before(hook, param)\n  param:setResult(nil)\n  return true\nend\n"
    }

Explanation:
The "checkIntegrity" method checks for root, safetynet, bootloader status basically everything. It does not return anything but throws an exception if anything goes wrong. So we skip it all together.

Disclaimer:
This is only intended for education and so on I am not responsible for any misuse and bla bla.
Also this is the first time I used xprivacylua or xposed hooks, so if there are better ways, do it that way
I was just curious

Edit: iirc to use a single hook, you need xprivacylua pro companion app. That feature costa 3,60€ i think, but the app is pretty awesome and worth the money. If you want to not use xprivacylua you can write your own xposed module and hook the mentioned method.

@B!GBOY: It is working fine ! Thank you very much !

Android 11 with Magisk v23 / LSPosed / LSPosed Modul xprivacylua and Playstore App xprivacyluapro

@Usche: How are you doing, everything is up and running or you need help ?

 

[Usche]

@B!GBOY: It is working fine ! Thank you very much !

Android 11 with Magisk v23 / LSPosed / LSPosed Modul xprivacylua and Playstore App xprivacyluapro

@Usche: How are you doing, everything is up and running or you need help ?

View attachment 40731

@katerpanne
I have not tried yet. I am to afraid to make something wrong and my phone get BRICK. In prinzipiell i would need it for the "DIGITALEN FUEHERSCHEIN". And i do not need it now. I will wait for that time i need the "DIGITALES AMT" for the Fueherschein and then i will try it.
it would be great if i could contact you when the time is coming ....

many thanks

 

[katerpanne]

@katerpanne
I have not tried yet. I am to afraid to make something wrong and my phone get BRICK. In prinzipiell i would need it for the "DIGITALEN FUEHERSCHEIN". And i do not need it now. I will wait for that time i need the "DIGITALES AMT" for the Fueherschein and then i will try it.
it would be great if i could contact you when the time is coming ....

many thanks

you can of course

 

[Manuel1948]

You can hook their checkIntegrity method to bypass the check. An easy way to do that would be to use xprivacylua.
A very short tutorial would be like this:
Install magisk alpha enable zygisk
install lsxposed for zygisk
install xprivacylua and enable it in lsxposed also enable it for amt app
add the following hook to xprivacylua
enable the hook for amt app (only enable this one hook others can crash the app)
enjoy

xprivaylua script:

 {
      "builtin": false,
      "collection": "Privacy",
      "group": "Use.Tracking",
      "name": "DeviceIntegrityCheck\/checkIntegrity",
      "author": "B!",
      "version": 0,
      "description": "Skip asitplus device integrity check",
      "className": "at.asitplus.utils.deviceintegrity.DeviceIntegrityCheck",
      "methodName": "checkIntegrity",
      "parameterTypes": [],
      "returnType": "void",
      "minSdk": 1,
      "maxSdk": 999,
      "minApk": 0,
      "maxApk": 2147483647,
      "enabled": true,
      "optional": false,
      "usage": true,
      "notify": false,
      "luaScript": "function before(hook, param)\n  param:setResult(nil)\n  return true\nend\n"
    }

Explanation:
The "checkIntegrity" method checks for root, safetynet, bootloader status basically everything. It does not return anything but throws an exception if anything goes wrong. So we skip it all together.

Disclaimer:
This is only intended for education and so on I am not responsible for any misuse and bla bla.
Also this is the first time I used xprivacylua or xposed hooks, so if there are better ways, do it that way
I was just curious

Edit: iirc to use a single hook, you need xprivacylua pro companion app. That feature costa 3,60€ i think, but the app is pretty awesome and worth the money. If you want to not use xprivacylua you can write your own xposed module and hook the mentioned method.

Thank you for the instructions. May I know, how you found this out, especially which class name and so on or are you an android app developer so you have to do with this things everytime?

 

[B!GBOY]

Thank you for the instructions. May I know, how you found this out, especially which class name and so on or are you an android app developer so you have to do with this things everytime?

There is a tool called dex2jar. You can use that to convert the dex file of the app (where the code is) to a java jar file and then use java decompilers like jd-gui or others (there are even online sites) to get the decompiled source code.

After that you have to be creative to find out where the relevant code is. Especially because android apps are usually obfuscated.
You can use string references and other non obfuscated stuff to find the relevant functions.

I'm not an android developer but I like coding and computers in general.

 

[Manuel1948]

There is a tool called dex2jar. You can use that to convert the dex file of the app (where the code is) to a java jar file and then use java decompilers like jd-gui or others (there are even online sites) to get the decompiled source code.

After that you have to be creative to find out where the relevant code is. Especially because android apps are usually obfuscated.
You can use string references and other non obfuscated stuff to find the relevant functions.

I'm not an android developer but I like coding and computers in general.

Thank you for your knowledge and effort, I am also an IT technician, but not specialized on Android apps or debugging and only for one app it won't be worth to invest so much time for me, but I am happy you share the way, so if I have a similar problem next time, I have a possible way

 

[mf76130]

You can hook their checkIntegrity method to bypass the check. An easy way to do that would be to use xprivacylua.
A very short tutorial would be like this:
Install magisk alpha enable zygisk
install lsxposed for zygisk
install xprivacylua and enable it in lsxposed also enable it for amt app
add the following hook to xprivacylua
enable the hook for amt app (only enable this one hook others can crash the app)
enjoy

xprivaylua script:

 {
      "builtin": false,
      "collection": "Privacy",
      "group": "Use.Tracking",
      "name": "DeviceIntegrityCheck\/checkIntegrity",
      "author": "B!",
      "version": 0,
      "description": "Skip asitplus device integrity check",
      "className": "at.asitplus.utils.deviceintegrity.DeviceIntegrityCheck",
      "methodName": "checkIntegrity",
      "parameterTypes": [],
      "returnType": "void",
      "minSdk": 1,
      "maxSdk": 999,
      "minApk": 0,
      "maxApk": 2147483647,
      "enabled": true,
      "optional": false,
      "usage": true,
      "notify": false,
      "luaScript": "function before(hook, param)\n  param:setResult(nil)\n  return true\nend\n"
    }

Explanation:
The "checkIntegrity" method checks for root, safetynet, bootloader status basically everything. It does not return anything but throws an exception if anything goes wrong. So we skip it all together.

Disclaimer:
This is only intended for education and so on I am not responsible for any misuse and bla bla.
Also this is the first time I used xprivacylua or xposed hooks, so if there are better ways, do it that way
I was just curious

Edit: iirc to use a single hook, you need xprivacylua pro companion app. That feature costa 3,60€ i think, but the app is pretty awesome and worth the money. If you want to not use xprivacylua you can write your own xposed module and hook the mentioned method.

Hi,

Thanks for all that info, i added the script, but now the amt app crashes on start, might there something have been changed?

just an update, i now realised this is a json file to import the hook App now starts, i am able to start the register but it crashes when it offers to scan the QR Code. (i use Android 12, maybe thats the problem)


time: 1647512526242
msg: java.lang.IllegalArgumentException: com.android.providers.settings: Targeting S+ (version 31 and above) requires that one of FLAG_IMMUTABLE or FLAG_MUTABLE be specified when creating a PendingIntent.
Strongly consider using FLAG_IMMUTABLE, only use FLAG_MUTABLE if some functionality depends on the PendingIntent being mutable, e.g. if it needs to be used with inline replies or bubbles.
stacktrace: java.lang.IllegalArgumentException: com.android.providers.settings: Targeting S+ (version 31 and above) requires that one of FLAG_IMMUTABLE or FLAG_MUTABLE be specified when creating a PendingIntent.
Strongly consider using FLAG_IMMUTABLE, only use FLAG_MUTABLE if some functionality depends on the PendingIntent being mutable, e.g. if it needs to be used with inline replies or bubbles.
at android.database.DatabaseUtils.readExceptionFromParcel(DatabaseUtils.java:172)
at android.database.DatabaseUtils.readExceptionFromParcel(DatabaseUtils.java:142)
at android.content.ContentProviderProxy.call(ContentProviderNative.java:732)
at android.content.ContentResolver.call(ContentResolver.java:2455)
at android.content.ContentResolver.call(ContentResolver.java:2435)
at eu.faircode.xlua.XLua$6.run(SourceFile:12)
at java.util.TimerThread.mainLoop(Timer.java:562)
at java.util.TimerThread.run(Timer.java:512)


br
Michael

 

[Igor Eisberg]

Hi,

Thanks for all that info, i added the script, but now the amt app crashes on start, might there something have been changed?

just an update, i now realised this is a json file to import the hook App now starts, i am able to start the register but it crashes when it offers to scan the QR Code. (i use Android 12, maybe thats the problem)


time: 1647512526242
msg: java.lang.IllegalArgumentException: com.android.providers.settings: Targeting S+ (version 31 and above) requires that one of FLAG_IMMUTABLE or FLAG_MUTABLE be specified when creating a PendingIntent.
Strongly consider using FLAG_IMMUTABLE, only use FLAG_MUTABLE if some functionality depends on the PendingIntent being mutable, e.g. if it needs to be used with inline replies or bubbles.
stacktrace: java.lang.IllegalArgumentException: com.android.providers.settings: Targeting S+ (version 31 and above) requires that one of FLAG_IMMUTABLE or FLAG_MUTABLE be specified when creating a PendingIntent.
Strongly consider using FLAG_IMMUTABLE, only use FLAG_MUTABLE if some functionality depends on the PendingIntent being mutable, e.g. if it needs to be used with inline replies or bubbles.
at android.database.DatabaseUtils.readExceptionFromParcel(DatabaseUtils.java:172)
at android.database.DatabaseUtils.readExceptionFromParcel(DatabaseUtils.java:142)
at android.content.ContentProviderProxy.call(ContentProviderNative.java:732)
at android.content.ContentResolver.call(ContentResolver.java:2455)
at android.content.ContentResolver.call(ContentResolver.java:2435)
at eu.faircode.xlua.XLua$6.run(SourceFile:12)
at java.util.TimerThread.mainLoop(Timer.java:562)
at java.util.TimerThread.run(Timer.java:512)


br
Michael

The error clearly says that the app was not properly adapted for Android S (= 12).

 

[Usche]

Hi,

Thanks for all that info, i added the script, but now the amt app crashes on start, might there something have been changed?

br
Michael

In my case it crashes not at the START --> Mi 11 / latest eu.rom.


I will applicate the SCRIPT when i need it for "DIGITALEN FUEHERSCHEIN"