About Modification on Play Integrity and Its Traces


JC_ProPlus

Members
Oct 16, 2023
2
13
Yes, it's not a new one and is already being discussed here. I've worked for several days, did some troubleshoots with other CN HyperOS-based ROMs and found out it might be related with some traces left from Xiaomi.eu ROM's Play Integrity fix.
I'm currently using weekly Xiaomi.eu ROM on a Xiaomi 13 Ultra.
The issue started with the abnormal crash from the Octopus pay app in HK (P1), and the restriction from Uber (disabling the app's native UI and redirecting to a webview page). Those scenario can be observe under a clean environment and a rooted environment (KernelSU 11838, Zygisk Next 1.0.5, Shamiko 1.0.1, LSPosed 7024, HideMyApps with suspicious stuff properly hidden, including Xiaomi.eu's fix).
Then I tried those two apps on a locked Redmi K70, which had only passed Basic Integrity due to Xiaomi's problem. Octopus didn't crash and refused the login attempt as expected, and Uber also works fine with full function.
I brought out my Redmi K20 Pro at last, with a modified CN-based HyperOS ROM (modified from Xiaomi 13's ROM) and a rooted environment (same opponent with Play Integrity Fix installed, can pass Device Integrity), and those two apps would work smooth as they expected.
So I tried to locate the issue from the newly-flashed Xiaomi.eu ROM. Using NativeDetector and Memory Detector (original dev turned the repo private, but apk can still be reached here), modification on constant properties can be found (P3, Property Modified (20), the other output means the bootloader is unlocked) which other ROMs doesn't have, and Memory Detector found out it is related to native bridge (P2).
So far I think the problem can be located on Xiaomi.eu's Play Integrity fix method, but as an amateur this is the furthest I can go. I'd really appreciate it if you guys can figure out the rest.
 

Attachments

  • 6BA8210D140DD434A6CA55D60C9F28CD.jpg
    6BA8210D140DD434A6CA55D60C9F28CD.jpg
    398.5 KB · Views: 50
  • 69DA977B3DF4CEC8621A73B20CDF25CC.jpg
    69DA977B3DF4CEC8621A73B20CDF25CC.jpg
    62.2 KB · Views: 44
  • B245188797DF2233A2B100B0C4617F82.jpg
    B245188797DF2233A2B100B0C4617F82.jpg
    126.8 KB · Views: 45