Cannot pass strong integrity because of XiaomiEU Injector?

[AlfaX]

Would it be added for older MIUI devices? I understand it would take a longer time to rebuild a new image for all devices. If not, would there be any simple ways so that we could patch framework.jar ourselves to make "engineGetCertificateChain" function normally?

There was a magisk module but it is not available anymore:

[MODULE] Framework Patcher for Strong integrity

Decided to modify FrameworkPatcherGo to disable the droidguard check in framework.jar. I'm not an android dev, so YMMV. Should be safe, but do your own research and use at your own risk since I'm just a random person on the Internet. Module found here: https://pixeldrain.com/u/9GmWzNe2 Edit...

xiaomi.eu

Try to ask the author

 

[Igor Eisberg]

Would it be added for older MIUI devices? I understand it would take a longer time to rebuild a new image for all devices. If not, would there be any simple ways so that we could patch framework.jar ourselves to make "engineGetCertificateChain" function normally?

No, it's not our problem.

 

[mkcs121]

No, it's not our problem.

So would it be normal for the APP mentioned in #6 which flags a non-rooted environment of xiaomi.eu ROM as untrusted even though the built-in injector is up to date? I understand it's not your problem or responsibility. What is being discussed in this thread is for possible improvement. What if more apps are adopting similar technology that even a non-rooted custom ROM fails to function normally?

 

[Igor Eisberg]

So would it be normal for the APP mentioned in #6 which flags a non-rooted environment of xiaomi.eu ROM as untrusted even though the built-in injector is up to date? I understand it's not your problem or responsibility. What is being discussed in this thread is for possible improvement. What if more apps are adopting similar technology that even a non-rooted custom ROM fails to function normally?

Then you'll have to use whichever root workaround there is if you want to use those apps. I simply made sure our workaround doesn't interfere when the module is disabled. We're not going to rebuild anything for that, it's applied to newer builds already.

 

[mkcs121]

Then you'll have to use whichever root workaround there is if you want to use those apps. I simply made sure our workaround doesn't interfere when the module is disabled. We're not going to rebuild anything for that, it's applied to newer builds already.

So that means all previous builds are still affected and modification is still detected....It's not about getting root to spoof or hide can deal with. Now apps are capable of detecting a tampered environment although you spoofed and achieved the device integrity.

Try this app on xiaomi.eu MIUI 14, it refuses to run even though you injected an unbanned prints via the xiaomi.eu module and the device is not rooted: https://apk.support/app/com.octopuscards.nfc_reader

 

[Igor Eisberg]

So that means all previous builds are still affected and modification is still detected....It's not about getting root to spoof or hide can deal with. Now apps are capable of detecting a tampered environment although you spoofed and achieved the device integrity.

Try this app on xiaomi.eu MIUI 14, it refuses to run even though you injected an unbanned prints via the xiaomi.eu module and the device is not rooted: https://apk.support/app/com.octopuscards.nfc_reader

Yes, our MIUI 14 ROMs will forever be detectable.

 

[AlfaX]

So that means all previous builds are still affected and modification is still detected....It's not about getting root to spoof or hide can deal with. Now apps are capable of detecting a tampered environment although you spoofed and achieved the device integrity.

Try this app on xiaomi.eu MIUI 14, it refuses to run even though you injected an unbanned prints via the xiaomi.eu module and the device is not rooted: https://apk.support/app/com.octopuscards.nfc_reader

Well either the app requires strong or it uses some other detection that can see spoofed things.

Your only solution is either buy a new phone, use Xiaomi.eu as is (or with some patches if possible to get strong) or use stock rom...

 

[ekzeshka]

Ok, how-to disable integrated inject ?

Like you disable any system app

 

[stetor]

Like you disable any system app

i know the command line method ... this appear to be an app that can disable system app ... can be useful. Name ?
for sure require the root ...

 

[Bec de Xorbin]

i know the command line method ... this appear to be an app that can disable system app ... can be useful. Name ?
for sure require the root ...

Settings -> Apps -> Manage apps -> three dots -> Show all apps

 

[stetor]

doh ... never noticed that. The trick was the "show all apps" ... i'm using the miui from old old version and in those old version lthe only option for disabling/removing bloatware was from the command line as root
thanks

 

[CZ.Kostra]

So that means all previous builds are still affected and modification is still detected....It's not about getting root to spoof or hide can deal with. Now apps are capable of detecting a tampered environment although you spoofed and achieved the device integrity.

Try this app on xiaomi.eu MIUI 14, it refuses to run even though you injected an unbanned prints via the xiaomi.eu module and the device is not rooted: https://apk.support/app/com.octopuscards.nfc_reader

I tried to install the app and went to login screen. I don't know if it's far enough.

I broke Google Play Interity to BASIC.
I did not hide unlocked bootloader from application.
I didn't take any special method to hide root.
I use local ROM with MIUI14 but without spoofing and injector (version from time before updatable injector was inserted).
Root method is APatch.
Hope it helps you.

 

[mkcs121]

I tried to install the app and went to login screen. I don't know if it's far enough.

I broke Google Play Interity to BASIC.
I did not hide unlocked bootloader from application.
I didn't take any special method to hide root.
I use local ROM with MIUI14 but without spoofing and injector (version from time before updatable injector was inserted).
Root method is APatch.
Hope it helps you.

I know, actually the app only requires basic integrity. However, there is other detection that even strong integrity cannot let you pass

 

[mkcs121]

Well either the app requires strong or it uses some other detection that can see spoofed things.

Your only solution is either buy a new phone, use Xiaomi.eu as is (or with some patches if possible to get strong) or use stock rom...

The app actually requires BASIC INTEGRITY only. It's likely the way how xiaomi.eu devs modified in framework.jar to avoid a safetynet hardware-backed attestation triggers a tampering detection. I tried on a rooted device with stock rom. As long as basic integrity is maintained, without any keybox or fingerprints, the app does run successfully. Besides, the app also refuse to run if Play Protect is disabled. However, it's regrettable that the app does not run on any previous xiaomi.eu ROMs which contains any built-in safetynet hacks, no matter what injection module, valid prints/keybox and other root/xposed modules exist bla bla bla....

A demonstration : https://streamable.com/z64ict

 

[CZ.Kostra]

The app actually requires BASIC INTEGRITY only. It's likely the way how xiaomi.eu devs modified in framework.jar to avoid a safetynet hardware-backed attestation triggers a tampering detection. I tried on a rooted device with stock rom. As long as basic integrity is maintained, without any keybox or fingerprints, the app does run successfully. Besides, the app also refuse to run if Play Protect is disabled. However, it's regrettable that the app does not run on any previous xiaomi.eu ROMs which contains any built-in safetynet hacks, no matter what injection module, valid prints/keybox and other root/xposed modules exist bla bla bla....

A demonstration : https://streamable.com/z64ict

Have you tried this module?

[MODULE] Framework Patcher for Strong integrity

Decided to modify FrameworkPatcherGo to disable the droidguard check in framework.jar. I'm not an android dev, so YMMV. Should be safe, but do your own research and use at your own risk since I'm just a random person on the Internet. Module found here: https://pixeldrain.com/u/9GmWzNe2 Edit...

xiaomi.eu

 

[AlfaX]

I just updated to the latest version on nuwa, and I see I only pass basic, that's when I realized the keybox I had which was supposed to work didn't work once it should have...
Well I hope I will find a new one soon.

 

[mkcs121]

Have you tried this module?

[MODULE] Framework Patcher for Strong integrity

Decided to modify FrameworkPatcherGo to disable the droidguard check in framework.jar. I'm not an android dev, so YMMV. Should be safe, but do your own research and use at your own risk since I'm just a random person on the Internet. Module found here: https://pixeldrain.com/u/9GmWzNe2 Edit...

xiaomi.eu

The home launcher is crashed after installing this module. The crux relies on xiaomi.eu devs to disable the bulit-in hacks on any previous builds. It has been the era that apps could restrict you from access even though you're non-rooted.

 

[Pepitp]

Like you disable any system app

Thanks, it's disabled

 

[zgfg12]

Not a toggle and not a prop, but I added auto-switching based on whether inject module APK is loaded successfully.
If the APK is missing, uninstalled, disabled, or failed to load, then "engineGetCertificateChain" will execute normally.

Just a question please - is this auto-switching (to allow passing Strong with Tricky Store and the proper keybox) provided for Mi 11 Lite 5G NE in the latest HyperOS 1.0.5 build:

https://sourceforge.net/projects/xiaomi-eu-multilang-miui-roms/files/xiaomi.eu/HyperOS-STABLE-RELEASES/HyperOS1.0/xiaomi.eu_LISA_OS1.0.5.0.UKOCNXM_14.zip/download

 

[stathis95194]

Just a question please - is this auto-switching (to allow passing Strong with Tricky Store and the proper keybox) provided for Mi 11 Lite 5G NE in the latest HyperOS 1.0.5 build:

https://sourceforge.net/projects/xiaomi-eu-multilang-miui-roms/files/xiaomi.eu/HyperOS-STABLE-RELEASES/HyperOS1.0/xiaomi.eu_LISA_OS1.0.5.0.UKOCNXM_14.zip/download

It should be since the ROM was released after Igor's announcement. Don't forget to disable eu injector app to be able to use your solution

Sent from my 2210132G using Tapatalk

 

[zgfg12]

It should be since the ROM was released after Igor's announcement. Don't forget to disable eu injector app to be able to use your solution

Sent from my 2210132G using Tapatal

I was expecting that comparing the release date (and I know how to properly debloati XiaomiEUInject). That date was the reason I asked

My point way if somebody who installed himself the particular build could confirm

But ok, if it's not possible to get that kind of answer, never mind

 

[stathis95194]

I was expecting that comparing the release date (and I know how to properly debloati XiaomiEUInject). That date was the reason I asked

My point way if somebody who installed himself the particular build could confirm

But ok, if it's not possible to get that kind of answer, never mind

I can do you one better. Nuwa which was released 5 days earlier than lisa had the workaround, so it's a safe bet that this ROM has it as well

Sent from my 2210132G using Tapatalk

 

[nimiq5566]

This QA is full of essential

Our only priority is unrooted users. If you're rooted, you can patch out anything you want and make a module out of it.
Any "solution" you can think of will eventually be blocked. That's why I was always against including ANY kind of workaround in the ROMs.
Oh, and if that would have affected the "popularity" of the ROM, I personally would not care, not trying to be a celebrity.
My solution to Google Pay not working has always been not using Google Pay. I can live with a card, I don't see the problem with that.

This should be pinned in ROM threads, when the day Google banned current solution, I bet those thread will be flooded.
I didn't find this info in other places, but I think this is important and many users cared.

 

[VultureXT]

A "workaround" a.k.a "illegal" in Google eyes will always get patched. Even Magisk no longer works with banking. (Yes, i've tried the Beta, the Canary even on V28). There's no telling how much longer ROOT will be relevant. And for that reason, I'm out. Back on STOCK, STABLE release from xiaomi.eu. I don't even have the energy to use WEEKLY release anymore.

 

[AsadP]

A "workaround" a.k.a "illegal" in Google eyes will always get patched. Even Magisk no longer works with banking. (Yes, i've tried the Beta, the Canary even on V28). There's no telling how much longer ROOT will be relevant. And for that reason, I'm out. Back on STOCK, STABLE release from xiaomi.eu. I don't even have the energy to use WEEKLY release anymore.

Yeah, I'm literally considering going stable with no root and relock.

I'm waiting until the day I am forced to give up though as I'm able to use my banking apps.. for now..