Some feedback...

[AnonVendetta]

This isn't an issue, but I couldn't find a way to post feedback on GitHub, there is only an Issues section. Anyway, for the longest time I used Tingle, and it "just worked".....but it only patches framework.jar. The Haystack patch covers every framework JAR file that is involved in sig spoofing, and even gives an UI for toggling it on/off! Very nice, Tingle doesnt do that. I am a convert! It takes a few more minutes and a few more commands, but if you follow the instructions carefully it will work. I got it right on the first try, I primarily use Windows but have an intermediate level of skill with multiple Linux distros.

Downsides:

1. This patch is primarily geared towards Linux users, not so easy to apply if you run Windows. Tingle ran just fine in Windows since it only uses Java and Python. You should consider making it easier to use for people who run the world's most dominant PC OS.

2. Gives a global on/off toggle in developer settings, which seems to grant sig spoofing perms to any/all apps without confirmation. Like for instance, after applying your patch and installing sig spoof checker, it makes no difference whether I click deny or accept, the checker always shows that spoofing is enabled. Whereas before the patch it would say disabled if I clicked deny and enabled if I clicked accept. You might be wondering, if my ROM already had the sigspoof patch, then why run Haystack? Well, mainly because the devs half-assed it. When installing the MicroG app, I just have to click a button in self-check and MicroG says that spoofing is enabled. But it doesn't work for Play Store, MicroG says that Play Store doesn't have the right sig, which means that spoofing perm isn't granted to it. And there is no way to grant it, through an interface or whatever. I would like to see a refined interface that gives a way to grant/deny spoofing perm per app, like a list of installed apps (including system apps), then the user can just toggle it on for those that need it but have no way to request it. A global toggle is convenient but would seem to pose a security risk.

Thanks for your work!

[Lanchon]

hey! some comments:

1. This patch is [...] not so easy to apply if you run Windows.

• i'm not really interested in haystack much, it's just a demo for my dexpatcher. the point is not patching your rom, but getting to use dexpatcher.
• nanolx patcher is actually haystack + dexpatcher packed in a zip to run from recovery. so you can run haystack without any PC OS and not typing any commands; it doesn't get much simpler than that :)
• that patcher doesn't include the UI i think, but it's a simple matter of modding the script to your liking.

2. the devs half-assed it
   nope! microg actually did that. microg produced a patch for devs to apply that ask for sigspoof permission, and as you can see by trying sigspoof checker, it works. the problem is that the app using the permission must actively request it on Android 6 and later with that patch (if the app targets Android 6) because that's the desired behavior. if the app doesn't request the permission, the system won't show a UI and wont grant it. so it's not a rom issue, it's an issue of whatever app you are using that declares sigspoof, targets Android 6 or later, and doesn't request the permission.

3. But it doesn't work for Play Store
   playstore is a google-signed app and doesn't need fake signature and doesn't request it. so i don't know what you are saying.

4. there is no way to grant it, through an interface or whatever. I would like to see a refined interface that gives a way to grant/deny spoofing perm per app
   yes there is. or there should be. system/apps, go your app, permissions, and it should be there somewhere.

[AnonVendetta]

@Lanchon: Thanks for the reply. On point # 3, yes OFFICIAL Play Store is signed by Google, so it doesnt need the spoofing perm. But....if you are using, say, FakeStore or BlankStore or any other Play Store drop-in replacement that uses com.android.vending package name (because they have to, otherwise they won't be seen as official Play Store), these don't ask for spoofing perms and so they are denied by default, I think. And they are not, of course, signed by Google. Which is why they need spoofing.

On point # 4, yes, the interface MAY exist, but maybe not, especially if your chosen ROM doesnt implement spoofing AT ALL. And even if it does, the setting you've pointed out still may not be there, depending on which spoofing implementation the ROM devs chose to use. And it is probably only applicable to LOS/AOSP-based ROMs. I doubt the ROM devs use Haystack. It definitely wont exist if you are trying to patch a stock-based firmware.

I'm about to try patching a stock Marshmallow ROM (Galaxy Note 4 N910T) with Haystack, I'm curious to see if there will be any errors on an OEM ROM. Or you your spoofing implementation will work as expected. The only issue I can foretell is that my ROM doesn't have /system/priv-app/Settings.apk, instead it has SecSettings.apk. I'll just rename it to Settings.apk in TWRP before patching, then rename it and set perms afterwards. I'll report back on my results.

Thanks again!

[Lanchon]

if you are using, say, FakeStore or BlankStore or any other Play Store drop-in replacement [...] these don't ask for spoofing perms and so they are denied by default.

don't patch your OK rom with haystack! ask the app dev to update their app to be compatible with android 6 sigspoof. this is A REQUIREMENT of apps using sigspoof targeting Android 6+, as sigspoof permission was defined this way by marvin of microg. these apps you mention are buggy.

BTW, my own sigspoof checker app had to be updated to request the permission on android 6. this is the change, forward it to the app devs to help them: Lanchon/sigspoof-checker@0ad4dd5...f2195f4

On point # 4, yes, the interface MAY exist, but maybe not

i can't speak for all possible roms, but it should exist on every correct implementation. this UI is the standard dangerous permission UI of android 6+. it was not added by any sigspoof change.

I'm about to try patching a stock Marshmallow ROM (Galaxy Note 4 N910T) with Haystack

it won't work unless you deodex the rom first (see the documented haystack requirements).

it has SecSettings.apk. I'll just rename it to Settings.apk

i'd skip the UI patch; it'll probably not work.

[AnonVendetta]

@Lanchon: Good news and bad news....the patch applied cleanly to all files including Settings, with no errors. Bad news is, the Settings app works but dev options crash when you try to enter its' menu. Because this is a stock Samsung ROM, there is no fake sig settings toggle in the Apps submenu. Your checker app says spoofing is disabled, and so does the MicroG GMS app, with no way to grant it for either, since I cant access dev options. I personally deodexed the ROM beforehand, I prefer deodex because it is easier to mod.

I had previously used NanoMod on this ROM and it worked. And Tingle too, no issues there. MicroG GMS and your checker app work correctly with either of those solutions, FakeStore too. It seems those patches universally grant spoofing perms to anything that requests it, no toggle needed, and no need to click a Grant button or toggle on/off in Apps. For this ROM I will use NanoMod patcher zip, it takes half an hour in TWRP but gets the job done. Tingle is much quicker, patching in seconds, since a PC has more raw horsepower.

I have used this patch on several other devices I have that are running LOS/AOSP-based Nougat+, it works perfectly. For those I will continue to use Haystack, I think it is a superior solution above the others.

[Lanchon]

dev options crash when you try to enter its' menu

as i said before:

i'd skip the UI patch; it'll probably not work.

if you read haystack docs you'll see that the UI patch is optional. nanolx patcher is just haystack run on the device.

[AnonVendetta]

@Lanchon: Well, I had already did the patch before you posted, and read your response just as i discovered that dev options was inaccessible. Fortunately I had a TWRP backup.

I still think that Nano's on-device patcher is a bit different than yours. It only patches services.jar, whereas Haystack patches all the relevant framework files.

I will try again tonight and skip the Settings.apk UI patch. However.....without being able to toggle spoofing on/off in dev options, and with no fake sig perm in the apps menu, how can I globally toggle spoofing on/off for the ROM?

Is there a terminal command that does the equivalent of the on/off dev options toggle? I understand it's just a UI, but there must be an underlying command which is used to toggle on/off, once the ROM is patched. As an example, I can manually use the pm command to install an APK or grant perms, instead of clicking on an APK or using the Apps menu to manage perms.

Thanks again!

[Lanchon]

there must be an underlying command which is used to toggle on/off

yes there is. look at the patch source code and google how to change the settings db. don't ask me!

[AnonVendetta]

@Lanchon: I just patched again, but without the UI patch to Settings.

Can you send a link to the specific bit of source code that globally toggles spoofing on/off for the entire ROM (not per app, which I think can be managed with PM). I am not a dev and don't understand source code, but I will try to read it anyway. I was just thinking that clicking the button in dev options runs an underlying command somewhere.

I find DexPatcher to be quite impressive, very clean and thorough. I'm looking into the possibility of using it with some other projects.

Thanks again!

[Lanchon]

the patched service uses this code to read the global sigspoof enable setting:
https://github.com/Lanchon/haystack/blob/master/patches-src-gen/sigspoof-ui-global/services.jar/GeneratePackageInfoHook.java

and the patched settings app uses this code to read and write said setting:
https://github.com/Lanchon/haystack/blob/master/patches-src-gen/sigspoof-ui-global/Settings.apk(common)/FakeSignatureGlobalSetting.java

[TheArkive]

is the dexpatcher*.jar the main/only file that gets used in most circumstances?

Do you have any documentation on just the dexpatcher command line? I'd like to take a stab at making a windows batch script to do this stuff. I've been trying to read down your scripts to get an idea of what goes where. Looks fairly straight forward so far, just getting a little dizzy going back and forth between so many files ;-P

I've got this working on linux before, tried on Windows a long time ago but had to give up. I'm really close now using Cygwin and MinTTY, but the issue there is that Cygwin lets you use windows binaries in a bash environment, so some of the path names aren't working so well.

Other than that, the setup was actually quite minimal, and doesn't require Win10 for their bash environment.

I'll mess around with a straight batch script, and also messing with the bash scripts to make them Cygwin compatible (putting the proper windows paths in certain places).

EDIT:

Scratch that, I just got it working in windows! Cygwin couldn't have made it any easier. I only had to install the basic packages + the zip command package, then change /system/ to /system/system/ in the scripts ... and then I had to put in the hard path for the dexpatcher in windows format, instead of letting it use a variable like so:

run_java -jar "C:\path\to\Cygwin\home\my_user\haystack-master\tools\dexpatcher\dexpatcher-1.6.2.jar" "$@"

java.exe didn't like the /normal/path/format in linux/Cygwin trying to point to the dexpatcher jar file. Is it possible to define an extra variable, set manually by the user, that plugs in the proper Windows base path of the haystack folder? Then your script could run normally, replace "/" with "\" and append it to the windows base path for dexpatcher?

Actually, manually setting another variable to define the difference between /system and /system/system would be handy. Just a quick edit by the user... or maybe even handle it in user prompts during the script? "Is your device slotted?" ... yadda yadda