Initialize DEVICE_INITIAL_SDK_INT

* Move changing ro.product.first_api_level from global namespace to GMS only
* Set "walleye" as fake device (Google bug -> STRONG)

Author: Displax

java/app/src/main/java/dev/kdrag0n/safetynetfix/EntryPoint.kt

@@ -7,6 +7,7 @@ object EntryPoint {
         try {
             logDebug("Entry point: Initializing SafetyNet patches")
             SecurityHooks.init()
+            InitSdk.init()
         } catch (e: Throwable) {
             // Throwing an exception would require the JNI code to handle exceptions, so just catch
             // everything here.

java/app/src/main/java/dev/kdrag0n/safetynetfix/InitSdk.kt

@@ -0,0 +1,18 @@
+package dev.kdrag0n.safetynetfix
+
+import android.os.Build
+import dev.kdrag0n.safetynetfix.logDebug
+
+internal object InitSdk {
+    fun init() {
+        val patchedFirstApiLevel = Build.VERSION_CODES.O
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) {
+            logDebug("Patch DEVICE_INITIAL_SDK_INT prop. Set it to: $patchedFirstApiLevel")
+            @Suppress("BlockedPrivateApi")
+            Build.VERSION::class.java.getDeclaredField("DEVICE_INITIAL_SDK_INT").let { field ->
+            field.isAccessible = true
+            field.set(null, patchedFirstApiLevel)
+            }
+        }
+    }
+}

java/app/src/main/java/dev/kdrag0n/safetynetfix/proxy/ProxyProvider.kt

@@ -21,37 +21,29 @@ class ProxyProvider(
 
     override fun getService(type: String?, algorithm: String?): Service? {
         logDebug("Provider: get service - type=$type algorithm=$algorithm")
-        val host = Build.HOST
-        if (type == "KeyStore" && host != "xiaomi.eu") {
+        if (type == "KeyStore" && Build.HOST != "xiaomi.eu") {
 
-            val origProduct = Build.PRODUCT
-            val patchedProduct = "marlin"
+            val patchedProduct = "walleye"
+            val patchedDevice = "walleye"
+            val patchedModel = "Pixel 2"
+            val patchedFingerprint = "google/walleye/walleye:8.1.0/OPM1.171019.011/4448085:user/release-keys"
 
-            val origDevice = Build.DEVICE
-            val patchedDevice = "marlin"
-
-            val origModel = Build.MODEL
-            val patchedModel = "Pixel XL"
-
-            val origFingerprint = Build.FINGERPRINT
-            val patchedFingerprint = "google/marlin/marlin:7.1.2/NJH47F/4146041:user/release-keys"
-
-            logDebug("Patch PRODUCT for KeyStore $origProduct -> $patchedProduct")
+            logDebug("Patch PRODUCT prop. Set it to: $patchedProduct")
             Build::class.java.getDeclaredField("PRODUCT").let { field ->
                 field.isAccessible = true
                 field.set(null, patchedProduct)
             }
-            logDebug("Patch DEVICE for KeyStore $origDevice -> $patchedDevice")
+            logDebug("Patch DEVICE prop. Set it to: $patchedDevice")
             Build::class.java.getDeclaredField("DEVICE").let { field ->
                 field.isAccessible = true
                 field.set(null, patchedDevice)
             }
-            logDebug("Patch MODEL for KeyStore $origModel -> $patchedModel")
+            logDebug("Patch MODEL prop. Set it to: $patchedModel")
             Build::class.java.getDeclaredField("MODEL").let { field ->
                 field.isAccessible = true
                 field.set(null, patchedModel)
             }
-            logDebug("Patch FINGERPRINT for KeyStore $origFingerprint -> $patchedFingerprint")
+            logDebug("Patch FINGERPRINT prop. Set it to: $patchedFingerprint")
             Build::class.java.getDeclaredField("FINGERPRINT").let { field ->
                 field.isAccessible = true
                 field.set(null, patchedFingerprint)

magisk/post-fs-data.sh

@@ -2,5 +2,5 @@
 
 # Remove Play Services from the Magisk Denylist when set to enforcing.
 if magisk --denylist status; then
-	magisk --denylist rm com.google.android.gms
+    magisk --denylist rm com.google.android.gms
 fi

magisk/service.sh

@@ -1,5 +1,5 @@
 #!/system/bin/sh
-# Conditional MagiskHide properties
+# Sensitive properties
 
 maybe_set_prop() {
     local prop="$1"
@@ -16,9 +16,10 @@ maybe_set_prop ro.bootmode recovery unknown
 maybe_set_prop ro.boot.mode recovery unknown
 maybe_set_prop vendor.boot.mode recovery unknown
 
+# Hiding SELinux | Permissive status
 resetprop --delete ro.build.selinux
 
-# SELinux permissive | use toybox to protect stat access time
+# Hiding SELinux | Use toybox to protect *stat* access time reading
 if [[ "$(toybox cat /sys/fs/selinux/enforce)" == "0" ]]; then
     chmod 640 /sys/fs/selinux/enforce
     chmod 440 /sys/fs/selinux/policy
@@ -30,22 +31,17 @@ fi
         sleep 1
     done
 
-    # Avoid breaking Realme fingerprint scanners
+    # SafetyNet/Play Integrity | Avoid breaking Realme fingerprint scanners
     resetprop ro.boot.flash.locked 1
 
-    # Avoid breaking Oppo fingerprint scanners
+    # SafetyNet/Play Integrity | Avoid breaking Oppo fingerprint scanners
     resetprop ro.boot.vbmeta.device_state locked
 
-    # Avoid breaking OnePlus display modes/fingerprint scanners
+    # SafetyNet/Play Integrity | Avoid breaking OnePlus display modes/fingerprint scanners
     resetprop vendor.boot.verifiedbootstate green
 
-    # Safetynet (avoid breaking OnePlus display modes/fingerprint scanners on OOS 12)
+    # SafetyNet/Play Integrity | Avoid breaking OnePlus display modes/fingerprint scanners on OOS 12
     resetprop ro.boot.verifiedbootstate green
     resetprop ro.boot.veritymode enforcing
     resetprop vendor.boot.vbmeta.device_state locked
-
-    # Avoid breaking encryption, set shipping level to 32 for devices >=33 to allow for software attestation
-    if [[ "$(getprop ro.product.first_api_level)" -ge 33 ]]; then
-        resetprop ro.product.first_api_level 32
-    fi
 }&