From c81d61f685449590473fa5205e7709f81872a9b9 Mon Sep 17 00:00:00 2001 From: Itroublve <51215044+Itroublve@users.noreply.github.com> Date: Sun, 7 Aug 2022 12:42:39 +0200 Subject: [PATCH] fix: spoof `X-Android-Cert` of Firebase `authToken` api request (#315) --- .../FirebaseGetCertPatchCompatibility.kt | 13 ++++++ .../GetCertMessagingFingerprint.kt | 25 +++++++++++ .../GetCertRegistrationFingerprint.kt | 25 +++++++++++ .../patch/FirebaseGetCertPatch.kt | 45 +++++++++++++++++++ .../promocode/patch/PromoCodeUnlockPatch.kt | 9 +++- 5 files changed, 115 insertions(+), 2 deletions(-) create mode 100644 src/main/kotlin/app/revanced/patches/warnwetter/misc/firebasegetcert/annotations/FirebaseGetCertPatchCompatibility.kt create mode 100644 src/main/kotlin/app/revanced/patches/warnwetter/misc/firebasegetcert/fingerprints/GetCertMessagingFingerprint.kt create mode 100644 src/main/kotlin/app/revanced/patches/warnwetter/misc/firebasegetcert/fingerprints/GetCertRegistrationFingerprint.kt create mode 100644 src/main/kotlin/app/revanced/patches/warnwetter/misc/firebasegetcert/patch/FirebaseGetCertPatch.kt diff --git a/src/main/kotlin/app/revanced/patches/warnwetter/misc/firebasegetcert/annotations/FirebaseGetCertPatchCompatibility.kt b/src/main/kotlin/app/revanced/patches/warnwetter/misc/firebasegetcert/annotations/FirebaseGetCertPatchCompatibility.kt new file mode 100644 index 00000000..bd6e1bfc --- /dev/null +++ b/src/main/kotlin/app/revanced/patches/warnwetter/misc/firebasegetcert/annotations/FirebaseGetCertPatchCompatibility.kt @@ -0,0 +1,13 @@ +package app.revanced.patches.warnwetter.misc.firebasegetcert.annotations + +import app.revanced.patcher.annotation.Compatibility +import app.revanced.patcher.annotation.Package + +@Compatibility( + [Package( + "de.dwd.warnapp", arrayOf() + )] +) +@Target(AnnotationTarget.CLASS) +@Retention(AnnotationRetention.RUNTIME) +internal annotation class FirebaseGetCertPatchCompatibility \ No newline at end of file diff --git a/src/main/kotlin/app/revanced/patches/warnwetter/misc/firebasegetcert/fingerprints/GetCertMessagingFingerprint.kt b/src/main/kotlin/app/revanced/patches/warnwetter/misc/firebasegetcert/fingerprints/GetCertMessagingFingerprint.kt new file mode 100644 index 00000000..1318fee2 --- /dev/null +++ b/src/main/kotlin/app/revanced/patches/warnwetter/misc/firebasegetcert/fingerprints/GetCertMessagingFingerprint.kt @@ -0,0 +1,25 @@ +package app.revanced.patches.warnwetter.misc.firebasegetcert.fingerprints + +import app.revanced.patcher.annotation.Name +import app.revanced.patcher.annotation.Version +import app.revanced.patcher.fingerprint.method.annotation.MatchingMethod +import app.revanced.patcher.fingerprint.method.impl.MethodFingerprint +import app.revanced.patches.warnwetter.misc.firebasegetcert.annotations.FirebaseGetCertPatchCompatibility + +@Name("messaging-app-certificate-fingerprint") +@MatchingMethod( + "Lcom/google/firebase/installations/remote/c;", "f" +) +@FirebaseGetCertPatchCompatibility +@Version("0.0.1") +object GetMessagingCertFingerprint : MethodFingerprint( + "Ljava/lang/String;", + null, + null, + null, + listOf( + "ContentValues", + "Could not get fingerprint hash for package: ", + "No such package: " + ) +) \ No newline at end of file diff --git a/src/main/kotlin/app/revanced/patches/warnwetter/misc/firebasegetcert/fingerprints/GetCertRegistrationFingerprint.kt b/src/main/kotlin/app/revanced/patches/warnwetter/misc/firebasegetcert/fingerprints/GetCertRegistrationFingerprint.kt new file mode 100644 index 00000000..2dd2036e --- /dev/null +++ b/src/main/kotlin/app/revanced/patches/warnwetter/misc/firebasegetcert/fingerprints/GetCertRegistrationFingerprint.kt @@ -0,0 +1,25 @@ +package app.revanced.patches.warnwetter.misc.firebasegetcert.fingerprints + +import app.revanced.patcher.annotation.Name +import app.revanced.patcher.annotation.Version +import app.revanced.patcher.fingerprint.method.annotation.MatchingMethod +import app.revanced.patcher.fingerprint.method.impl.MethodFingerprint +import app.revanced.patches.warnwetter.misc.firebasegetcert.annotations.FirebaseGetCertPatchCompatibility + +@Name("registration-app-certificate-fingerprint") +@MatchingMethod( + "Lcom/google/firebase/remoteconfig/internal/ConfigFetchHttpClient;", "f" +) +@FirebaseGetCertPatchCompatibility +@Version("0.0.1") +object GetReqistrationCertFingerprint : MethodFingerprint( + "Ljava/lang/String;", + null, + null, + null, + listOf( + "FirebaseRemoteConfig", + "Could not get fingerprint hash for package: ", + "No such package: " + ) +) \ No newline at end of file diff --git a/src/main/kotlin/app/revanced/patches/warnwetter/misc/firebasegetcert/patch/FirebaseGetCertPatch.kt b/src/main/kotlin/app/revanced/patches/warnwetter/misc/firebasegetcert/patch/FirebaseGetCertPatch.kt new file mode 100644 index 00000000..e4a12df4 --- /dev/null +++ b/src/main/kotlin/app/revanced/patches/warnwetter/misc/firebasegetcert/patch/FirebaseGetCertPatch.kt @@ -0,0 +1,45 @@ +package app.revanced.patches.warnwetter.misc.firebasegetcert.patch + +import app.revanced.patcher.annotation.Description +import app.revanced.patcher.annotation.Name +import app.revanced.patcher.annotation.Version +import app.revanced.patcher.data.impl.BytecodeData +import app.revanced.patcher.extensions.addInstructions +import app.revanced.patcher.patch.PatchResult +import app.revanced.patcher.patch.PatchResultSuccess +import app.revanced.patcher.patch.impl.BytecodePatch +import app.revanced.patches.warnwetter.misc.firebasegetcert.fingerprints.* +import app.revanced.patches.warnwetter.misc.firebasegetcert.annotations.FirebaseGetCertPatchCompatibility + +@Name("spoof-cert-patch") +@Description("Spoofs the X-Android-Cert header.") +@FirebaseGetCertPatchCompatibility +@Version("0.0.1") +class FirebaseGetCertPatch : BytecodePatch( + listOf( + GetReqistrationCertFingerprint, + GetMessagingCertFingerprint + ) +) { + override fun execute(data: BytecodeData): PatchResult { + val spoofedInstruction = + """ + const-string v0, "0799DDF0414D3B3475E88743C91C0676793ED450" + return-object v0 + """ + + val registrationCertMethod = GetReqistrationCertFingerprint.result!!.mutableMethod + val messagingCertMethod = GetMessagingCertFingerprint.result!!.mutableMethod + + registrationCertMethod.addInstructions( + 0, + spoofedInstruction + ) + messagingCertMethod.addInstructions( + 0, + spoofedInstruction + ) + + return PatchResultSuccess() + } +} \ No newline at end of file diff --git a/src/main/kotlin/app/revanced/patches/warnwetter/misc/promocode/patch/PromoCodeUnlockPatch.kt b/src/main/kotlin/app/revanced/patches/warnwetter/misc/promocode/patch/PromoCodeUnlockPatch.kt index 3cae70b4..6da25f1d 100644 --- a/src/main/kotlin/app/revanced/patches/warnwetter/misc/promocode/patch/PromoCodeUnlockPatch.kt +++ b/src/main/kotlin/app/revanced/patches/warnwetter/misc/promocode/patch/PromoCodeUnlockPatch.kt @@ -4,16 +4,21 @@ import app.revanced.patcher.annotation.Description import app.revanced.patcher.annotation.Name import app.revanced.patcher.annotation.Version import app.revanced.patcher.data.impl.BytecodeData -import app.revanced.patcher.extensions.removeInstruction -import app.revanced.patcher.extensions.removeInstructions import app.revanced.patcher.extensions.addInstructions import app.revanced.patcher.patch.annotations.Patch import app.revanced.patcher.patch.impl.BytecodePatch import app.revanced.patcher.patch.PatchResult import app.revanced.patcher.patch.PatchResultSuccess +import app.revanced.patcher.patch.annotations.DependsOn +import app.revanced.patches.warnwetter.misc.firebasegetcert.patch.FirebaseGetCertPatch import app.revanced.patches.warnwetter.misc.promocode.annotations.PromoCodeUnlockCompatibility import app.revanced.patches.warnwetter.misc.promocode.fingerprints.PromoCodeUnlockFingerprint +@DependsOn( + [ + FirebaseGetCertPatch::class + ] +) @Patch @Name("promo-code-unlock") @Description("Disables the validation of promo code. Any code will work to unlock all features.")