In v17.4 version (latest), I changed the fingerprint to Pixel 9 Pro XL (akita_beta fp was old). Also, I disabled "spoofProps", this was necessary to spoof ro.product.first_api_level value only in GMS process (spoofing to all system will cause bugs and crashes in some devices).

If first_api_level is greater than 32 it will force a hardware attestation, BUT, beta fingerprints have a lof of checks disabled, including this one.

This also helps with battery, because Zygisk lib will unload after inject the .dex file (if you are using TrickyStore it doesn't inject anything, just spoof props).

Let's hope Google isn't up to something that could screw us over.

v17.4 released

https://github.com/chiteroman/PlayIntegrityFix/releases/tag/v17.4

GitHub

Release v17.4 · chiteroman/PlayIntegrityFix

Update fingerprint Use Shadowhook instead Dobby Improvements in code

Also you can flash stock and lock bootloader. Best option ?

I have been very quiet these last few days because I was very busy trying to get this done, I have been very complicated and in the end it was “simpler” than it seemed.
The good thing is that my Rust programmer skills level up. ?

I've learned a lot along the way and was going to throw in the towel but a bit of ChatGPT help, StackOverflow searches and some perseverance have paid off.

v17.3 released!

https://github.com/chiteroman/PlayIntegrityFix/releases/tag/v17.3

If you are using TrickyStore and you have a valid keybox, but Strong isn't passing, maybe you should change the ROM.
Stock ROMs give the best results.

Without TrickyStore it (should) pass Device

GitHub

Release v17.3 · chiteroman/PlayIntegrityFix

Fix SELinux prop spoofing Remove useless code

https://github.com/crdroidandroid/android_frameworks_base/pull/1137#issuecomment-2308417069

crDroid devs merged pull request !!! ?

GitHub

Spoof locked bootloader on hardware attestations by chiteroman · Pull Request #1137 · crdroidandroid/android_frameworks_base

Devices with broken TEE won't support this ***😢*** (will try to fix) This will generate a valid certificate chain and pass Strong.

If your device has lost the Google attestation keys and you don't want to use a banned keybox, as an alternative (not a very good one), you can use the default keybox for devices that don't have dedicated hardware for it.

Older devices that came out with Android 7 or 8 and upgraded to Android 9 don't have a keybox stored in the TEE (maybe they don't even have a TEE) so when an attestation was requested they used the system default keybox.

Basically, I have extracted the certificates from the Android source code (because they are public), converted them to PEM format and recreated a keybox file where you can reprogram your TEE.
Obviously this won't pass Strong, maybe not even Device.

Tired of manually creating your pif.json from build.prop? No problem! I just created (with ChatGPT help ?) this website:

https://chiteroman.github.io/

Just paste build.prop content here, press button and it will create a pif.json ready to test ^^

Useful command for fast checking props (remeber to grant root to Shell):

adb push .\pif.json /sdcard/pif.json; adb shell su \-c 'mv /sdcard/pif.json /data/adb/pif.json'; adb shell su \-c killall com.google.android.gms.unstable

Enjoy testing fingerprints ?

Source code

Some users report that RCS doesn't work, even passing Device verdict. Could it be a problem with Google's servers?
Let's hope they don't ban the fp again, because it's the last one I have....