Optional root (su, Magisk Zygisk module, etc) for mirroring Android 12+ w/FLAG_SECURE #3049
Comments
digitalcircuit
changed the title
|
I have no experience with Magisk, but if it's possible to only allow shell to enable secure flag permissions, then scrcpy could provide an option |
|
Wait, it's now possible to use ScrCpy to enable mirroring even protected screens (on rooted devices) ? |
|
@AndroidDeveloperLB Not yet, alas. That's why I'm filing this feature request, to prompt discussion about how @rom1v Noted! Adding a Rambling notesI have much to learn about Magisk's recent Zygisk development and hooking Android functions, but I wanted to jot this down for future reference. It looks like it'd involve patching the static bool hasCaptureBlackoutContentPermission() {
IPCThreadState* ipc = IPCThreadState::self();
const int pid = ipc->getCallingPid();
const int uid = ipc->getCallingUid();
return uid == AID_GRAPHICS || uid == AID_SYSTEM ||
PermissionCache::checkPermission(sCaptureBlackoutContent, pid, uid);
}Adding back in a Alternatively, if there's a way to use root/Magisk/etc to grant (I may have gotten the permission name wrong - the system Regardless, I'd understand wanting to keep the changes to |
|
@digitalcircuit What's "CAPTURE_BLACKOUT_CONTENT" ? I don't see it on the docs: Anyway, I would love to have ScrCpy be able to show this content, even it if requires root. I find it weird that this restriction is applied even via adb. |
|
@AndroidDeveloperLB I think it's intentionally not mentioned on that page due to being listed as "Not for use by third-party applications." with an
<!-- Allows an application to take screenshots of layers that normally would be blacked out when
a screenshot is taken. Specifically, layers that have the flag
{@link android.view.SurfaceControl#SECURE} will be screenshot if the caller requests to
capture secure layers. Normally those layers will be rendered black.
<p>Not for use by third-party applications.
@hide
-->
<permission android:name="android.permission.CAPTURE_BLACKOUT_CONTENT"
android:protectionLevel="signature" />As you mentioned, the question I have as well is whether a protection level of Alternatively, hijacking the (It's possible I'm misunderstanding as I'm attempting to make sense of an area of Android that I'm unfamiliar with.) |
|
@digitalcircuit According to CommonsWare, it shouldn't allow you to grant it, sadly: But you can try. Edit some open sourced screenshot app, add the permission, grant it via adb, and see if it helps on protected apps. He't talking about normal granting of the permission via adb (or root). I don't know the advanced stuff you talk about |
|
It's not a good thing to require root permission. Hook (Zygisk/Xposed) is even worse, especially when Xposed is seriously deprecated and destroying the custom Android community (not modern). Why not try to use the normal application to ask for permission of virtual display? |
|
@MlgmXyysd You'd have to talk with every application that uses this API to block screenshots/screen-capture... It's better to have some solution than nothing. I've requested from Google to add some toggle to turn off this kind of protection in next Android version: |
Starred, but there is no hope that they will do so, just as they added |
|
Any progress or plans on this? Would really love a way to bypass FLAG_SECURE |
You can use other ROMs that allows the user to ignore FLAG_SECURE, such as KaleidoscopeOS. |
I also neet this feature! |
|
It seems that if your device is rooted with Magisk, you can have "Zygisk - LSPosed" module, and using it, there is a module inside that is called "Disable FLAG_SECURE":
|
Your proposed solution sadly won't work for most use cases, as this would normally be needed for things like banking apps, but they need to be in the DenyList to work, preventing any modifications to them. So this won't work for that, and we need to modify/use a different service which doesn't have to be DenyListed, the secure display being one of them. Root support would be a very nice feature for scrcpy to have, and I don't believe it would take too much effort to implement. Thanks! |
Maybe. I haven't had an issue with this so far. If you wish, I can test it on specific apps that everyone can check, and I could tell you what I find |
More easily to detect root lol |
|
Guys I know this issue. I just wrote for other cases, when it does work fine. |
|
So guy's no way for a fix? I arrived from an evox rom were is a stock feature and now i miss it |
|
Check this out https://forum.xda-developers.com/t/module-disable-flag-secure-v5-0-by-mehedi-h-joy.4490475/ |
|
Please read my earlier comment @Ch4m311eom, I’m almost certain it still applies based on the nature of the new DenyList functionality. |
|
Hmm I just checked this module with Shamiko and UniversalSafetyNet Fix and everything seems to be fine. I'm able to add card to Google Pay and launch my banking app. Of course I had to add banking app to DenyList list but when it's paired with Shamiko I can't see any problem. |
|
What I’m saying in that comment is that if an app is in the DenyList, DisableFlagSecure won’t have any effect on that app, and you still won’t be able to take any screenshots in it. AOSPMods can be used to solve this entire issue now though. |
|
Oh, I get it. Personally I only had to "uncover" Bitwarden, that's why I found no issue. |
|
All of this Magisk talk seems to be vastly overcomplicating things from where I sit - since that would suggest you've got root, it'd be infinitely simpler to just execute the server as With this simple change, I've verified functionality with mirroring such an app on Android 13. It also quite possibly breaks other things, but on my A13 Pixel 5 the audio, video, and touch are working without issue. |
|
I confirm it works on my device as well (Xiaomi 11T Pro with Pixel Experience 12 GSI) on a Linux x86_64 host. Thank you a lot @RiggiG! @rom1v What do you think about @RiggiG's solution? |
|
I think it is an acceptable solution, it's quite simple and non invasive. |
|
I'd certainly have no qualms with anyone else submitting a PR for bringing this in (of course via a default-inactive flag) - this was just a quick PoC to verify it was as simple as I thought it was after reading these issues. I'm also intending to try (I am woefully ill-equipped to jump into Android development) background camera access + streaming via this root mode. I like |
Note that since Android 11 (commit 393ad6e0ad1670a1d33e97f7bb07b0df381b5e76), shell has CAMERA permission: So it is certainly possible to capture the device camera without root (an option |
|
I quickly put together some code to test camera capturing: https://github.com/Genymobile/scrcpy/compare/dev...yume-chan:scrcpy:feat/camera?expand=1, it works on my Mi 11 (MIUI 14, Android 13). So besides
Taking screenshot (#2040) will be useful in camera mode. |
|
Awesome 👍 That was quick after my previous message (#3516 (comment)) 😄
Yes, and also maybe a constant in addition for Something like: for (String cameraId : cameraManager.getCameraIdList()) {
CameraCharacteristics cc = cameraManager.getCameraCharacteristics(cameraId);
int lensFacing = cc.get(CameraCharacteristics.LENS_FACING);
if (lensFacing == CameraCharacteristics.LENS_FACING_BACK) {
// …
}
}As a side note, maybe another possible option (but less important) would be the parameter passed to |
|
Are there any news on supporting root to elude FLAG_SECURE? |
|
#4947 |
I built your (I granted root permission to shell on magisk pop up) Any pointers @RiggiG ? |
I found #2242 but that seemed to focus on non-root options.
Is your feature request related to a problem? Please describe.
In Android 12+, it is no longer possible to mirror the output of apps expecting a
FLAG_SECUREdisplay. The non-root fixscrcpyuses now is to no longer capture secure output on Android 12+.Describe the solution you'd like
For those with root, it'd be nice if
scrcpycould optionally make use of root access to enable mirroring apps that require secure display output.Brainstorming:
suto do what's needed, if possible.apkto be installed with system privileges (e.g. as a simple Magisk module)Suito provide more natural access to Java APIs as the root userscrcpy's side to provide an app (APK?) that requests Sui accessDescribe alternatives you've considered
Disable
FLAG_SECUREfor all apps using the LSposed (modern Xposed), or via a Magisk "Zygisk" code injection to the system framework.This would unfortunately enable every app to have this access instead of just allowing the shell, unless a module could be made to revert specifically the shell UID
FLAG_SECUREcheck.Additional context
All of this except for maybe using
sudirectly if possible sounds rather complicated for a niche ofscrcpyusers. I'd understand if the immediate reaction to this feature request is to close it and go "Nope, not touching that." 🙂The text was updated successfully, but these errors were encountered: