【问题标题】:Flutter error: SafetyNet Attestation fails basic integrityFlutter 错误:SafetyNet Attestation 未通过基本完整性
【发布时间】:2021-08-28 04:41:06
【问题描述】:

使用 SafetyNet 检查失败并出现错误(如下)。相反,recapcha 在浏览器打开时触发。

如果有人遇到,请帮忙。您需要的所有信息都在下面。

授权码:

  Future<void> _submitPhoneNumber() async {
    String phoneNumber = _phone.toString().trim();
    print(phoneNumber);

    void verificationCompleted(AuthCredential phoneAuthCredential) {
      print('verificationCompleted');
      this._phoneAuthCredential = phoneAuthCredential;
      print(phoneAuthCredential);
    }

    void verificationFailed(FirebaseAuthException error) {
      //exception???
      print(error);
    }

    void codeSent(String verificationId, [int code]) {
      print('codeSent');
    }

    void codeAutoRetrievalTimeout(String verificationId) {
      print('codeAutoRetrievalTimeout');
    }

    await FirebaseAuth.instance.verifyPhoneNumber(
      /// Make sure to prefix with your country code
      phoneNumber: phoneNumber,
      timeout: Duration(milliseconds: 10000),
      verificationCompleted: verificationCompleted,
      verificationFailed: verificationFailed,
      codeSent: codeSent,
      codeAutoRetrievalTimeout: codeAutoRetrievalTimeout,
    );
  }

错误日志:

E/zzbf    (32691): SafetyNet Attestation fails basic integrity.
W/ActivityThread(32691): handleWindowVisibility: no activity for token android.os.BinderProxy@8394cf8
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getInt(Ljava/lang/Object;J)I (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getObject(Ljava/lang/Object;J)Ljava/lang/Object; (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getLong(Ljava/lang/Object;J)J (greylist,core-platform-api, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->objectFieldOffset(Ljava/lang/reflect/Field;)J (greylist,core-platform-api, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putObject(Ljava/lang/Object;JLjava/lang/Object;)V (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putInt(Ljava/lang/Object;JI)V (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putLong(Ljava/lang/Object;JJ)V (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->allocateInstance(Ljava/lang/Class;)Ljava/lang/Object; (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Llibcore/io/Memory;->peekLong(JZ)J (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Llibcore/io/Memory;->pokeLong(JJZ)V (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Llibcore/io/Memory;->pokeInt(JIZ)V (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Llibcore/io/Memory;->peekInt(JZ)I (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Llibcore/io/Memory;->pokeByte(JB)V (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Llibcore/io/Memory;->peekByte(J)B (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Llibcore/io/Memory;->pokeByteArray(J[BII)V (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Llibcore/io/Memory;->peekByteArray(J[BII)V (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->arrayBaseOffset(Ljava/lang/Class;)I (greylist,core-platform-api, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->arrayIndexScale(Ljava/lang/Class;)I (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getLong(Ljava/lang/Object;J)J (greylist,core-platform-api, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden field Ljava/nio/Buffer;->address:J (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getInt(Ljava/lang/Object;J)I (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putInt(Ljava/lang/Object;JI)V (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getLong(Ljava/lang/Object;J)J (greylist,core-platform-api, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putLong(Ljava/lang/Object;JJ)V (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getObject(Ljava/lang/Object;J)Ljava/lang/Object; (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putObject(Ljava/lang/Object;JLjava/lang/Object;)V (greylist, reflection, allowed)
W/zzdk    (32691): keyset not found, will generate a new one
W/zzdk    (32691): java.io.FileNotFoundException: can't read keyset; the pref value GenericIdpKeyset does not exist
W/zzdk    (32691):  at com.google.android.gms.internal.firebase-auth-api.zzdo.zzc(com.google.firebase:firebase-auth@@20.0.1:10)
W/zzdk    (32691):  at com.google.android.gms.internal.firebase-auth-api.zzdo.zzb(com.google.firebase:firebase-auth@@20.0.1:1)
W/zzdk    (32691):  at com.google.android.gms.internal.firebase-auth-api.zzat.zzi(com.google.firebase:firebase-auth@@20.0.1:1)
W/zzdk    (32691):  at com.google.android.gms.internal.firebase-auth-api.zzdj.zzi(com.google.firebase:firebase-auth@@20.0.1:1)
W/zzdk    (32691):  at com.google.android.gms.internal.firebase-auth-api.zzdj.zzd(com.google.firebase:firebase-auth@@20.0.1:2)
W/zzdk    (32691):  at com.google.firebase.auth.internal.zzk.<init>(com.google.firebase:firebase-auth@@20.0.1:7)
W/zzdk    (32691):  at com.google.firebase.auth.internal.zzk.zza(com.google.firebase:firebase-auth@@20.0.1:3)
W/zzdk    (32691):  at com.google.firebase.auth.internal.RecaptchaActivity.zzd(com.google.firebase:firebase-auth@@20.0.1:9)
W/zzdk    (32691):  at com.google.android.gms.internal.firebase-auth-api.zzth.<init>(com.google.firebase:firebase-auth@@20.0.1:13)
W/zzdk    (32691):  at com.google.firebase.auth.internal.RecaptchaActivity.onResume(com.google.firebase:firebase-auth@@20.0.1:43)
W/zzdk    (32691):  at android.app.Instrumentation.callActivityOnResume(Instrumentation.java:1446)
W/zzdk    (32691):  at android.app.Activity.performResume(Activity.java:7939)
W/zzdk    (32691):  at android.app.ActivityThread.performResumeActivity(ActivityThread.java:4195)
W/zzdk    (32691):  at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:4237)
W/zzdk    (32691):  at android.app.servertransaction.ResumeActivityItem.execute(ResumeActivityItem.java:52)
W/zzdk    (32691):  at android.app.servertransaction.TransactionExecutor.executeLifecycleState(TransactionExecutor.java:176)
W/zzdk    (32691):  at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:97)
W/zzdk    (32691):  at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2016)
W/zzdk    (32691):  at android.os.Handler.dispatchMessage(Handler.java:107)
W/zzdk    (32691):  at android.os.Looper.loop(Looper.java:214)
W/zzdk    (32691):  at android.app.ActivityThread.main(ActivityThread.java:7356)
W/zzdk    (32691):  at java.lang.reflect.Method.invoke(Native Method)
W/zzdk    (32691):  at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:492)
W/zzdk    (32691):  at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:930)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getObject(Ljava/lang/Object;J)Ljava/lang/Object; (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getInt(Ljava/lang/Object;J)I (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getObject(Ljava/lang/Object;J)Ljava/lang/Object; (greylist, linking, allowed)
I/zzjy    (32691): Provider GmsCore_OpenSSL not available
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getInt(Ljava/lang/Object;J)I (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getObject(Ljava/lang/Object;J)Ljava/lang/Object; (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getInt(Ljava/lang/Object;J)I (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putInt(Ljava/lang/Object;JI)V (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getInt(Ljava/lang/Object;J)I (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putInt(Ljava/lang/Object;JI)V (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getObject(Ljava/lang/Object;J)Ljava/lang/Object; (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putInt(Ljava/lang/Object;JI)V (greylist, linking, allowed)
W/System  (32691): Ignoring header X-Firebase-Locale because its value was null.
D/EGL_emulation(32691): eglMakeCurrent: 0xebfd1600: ver 2 0 (tinfo 0xec069f80)
D/EGL_emulation(32691): eglMakeCurrent: 0xebfd1600: ver 2 0 (tinfo 0xec069f80)
W/System  (32691): A resource failed to call end.
D/eglCodecCommon(32691): setVertexArrayObject: set vao to 0 (0) 0 0
D/EGL_emulation(32691): eglCreateContext: 0xebfd1180: maj 2 min 0 rcv 2
D/eglCodecCommon(32691): setVertexArrayObject: set vao to 0 (0) 0 0
D/EGL_emulation(32691): eglCreateContext: 0xebfd13c0: maj 2 min 0 rcv 2
D/HostConnection(32691): HostConnection::get() New Host Connection established 0xe0a62cb0, tid 525
D/HostConnection(32691): HostComposition ext ANDROID_EMU_CHECKSUM_HELPER_v1 ANDROID_EMU_dma_v1 ANDROID_EMU_direct_mem ANDROID_EMU_host_composition_v1 ANDROID_EMU_host_composition_v2 ANDROID_EMU_vulkan ANDROID_EMU_deferred_vulkan_commands ANDROID_EMU_vulkan_null_optional_strings ANDROID_EMU_vulkan_create_resources_with_requirements ANDROID_EMU_YUV420_888_to_NV21 ANDROID_EMU_YUV_Cache ANDROID_EMU_async_unmap_buffer ANDROID_EMU_vulkan_free_memory_sync ANDROID_EMU_vulkan_shader_float16_int8 ANDROID_EMU_vulkan_async_queue_submit GL_OES_vertex_array_object GL_KHR_texture_compression_astc_ldr ANDROID_EMU_host_side_tracing ANDROID_EMU_gles_max_version_2
D/EGL_emulation(32691): eglMakeCurrent: 0xebfd13c0: ver 2 0 (tinfo 0xe0ab5160)
D/BackgroundLocatorPlugin(32691): start locator with Google client
D/eglCodecCommon(32691): setVertexArrayObject: set vao to 0 (0) 0 0
D/EGL_emulation(32691): eglCreateContext: 0xcc797060: maj 2 min 0 rcv 2
D/eglCodecCommon(32691): setVertexArrayObject: set vao to 0 (0) 0 0
D/EGL_emulation(32691): eglCreateContext: 0xcc797120: maj 2 min 0 rcv 2
D/HostConnection(32691): HostConnection::get() New Host Connection established 0xe3f624f0, tid 533
D/HostConnection(32691): HostComposition ext ANDROID_EMU_CHECKSUM_HELPER_v1 ANDROID_EMU_dma_v1 ANDROID_EMU_direct_mem ANDROID_EMU_host_composition_v1 ANDROID_EMU_host_composition_v2 ANDROID_EMU_vulkan ANDROID_EMU_deferred_vulkan_commands ANDROID_EMU_vulkan_null_optional_strings ANDROID_EMU_vulkan_create_resources_with_requirements ANDROID_EMU_YUV420_888_to_NV21 ANDROID_EMU_YUV_Cache ANDROID_EMU_async_unmap_buffer ANDROID_EMU_vulkan_free_memory_sync ANDROID_EMU_vulkan_shader_float16_int8 ANDROID_EMU_vulkan_async_queue_submit GL_OES_vertex_array_object GL_KHR_texture_compression_astc_ldr ANDROID_EMU_host_side_tracing ANDROID_EMU_gles_max_version_2
D/EGL_emulation(32691): eglMakeCurrent: 0xcc797120: ver 2 0 (tinfo 0xc32809e0)
Application finished.
Exited (sigterm)

颤振医生:

[√] Flutter (Channel stable, 2.2.1, on Microsoft Windows [Version 10.0.19042.1052], locale ru-RU)
    • Flutter version 2.2.1 at C:\flutter
    • Framework revision 02c026b03c (2 weeks ago), 2021-05-27 12:24:44 -0700
    • Engine revision 0fdb562ac8
    • Dart version 2.13.1

[!] Android toolchain - develop for Android devices (Android SDK version 30.0.2)
    • Android SDK at C:\Users\User\AppData\Local\Android\sdk
    • Platform android-30, build-tools 30.0.2
    • Java binary at: C:\Program Files\Android\Android Studio\jre\bin\java
    • Java version OpenJDK Runtime Environment (build 1.8.0_242-release-1644-b01)
    ! Some Android licenses not accepted.  To resolve this, run: flutter doctor --android-licenses

[√] Chrome - develop for the web
    • Chrome at C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

[√] Android Studio (version 4.1.0)
    • Android Studio at C:\Program Files\Android\Android Studio
    • Flutter plugin can be installed from:
       https://plugins.jetbrains.com/plugin/9212-flutter
    • Dart plugin can be installed from:
       https://plugins.jetbrains.com/plugin/6351-dart
    • Java version OpenJDK Runtime Environment (build 1.8.0_242-release-1644-b01)

[√] VS Code (version 1.56.2)
    • VS Code at C:\Users\User\AppData\Local\Programs\Microsoft VS Code
    • Flutter extension version 3.23.0

[√] Connected device (3 available)
    • Android SDK built for x86 (mobile) • emulator-5554 • android-x86    • Android 10 (API 29) (emulator)
    • Chrome (web)                       • chrome        • web-javascript • Google Chrome 91.0.4472.77
    • Edge (web)                         • edge          • web-javascript • Microsoft Edge 91.0.864.41
  1. 在 Firebase 控制台中启用了 SafetyNet https://i.imgur.com/gBhzRT9.png
  2. 添加了 SHA-1 和 SHA-256
  3. 添加到 build.gradle implementation "androidx.browser:browser:1.3.0"
  4. 向 Google 云添加了“Android 设备验证”并配置了与 Firebase 项目的通信。

【问题讨论】:

    标签: android firebase flutter dart google-cloud-platform


    【解决方案1】:

    如果我正确理解了您的问题,您想知道为什么在您的电话号码得到验证之前,您的浏览器一直打开以解决 recapcha?

    现在,Firebase 进行了一系列更新,引入了使用 Google 的安全网安全功能来验证特定身份验证请求来自实际手机而不是机器人。 考虑到这一点,使用模拟器或测试号码可能会触发您遇到的错误,从而将您重定向到浏览器,以便您完成验证过程而无需重新开始。

    更多解释可以参考this doc

    如果此答案有帮助,请务必将其标记为正确答案,以帮助有需要的人找到自己的路。

    编码愉快!

    【讨论】:

      【解决方案2】:

      要使用电话号码身份验证,Firebase 必须能够验证电话号码登录请求是否来自您的应用。 Firebase 身份验证可以通过两种方式完成此操作:

      • SafetyNet:如果用户拥有带有 Google Play 服务的设备 已安装,并且 Firebase 身份验证可以将设备验证为 用Android SafetyNet合法,手机号登录即可 继续。

      • 启用 SafetyNet 以用于 Firebase 身份验证:

        1. 在 Google Cloud Console 中,为您的项目启用 Android DeviceCheck API。将使用默认 Firebase API 密钥,并且需要被允许访问 DeviceCheck API。
        2. 如果您尚未指定应用的 SHA-256 指纹,请通过 Firebase 控制台的 Settings Page 执行此操作。有关如何获取应用的 SHA-256 指纹的详细信息,请参阅 Authenticating Your Client

      运行应用的设备状态如何影响 ctsProfileMatch 和 basicIntegrity 值的示例,如表 1 所示:

      错误案例

      • 空结果表示对服务的调用未完成 成功。
      • JWS 中的错误参数表示发生了问题,例如 作为网络错误或攻击者伪装的错误。大多数错误 是暂时的,如果您再次调用 服务。随着增加,您可能需要重试几次 每次重试之间的延迟。
      • 如果设备被篡改——也就是说,如果 basicIntegrity 设置为 false 在响应中——判决可能不包含有关调用的数据 应用程序,例如 apkPackageName 和 apkCertificateDigestSha256。这 当我们的系统无法可靠地确定调用应用时,就会发生这种情况。

      签名证明报错怎么办?

      • 重试。合法设备上的错误是暂时的,应该会消失 如果您再次调用该服务。
      • 检查您的应用每分钟调用 API 的次数不超过 5 次 在受影响的设备上,并且您的项目的 API 配额尚未 还累。
      • 假设可能是攻击者故意触发错误 伪装他们的活动。

      通过未来检查的建议:

      • 如果存在,“advice”参数会提供帮助信息 解释为什么 SafetyNet Attestation API 设置 ctsProfileMatch 或在特定结果中将 basicIntegrity 设置为 false。参数的 value 包含一个字符串列表,例如下面的字符串 示例:

        {“建议”:“LOCK_BOOTLOADER,RESTORE_TO_FACTORY_ROM”}

      在您的应用程序中,您可以将建议参数中的值转换为用户友好的消息,以帮助用户通过未来的 SafetyNet 认证。还可以查看various possibilities,您可能会出错,这可能会导致失败安全网。

      • 在无法使用 SafetyNet 的情况下,例如当用户 没有 Google Play 服务支持,或者在测试您的应用时 在模拟器上,Firebase 身份验证使用 reCAPTCHA 验证 完成电话登录流程。如果你在一个 模拟器,你需要包含依赖 androidx.browser:browser 使其工作。SHA256 密钥和 android 设备验证 API 用于通过 Safetynet 检查的真实设备。reCAPTCHA 流程将 仅在 SafetyNet 不可用或您的设备不可用时触发 不通过怀疑检查。reCAPTCHA 挑战通常可以 无需用户解决任何问题即可完成,从而 将您重定向到浏览器,以便您完成 If 它不起作用。
      • 还可以查看相关的GitHub issue。如果这不能解决 您的问题,我建议您联系 Google Play 团队寻求帮助。 您可以通过此链接联系他们here

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 2022-08-24
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2020-04-06
        • 2013-02-09
        • 1970-01-01
        相关资源
        最近更新 更多