feat(Spotify - Spoof client): Fix issues like songs skipping by spoofing to iOS (#5388)

Co-authored-by: Nuckyz <61953774+Nuckyz@users.noreply.github.com> Co-authored-by: oSumAtrIX <johan.melkonyan1@web.de>
2025-07-11 17:34:02 +02:00 · 2025-07-11 17:34:02 +02:00 · 65cbf3c1eb
commit 65cbf3c1eb
parent 61c1a7a75a
15 changed files with 352 additions and 936 deletions
--- a/patches/src/main/kotlin/app/revanced/patches/spotify/misc/fix/Fingerprints.kt
+++ b/patches/src/main/kotlin/app/revanced/patches/spotify/misc/fix/Fingerprints.kt
@ -7,37 +7,12 @@ import com.android.tools.smali.dexlib2.AccessFlags
 import com.android.tools.smali.dexlib2.Opcode
 import com.android.tools.smali.dexlib2.iface.reference.MethodReference

-internal val getPackageInfoFingerprint = fingerprint {
-    strings(
-        "Failed to get the application signatures"
-    )
-}
-
 internal val loadOrbitLibraryFingerprint = fingerprint {
    strings("/liborbit-jni-spotify.so")
 }

-internal val startupPageLayoutInflateFingerprint = fingerprint {
-    accessFlags(AccessFlags.PUBLIC, AccessFlags.FINAL)
-    returns("Landroid/view/View;")
-    parameters("Landroid/view/LayoutInflater;", "Landroid/view/ViewGroup;", "Landroid/os/Bundle;")
-    strings("blueprintContainer", "gradient", "valuePropositionTextView")
-}
-
-internal val renderStartLoginScreenFingerprint = fingerprint {
-    strings("authenticationButtonFactory", "MORE_OPTIONS")
-}
-
-internal val renderSecondLoginScreenFingerprint = fingerprint {
-    strings("authenticationButtonFactory", "intent_login")
-}
-
-internal val renderThirdLoginScreenFingerprint = fingerprint {
-    strings("EMAIL_OR_USERNAME", "listener")
-}
-
-internal val thirdLoginScreenLoginOnClickFingerprint = fingerprint {
-    strings("login", "listener", "none")
+internal val extensionFixConstantsFingerprint = fingerprint {
+    custom { _, classDef -> classDef.type == "Lapp/revanced/extension/spotify/misc/fix/Constants;" }
 }

 internal val runIntegrityVerificationFingerprint = fingerprint {
--- a/patches/src/main/kotlin/app/revanced/patches/spotify/misc/fix/SpoofClientPatch.kt
+++ b/patches/src/main/kotlin/app/revanced/patches/spotify/misc/fix/SpoofClientPatch.kt
@ -1,19 +1,13 @@
 package app.revanced.patches.spotify.misc.fix

-import app.revanced.patcher.extensions.InstructionExtensions.addInstruction
 import app.revanced.patcher.extensions.InstructionExtensions.addInstructions
-import app.revanced.patcher.extensions.InstructionExtensions.getInstruction
-import app.revanced.patcher.extensions.InstructionExtensions.replaceInstruction
 import app.revanced.patcher.patch.bytecodePatch
 import app.revanced.patcher.patch.intOption
+import app.revanced.patcher.patch.stringOption
 import app.revanced.patches.shared.misc.hex.HexPatchBuilder
 import app.revanced.patches.shared.misc.hex.hexPatch
 import app.revanced.patches.spotify.misc.extension.sharedExtensionPatch
-import app.revanced.util.*
-import com.android.tools.smali.dexlib2.Opcode
-import com.android.tools.smali.dexlib2.iface.instruction.FiveRegisterInstruction
-import com.android.tools.smali.dexlib2.iface.instruction.OneRegisterInstruction
-import com.android.tools.smali.dexlib2.iface.reference.MethodReference
+import app.revanced.util.returnEarly

 internal const val EXTENSION_CLASS_DESCRIPTOR = "Lapp/revanced/extension/spotify/misc/fix/SpoofClientPatch;"

@ -25,16 +19,40 @@ val spoofClientPatch = bytecodePatch(
    val requestListenerPort by intOption(
        key = "requestListenerPort",
        default = 4345,
-        title = " Login request listener port",
-        description = "The port to use for the listener that intercepts and handles login requests. " +
-                "Port must be between 0 and 65535.",
-        required = true,
+        title = "Request listener port",
+        description = "The port to use for the listener that intercepts and handles spoofed requests. " +
+                "Port must be between 0 and 65535. " +
+                "Do not change this option, if you do not know what you are doing.",
        validator = {
            it!!
            !(it < 0 || it > 65535)
        }
    )

+    val clientVersion by stringOption(
+        key = "clientVersion",
+        default = "iphone-9.0.58.558.g200011c",
+        title = "Client version",
+        description = "The client version used for spoofing the client token. " +
+                "Do not change this option, if you do not know what you are doing."
+    )
+
+    val hardwareMachine by stringOption(
+        key = "hardwareMachine",
+        default = "iPhone16,1",
+        title = "Hardware machine",
+        description = "The hardware machine used for spoofing the client token. " +
+                "Do not change this option, if you do not know what you are doing."
+    )
+
+    val systemVersion by stringOption(
+        key = "systemVersion",
+        default = "17.7.2",
+        title = "System version",
+        description = "The system version used for spoofing the client token. " +
+                "Do not change this option, if you do not know what you are doing."
+    )
+
    dependsOn(
        sharedExtensionPatch,
        hexPatch(ignoreMissingTargetFiles = true, block = fun HexPatchBuilder.() {
@ -44,10 +62,8 @@ val spoofClientPatch = bytecodePatch(
                "x86",
                "x86_64"
            ).forEach { architecture ->
-                "https://login5.spotify.com/v3/login" to "http://127.0.0.1:$requestListenerPort/v3/login" inFile
-                        "lib/$architecture/liborbit-jni-spotify.so"
-
-                "https://login5.spotify.com/v4/login" to "http://127.0.0.1:$requestListenerPort/v4/login" inFile
+                "https://clienttoken.spotify.com/v1/clienttoken" to
+                        "http://127.0.0.1:$requestListenerPort/v1/clienttoken" inFile
                        "lib/$architecture/liborbit-jni-spotify.so"
            }
        })
@ -56,51 +72,6 @@ val spoofClientPatch = bytecodePatch(
    compatibleWith("com.spotify.music")

    execute {
-        // region Spoof package info.
-
-        getPackageInfoFingerprint.method.apply {
-            // region Spoof signature.
-
-            val failedToGetSignaturesStringIndex =
-                getPackageInfoFingerprint.stringMatches!!.first().index
-
-            val concatSignaturesIndex = indexOfFirstInstructionReversedOrThrow(
-                failedToGetSignaturesStringIndex,
-                Opcode.MOVE_RESULT_OBJECT,
-            )
-
-            val signatureRegister = getInstruction<OneRegisterInstruction>(concatSignaturesIndex).registerA
-            val expectedSignature = "d6a6dced4a85f24204bf9505ccc1fce114cadb32"
-
-            replaceInstruction(concatSignaturesIndex, "const-string v$signatureRegister, \"$expectedSignature\"")
-
-            // endregion
-
-            // region Spoof installer name.
-
-            val expectedInstallerName = "com.android.vending"
-
-            findInstructionIndicesReversedOrThrow {
-                val reference = getReference<MethodReference>()
-                reference?.name == "getInstallerPackageName" || reference?.name == "getInstallingPackageName"
-            }.forEach { index ->
-                val returnObjectIndex = index + 1
-
-                val installerPackageNameRegister = getInstruction<OneRegisterInstruction>(
-                    returnObjectIndex
-                ).registerA
-
-                addInstruction(
-                    returnObjectIndex + 1,
-                    "const-string v$installerPackageNameRegister, \"$expectedInstallerName\""
-                )
-            }
-
-            // endregion
-        }
-
-        // endregion
-
        // region Spoof client.

        loadOrbitLibraryFingerprint.method.addInstructions(
@ -111,72 +82,12 @@ val spoofClientPatch = bytecodePatch(
            """
        )

-        startupPageLayoutInflateFingerprint.method.apply {
-            val openLoginWebViewDescriptor =
-                "$EXTENSION_CLASS_DESCRIPTOR->launchLogin(Landroid/view/LayoutInflater;)V"
-
-            addInstructions(
-                0,
-                "invoke-static/range { p1 .. p1 }, $openLoginWebViewDescriptor"
-            )
-        }
-
-        renderStartLoginScreenFingerprint.method.apply {
-            val onEventIndex = indexOfFirstInstructionOrThrow {
-                opcode == Opcode.INVOKE_INTERFACE && getReference<MethodReference>()?.name == "getView"
-            }
-
-            val buttonRegister = getInstruction<OneRegisterInstruction>(onEventIndex + 1).registerA
-
-            addInstruction(
-                onEventIndex + 2,
-                "invoke-static { v$buttonRegister }, $EXTENSION_CLASS_DESCRIPTOR->setNativeLoginHandler(Landroid/view/View;)V"
-            )
-        }
-
-        renderSecondLoginScreenFingerprint.method.apply {
-            val getViewIndex = indexOfFirstInstructionOrThrow {
-                opcode == Opcode.INVOKE_INTERFACE && getReference<MethodReference>()?.name == "getView"
-            }
-
-            val buttonRegister = getInstruction<OneRegisterInstruction>(getViewIndex + 1).registerA
-
-            // Early return the render for loop since the first item of the loop is the login button.
-            addInstructions(
-                getViewIndex + 2,
-                """
-                    invoke-virtual { v$buttonRegister }, Landroid/view/View;->performClick()Z
-                    return-void
-                """
-            )
-        }
-
-        renderThirdLoginScreenFingerprint.method.apply {
-            val invokeSetListenerIndex = indexOfFirstInstructionOrThrow {
-                val reference = getReference<MethodReference>()
-                reference?.definingClass == "Landroid/view/View;" && reference.name == "setOnClickListener"
-            }
-
-            val buttonRegister = getInstruction<FiveRegisterInstruction>(invokeSetListenerIndex).registerC
-
-            addInstruction(
-                invokeSetListenerIndex + 1,
-                "invoke-virtual { v$buttonRegister }, Landroid/view/View;->performClick()Z"
-            )
-        }
-
-        thirdLoginScreenLoginOnClickFingerprint.method.apply {
-            // Use placeholder credentials to pass the login screen.
-            val loginActionIndex = indexOfFirstInstructionOrThrow(Opcode.RETURN_VOID) - 1
-            val loginActionInstruction = getInstruction<FiveRegisterInstruction>(loginActionIndex)
-
-            addInstructions(
-                loginActionIndex,
-                """
-                    const-string v${loginActionInstruction.registerD}, "placeholder"
-                    const-string v${loginActionInstruction.registerE}, "placeholder"
-                """
-            )
+        mapOf(
+            "getClientVersion" to clientVersion!!,
+            "getSystemVersion" to systemVersion!!,
+            "getHardwareMachine" to hardwareMachine!!
+        ).forEach { (methodName, value) ->
+            extensionFixConstantsFingerprint.classDef.methods.single { it.name == methodName }.returnEarly(value)
        }

        // endregion