登录
当前位置: 首页 > 知识库问答 >
问题:

颤振错误:SafetyNet认证未能实现基本完整性

南门正祥
2023-03-14

用SafetyNet检查失败并出现错误(如下)。相反,reapcha会在浏览器打开时触发。

如果有人遇到,请帮忙。下面是您需要的所有信息。

授权代码:

  Future<void> _submitPhoneNumber() async {
    String phoneNumber = _phone.toString().trim();
    print(phoneNumber);

    void verificationCompleted(AuthCredential phoneAuthCredential) {
      print('verificationCompleted');
      this._phoneAuthCredential = phoneAuthCredential;
      print(phoneAuthCredential);
    }

    void verificationFailed(FirebaseAuthException error) {
      //exception???
      print(error);
    }

    void codeSent(String verificationId, [int code]) {
      print('codeSent');
    }

    void codeAutoRetrievalTimeout(String verificationId) {
      print('codeAutoRetrievalTimeout');
    }

    await FirebaseAuth.instance.verifyPhoneNumber(
      /// Make sure to prefix with your country code
      phoneNumber: phoneNumber,
      timeout: Duration(milliseconds: 10000),
      verificationCompleted: verificationCompleted,
      verificationFailed: verificationFailed,
      codeSent: codeSent,
      codeAutoRetrievalTimeout: codeAutoRetrievalTimeout,
    );
  }

错误日志:

E/zzbf    (32691): SafetyNet Attestation fails basic integrity.
W/ActivityThread(32691): handleWindowVisibility: no activity for token android.os.BinderProxy@8394cf8
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getInt(Ljava/lang/Object;J)I (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getObject(Ljava/lang/Object;J)Ljava/lang/Object; (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getLong(Ljava/lang/Object;J)J (greylist,core-platform-api, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->objectFieldOffset(Ljava/lang/reflect/Field;)J (greylist,core-platform-api, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putObject(Ljava/lang/Object;JLjava/lang/Object;)V (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putInt(Ljava/lang/Object;JI)V (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putLong(Ljava/lang/Object;JJ)V (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->allocateInstance(Ljava/lang/Class;)Ljava/lang/Object; (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Llibcore/io/Memory;->peekLong(JZ)J (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Llibcore/io/Memory;->pokeLong(JJZ)V (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Llibcore/io/Memory;->pokeInt(JIZ)V (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Llibcore/io/Memory;->peekInt(JZ)I (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Llibcore/io/Memory;->pokeByte(JB)V (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Llibcore/io/Memory;->peekByte(J)B (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Llibcore/io/Memory;->pokeByteArray(J[BII)V (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Llibcore/io/Memory;->peekByteArray(J[BII)V (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->arrayBaseOffset(Ljava/lang/Class;)I (greylist,core-platform-api, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->arrayIndexScale(Ljava/lang/Class;)I (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getLong(Ljava/lang/Object;J)J (greylist,core-platform-api, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden field Ljava/nio/Buffer;->address:J (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getInt(Ljava/lang/Object;J)I (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putInt(Ljava/lang/Object;JI)V (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getLong(Ljava/lang/Object;J)J (greylist,core-platform-api, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putLong(Ljava/lang/Object;JJ)V (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getObject(Ljava/lang/Object;J)Ljava/lang/Object; (greylist, reflection, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putObject(Ljava/lang/Object;JLjava/lang/Object;)V (greylist, reflection, allowed)
W/zzdk    (32691): keyset not found, will generate a new one
W/zzdk    (32691): java.io.FileNotFoundException: can't read keyset; the pref value GenericIdpKeyset does not exist
W/zzdk    (32691):  at com.google.android.gms.internal.firebase-auth-api.zzdo.zzc(com.google.firebase:firebase-auth@@20.0.1:10)
W/zzdk    (32691):  at com.google.android.gms.internal.firebase-auth-api.zzdo.zzb(com.google.firebase:firebase-auth@@20.0.1:1)
W/zzdk    (32691):  at com.google.android.gms.internal.firebase-auth-api.zzat.zzi(com.google.firebase:firebase-auth@@20.0.1:1)
W/zzdk    (32691):  at com.google.android.gms.internal.firebase-auth-api.zzdj.zzi(com.google.firebase:firebase-auth@@20.0.1:1)
W/zzdk    (32691):  at com.google.android.gms.internal.firebase-auth-api.zzdj.zzd(com.google.firebase:firebase-auth@@20.0.1:2)
W/zzdk    (32691):  at com.google.firebase.auth.internal.zzk.<init>(com.google.firebase:firebase-auth@@20.0.1:7)
W/zzdk    (32691):  at com.google.firebase.auth.internal.zzk.zza(com.google.firebase:firebase-auth@@20.0.1:3)
W/zzdk    (32691):  at com.google.firebase.auth.internal.RecaptchaActivity.zzd(com.google.firebase:firebase-auth@@20.0.1:9)
W/zzdk    (32691):  at com.google.android.gms.internal.firebase-auth-api.zzth.<init>(com.google.firebase:firebase-auth@@20.0.1:13)
W/zzdk    (32691):  at com.google.firebase.auth.internal.RecaptchaActivity.onResume(com.google.firebase:firebase-auth@@20.0.1:43)
W/zzdk    (32691):  at android.app.Instrumentation.callActivityOnResume(Instrumentation.java:1446)
W/zzdk    (32691):  at android.app.Activity.performResume(Activity.java:7939)
W/zzdk    (32691):  at android.app.ActivityThread.performResumeActivity(ActivityThread.java:4195)
W/zzdk    (32691):  at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:4237)
W/zzdk    (32691):  at android.app.servertransaction.ResumeActivityItem.execute(ResumeActivityItem.java:52)
W/zzdk    (32691):  at android.app.servertransaction.TransactionExecutor.executeLifecycleState(TransactionExecutor.java:176)
W/zzdk    (32691):  at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:97)
W/zzdk    (32691):  at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2016)
W/zzdk    (32691):  at android.os.Handler.dispatchMessage(Handler.java:107)
W/zzdk    (32691):  at android.os.Looper.loop(Looper.java:214)
W/zzdk    (32691):  at android.app.ActivityThread.main(ActivityThread.java:7356)
W/zzdk    (32691):  at java.lang.reflect.Method.invoke(Native Method)
W/zzdk    (32691):  at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:492)
W/zzdk    (32691):  at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:930)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getObject(Ljava/lang/Object;J)Ljava/lang/Object; (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getInt(Ljava/lang/Object;J)I (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getObject(Ljava/lang/Object;J)Ljava/lang/Object; (greylist, linking, allowed)
I/zzjy    (32691): Provider GmsCore_OpenSSL not available
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getInt(Ljava/lang/Object;J)I (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getObject(Ljava/lang/Object;J)Ljava/lang/Object; (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getInt(Ljava/lang/Object;J)I (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putInt(Ljava/lang/Object;JI)V (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getInt(Ljava/lang/Object;J)I (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putInt(Ljava/lang/Object;JI)V (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->getObject(Ljava/lang/Object;J)Ljava/lang/Object; (greylist, linking, allowed)
W/tter_mobile_ne(32691): Accessing hidden method Lsun/misc/Unsafe;->putInt(Ljava/lang/Object;JI)V (greylist, linking, allowed)
W/System  (32691): Ignoring header X-Firebase-Locale because its value was null.
D/EGL_emulation(32691): eglMakeCurrent: 0xebfd1600: ver 2 0 (tinfo 0xec069f80)
D/EGL_emulation(32691): eglMakeCurrent: 0xebfd1600: ver 2 0 (tinfo 0xec069f80)
W/System  (32691): A resource failed to call end.
D/eglCodecCommon(32691): setVertexArrayObject: set vao to 0 (0) 0 0
D/EGL_emulation(32691): eglCreateContext: 0xebfd1180: maj 2 min 0 rcv 2
D/eglCodecCommon(32691): setVertexArrayObject: set vao to 0 (0) 0 0
D/EGL_emulation(32691): eglCreateContext: 0xebfd13c0: maj 2 min 0 rcv 2
D/HostConnection(32691): HostConnection::get() New Host Connection established 0xe0a62cb0, tid 525
D/HostConnection(32691): HostComposition ext ANDROID_EMU_CHECKSUM_HELPER_v1 ANDROID_EMU_dma_v1 ANDROID_EMU_direct_mem ANDROID_EMU_host_composition_v1 ANDROID_EMU_host_composition_v2 ANDROID_EMU_vulkan ANDROID_EMU_deferred_vulkan_commands ANDROID_EMU_vulkan_null_optional_strings ANDROID_EMU_vulkan_create_resources_with_requirements ANDROID_EMU_YUV420_888_to_NV21 ANDROID_EMU_YUV_Cache ANDROID_EMU_async_unmap_buffer ANDROID_EMU_vulkan_free_memory_sync ANDROID_EMU_vulkan_shader_float16_int8 ANDROID_EMU_vulkan_async_queue_submit GL_OES_vertex_array_object GL_KHR_texture_compression_astc_ldr ANDROID_EMU_host_side_tracing ANDROID_EMU_gles_max_version_2
D/EGL_emulation(32691): eglMakeCurrent: 0xebfd13c0: ver 2 0 (tinfo 0xe0ab5160)
D/BackgroundLocatorPlugin(32691): start locator with Google client
D/eglCodecCommon(32691): setVertexArrayObject: set vao to 0 (0) 0 0
D/EGL_emulation(32691): eglCreateContext: 0xcc797060: maj 2 min 0 rcv 2
D/eglCodecCommon(32691): setVertexArrayObject: set vao to 0 (0) 0 0
D/EGL_emulation(32691): eglCreateContext: 0xcc797120: maj 2 min 0 rcv 2
D/HostConnection(32691): HostConnection::get() New Host Connection established 0xe3f624f0, tid 533
D/HostConnection(32691): HostComposition ext ANDROID_EMU_CHECKSUM_HELPER_v1 ANDROID_EMU_dma_v1 ANDROID_EMU_direct_mem ANDROID_EMU_host_composition_v1 ANDROID_EMU_host_composition_v2 ANDROID_EMU_vulkan ANDROID_EMU_deferred_vulkan_commands ANDROID_EMU_vulkan_null_optional_strings ANDROID_EMU_vulkan_create_resources_with_requirements ANDROID_EMU_YUV420_888_to_NV21 ANDROID_EMU_YUV_Cache ANDROID_EMU_async_unmap_buffer ANDROID_EMU_vulkan_free_memory_sync ANDROID_EMU_vulkan_shader_float16_int8 ANDROID_EMU_vulkan_async_queue_submit GL_OES_vertex_array_object GL_KHR_texture_compression_astc_ldr ANDROID_EMU_host_side_tracing ANDROID_EMU_gles_max_version_2
D/EGL_emulation(32691): eglMakeCurrent: 0xcc797120: ver 2 0 (tinfo 0xc32809e0)
Application finished.
Exited (sigterm)

颤振医生:

[√] Flutter (Channel stable, 2.2.1, on Microsoft Windows [Version 10.0.19042.1052], locale ru-RU)
    • Flutter version 2.2.1 at C:\flutter
    • Framework revision 02c026b03c (2 weeks ago), 2021-05-27 12:24:44 -0700
    • Engine revision 0fdb562ac8
    • Dart version 2.13.1

[!] Android toolchain - develop for Android devices (Android SDK version 30.0.2)
    • Android SDK at C:\Users\User\AppData\Local\Android\sdk
    • Platform android-30, build-tools 30.0.2
    • Java binary at: C:\Program Files\Android\Android Studio\jre\bin\java
    • Java version OpenJDK Runtime Environment (build 1.8.0_242-release-1644-b01)
    ! Some Android licenses not accepted.  To resolve this, run: flutter doctor --android-licenses

[√] Chrome - develop for the web
    • Chrome at C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

[√] Android Studio (version 4.1.0)
    • Android Studio at C:\Program Files\Android\Android Studio
    • Flutter plugin can be installed from:
       https://plugins.jetbrains.com/plugin/9212-flutter
    • Dart plugin can be installed from:
       https://plugins.jetbrains.com/plugin/6351-dart
    • Java version OpenJDK Runtime Environment (build 1.8.0_242-release-1644-b01)

[√] VS Code (version 1.56.2)
    • VS Code at C:\Users\User\AppData\Local\Programs\Microsoft VS Code
    • Flutter extension version 3.23.0

[√] Connected device (3 available)
    • Android SDK built for x86 (mobile) • emulator-5554 • android-x86    • Android 10 (API 29) (emulator)
    • Chrome (web)                       • chrome        • web-javascript • Google Chrome 91.0.4472.77
    • Edge (web)                         • edge          • web-javascript • Microsoft Edge 91.0.864.41
  1. 在Firebase控制台中,启用了安全网https://i.imgur.com/gBhzRT9.png
  2. 添加了SHA-1和SHA-256
  3. 添加到构建中。gradle实现“androidx.browser:browser:1.3.0”
  4. 在谷歌云中添加了“Android设备验证”,并配置了与Firebase项目的通信

共有2个答案

顾斌
2023-03-14

要使用电话号码验证,Firebase必须能够验证电话号码登录请求是否来自您的应用程序。Firebase身份验证有两种方法可以实现这一点:

>

  • SafetyNet:如果用户的设备安装了Google Play Services,并且Firebase身份验证可以通过Android SafetyNet验证该设备是否合法,则可以继续进行电话号码登录。

    要使SafetyNet与Firebase身份验证一起使用,请执行以下操作:

    1. 在谷歌云控制台中,为您的项目启用Android DeviceCheck API。将使用默认的Firebase API密钥,并且需要允许其访问DeviceCheck API
    2. 如果尚未指定应用程序的SHA-256指纹,请从Firebase控制台的“设置”页面指定。有关如何获取应用程序SHA-256指纹的详细信息,请参阅验证客户端

    运行应用程序的设备状态如何影响ctsProfileMatch值和基本完整性的示例,如表1所示:

    错误案例

    • 空结果表示对服务的调用未成功完成
    • JWS中的错误参数表示出现了问题,例如网络错误或攻击者假装的错误。大多数错误都是暂时性的,如果您再次调用该服务,应该不会出现错误。您可能希望再重试几次,每次重试之间的延迟会越来越大
    • 如果设备被篡改,也就是说,如果响应中将basicIntegrity设置为false,则判决可能不包含有关调用应用程序的数据,例如apkPackageName和apkCertificateDigestSha256。当我们的系统无法可靠地确定呼叫应用时,就会发生这种情况

    签名认证报告错误时该怎么办?

    • 重试。合法设备上的错误是暂时的,如果您再次呼叫该服务,错误应该消失
    • 检查你的应用程序在受影响的设备上每分钟调用API的次数不超过5次,并且你的项目的API配额尚未用完
    • 假设可能是攻击者故意触发错误案例来伪装他们的活动

    通过未来检查的建议:

    >

    {"建议":"LOCK_BOOTLOADER,RESTORE_TO_FACTORY_ROM"}

    在应用程序中,您可以将advice参数中的值转换为用户友好的消息,以帮助用户通过未来的SafetyNet认证。此外,还可以看看可能导致SafetyNet故障的各种可能性。

    • 在无法使用SafetyNet的情况下,例如当用户没有Google Play Services支持时,或者在模拟器上测试您的应用时,Firebase身份验证会使用reCAPTCHA验证来完成手机登录流程。如果您在模拟器上测试它,则需要包含依赖androidx.browser:浏览器才能使其工作。SHA256密钥和android设备验证API是用于真实设备通过Safetynet检查的。reCAPTCHA流仅在SafetyNet不可用或您的设备未通过可疑检查时才会触发。reCAPTCHA挑战通常可以在用户无需解决任何问题的情况下完成,从而将您重定向到浏览器,以便您完成如果它不起作用。
    • 也看看相关的GitHub问题。如果这不能解决你的问题,我建议你联系谷歌游戏团队寻求帮助。你可以从这里的链接联系他们。

    • 郝池暝
    2023-03-14

    如果我没弄错你的问题,你想知道为什么在你的电话号码得到验证之前,你的浏览器一直打开来解决一个问题?

    现在,Firebase做了一系列更新,引入了谷歌的安全网安全功能来验证特定的身份验证请求是否来自实际的手机,而不是机器人。考虑到这一点,使用仿真器或测试编号可能会触发所获得的错误,从而将您重定向到浏览器,以便您无需重新开始即可完成验证过程。

    你可以参考这份文件进一步解释。

    如果这个答案有帮助,请务必将其标记为正确答案,以便帮助其他有需要的人找到自己的路。

    快乐编码!

     类似资料:
    • 颤振:致命错误:“颤振/颤振。未找到h’文件

      Xcode的输出:在文件中包含从 /Users/dani/development/flutter/.pub-cache/hosted/pub.dartlang.org/url_launcher-6.0.3/ios/Classes/FLTURLLauncherPlugin.m: 7: /Users/dani/development/flutter/.pub-cache/hosted/pub.dart

    • 颤振插件未安装错误;运行“颤振医生”时

      我正在Linux Ubuntu上配置Flatter SDK 我在文件中为和指定了,但我在运行时收到此错误:

    • 颤振未来与未来子类型错误?

      我刚刚更新了Flutter,并成功地从下载了我的原始项目。现在我得到了一个奇怪的错误。我在github上看到有人提到它,但没有关于如何修复的明确答案。项目甚至不加载。它从我的main.dart文件中读取Future语句并返回此... [VERBOSE-2:dart\u error.cc(16)]未处理的异常:类型“Future dynamic”不是类型“Future String”的子类型,其中

    • google_map_location_picker颤振依赖错误

      在使用解决版本问题时,我得到以下错误: 因为google_map_location_picker 3.3.3依赖于intl>=0.16.0<=0.16.1,而sdk中的每个flutter_localizations版本都依赖于intl 0.17.0,所以google_map_location_picker 3.3.3与sdk中的flutter_localizations不兼容。因此,由于food_

    • 颤振安装错误与许可证在Linux

      我在安装颤动时遇到了3个错误:[!]Android工具链 - 为Android设备开发(AndroidSDK 27.0.3)!某些Android许可证不被接受。要解决此问题,请运行:颤抖医生 - android许可证 [✓] Android Studio ✗颤振插件没有安装;这增加了颤振的特定功能。 ✗ Dart插件未安装;这增加了Dart特定的功能。 我可以在android工作室安装插件,但如何

    • 颤振显示一些错误

      我正在尝试将我的颤动应用程序连接到我的手机,但它不起作用...我在终端中写了,它向我展示了一些错误: 我正在使用VS代码(如果很重要)。SDK管理器的路径是什么?为什么对我说“视觉工作室未安装”,如果它写在VS代码终端中? 谢谢大家!

    相关问答

    颤振安装错误与许可证在Linux颤振显示一些错误OpenCV错误:功能未实现将颤振集成到本机主机应用程序[Add2App]时,从颤振完成颤振活动用Apache httpclient实现Java-HTTPS基本认证

    相关文章

    基于canvas实现的钟摆效果完整实例错误:“未实现选择器”SpringBoot整合Shiro实现登录认证的方法HTTP基本认证而不是TLS客户端认证Vue.js实现的计算器功能完整示例

    相关阅读

    OrientDB性能调整DevOps培训认证大数据认证MySQL 读写分离的基本概念和实现方式实战-Swing实现记事本

    相关工具

    safetynet-fix易优安身份认证仿微信【未完待续】豆瓣OAuth认证示例项目SQLite的基本使用

    相关文档

    Effective Modern C++ 中文版(不完整)Android Gradle 用户指南(不完整)认识现代 WebGISC++ Template 进阶指南(未完)Real World OCaml 中文版(未完)
    快捷导航: 新手教程 算法原理 架构设计 Java进阶 数据库进阶 大厂专栏 面试经验 编程笔记 编程问答 所有专题 文档资料 工具软件 电子书籍 小牛导航
    在线工具: 房贷计算器 个税计算器 Linux命令查询 Json格式化 正则表达式 颜色转换 AES加解密 SHA1加密 MD5加密 毒鸡汤 字数统计 随机密码生成 进制转换 Base64编解码 励志句子
    Copyright © 2019-2024 小牛知识库@xnip.cn. All Rights Reserved.