ClassicPowerMenu icon indicating copy to clipboard operation
ClassicPowerMenu copied to clipboard

Published 20 hours ago verified publisher icon KieronQuinn

Wallet Database Improvement Tracking Issue

Open rom4ster opened this issue 1 year ago • 17 comments

I was reverse engineering the wallet app and I gained some very interesting insight.

  1. The wallet app is mostly a shell. The real wallet and payment stuff is actually a part of google play services.
  2. This means that everything, including saving and storing wallet data is actually handled by Google Play Services
  3. The database CPM has been using is an auxiliary database by the looks of it, infact "tapandpay" is mostly under a section called "experiments" in teh source
  4. Due to issues that I and some others on the forum seem to face, it may be that google will stop using the tapandpay database.
  5. The google play services app has a database under its "pay" folder called valuables which has information that actually looks updated.

I feel that its important to make an issue on this, I am looking into it but its probably not gonna be fast as I stress

I am a noob at android dev

This is why the issue is important so that people know about this.

Ill update if i can get anything going with this. Or if someone else wants to do something, be my guest lol.

rom4ster avatar Jun 19 '23 20:06 rom4ster

I can successfully connect to the database however there is a problem. The proto_bytes section does not want to serialize. Even using protoc - - decode_raw on those bytes does not work. Invalid wire type. It could be because they are not protobuf format or maybe they are incomplete or something is missing or something. If anyone has any ideas would be helpful

rom4ster avatar Jun 25 '23 17:06 rom4ster

The reason that database is not used is, as you found out, the data isn't readable. I think it's probably encrypted, as the JWTs are in the same table.

It almost certainly contains the same data as is unencrypted in the database CPM actually uses, and while it may be a risk that Google stop using the tapandpay database, the same can be said for any database. They could change format, decide to encrypt local data, anything which could break the reading. That is always a risk when reading local files with root.

As for the Wallet app being a shell and the actual app residing in GMS, that's always been the case. I highly doubt it will change however, given it's been through no less than three branding and name changes, and stayed roughly the same in how it works. It's actually been highly beneficial to CPM, because the Wallet app (and previously Pay in both its forms as well) is not obfuscated. That means reading and reversing the protobuf is much, much easier.

I'm not so sure about the experiments bit either - most of the models for the protobuf, the communication with GMS, the other logic, seems to reside in com.google.android.gms.tapandpay - not experiments.

KieronQuinn avatar Jun 25 '23 23:06 KieronQuinn

The problem is that that my Tap and Pay database is no longer being updated for new cards. This is why I believe that Google is going to stop using this.

rom4ster avatar Jun 26 '23 00:06 rom4ster

I added a transit ticket to my Wallet earlier today and it's been added to the valuables database, so there's nothing I can really suggest. If they are genuinely stopping using it (which I doubt) then there will probably be no alternative, as the other form is encrypted.

KieronQuinn avatar Jun 26 '23 00:06 KieronQuinn

I do use a beta version of wallet. I may try opting out of the beta and see if that works.

rom4ster avatar Jun 26 '23 01:06 rom4ster

There is no beta version of Google Wallet, do you mean the Play Services beta? I'm in that too, no difference.

KieronQuinn avatar Jun 26 '23 01:06 KieronQuinn

Oh i see, there was one when they first released the Drivers licecence stuff, I guess its over now. Are you updated to latest wallet?

rom4ster avatar Jun 26 '23 03:06 rom4ster

Are there any news here? I am using Wallet version 23.44.582097972 and Play services 23.45.23, and while CPM is failing to load my loyalty cards, Smartspacer is successfully loading and using my Google Wallet loyalty cards with the Google Wallet Plugin. So it seems its still possible

Pfuenzle avatar Dec 08 '23 12:12 Pfuenzle

Are there any news here? I am using Wallet version 23.44.582097972 and Play services 23.45.23, and while CPM is failing to load my loyalty cards, Smartspacer is successfully loading and using my Google Wallet loyalty cards with the Google Wallet Plugin. So it seems its still possible

It's unlikely they'll ever work again, the rollout of encryption has since hit everyone (including me) and it's no longer possible to read them.

KieronQuinn avatar Dec 08 '23 12:12 KieronQuinn

But why can the Wallet Smartspacer Plugin successfully read the Cards then? Isn't it also made by you?

I installed both Smartspacer and CPM two days ago at the same time, and Wallet maybe 3 days earlier, so I doubt I still have the un-encrypted database on my device. Is there a way to check for it?

CPM Screenshot_20231208-201413

Smartspacer Screenshot_20231208-201400

Pfuenzle avatar Dec 08 '23 12:12 Pfuenzle

But why can the Wallet Smartspacer Plugin successfully read the Cards then? Isn't it also made by you?

I installed both Smartspacer and CPM two days ago at the same time, and Wallet maybe 3 days earlier, so I doubt I still have the un-encrypted database on my device. Is there a way to check for it?

CPM Screenshot_20231208-201413

Smartspacer Screenshot_20231208-201400

Because you log into your Google account for the Smartspacer plugin. That isn't feasible for CPM, the setup is different.

KieronQuinn avatar Dec 08 '23 12:12 KieronQuinn

Your Google account stores your wallet information for everything except on device information such as health cards. You can actually get this information pretty easily as a Pdf. I thought it was not possible to get it in another format which is where I was stuck. I wonder if smart spacer is open source.

rom4ster avatar Dec 19 '23 17:12 rom4ster

Your Google account stores your wallet information for everything except on device information such as health cards. You can actually get this information pretty easily as a Pdf. I thought it was not possible to get it in another format which is where I was stuck. I wonder if smart spacer is open source.

It is, it's another one of my apps. The wallet code is in the plugin, on my SmartspacerPlugins repo. But like I say, it's a whole sign in and not worth it for just this IMO. Smartspacer itself is a good replacement for this feature until Google get their act together as it can show the loyalty card at a location and uses the same popup as CPM does to show it when locked

KieronQuinn avatar Dec 19 '23 17:12 KieronQuinn

Your Google account stores your wallet information for everything except on device information such as health cards. You can actually get this information pretty easily as a Pdf. I thought it was not possible to get it in another format which is where I was stuck. I wonder if smart spacer is open source.

It is, it's another one of my apps. The wallet code is in the plugin, on my SmartspacerPlugins repo. But like I say, it's a whole sign in and not worth it for just this IMO. Smartspacer itself is a good replacement for this feature until Google get their act together as it can show the loyalty card at a location and uses the same popup as CPM does to show it when locked

I agree that there is no point trying to go after googles database. Losing battle tbh. Also jeezus man you are EVERYWHERE. I just downloaded an app to get pixel like always listening song info and found out it was one of yours. I am going to play with smart spacer and see what fun I can have

rom4ster avatar Dec 19 '23 17:12 rom4ster

Your Google account stores your wallet information for everything except on device information such as health cards. You can actually get this information pretty easily as a Pdf. I thought it was not possible to get it in another format which is where I was stuck. I wonder if smart spacer is open source.

It is, it's another one of my apps. The wallet code is in the plugin, on my SmartspacerPlugins repo. But like I say, it's a whole sign in and not worth it for just this IMO. Smartspacer itself is a good replacement for this feature until Google get their act together as it can show the loyalty card at a location and uses the same popup as CPM does to show it when locked

I think it's worth to make it work like the smart spacer. I would love to be able to display my loyalty cards in this app again.

dariusz-goc avatar Feb 27 '24 02:02 dariusz-goc

Your Google account stores your wallet information for everything except on device information such as health cards. You can actually get this information pretty easily as a Pdf. I thought it was not possible to get it in another format which is where I was stuck. I wonder if smart spacer is open source.

It is, it's another one of my apps. The wallet code is in the plugin, on my SmartspacerPlugins repo. But like I say, it's a whole sign in and not worth it for just this IMO. Smartspacer itself is a good replacement for this feature until Google get their act together as it can show the loyalty card at a location and uses the same popup as CPM does to show it when locked

I think it's worth to make it work like the smart spacer. I would love to be able to display my loyalty cards in this app again.

It is actually something I'm considering as Google have actually regressed the lock screen wallet experience by making it require unlock. I need to have time to do it though, which I don't have right now

KieronQuinn avatar Feb 27 '24 03:02 KieronQuinn

Thank you for your consideration 👍

dariusz-goc avatar Feb 27 '24 03:02 dariusz-goc