Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Yalp > 0.35 not working anymore: no network #447

Closed
Spielmops opened this issue May 17, 2018 · 90 comments
Closed

Yalp > 0.35 not working anymore: no network #447

Spielmops opened this issue May 17, 2018 · 90 comments

Comments

@Spielmops
Copy link

If I start Yalp and tap on "search for updates" it tells me "no network connection"

This behaviour happens with version 0.39 and 0.40 (could not download 0.36 - 0.38) and with Lollipop and Nougat, but Yalp 0.40 works with Jelly Bean.

I deinstalled Yalp and reinstalled the version 0.35 and everything is OK.

My devices are rootet, every app named "Google-xxx" or similar are disabled, AF-Wall is installed (and Yalp has permission), AdAway is working, Xprivacy is disabled for Yalp. So: nothing changed between versions 0.35 and 0.40 but Yalp itself.

Spielmops

@naloder
Copy link

naloder commented May 17, 2018

same

@amo13
Copy link

amo13 commented May 17, 2018

Seems to be linked to microG stuff. I had the same problem until I deactivated GCM and device registration in microG settings. Now yalp store connects and works just fine. Don't forget to reactivate GCM if you use an app that needs it.
Is it something that can be fixed in yalp store or should it be reported to the microG team?

@amo13
Copy link

amo13 commented May 17, 2018

Ok, just noticed that this is going to be a bit of a problem when trying to use automatic updates or update notifications, since yalp store can't check for updates with microG stuff enabled...

@linuxdude96
Copy link

I am having the same issue

@ccoreilly
Copy link

Apparently the SSL Handshake with the Google API is failing. From logcat:

javax.net.ssl.SSLHandshakeException caught during a google api request: Handshake failed

@linuxdude96
Copy link

linuxdude96 commented May 17, 2018

@ccoreilly well let's hope the dev can find a quick fix. I am going on vacation in less then a week and need to download a crap ton of apps.

@Spielmops
Copy link
Author

Adding info: I have no micro-G-stuff on any of my devices. As a workaround Fdroid should offer the old version 0.35. Not all of you have rooted devices, where one can extract installed apps ....
Spielmops

@eduardoeae
Copy link

Same problem. I tried deactivating GCM but it still shows "no network connection".

@yeriomin
Copy link
Owner

@Spielmops @naloder @amo13 @linuxdude96 @ccoreilly @eduardoeae Since #410 NetChipher library is used to initiate connections. It uses only secure up-to-date ciphers for initiating ssl connections by default. It appears, today something changed on google's side and ssl connections can not be initiated this way. Enabling weaker ciphers ("compatible" as NetChipher calls them) fixes this.

@yeriomin
Copy link
Owner

@Spielmops @naloder @amo13 @linuxdude96 @ccoreilly @eduardoeae
Here is a modified apk if anyone is interested in testing.
app-legacy-release.zip

@bungabunga
Copy link

@yeriomin is the testing app using unsecure alghos?

@eduardoeae
Copy link

@yeriomin The test apk works for me.

@DPTJKKVH
Copy link

@yeriomin It works! With your test apk I am able to connect to play store again and check for updates.

It's strange that Google cut down on secure ciphers though. 😦

@bungabunga
Copy link

it didn't. it probably only make it even more restricted..

@TPS
Copy link

TPS commented May 17, 2018

Somehow, this seems kinda like another issue I ran into on a completely unrelated project:

Nm, I think I figured it out 😳: I was tweaking my trusted system certs per https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html . It turns out both Google & Amazon still have deep-seated TLS certs signed by Symantec-&-Co, which knocks everything off-kilter when that's distrusted. When I re-enabled & waited a few, everything realigned.

Who knew? The first deadlines passed last month, so I thought @ least Google'd get their act together by now.…

Google's very "Do what I say, not what I do," — A LOT. 🤷‍♂️

undeadfox added a commit to undeadfox/YalpStore that referenced this issue May 17, 2018
Issue yeriomin#447 fixing ssl handshake failure (no network connection)
@jorgemoralespena
Copy link

Same issue over here.
A few games that I downloaded with yalp stopped working as well just today. I wonder...

@setuidroot
Copy link

The test apk also works for me. Android 7.1.2, no gapps/google stuff, I use VPNs with AFWall+. Never had an issue like this before, but it's fixed with the new test app.

@yeriomin
Copy link
Owner

@bungabunga @DPTJKKVH @TPS

is the testing app using unsecure alghos?

Yes

It's strange that Google cut down on secure ciphers though. 😦

it probably only make it even more restricted..

I wouldn't be surprised if google implemented some cipher which is slightly incompatible with the generally available implementation.
Here is the place where it is decided which ciphers to use: https://github.com/guardianproject/NetCipher/blob/26304115de4939f20f023715ab7b079ce7105c1d/libnetcipher/src/info/guardianproject/netcipher/client/TlsOnlySocketFactory.java#L140

So, excluding the following ciphers makes ssl handshake fail: DES DH DSS MD5 RC4

It turns out both Google & Amazon still have deep-seated TLS certs signed by Symantec-&-Co

I haven't checked but I think in this case something other than SSLHandshakeException is thrown.

@bungabunga
Copy link

@yeriomin oh, those are all really old and dangerous to use ciphers. do you think it is possible to make Yalp work without them? i doubt Play Store is depending on them. they were even thrown out of modern browsers (TLS)..

@ale5000-git
Copy link

@yeriomin: Is it possible that they have enabled TLS 1.3 (that include new ciphers if I'm not wrong and maybe they break old ciphers)?

Browsers already started to ship it enabled by default.

@DPTJKKVH
Copy link

DPTJKKVH commented May 17, 2018

@yeriomin I'm no Google fanboy but I honestly can't imagine that they intentionally lower cipher strength. Either they f***ed up their configuration or @ale5000-git is right and they amped up their security and left only some rubbish ciphers for fallback.

However the latter one would be stupid (downgrade attacks!) and I also can't imagine that Google would do something like that. In fact I'd rather believe someone is doing MitM than Google acting THAT stupid.

This is very strange/suspicious.

@ArchangeGabriel
Copy link

They are no downgrade attacks with TLS 1.3. But the easiest is to test. What is the URL or domain name through which the PlayStore is reached by YalpStore?

@yeriomin
Copy link
Owner

@bungabunga @ale5000-git @DPTJKKVH

i doubt Play Store is depending on them

It supports them.

Is it possible that they have enabled TLS 1.3

Yalp store worked for a month with old ciphers disabled, so maybe this issue is just a misconfiguration which will be fixed on google's side. For some reason today ssl initiation fails when using new ciphers only. Google might have installed some ssl implementation on their servers which is somehow incompatible with ssl implementation on existing android devices, but this is just a guess.

I honestly can't imagine that they untentially lower cipher strength.

Old ciphers have always been supported and still are. Google cannot drop them while old devices are in use. Today's problem is with new ciphers.

@motorious1
Copy link

just wanted to chime in that I have this issue on my 6.0.1 device version 0.40 and the modified apk provided earlier resolved the issue. However, on my 7.1.2 device it still has version 0.35 and works...yet when I tried installing 0.35 on my 6.0.1 device the problem remained...strange.

@tuxayo
Copy link

tuxayo commented May 21, 2018

I confirm that I still have seen this issue on 3 devices on the last 48h.

  • Galaxy S5 - LineageOS 14.1 (Android 7.1.2) without google play services
  • Moto G3 (XT1541) - LineageOS for microG 14.1 (Android 7.1.2) with microG replacing the Play Services
  • Another Moto G3 (XT1541) - LineageOS for microG 14.1 (Android 7.1.2) with microG replacing the Play Services (not sure if the right things in the microG config are enabled)

But it still works on a:

  • Wiko CINX PEAX 2 - Android 4.1.2 with google play services

All using the Yalp default google account.

Then it could be something about TLSv1.3 because Android 4.1.2 certainly doesn't support it.
Or it could be something about the Play Services.

edit: all running version 0.40 from F-Droid

@MorganeAD
Copy link

I have Yalp 0.40 install and it's not working. My phone is a Wiko rainbow jam 4G with Android 5.1.1

@tuxayo
Copy link

tuxayo commented May 21, 2018

Okay, it didn't understand that it should hopefully be fixed in 0.41 whose build should automatically happen on F-Droid https://gitlab.com/fdroid/fdroiddata/issues/1215

@MorganeAD
Copy link

I have this log with adb logcat :

[...]
E/YalpStoreSuggestionProvider( 6752): javax.net.ssl.SSLHandshakeException: Handshake failed
[...]
D/SearchTask( 6752): javax.net.ssl.SSLHandshakeException caught during a google api request: Handshake failed
[...]

Maybe, it can help you. (sorry I didn't read all the previous posts)

@yeriomin
Copy link
Owner

@Niouby The issue is fixed and closed for a couple of days now. You can get v0.41 on releases page or wait for F-Droid to compile it.

@tuxayo
Copy link

tuxayo commented May 21, 2018

@yeriomin Thanks I didn't notice that there was a v0.41 apk available :D

I confirm that it works for me on Android 7.1.2 (Galaxy S5) 🎉

For anyone wanting/needing to try: as it's not the same signature, one can't directly install it over the F-Droid one.

Option 1

Uninstall Yalp before installing the 0.41 apk. But Yalp app data will be lost (update blacklist and other configuration, shouldn't be an issue for most people)

Option 2

  • Use oandbackup to backup Yalp app data (libre/open source, on F-Droid, requires root)
  • uninstall Yalp
  • install the 0.41 apk
  • restore app data with oandbackup

Going back to F-Droid to continue receiving update on the long term

Same procedure but install the F-Droid version instead of the released 0.41 APK

@MorganeAD
Copy link

@yeriomin ah ! I didn't see the apk, thanks a lot :)

@tmolitor-stud-tu
Copy link

Some more insights: https://www.mail-archive.com/[email protected]/msg75283.html

@tmolitor-stud-tu
Copy link

@yeriomin I just checked f-droid metadata: https://f-droid.org/wiki/page/Yalp_Store#Versions
It still thinks 0.40 is the current version, do you know why the fdroid bot didn't pick up the new version?
It seems it checks for updates by checking the tags on your repository. But version 0.41 seems properly tagged on that end.

@Rikk
Copy link

Rikk commented May 21, 2018

Up to 0.15 tags are prefixed with "v", eg "v0.15", after that they are like "0.41". Pure speculation, but could it be confusing the bot?

@yeriomin
Copy link
Owner

@tmolitor-stud-tu That is normal. Some releases were compiled weeks after being tagged on github.

@tmolitor-stud-tu
Copy link

tmolitor-stud-tu commented May 21, 2018

@yeriomin but why does this happen? the last checkupdate run was days after you updated your repo: https://f-droid.org/wiki/page/checkupdates
And it didn't report your app as updateable...

@ale5000-git
Copy link

It is simply slow, it may take 3/7 days for the wiki page to be updated I think.

@theScrabi
Copy link

We have similar problems with NewPipe. Maybe we can talk with fdroid to find a way to speed up things.

@moso
Copy link

moso commented May 22, 2018

Would it be beneficial to have a seperate repository running, just for Yalp Store?

@theScrabi
Copy link

Honestly I don't think that is a good idea. Seperate repositories can be done, but that would kind of brake the point of fdroid ... i think. Maybe helping fdroid people to fasten things up would be the right thing.

@ale5000-git
Copy link

ale5000-git commented May 22, 2018

There is a way to speed-up but I think it is ignored by many developers because it need time to setup: Reproducible Builds.

Whis this you can have the apk with developer signature on F-Droid and the user can update the F-Droid version with the one on GitHub and viceversa.

@chris42
Copy link

chris42 commented May 22, 2018

FYI: I just used the 0.40 Version to check for app updates and it worked. Maybe google corrected something?

@yeriomin
Copy link
Owner

@ale5000-git Could you give me a link to any f-droid app which does this? I could not find any app in fdroid-data which has signatures in metadata. It is quite easy to break metadata which can be fixed only through bureaucracy.

Also, current fdroidserver master crashes on attempt to add signatures to metadata:

$ ../fdroidserver/fdroid signatures ~/com.github.yeriomin.yalpstore_41.apk
CRITICAL: Unknown exception found!
Traceback (most recent call last):
  File "../fdroidserver/fdroid", line 164, in <module>
    main()
  File "../fdroidserver/fdroid", line 138, in main
    mod.main()
  File "/home/user/projects/fdroidserver/fdroidserver/signatures.py", line 102, in main
    extract(config, options)
TypeError: extract() takes 1 positional argument but 2 were given

@chris42 Only 0.41 works for me...

Maybe google corrected something?

I don't think they would use the term "corrected", but they might change something again.

@moso

a seperate repository running, just for Yalp Store?

There are github releases already. Having a f-droid style repo would need a hosting and will require user interaction to work. No benefits over github releases.

@theScrabi

Maybe helping fdroid people to fasten things up would be the right thing.

I agree, but while there are some ways to speed up their builds, it seems to me that they have more of an organizational problem. They not only know the problems with their software, but they know the solutions, but not implementing them. Good example: https://gitlab.com/fdroid/fdroidserver/issues/451

Besides, even with the software they have, running builds daily would not be a problem (tested this, the checkupdates phase does take hours, but since there are not so many updates each day, the build phase is relatively fast), unless there is some internal limitation, organizational problem. Obviously, I'm just guessing.

@ArchangeGabriel
Copy link

@chris42 @yeriomin I’ve also had checking for update working on 0.40 right now, however I got Malformed request on subsequent attempts to download said updates.

@LivInTheLookingGlass
Copy link

I cant get 0.41 to work. Keeps saying there are errors on the HTTP level. Same issue? Or should I file another one?

@theScrabi
Copy link

theScrabi commented May 23, 2018

I reloged in, don't know if that would help for you.

@mad-moo
Copy link

mad-moo commented May 23, 2018

The old error is gone and login & search work again. However downloading apps fails with a "malformed request" message. Clearing the app data resolved the issue for me.

@TPS
Copy link

TPS commented May 23, 2018

F-Droid is finally @ v. 0.41 (since the last few hours)!

@tuxayo
Copy link

tuxayo commented May 23, 2018

Thanks, I confirm that 0.41 work.
Though 0.40 worked again since yesterday for me. Strange, might the changes in the Play Store API.

I just retried and v0.40 works. really strange.

eighthave pushed a commit to guardianproject/NetCipher that referenced this issue Aug 7, 2018
"TLS_FALLBACK_SCSV" MUST NOT be set on first connect, see
yeriomin/YalpStore#447 (comment)
and RFC 7507

closes #74
@erhanfirat
Copy link

erhanfirat commented Jan 5, 2020

Hi,

I am using S6 Edge with Lineage 16.
Unfortunately, "No network connection" error still appears with given all permissions...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests