{"id":13809250,"url":"https://github.com/thestr4ng3r/arcore-patch","last_synced_at":"2025-05-14T05:33:39.243Z","repository":{"id":122591349,"uuid":"115628451","full_name":"thestr4ng3r/arcore-patch","owner":"thestr4ng3r","description":"Attempt to get ARCore Preview 2 running on unsupported devices","archived":true,"fork":false,"pushed_at":"2017-12-30T12:25:39.000Z","size":13,"stargazers_count":80,"open_issues_count":6,"forks_count":7,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-05-09T07:04:51.350Z","etag":null,"topics":["android","arcore","radare2","reverse-engineering"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thestr4ng3r.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-12-28T13:59:32.000Z","updated_at":"2025-03-19T10:32:00.000Z","dependencies_parsed_at":"2024-01-08T07:59:34.093Z","dependency_job_id":null,"html_url":"https://github.com/thestr4ng3r/arcore-patch","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thestr4ng3r%2Farcore-patch","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thestr4ng3r%2Farcore-patch/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thestr4ng3r%2Farcore-patch/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thestr4ng3r%2Farcore-patch/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thestr4ng3r","download_url":"https://codeload.github.com/thestr4ng3r/arcore-patch/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254077023,"owners_count":22010642,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","arcore","radare2","reverse-engineering"],"created_at":"2024-08-04T01:02:12.914Z","updated_at":"2025-05-14T05:33:38.964Z","avatar_url":"https://github.com/thestr4ng3r.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"# ARCore Patch\n\nThis is an attempt to patch ARCore (Preview 2) to run on currently unsupported devices.\n\n## Findings\n\nAlthough not directly obvious to users, ARCore Preview 2 seems to have gone through huge changes compared to Preview 1. Thus, the approach from https://github.com/tomthecarrot/arcore-for-all is not directly applicable anymore.\n\nDevice compatibility related functionality has been moved from the `aar` packaged in apps to the `arcore-preview2.apk`. This apk now contains a native library called `libdevice_profile_loader.so` which is responsible for loading a profile for the device. In the following, memory addresses are specified as virtual addresses for the arm64-v8a version of this library.\n\nDevices are hard-coded inside this library and are identified by an enum (just an int value) called `device_provider::DeviceType`. Luckily, there a function included that converts this value to a readable string called `device_provider::ToString(const device_provider::DeviceType \u0026)` (at `0x00048ea0`). See [device_type_strings.txt](device_type_strings.txt) for possible strings (starting at `0x00157e5c`). Here are some examples for values with corresponding strings (incomplete list):\n\n| DeviceType | String |\n| ---------- | -------------------- |\n| 0 | kUnknownDevice |\n| 1 | kPeanut |\n| 4 | kYellowstoneDVT2 |\n| 5 | kYellowstoneDVT3 |\n| 6 | kYellowstonePVT |\n| 7 | kYellowstoneRangeEnd |\n| 8 | kTwizzler |\n| 9 | kRubicon |\n| 10 | kSimulation |\n| 11 | kCoconut |\n| 12 | kPistachio |\n| 13 | kLucid |\n| 1000 | kLeTangoStart |\n| 1001 | kMarlin |\n| 1002 | kSailfish |\n| 1003 | kMuskie |\n| 1004 | kWalleye |\n| 1005 | kTaimen |\n| 1006 | kAngler |\n| 1007 | kLucyevzwLucye |\n| 1008 | kLucyesprusLucye |\n| 1009 | kLucyeattusLucye |\n| 1011 | kDukl09Hwduk |\n| 1012 | kOneplus5Oneplus5 |\n| 1013 | kG3123G3123 |\n| 1014 | kG8142G8142 |\n\nObviously, `kMarlin` corresponds to the Pixel, `kSailfish` to the Pixel XL and so on. What is especially interesting here is that there are way more devices than the ones officially supported!\n~~There are also some values that I cannot make sense of yet, such as `kPeanut`, `kCoconut` and so on. Just a very wild guess: Maybe `Peanut` is the codename for Android 9 and this value makes the library load the profile from the system itself instead of hard-coding anything?~~ Peanut refers to Project Tango Peanut.\n\nFor many of the listed devices, the apk then contains protobuf files (for some reason in text form, not the usual binary representation) in `assets` containing the profile data with exact calibration values for camera and IMU. Format definitions for these files recovered using [pbtk](https://github.com/marin-m/pbtk) are contained in this repository inside [proto](proto).\n\nUnfortunately, I do not own any of these devices (the closest I have is a Nexus 5X), so I cannot test what happens when this is run on one of them. The `DeviceType` for the current device is determined inside the function `device_provider::InferDeviceTypeFromAndroidProperties(const std::string \u0026)` (at `0x000496a4`). This function can be patched to always return a constant value.\n\nOne idea to get ARCore fully working on unsupported devices would be to patch this function for a specific value and modify the corresponding protobuf with values fitting for the device.\n\nRunning the Hello AR demo from google on my Nexus 5X crashes with many of the values, but with some (such as `kAngler`) it shows a camera image (upside down, which is a common issue with the Nexus 5X), but it is not able to track anything. Logcat gives valuable info on what goes wrong, but I have not investigated further yet.\n\n## Patch\n\nThis repo includes a small bash script called [patch_apk.sh](patch_apk.sh) that can be used to patch the original `arcore-preview2.apk` to always assume a specific `DeviceType` as described above.\n\n### Requirements\n\nThe script requires the following tools to be present in `PATH`:\n\n- [apktool](https://ibotpeaches.github.io/Apktool/)\n- [radare2](https://github.com/radare/radare2) (install from git, NOT any outdated distribution packages!)\n- keytool\n- zipalign and apksigner (from the Android SDK build tools)\n\n### Patching\n\nDownload the original apk next to `patch_apk.sh`:\n```\nwget https://github.com/google-ar/arcore-android-sdk/releases/download/sdk-preview2/arcore-preview2.apk\n```\n\nRun the script in the same directory:\n```\n./patch_apk.sh [device-type]\n```\nReplace `[device-type]` with the device type you want, for example `1006` for Nexus 6P.\n\nYou should get an apk called `arcore-preview2-patched-signed.apk` that you can install to your device:\n```\nadb install -r arcore-preview2-patched-signed.apk\n```\n\nIf have the original apk installed already, it is necessary to manually uninstall that before, since it is signed with a different key:\n```\nadb uninstall com.google.ar.core\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthestr4ng3r%2Farcore-patch","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthestr4ng3r%2Farcore-patch","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthestr4ng3r%2Farcore-patch/lists"}