Mini Program
取消
Development
中文
EN
取消
  • Guide

    • # Equipment certification

    When using some of the hardware capabilities provided by Weixin Mini Program, you need to register the device in WeChat in advance, so that WeChat can verify the authenticity of the device.

    Example: Weixin Mini Program Audio and video calling (for hardware)

    # 1. Equipment requirements

    WeChat Hardware capability is required to verify device identity.The equipment manufacturer needs to ensure that the equipment meets certain conditions.

    # 1.1 Android devices

    The equipment needs to meet one of the following conditions:

    • The RPMB (Replay Protected Memory Block) partition on the device's EMMC / UFS storage is not being used;
    • The equipment supports TEE, and can develop TA and submit for acceptance in accordance with "Equipment Certification TEE Specification" .

    In addition, the device manufacturer needs to build an RPMBD service (provided by WeChat, see Section 3) for reading, writing and communicating to the RPMB partition, and to ensure that the service can boot properly.

    # 1.2 Linux devices

    The equipment needs to meet the following conditions:

    • The RPMB (Replay Protected Memory Block) partition on the device's EMMC / UFS storage is not being used;

    # 2. Security Policy

    For the same modelId, each physical device should be assigned a unique and invariant SN. Device capabilities may be blocked if detected including, but not limited to, the following:

    • Multiple devices share the same SN;
    • The same device uses multiple different SNs alternately;
    • Use of false devices for device registration;
    • Other forgery or misuse of devices.

    # 3. Device Certification (Android)

    # 3.1 Deploying RPMBD Services

    Device authentication requires the use of RPMB partitions on EMMC / UFS storage to guarantee the identity of the device, and requires the device manufacturer to build a service for RPMB-partition reading, writing and communication, and to ensure that the service can start up and start normally.

    # 3.1.1 Downloading Services

    Download the rpmbd binaries for the corresponding platform and version at here .

    Note: ARM 64-bit versions (TEE) require device vendors to develop TA modules corresponding to TEE in accordance with the specifications. For more specifications and processes, refer to device certification TEE specification .

    # 3.1.2 Running the service

    Integrate the downloaded rpmbd binary (assuming the file name is rpmbd, which can be renamed after downloading) into the system and run as a service.

    Be careful

    • The RPMBD service is not only used for registering devices, but also for subsequent use of the relevant hardware capabilities. is required to ensure that the RPMBD service is always running .
    • ** The RPMB key for each EMMC / UFS memory chip can only be written once and cannot be modified. *[[TAG-3END]] If the wrong values are written (model_id and sn when not registered), then the chip can no longer be used.
    • Higher versions of android are more secure, may also need to configure SELinux, and only support booting on the system partition.Refer to SELinux reference configuration

    It works like this:

    rpmbd /dev/mmcblk1rpmb # /dev/mmcblk1rpmb 为rpmb分区路径, 开发者需要根据自己设备的情况具体填写(高通平台不需要指定)

    Refer to the following RC startup mode:

    • / system / etc / init, put it into the system partition to start (recommended)

      service rpmbd /system/bin/rpmbd /dev/mmcblk1rpmb
  class main
  user root
  group root system

    • /vendor/etc/init,放到 vendor 分区启动(仅 Android < 8 支持)

      service rpmbd /vendor/bin/rpmbd
  class main
  user root
  group root system

    # 3.2 注册设备

    在完成 RPMBD 服务部署后,需要使用 WMPF 认证设备

    # 4. 设备认证(Linux)

    • 使用「小程序音视频通话 SDK(直连 Linux 设备)」的设备,请使用wx_device_register注册设备。

    # 5. 常见问题

    (1) 注册设备报错 emmc write fail00

    检查 rpmbd 服务启动参数里的 rpmb 分区路径是否正确。 若路径正确,确认此路径对应的 rpmb 分区在 Android OS 下能否被访问。


    (2) 报错 cert fail

    应用缓存被清理,或 Android 认为 APK 有变动导致 keystone 中数字证书失效导致。

    需要清理 apk 数据缓存再使用相同的 appid、model_id、SN 调用 registerDevice/registerVoipDevice 刷新密钥。


    (3) 接口报错 ticket 1 invalid rpmb_buffer

    当前 rpmbd 与 SDK aar 的版本不兼容,应保持二者使用相同版本。例如:rpmbd 服务使用了 1.3 以下版本,而 SDK 使用了 1.3 或以上的版本。


    (4) 注册设备返回 -7,或调用接口报错 failed to get native service 或其他获取 rpmbd 服务失败的错误

    • 确认已部署 rpmbd 服务,且服务正常运行。(可以通过 ps 查看)
    • Android >= 8 版本,请确认 rpmbd 是在 system 分区启动
    • 如果启用了 SELinux,需确认 SELinux 的相关规则已正确配置

    (5) 注册设备报错 register: null

    高版本 android 不允许在主线程里进行网络请求,需要单独开线程里来调用 SDK 接口


    (6) 使用物联网卡时,网络请求一直失败

    物联网卡请使用 WMPF 注册设备,或设备认证 SDK >= 1.3.1 版本,并确保 servicewechat.com 域名能够正常访问。


    (7) 注册设备报错 9800004,device xxx is not confirmed

    绝大多数情况是因为注册设备时使用了 1.3 以下版本的 设备认证 SDK,且同时发起了多次 registerVoipDevice 请求,此时有概率设备端使用的密钥与后台不同步,导致设备再也无法成功注册,且该过程不可逆。

    建议开发者使用 WMPF 注册设备,或升级到设备认证 SDK 1.3 及以上版本,使用低版本时请务必保证前一次 registerVoipDevice 返回前不要重复调用。


    (8) 注册设备报错 9800004,device xxx not registered

    绝大多数情况是当前设备之前使用不同的 modelId/sn 进行了注册。如使用 WMPF 注册设备,可以使用 getMiniProgramDeviceInfo 检查下当前设备内的 sn 和 modelId,和传入的是否一致。


    (9) 获取票据 getCallerTicket/getDeviceToken 报错 9800004

    一般是因为传入的 mode_id 与最初注册设备时不一致。


    (10) 报错 ticket 0 digital-sig check fail

    多数是因为当前设备已经在这台设备的另一个 App 中注册过,目前设备验证只能用于单个应用。需要再使用相同的 appid、model_id、SN 重新调用 registerDevice/registerVoipDevice 刷新密钥。

    例如,同时混用「使用 WMPF 认证设备」和「设备认证 SDK」,可能会导致 WMPF 和 开发者应用互相抢占密钥,导致这个错误。


    (11) 注册设备报错 40234 hmac check fail

    可能有以下原因

    • 设备已经使用其它的 model_id/sn 注册过,此次注册传入了不同的 model_id;
    • 设备曾经注册过,且注册设备时使用了 1.3 以下版本的设备认证 SDK,且同时发起了多次 registerVoipDevice 请求,此时有概率设备端使用的密钥与后台不同步,导致设备再也无法成功注册,且该过程不可逆。

    (12) 获取 deviceToken 时报错 register info invalid

    当从「设备认证 SDK」切换到「使用 WMPF 认证设备」后,需要调用 WMPF registerMiniProgramDevice 重新进行设备注册,若未调用或调用未成功,则在需要获取 deviceToken 的场景会报这个错误。