2023-11-20 07:42:21 +08:00
|
|
|
#include <android/log.h>
|
|
|
|
|
#include <sys/system_properties.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
#include <string>
|
|
|
|
|
#include <vector>
|
2023-11-22 07:32:52 +08:00
|
|
|
#include <map>
|
2023-11-20 07:42:21 +08:00
|
|
|
|
|
|
|
|
#include "zygisk.hpp"
|
2023-11-22 01:25:33 +08:00
|
|
|
#include "dobby.h"
|
2023-11-20 07:42:21 +08:00
|
|
|
|
|
|
|
|
#define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, "PIF/Native", __VA_ARGS__)
|
|
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
static std::string SECURITY_PATCH, FIRST_API_LEVEL;
|
2023-11-20 07:42:21 +08:00
|
|
|
|
|
|
|
|
#define DEX_FILE_PATH "/data/adb/modules/playintegrityfix/classes.dex"
|
|
|
|
|
|
2023-11-22 07:32:52 +08:00
|
|
|
#define PROP_FILE_PATH "/data/adb/modules/playintegrityfix/pif.prop"
|
|
|
|
|
|
2023-11-20 07:42:21 +08:00
|
|
|
typedef void (*T_Callback)(void *, const char *, const char *, uint32_t);
|
|
|
|
|
|
2023-11-22 07:32:52 +08:00
|
|
|
static std::map<void *, T_Callback> callbacks;
|
2023-11-20 07:42:21 +08:00
|
|
|
|
|
|
|
|
static void modify_callback(void *cookie, const char *name, const char *value, uint32_t serial) {
|
|
|
|
|
|
2023-11-22 07:32:52 +08:00
|
|
|
if (cookie == nullptr || name == nullptr || value == nullptr ||
|
|
|
|
|
!callbacks.contains(cookie))
|
|
|
|
|
return;
|
2023-11-20 07:42:21 +08:00
|
|
|
|
|
|
|
|
std::string_view prop(name);
|
|
|
|
|
|
2023-11-23 01:08:47 +08:00
|
|
|
if (prop.ends_with("api_level")) {
|
2023-11-23 07:07:43 +08:00
|
|
|
if (FIRST_API_LEVEL.empty()) {
|
2023-11-23 01:08:47 +08:00
|
|
|
value = nullptr;
|
|
|
|
|
} else {
|
2023-11-23 07:07:43 +08:00
|
|
|
value = FIRST_API_LEVEL.c_str();
|
2023-11-23 01:08:47 +08:00
|
|
|
}
|
|
|
|
|
} else if (prop.ends_with("security_patch")) {
|
|
|
|
|
if (SECURITY_PATCH.empty()) {
|
|
|
|
|
value = nullptr;
|
|
|
|
|
} else {
|
|
|
|
|
value = SECURITY_PATCH.c_str();
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-22 01:25:33 +08:00
|
|
|
if (!prop.starts_with("cache") && !prop.starts_with("debug")) LOGD("[%s] -> %s", name, value);
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-22 07:32:52 +08:00
|
|
|
return callbacks[cookie](cookie, name, value, serial);
|
2023-11-20 07:42:21 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void (*o_system_property_read_callback)(const prop_info *, T_Callback, void *);
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
my_system_property_read_callback(const prop_info *pi, T_Callback callback, void *cookie) {
|
|
|
|
|
|
|
|
|
|
if (pi == nullptr || callback == nullptr || cookie == nullptr) {
|
|
|
|
|
return o_system_property_read_callback(pi, callback, cookie);
|
|
|
|
|
}
|
2023-11-22 07:32:52 +08:00
|
|
|
callbacks[cookie] = callback;
|
2023-11-20 07:42:21 +08:00
|
|
|
return o_system_property_read_callback(pi, modify_callback, cookie);
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
static void doHook() {
|
|
|
|
|
void *handle = DobbySymbolResolver("libc.so", "__system_property_read_callback");
|
|
|
|
|
if (handle == nullptr) {
|
|
|
|
|
LOGD("Couldn't find '__system_property_read_callback' handle. Report to @chiteroman");
|
|
|
|
|
return;
|
2023-11-22 07:32:52 +08:00
|
|
|
}
|
2023-11-23 07:07:43 +08:00
|
|
|
LOGD("Found '__system_property_read_callback' handle at %p", handle);
|
|
|
|
|
DobbyHook(handle, (void *) my_system_property_read_callback,
|
|
|
|
|
(void **) &o_system_property_read_callback);
|
2023-11-22 07:32:52 +08:00
|
|
|
}
|
|
|
|
|
|
2023-11-20 07:42:21 +08:00
|
|
|
class PlayIntegrityFix : public zygisk::ModuleBase {
|
|
|
|
|
public:
|
|
|
|
|
void onLoad(zygisk::Api *api, JNIEnv *env) override {
|
|
|
|
|
this->api = api;
|
|
|
|
|
this->env = env;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void preAppSpecialize(zygisk::AppSpecializeArgs *args) override {
|
|
|
|
|
auto rawProcess = env->GetStringUTFChars(args->nice_name, nullptr);
|
|
|
|
|
|
|
|
|
|
std::string_view process(rawProcess);
|
|
|
|
|
|
|
|
|
|
bool isGms = process.starts_with("com.google.android.gms");
|
|
|
|
|
isGmsUnstable = process.compare("com.google.android.gms.unstable") == 0;
|
|
|
|
|
|
|
|
|
|
env->ReleaseStringUTFChars(args->nice_name, rawProcess);
|
|
|
|
|
|
|
|
|
|
if (isGms) api->setOption(zygisk::FORCE_DENYLIST_UNMOUNT);
|
|
|
|
|
|
2023-11-23 01:08:47 +08:00
|
|
|
if (!isGmsUnstable) {
|
|
|
|
|
api->setOption(zygisk::DLCLOSE_MODULE_LIBRARY);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
int fd = api->connectCompanion();
|
2023-11-22 01:25:33 +08:00
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
int mapSize;
|
|
|
|
|
read(fd, &mapSize, sizeof(mapSize));
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
for (int i = 0; i < mapSize; ++i) {
|
|
|
|
|
int keyLenght, valueLenght;
|
|
|
|
|
std::string key, value;
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
read(fd, &keyLenght, sizeof(keyLenght));
|
|
|
|
|
read(fd, &valueLenght, sizeof(valueLenght));
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
key.resize(keyLenght);
|
|
|
|
|
value.resize(valueLenght);
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
read(fd, key.data(), keyLenght);
|
|
|
|
|
read(fd, value.data(), valueLenght);
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
props.insert({key, value});
|
|
|
|
|
}
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-23 01:08:47 +08:00
|
|
|
long size;
|
|
|
|
|
read(fd, &size, sizeof(size));
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-23 01:08:47 +08:00
|
|
|
char buffer[size];
|
|
|
|
|
read(fd, buffer, size);
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-23 01:08:47 +08:00
|
|
|
close(fd);
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-23 01:08:47 +08:00
|
|
|
moduleDex.insert(moduleDex.end(), buffer, buffer + size);
|
2023-11-23 07:07:43 +08:00
|
|
|
|
|
|
|
|
LOGD("Received from socket %d props!", static_cast<int>(props.size()));
|
|
|
|
|
|
|
|
|
|
for (const auto &item: props) {
|
|
|
|
|
if (item.first == "SECURITY_PATCH") {
|
|
|
|
|
SECURITY_PATCH = item.second;
|
|
|
|
|
} else if (item.first == "FIRST_API_LEVEL") {
|
|
|
|
|
FIRST_API_LEVEL = item.second;
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-11-20 07:42:21 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void postAppSpecialize(const zygisk::AppSpecializeArgs *args) override {
|
|
|
|
|
if (!isGmsUnstable) return;
|
2023-11-22 01:25:33 +08:00
|
|
|
|
2023-11-23 01:08:47 +08:00
|
|
|
doHook();
|
2023-11-22 01:25:33 +08:00
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
inject();
|
2023-11-22 07:32:52 +08:00
|
|
|
|
|
|
|
|
LOGD("clean");
|
|
|
|
|
moduleDex.clear();
|
|
|
|
|
moduleDex.shrink_to_fit();
|
2023-11-23 07:07:43 +08:00
|
|
|
props.clear();
|
2023-11-20 07:42:21 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void preServerSpecialize(zygisk::ServerSpecializeArgs *args) override {
|
|
|
|
|
api->setOption(zygisk::DLCLOSE_MODULE_LIBRARY);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
zygisk::Api *api = nullptr;
|
|
|
|
|
JNIEnv *env = nullptr;
|
|
|
|
|
bool isGmsUnstable = false;
|
2023-11-23 07:07:43 +08:00
|
|
|
std::map<std::string, std::string> props;
|
2023-11-20 07:42:21 +08:00
|
|
|
std::vector<char> moduleDex;
|
|
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
void inject() {
|
|
|
|
|
if (moduleDex.empty()) {
|
|
|
|
|
LOGD("Dex not loaded in memory");
|
2023-11-23 01:08:47 +08:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
if (props.empty()) {
|
|
|
|
|
LOGD("No props loaded in memory");
|
2023-11-23 01:08:47 +08:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-22 01:25:33 +08:00
|
|
|
LOGD("Preparing to inject %d bytes to the process", static_cast<int>(moduleDex.size()));
|
|
|
|
|
|
2023-11-20 07:42:21 +08:00
|
|
|
LOGD("get system classloader");
|
|
|
|
|
auto clClass = env->FindClass("java/lang/ClassLoader");
|
|
|
|
|
auto getSystemClassLoader = env->GetStaticMethodID(clClass, "getSystemClassLoader",
|
|
|
|
|
"()Ljava/lang/ClassLoader;");
|
|
|
|
|
auto systemClassLoader = env->CallStaticObjectMethod(clClass, getSystemClassLoader);
|
|
|
|
|
|
|
|
|
|
LOGD("create buffer");
|
|
|
|
|
auto buf = env->NewDirectByteBuffer(moduleDex.data(), static_cast<jlong>(moduleDex.size()));
|
|
|
|
|
LOGD("create class loader");
|
|
|
|
|
auto dexClClass = env->FindClass("dalvik/system/InMemoryDexClassLoader");
|
|
|
|
|
auto dexClInit = env->GetMethodID(dexClClass, "<init>",
|
|
|
|
|
"(Ljava/nio/ByteBuffer;Ljava/lang/ClassLoader;)V");
|
|
|
|
|
auto dexCl = env->NewObject(dexClClass, dexClInit, buf, systemClassLoader);
|
|
|
|
|
|
|
|
|
|
LOGD("load class");
|
|
|
|
|
auto loadClass = env->GetMethodID(clClass, "loadClass",
|
|
|
|
|
"(Ljava/lang/String;)Ljava/lang/Class;");
|
|
|
|
|
auto entryClassName = env->NewStringUTF("es.chiteroman.playintegrityfix.EntryPoint");
|
|
|
|
|
auto entryClassObj = env->CallObjectMethod(dexCl, loadClass, entryClassName);
|
|
|
|
|
|
|
|
|
|
auto entryClass = (jclass) entryClassObj;
|
2023-11-23 07:07:43 +08:00
|
|
|
|
|
|
|
|
LOGD("call add prop");
|
|
|
|
|
auto addProp = env->GetStaticMethodID(entryClass, "addProp",
|
|
|
|
|
"(Ljava/lang/String;Ljava/lang/String;)V");
|
|
|
|
|
for (const auto &item: props) {
|
|
|
|
|
auto key = env->NewStringUTF(item.first.c_str());
|
|
|
|
|
auto value = env->NewStringUTF(item.second.c_str());
|
|
|
|
|
env->CallStaticVoidMethod(entryClass, addProp, key, value);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
LOGD("call init");
|
2023-11-20 07:42:21 +08:00
|
|
|
auto entryInit = env->GetStaticMethodID(entryClass, "init", "()V");
|
|
|
|
|
env->CallStaticVoidMethod(entryClass, entryInit);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
static void parsePropsFile(int fd) {
|
|
|
|
|
LOGD("Proceed to parse '%s' file", PROP_FILE_PATH);
|
|
|
|
|
|
|
|
|
|
std::map<std::string, std::string> props;
|
|
|
|
|
|
|
|
|
|
FILE *file = fopen(PROP_FILE_PATH, "r");
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
char line[256];
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
while (fgets(line, sizeof(line), file)) {
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
std::string key, value;
|
|
|
|
|
|
|
|
|
|
char *data = strtok(line, "=");
|
|
|
|
|
|
|
|
|
|
while (data) {
|
|
|
|
|
if (key.empty()) {
|
|
|
|
|
key = data;
|
|
|
|
|
} else {
|
|
|
|
|
value = data;
|
|
|
|
|
}
|
|
|
|
|
data = strtok(nullptr, "=");
|
|
|
|
|
}
|
2023-11-22 07:32:52 +08:00
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
key.erase(std::remove_if(key.begin(), key.end(),
|
|
|
|
|
[](unsigned char x) { return std::isspace(x); }), key.end());
|
|
|
|
|
value.erase(std::remove(value.begin(), value.end(), '\n'), value.cend());
|
|
|
|
|
|
|
|
|
|
props.insert({key, value});
|
|
|
|
|
|
|
|
|
|
key.clear();
|
|
|
|
|
key.shrink_to_fit();
|
|
|
|
|
|
|
|
|
|
value.clear();
|
|
|
|
|
value.shrink_to_fit();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fclose(file);
|
|
|
|
|
|
|
|
|
|
int mapSize = static_cast<int>(props.size());
|
|
|
|
|
|
|
|
|
|
write(fd, &mapSize, sizeof(mapSize));
|
|
|
|
|
|
|
|
|
|
for (const auto &item: props) {
|
|
|
|
|
int keyLenght = static_cast<int>(item.first.size());
|
|
|
|
|
int valueLenght = static_cast<int>(item.second.size());
|
|
|
|
|
|
|
|
|
|
write(fd, &keyLenght, sizeof(keyLenght));
|
|
|
|
|
write(fd, &valueLenght, sizeof(valueLenght));
|
|
|
|
|
|
|
|
|
|
write(fd, item.first.data(), keyLenght);
|
|
|
|
|
write(fd, item.second.data(), valueLenght);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
props.clear();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void companion(int fd) {
|
|
|
|
|
parsePropsFile(fd);
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-22 07:32:52 +08:00
|
|
|
FILE *dex = fopen(DEX_FILE_PATH, "rb");
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-22 07:32:52 +08:00
|
|
|
fseek(dex, 0, SEEK_END);
|
|
|
|
|
long size = ftell(dex);
|
|
|
|
|
fseek(dex, 0, SEEK_SET);
|
2023-11-20 07:42:21 +08:00
|
|
|
|
|
|
|
|
char buffer[size];
|
2023-11-22 07:32:52 +08:00
|
|
|
fread(buffer, 1, size, dex);
|
|
|
|
|
|
|
|
|
|
fclose(dex);
|
2023-11-22 01:25:33 +08:00
|
|
|
|
2023-11-22 07:32:52 +08:00
|
|
|
buffer[size] = '\0';
|
2023-11-20 07:42:21 +08:00
|
|
|
|
|
|
|
|
write(fd, &size, sizeof(size));
|
|
|
|
|
write(fd, buffer, size);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
REGISTER_ZYGISK_MODULE(PlayIntegrityFix)
|
|
|
|
|
|
|
|
|
|
REGISTER_ZYGISK_COMPANION(companion)
|
