2023-11-20 07:42:21 +08:00
|
|
|
#include <android/log.h>
|
|
|
|
|
#include <sys/system_properties.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
#include <string>
|
|
|
|
|
#include <vector>
|
2023-11-22 07:32:52 +08:00
|
|
|
#include <map>
|
2023-11-24 08:57:17 +08:00
|
|
|
#include <filesystem>
|
2023-11-20 07:42:21 +08:00
|
|
|
|
|
|
|
|
#include "zygisk.hpp"
|
2023-11-24 03:14:58 +08:00
|
|
|
#include "shadowhook.h"
|
2023-11-20 07:42:21 +08:00
|
|
|
|
|
|
|
|
#define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, "PIF/Native", __VA_ARGS__)
|
|
|
|
|
|
|
|
|
|
#define DEX_FILE_PATH "/data/adb/modules/playintegrityfix/classes.dex"
|
|
|
|
|
|
2023-11-22 07:32:52 +08:00
|
|
|
#define PROP_FILE_PATH "/data/adb/modules/playintegrityfix/pif.prop"
|
|
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
#define DEFAULT_SECURITY_PATCH "2017-08-05"
|
|
|
|
|
|
|
|
|
|
#define DEFAULT_FIRST_API_LEVEL "23"
|
|
|
|
|
|
2023-11-24 03:14:58 +08:00
|
|
|
static std::string SECURITY_PATCH, FIRST_API_LEVEL;
|
|
|
|
|
|
2023-11-20 07:42:21 +08:00
|
|
|
typedef void (*T_Callback)(void *, const char *, const char *, uint32_t);
|
|
|
|
|
|
2023-11-24 03:14:58 +08:00
|
|
|
static T_Callback o_callback = nullptr;
|
2023-11-20 07:42:21 +08:00
|
|
|
|
|
|
|
|
static void modify_callback(void *cookie, const char *name, const char *value, uint32_t serial) {
|
|
|
|
|
|
2023-11-24 03:14:58 +08:00
|
|
|
if (cookie == nullptr || name == nullptr || value == nullptr || o_callback == nullptr) return;
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
std::string prop(name);
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-23 01:08:47 +08:00
|
|
|
if (prop.ends_with("api_level")) {
|
2023-11-23 07:07:43 +08:00
|
|
|
if (FIRST_API_LEVEL.empty()) {
|
2023-11-23 01:08:47 +08:00
|
|
|
value = nullptr;
|
|
|
|
|
} else {
|
2023-11-23 07:07:43 +08:00
|
|
|
value = FIRST_API_LEVEL.c_str();
|
2023-11-23 01:08:47 +08:00
|
|
|
}
|
|
|
|
|
} else if (prop.ends_with("security_patch")) {
|
|
|
|
|
if (SECURITY_PATCH.empty()) {
|
|
|
|
|
value = nullptr;
|
|
|
|
|
} else {
|
|
|
|
|
value = SECURITY_PATCH.c_str();
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-22 01:25:33 +08:00
|
|
|
if (!prop.starts_with("cache") && !prop.starts_with("debug")) LOGD("[%s] -> %s", name, value);
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-24 03:14:58 +08:00
|
|
|
return o_callback(cookie, name, value, serial);
|
2023-11-20 07:42:21 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void (*o_system_property_read_callback)(const prop_info *, T_Callback, void *);
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
my_system_property_read_callback(const prop_info *pi, T_Callback callback, void *cookie) {
|
|
|
|
|
if (pi == nullptr || callback == nullptr || cookie == nullptr) {
|
|
|
|
|
return o_system_property_read_callback(pi, callback, cookie);
|
|
|
|
|
}
|
2023-11-24 03:14:58 +08:00
|
|
|
o_callback = callback;
|
2023-11-20 07:42:21 +08:00
|
|
|
return o_system_property_read_callback(pi, modify_callback, cookie);
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
static void doHook() {
|
2023-11-24 08:57:17 +08:00
|
|
|
shadowhook_init(SHADOWHOOK_MODE_UNIQUE, false);
|
2023-11-24 03:14:58 +08:00
|
|
|
void *handle = shadowhook_hook_sym_name(
|
|
|
|
|
"libc.so",
|
|
|
|
|
"__system_property_read_callback",
|
|
|
|
|
(void *) my_system_property_read_callback,
|
|
|
|
|
(void **) &o_system_property_read_callback
|
|
|
|
|
);
|
2023-11-23 07:07:43 +08:00
|
|
|
if (handle == nullptr) {
|
|
|
|
|
LOGD("Couldn't find '__system_property_read_callback' handle. Report to @chiteroman");
|
|
|
|
|
return;
|
2023-11-22 07:32:52 +08:00
|
|
|
}
|
2023-11-23 07:07:43 +08:00
|
|
|
LOGD("Found '__system_property_read_callback' handle at %p", handle);
|
2023-11-22 07:32:52 +08:00
|
|
|
}
|
|
|
|
|
|
2023-11-20 07:42:21 +08:00
|
|
|
class PlayIntegrityFix : public zygisk::ModuleBase {
|
|
|
|
|
public:
|
|
|
|
|
void onLoad(zygisk::Api *api, JNIEnv *env) override {
|
|
|
|
|
this->api = api;
|
|
|
|
|
this->env = env;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void preAppSpecialize(zygisk::AppSpecializeArgs *args) override {
|
|
|
|
|
auto rawProcess = env->GetStringUTFChars(args->nice_name, nullptr);
|
2023-11-24 08:57:17 +08:00
|
|
|
std::string process(rawProcess);
|
2023-11-20 07:42:21 +08:00
|
|
|
env->ReleaseStringUTFChars(args->nice_name, rawProcess);
|
|
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
if (process.starts_with("com.google.android.gms")) {
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
api->setOption(zygisk::FORCE_DENYLIST_UNMOUNT);
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
if (process == "com.google.android.gms.unstable") {
|
2023-11-22 01:25:33 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
isGmsUnstable = true;
|
2023-11-24 03:14:58 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
auto rawDir = env->GetStringUTFChars(args->app_data_dir, nullptr);
|
|
|
|
|
dir = std::string(rawDir);
|
|
|
|
|
env->ReleaseStringUTFChars(args->app_data_dir, rawDir);
|
2023-11-24 03:14:58 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
auto fd = api->connectCompanion();
|
2023-11-24 03:14:58 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
write(fd, dir.data(), dir.size());
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
int temp;
|
|
|
|
|
read(fd, &temp, sizeof(temp));
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
close(fd);
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
return;
|
2023-11-23 07:07:43 +08:00
|
|
|
}
|
|
|
|
|
}
|
2023-11-24 03:14:58 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
api->setOption(zygisk::DLCLOSE_MODULE_LIBRARY);
|
2023-11-20 07:42:21 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void postAppSpecialize(const zygisk::AppSpecializeArgs *args) override {
|
|
|
|
|
if (!isGmsUnstable) return;
|
2023-11-22 01:25:33 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
readDexFile();
|
|
|
|
|
|
|
|
|
|
readPropsFile();
|
|
|
|
|
|
2023-11-23 01:08:47 +08:00
|
|
|
doHook();
|
2023-11-22 01:25:33 +08:00
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
inject();
|
2023-11-22 07:32:52 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
clean();
|
2023-11-20 07:42:21 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void preServerSpecialize(zygisk::ServerSpecializeArgs *args) override {
|
|
|
|
|
api->setOption(zygisk::DLCLOSE_MODULE_LIBRARY);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
zygisk::Api *api = nullptr;
|
|
|
|
|
JNIEnv *env = nullptr;
|
|
|
|
|
bool isGmsUnstable = false;
|
2023-11-24 08:57:17 +08:00
|
|
|
std::string dir;
|
2023-11-20 07:42:21 +08:00
|
|
|
std::vector<char> moduleDex;
|
2023-11-24 08:57:17 +08:00
|
|
|
std::map<std::string, std::string> props;
|
|
|
|
|
|
|
|
|
|
void clean() {
|
|
|
|
|
dir.clear();
|
|
|
|
|
moduleDex.clear();
|
|
|
|
|
props.clear();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void readPropsFile() {
|
|
|
|
|
std::string f = dir + "/pif.prop";
|
|
|
|
|
|
|
|
|
|
FILE *file = fopen(f.c_str(), "r");
|
|
|
|
|
|
|
|
|
|
if (file == nullptr) {
|
|
|
|
|
SECURITY_PATCH = DEFAULT_SECURITY_PATCH;
|
|
|
|
|
FIRST_API_LEVEL = DEFAULT_FIRST_API_LEVEL;
|
|
|
|
|
LOGD("File pif.prop doesn't exist, using default values");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
char buffer[256];
|
|
|
|
|
while (fgets(buffer, sizeof(buffer), file)) {
|
|
|
|
|
|
|
|
|
|
char *rawKey = strtok(buffer, "=");
|
|
|
|
|
char *rawValue = strtok(nullptr, "=");
|
|
|
|
|
|
|
|
|
|
if (rawKey == nullptr) continue;
|
|
|
|
|
|
|
|
|
|
std::string key(rawKey);
|
|
|
|
|
std::string value(rawValue);
|
|
|
|
|
|
|
|
|
|
key.erase(std::remove_if(key.begin(), key.end(), [](unsigned char x) {
|
|
|
|
|
return std::isspace(x);
|
|
|
|
|
}), key.end());
|
|
|
|
|
|
|
|
|
|
value.erase(std::remove(value.begin(), value.end(), '\n'), value.end());
|
|
|
|
|
|
|
|
|
|
props[key] = value;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fclose(file);
|
|
|
|
|
|
|
|
|
|
std::filesystem::remove(f);
|
|
|
|
|
|
|
|
|
|
LOGD("Read %d props from file!", static_cast<int>(props.size()));
|
|
|
|
|
|
|
|
|
|
SECURITY_PATCH = props["SECURITY_PATCH"];
|
|
|
|
|
FIRST_API_LEVEL = props["FIRST_API_LEVEL"];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void readDexFile() {
|
|
|
|
|
std::string f = dir + "/classes.dex";
|
|
|
|
|
|
|
|
|
|
FILE *file = fopen(f.c_str(), "rb");
|
|
|
|
|
|
|
|
|
|
if (file == nullptr) {
|
|
|
|
|
LOGD("File classes.dex doesn't exist. This is weird... Report to @chiteroman");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fseek(file, 0, SEEK_END);
|
|
|
|
|
long size = ftell(file);
|
|
|
|
|
fseek(file, 0, SEEK_SET);
|
|
|
|
|
|
|
|
|
|
char buffer[size];
|
|
|
|
|
fread(buffer, 1, size, file);
|
|
|
|
|
|
|
|
|
|
fclose(file);
|
|
|
|
|
|
|
|
|
|
std::filesystem::remove(f);
|
|
|
|
|
|
|
|
|
|
moduleDex.insert(moduleDex.end(), buffer, buffer + size);
|
|
|
|
|
}
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-23 07:07:43 +08:00
|
|
|
void inject() {
|
|
|
|
|
if (moduleDex.empty()) {
|
2023-11-24 08:57:17 +08:00
|
|
|
LOGD("ERROR! Dex in memory is empty!");
|
2023-11-23 01:08:47 +08:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-22 01:25:33 +08:00
|
|
|
LOGD("Preparing to inject %d bytes to the process", static_cast<int>(moduleDex.size()));
|
|
|
|
|
|
2023-11-20 07:42:21 +08:00
|
|
|
LOGD("get system classloader");
|
|
|
|
|
auto clClass = env->FindClass("java/lang/ClassLoader");
|
|
|
|
|
auto getSystemClassLoader = env->GetStaticMethodID(clClass, "getSystemClassLoader",
|
|
|
|
|
"()Ljava/lang/ClassLoader;");
|
|
|
|
|
auto systemClassLoader = env->CallStaticObjectMethod(clClass, getSystemClassLoader);
|
|
|
|
|
|
|
|
|
|
LOGD("create buffer");
|
|
|
|
|
auto buf = env->NewDirectByteBuffer(moduleDex.data(), static_cast<jlong>(moduleDex.size()));
|
|
|
|
|
LOGD("create class loader");
|
|
|
|
|
auto dexClClass = env->FindClass("dalvik/system/InMemoryDexClassLoader");
|
|
|
|
|
auto dexClInit = env->GetMethodID(dexClClass, "<init>",
|
|
|
|
|
"(Ljava/nio/ByteBuffer;Ljava/lang/ClassLoader;)V");
|
|
|
|
|
auto dexCl = env->NewObject(dexClClass, dexClInit, buf, systemClassLoader);
|
|
|
|
|
|
|
|
|
|
LOGD("load class");
|
|
|
|
|
auto loadClass = env->GetMethodID(clClass, "loadClass",
|
|
|
|
|
"(Ljava/lang/String;)Ljava/lang/Class;");
|
|
|
|
|
auto entryClassName = env->NewStringUTF("es.chiteroman.playintegrityfix.EntryPoint");
|
|
|
|
|
auto entryClassObj = env->CallObjectMethod(dexCl, loadClass, entryClassName);
|
|
|
|
|
|
|
|
|
|
auto entryClass = (jclass) entryClassObj;
|
2023-11-23 07:07:43 +08:00
|
|
|
|
2023-11-24 03:14:58 +08:00
|
|
|
if (!props.empty()) {
|
|
|
|
|
LOGD("call add prop");
|
|
|
|
|
auto addProp = env->GetStaticMethodID(entryClass, "addProp",
|
|
|
|
|
"(Ljava/lang/String;Ljava/lang/String;)V");
|
|
|
|
|
for (const auto &item: props) {
|
|
|
|
|
auto key = env->NewStringUTF(item.first.c_str());
|
|
|
|
|
auto value = env->NewStringUTF(item.second.c_str());
|
|
|
|
|
env->CallStaticVoidMethod(entryClass, addProp, key, value);
|
|
|
|
|
}
|
2023-11-23 07:07:43 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
LOGD("call init");
|
2023-11-20 07:42:21 +08:00
|
|
|
auto entryInit = env->GetStaticMethodID(entryClass, "init", "()V");
|
|
|
|
|
env->CallStaticVoidMethod(entryClass, entryInit);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2023-11-24 03:14:58 +08:00
|
|
|
static void companion(int fd) {
|
2023-11-24 08:57:17 +08:00
|
|
|
char buffer[256];
|
|
|
|
|
auto bytes = read(fd, buffer, sizeof(buffer));
|
2023-11-20 07:42:21 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
std::string file(buffer, bytes);
|
|
|
|
|
LOGD("[ROOT] Read file: %s", file.c_str());
|
2023-11-23 07:07:43 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
std::string dex = file + "/classes.dex";
|
|
|
|
|
std::string prop = file + "/pif.prop";
|
2023-11-23 07:07:43 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
if (std::filesystem::copy_file(DEX_FILE_PATH, dex,
|
|
|
|
|
std::filesystem::copy_options::overwrite_existing)) {
|
|
|
|
|
std::filesystem::permissions(dex, std::filesystem::perms::all);
|
2023-11-24 03:14:58 +08:00
|
|
|
}
|
2023-11-23 07:07:43 +08:00
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
if (std::filesystem::copy_file(PROP_FILE_PATH, prop,
|
|
|
|
|
std::filesystem::copy_options::overwrite_existing)) {
|
|
|
|
|
std::filesystem::permissions(prop, std::filesystem::perms::all);
|
2023-11-23 07:07:43 +08:00
|
|
|
}
|
|
|
|
|
|
2023-11-24 08:57:17 +08:00
|
|
|
int temp = 1;
|
|
|
|
|
write(fd, &temp, sizeof(temp));
|
2023-11-20 07:42:21 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
REGISTER_ZYGISK_MODULE(PlayIntegrityFix)
|
|
|
|
|
|
|
|
|
|
REGISTER_ZYGISK_COMPANION(companion)
|
