br0kenpixel/PlayIntegrityFork
1
0
Fork 0
mirror of https://github.com/osm0sis/PlayIntegrityFork.git synced 2025-09-06 06:37:06 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

Harcode classes.dex into shared libs, strip their size and more improvements

Browse Source
This commit is contained in:
chiteroman
2023-11-10 17:17:42 +01:00
parent c755de9191
commit 2fbdb4dd61
6 changed files with 1417 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1313
app/src/main/cpp/classes_hex.h Normal file
View File

File diff suppressed because it is too large Load Diff

125
app/src/main/cpp/main.cpp
View File

@@ -1,58 +1,45 @@
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <android/log.h>
#include <sys/system_properties.h>
#include <vector>
#include <string>
#include <map>
#include <fstream>
#include "zygisk.hpp"
#include "dobby.h"
#include "classes_hex.h"
#define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, "PIF/Native", __VA_ARGS__)
inline static const std::map<std::string, std::string> PROPS_MAP = {
{"ro.product.first_api_level", "24"},
{"ro.secure", "1"},
{"ro.debuggable", "0"},
{"sys.usb.state", "none"},
{"ro.boot.verifiedbootstate", "green"},
{"ro.boot.flash.locked", "1"},
{"ro.boot.vbmeta.device_state", "locked"}
};
typedef void (*T_Callback)(void *, const char *, const char *, uint32_t);
static std::map<void *, T_Callback> map;
static void (*o_callback)(void *, const char *, const char *, uint32_t);
static void modify_callback(void *cookie, const char *name, const char *value, uint32_t serial) {
if (name != nullptr) {
std::string prop(name);
if (o_callback == nullptr) return;
if (PROPS_MAP.contains(prop)) value = PROPS_MAP.at(prop).c_str();
if (cookie != nullptr && name != nullptr && value != nullptr) {
if (!prop.starts_with("cache")) LOGD("[%s] -> %s", name, value);
if (strcmp(name, "ro.product.first_api_level") == 0) value = "25";
else if (strcmp(name, "ro.build.version.security_patch") == 0) value = "2018-01-05";
prop.clear();
prop.shrink_to_fit();
if (strncmp(name, "cache", 5) != 0) LOGD("[%s] -> %s", name, value);
}
return map[cookie](cookie, name, value, serial);
return o_callback(cookie, name, value, serial);
}
static void (*o_system_property_read_callback)(const prop_info *,
T_Callback,
void (*)(void *, const char *, const char *,
uint32_t),
void *);
static void my_system_property_read_callback(const prop_info *pi,
T_Callback callback,
void (*callback)(void *, const char *, const char *,
uint32_t),
void *cookie) {
if (pi == nullptr || callback == nullptr || cookie == nullptr) {
return o_system_property_read_callback(pi, callback, cookie);
}
map[cookie] = callback;
o_callback = callback;
return o_system_property_read_callback(pi, modify_callback, cookie);
}
@@ -63,10 +50,10 @@ static void doHook() {
if (handle == nullptr) {
LOGD("Couldn't get __system_property_read_callback handle.");
return;
} else {
LOGD("Got __system_property_read_callback handle and hooked it at %p", handle);
}
LOGD("Got __system_property_read_callback handle and hooked it at %p", handle);
DobbyHook(handle, (void *) my_system_property_read_callback,
(void **) &o_system_property_read_callback);
}
@@ -79,42 +66,16 @@ public:
}
void preAppSpecialize(zygisk::AppSpecializeArgs *args) override {
auto rawProcess = env->GetStringUTFChars(args->nice_name, nullptr);
std::string process(rawProcess);
env->ReleaseStringUTFChars(args->nice_name, rawProcess);
bool isGms = false;
if (process.starts_with("com.google.android.gms")) {
api->setOption(zygisk::FORCE_DENYLIST_UNMOUNT);
if (process == "com.google.android.gms.unstable") {
isGmsUnstable = true;
int fd = api->connectCompanion();
long size;
read(fd, &size, sizeof(size));
if (size > 0) {
LOGD("Received %ld bytes from socket", size);
char buffer[size];
read(fd, buffer, size);
buffer[size] = 0;
moduleDex.insert(moduleDex.end(), buffer, buffer + size);
} else {
LOGD("Received invalid bytes from socket. Does classes.dex file exist?");
}
close(fd);
}
auto process = env->GetStringUTFChars(args->nice_name, nullptr);
if (process != nullptr) {
isGms = strncmp(process, "com.google.android.gms", 22) == 0;
isGmsUnstable = strcmp(process, "com.google.android.gms.unstable") == 0;
}
env->ReleaseStringUTFChars(args->nice_name, process);
process.clear();
process.shrink_to_fit();
if (isGms) api->setOption(zygisk::FORCE_DENYLIST_UNMOUNT);
if (!isGmsUnstable) api->setOption(zygisk::DLCLOSE_MODULE_LIBRARY);
}
@@ -123,8 +84,7 @@ public:
if (!isGmsUnstable) return;
doHook();
if (!moduleDex.empty()) injectDex();
injectDex();
}
void preServerSpecialize(zygisk::ServerSpecializeArgs *args) override {
@@ -135,7 +95,6 @@ private:
zygisk::Api *api = nullptr;
JNIEnv *env = nullptr;
bool isGmsUnstable = false;
std::vector<char> moduleDex;
void injectDex() {
LOGD("get system classloader");
@@ -145,7 +104,7 @@ private:
auto systemClassLoader = env->CallStaticObjectMethod(clClass, getSystemClassLoader);
LOGD("create buffer");
auto buf = env->NewDirectByteBuffer(moduleDex.data(), static_cast<jlong>(moduleDex.size()));
auto buf = env->NewDirectByteBuffer(classes_dex, classes_dex_len);
LOGD("create class loader");
auto dexClClass = env->FindClass("dalvik/system/InMemoryDexClassLoader");
auto dexClInit = env->GetMethodID(dexClClass, "<init>",
@@ -164,8 +123,6 @@ private:
env->CallStaticVoidMethod(entryClass, entryInit);
LOGD("clean");
moduleDex.clear();
moduleDex.shrink_to_fit();
env->DeleteLocalRef(clClass);
env->DeleteLocalRef(systemClassLoader);
env->DeleteLocalRef(buf);
@@ -177,32 +134,4 @@ private:
}
};
static void companion(int fd) {
std::ifstream ifs("/data/adb/modules/playintegrityfix/classes.dex",
std::ios::binary | std::ios::ate);
if (ifs.bad()) {
long i = -1;
write(fd, &i, sizeof(i));
close(fd);
return;
}
long size = ifs.tellg();
ifs.seekg(std::ios::beg);
char buffer[size];
ifs.read(buffer, size);
buffer[size] = 0;
ifs.close();
write(fd, &size, sizeof(size));
write(fd, buffer, size);
close(fd);
}
REGISTER_ZYGISK_MODULE(PlayIntegrityFix)
REGISTER_ZYGISK_COMPANION(companion)
REGISTER_ZYGISK_MODULE(PlayIntegrityFix)

71
app/src/main/java/es/chiteroman/playintegrityfix/EntryPoint.java
View File

@@ -3,23 +3,41 @@ package es.chiteroman.playintegrityfix;
import android.os.Build;
import android.util.Log;
import org.lsposed.hiddenapibypass.HiddenApiBypass;
import java.lang.reflect.Field;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.Provider;
import java.security.Security;
import java.util.List;
public class EntryPoint {
private static List<Field> fields;
static {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
try {
fields = HiddenApiBypass.getStaticFields(Class.forName("android.os.Build"));
LOG("Fields added in list: " + fields.size());
} catch (ClassNotFoundException e) {
throw new RuntimeException(e);
}
}
}
public static void init() {
spoofDevice();
spoofProvider();
}
private static void spoofProvider() {
final String KEYSTORE = "AndroidKeyStore";
try {
Provider provider = Security.getProvider("AndroidKeyStore");
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
Provider provider = Security.getProvider(KEYSTORE);
KeyStore keyStore = KeyStore.getInstance(KEYSTORE);
Field f = keyStore.getClass().getDeclaredField("keyStoreSpi");
f.setAccessible(true);
@@ -27,7 +45,7 @@ public class EntryPoint {
f.setAccessible(false);
CustomProvider customProvider = new CustomProvider(provider);
Security.removeProvider("AndroidKeyStore");
Security.removeProvider(KEYSTORE);
Security.insertProviderAt(customProvider, 1);
LOG("Spoof KeyStoreSpi and Provider done!");
@@ -42,30 +60,43 @@ public class EntryPoint {
}
public static void spoofDevice() {
setProp("PRODUCT", "WW_Phone");
setProp("PRODUCT_FOR_ATTESTATION", "WW_Phone");
final String PRODUCT = "WW_Phone";
final String DEVICE = "ASUS_X00HD_4";
final String MANUFACTURER = "Asus";
final String BRAND = "Asus";
final String MODEL = "ASUS_X00HD";
final String FINGERPRINT = "asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1801.372-20180119:user/release-keys";
setProp("DEVICE", "ASUS_X00HD_4");
setProp("DEVICE_FOR_ATTESTATION", "ASUS_X00HD_4");
setProp("PRODUCT", PRODUCT);
setProp("DEVICE", DEVICE);
setProp("MANUFACTURER", MANUFACTURER);
setProp("BRAND", BRAND);
setProp("MODEL", MODEL);
setProp("MANUFACTURER", "Asus");
setProp("MANUFACTURER_FOR_ATTESTATION", "Asus");
setProp("PRODUCT_FOR_ATTESTATION", PRODUCT);
setProp("DEVICE_FOR_ATTESTATION", DEVICE);
setProp("MANUFACTURER_FOR_ATTESTATION", MANUFACTURER);
setProp("BRAND_FOR_ATTESTATION", BRAND);
setProp("MODEL_FOR_ATTESTATION", MODEL);
setProp("BRAND", "Asus");
setProp("BRAND_FOR_ATTESTATION", "Asus");
setProp("MODEL", "ASUS_X00HD");
setProp("MODEL_FOR_ATTESTATION", "ASUS_X00HD");
setProp("FINGERPRINT", "asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1801.372-20180119:user/release-keys");
setProp("FINGERPRINT", FINGERPRINT);
}
private static void setProp(String name, String value) {
try {
Field f = Build.class.getDeclaredField(name);
f.setAccessible(true);
f.set(null, value);
f.setAccessible(false);
Field field = null;
if (fields != null && !fields.isEmpty()) {
for (Field f : fields) {
if (f.getName().equals(name)) {
field = f;
break;
}
}
}
if (field == null) field = Build.class.getDeclaredField(name);
field.setAccessible(true);
field.set(null, value);
field.setAccessible(false);
LOG(String.format("Modified field '%s' with value '%s'", name, value));
} catch (NoSuchFieldException e) {
LOG(String.format("Couldn't find '%s' field name.", name));