br0kenpixel/PlayIntegrityFork
1
0
Fork 0
mirror of https://github.com/osm0sis/PlayIntegrityFork.git synced 2025-09-06 06:37:06 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

Hook uname to spoof kernel release version string

Browse Source 
Co-authored-by: chiteroman <98092901+chiteroman@users.noreply.github.com>
This commit is contained in:
osm0sis
2024-01-28 22:32:16 -04:00
parent fc8e5108de
commit 7997954f74
1 changed files with 52 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
app/src/main/cpp/main.cpp
View File

@@ -1,10 +1,11 @@
#include <android/log.h> #include <android/log.h>
#include <sys/system_properties.h> #include <sys/system_properties.h>
#include <sys/utsname.h>
#include <unistd.h> #include <unistd.h>
#include "zygisk.hpp" #include "zygisk.hpp"
#include "dobby.h"
#include "json.hpp" #include "json.hpp"
#include "dobby.h"
#define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, "PIF/Native", __VA_ARGS__) #define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, "PIF/Native", __VA_ARGS__)
@@ -17,12 +18,13 @@ static int VERBOSE_LOGS = 0;
static std::map<std::string, std::string> jsonProps; static std::map<std::string, std::string> jsonProps;
static std::string unameRelease;
typedef void (*T_Callback)(void *, const char *, const char *, uint32_t); typedef void (*T_Callback)(void *, const char *, const char *, uint32_t);
static std::map<void *, T_Callback> callbacks; static std::map<void *, T_Callback> callbacks;
static void modify_callback(void *cookie, const char *name, const char *value, uint32_t serial) { static void modify_callback(void *cookie, const char *name, const char *value, uint32_t serial) {
if (cookie == nullptr || name == nullptr || value == nullptr || !callbacks.contains(cookie)) return; if (cookie == nullptr || name == nullptr || value == nullptr || !callbacks.contains(cookie)) return;
const char *oldValue = value; const char *oldValue = value;
@@ -50,7 +52,7 @@ static void modify_callback(void *cookie, const char *name, const char *value, u
} }
if (oldValue == value) { if (oldValue == value) {
if (VERBOSE_LOGS > 99) LOGD("[%s]: %s (unchanged)", name, value); if (VERBOSE_LOGS > 99) LOGD("[%s]: %s (unchanged)", name, oldValue);
} else { } else {
LOGD("[%s]: %s -> %s", name, oldValue, value); LOGD("[%s]: %s -> %s", name, oldValue, value);
} }
@@ -68,18 +70,46 @@ static void my_system_property_read_callback(const prop_info *pi, T_Callback cal
return o_system_property_read_callback(pi, modify_callback, cookie); return o_system_property_read_callback(pi, modify_callback, cookie);
} }
static void doHook() { static int (*o_uname_callback)(struct utsname *);
static int my_uname_callback(struct utsname *buf) {
auto ret = o_uname_callback(buf);
if (buf && ret == 0) {
const char *value = unameRelease.c_str();
const char *oldValue = buf->release;
if (unameRelease.empty() || oldValue == value) {
if (VERBOSE_LOGS > 2) LOGD("[uname_release]: %s (unchanged)", oldValue);
} else if (unameRelease.size() < SYS_NMLN) {
LOGD("[uname_release]: %s -> %s", oldValue, value);
strncpy(buf->release, value, unameRelease.size());
}
}
return ret;
}
static void doPropHook() {
void *handle = DobbySymbolResolver(nullptr, "__system_property_read_callback"); void *handle = DobbySymbolResolver(nullptr, "__system_property_read_callback");
if (handle == nullptr) { if (handle == nullptr) {
LOGD("Couldn't find '__system_property_read_callback' handle"); LOGD("Couldn't find '__system_property_read_callback' handle");
return; return;
} }
LOGD("Found '__system_property_read_callback' handle at %p", handle); LOGD("Found '__system_property_read_callback' handle at %p", handle);
DobbyHook( DobbyHook(handle, reinterpret_cast<dobby_dummy_func_t>(my_system_property_read_callback),
handle, reinterpret_cast<dobby_dummy_func_t *>(&o_system_property_read_callback));
reinterpret_cast<dobby_dummy_func_t>(my_system_property_read_callback), }
reinterpret_cast<dobby_dummy_func_t *>(&o_system_property_read_callback)
); static void doUnameHook() {
void *handle = DobbySymbolResolver(nullptr, "uname");
if (handle == nullptr) {
LOGD("Couldn't find 'uname' handle");
return;
}
LOGD("Found 'uname' handle at %p", handle);
DobbyHook(handle, reinterpret_cast<dobby_dummy_func_t>(my_uname_callback),
reinterpret_cast<dobby_dummy_func_t *>(&o_uname_callback));
} }
class PlayIntegrityFix : public zygisk::ModuleBase { class PlayIntegrityFix : public zygisk::ModuleBase {
@@ -168,7 +198,8 @@ public:
if (dexVector.empty() || json.empty()) return; if (dexVector.empty() || json.empty()) return;
readJson(); readJson();
doHook(); doPropHook();
doUnameHook();
inject(); inject();
dexVector.clear(); dexVector.clear();
@@ -199,6 +230,17 @@ private:
json.erase("VERBOSE_LOGS"); json.erase("VERBOSE_LOGS");
} }
// Parse kernel uname release string as a special case (neither field or property)
if (json.contains("uname_release")) {
if (VERBOSE_LOGS > 1) LOGD("Parsing uname_release");
if (!json["uname_release"].is_null() && json["uname_release"].is_string() && json["uname_release"] != "") {
unameRelease = json["uname_release"].get<std::string>();
} else {
LOGD("Error parsing uname_release!");
}
json.erase("uname_release");
}
std::vector<std::string> eraseKeys; std::vector<std::string> eraseKeys;
for (auto &jsonList: json.items()) { for (auto &jsonList: json.items()) {
if (VERBOSE_LOGS > 1) LOGD("Parsing %s", jsonList.key().c_str()); if (VERBOSE_LOGS > 1) LOGD("Parsing %s", jsonList.key().c_str());