use zygisk to spoof Build vars

2025-09-06 06:37:07 +00:00 · 2024-07-13 14:30:31 +08:00
parent bc7b75999c
commit 2b18146164
4 changed files with 491 additions and 0 deletions
--- a/module/src/main/cpp/zygisk/main.cpp
+++ b/module/src/main/cpp/zygisk/main.cpp
@@ -0,0 +1,62 @@
+#include <cstdlib>
+#include <unistd.h>
+#include <fcntl.h>
+#include <android/log.h>
+#include <string_view>
+
+#include "logging.hpp"
+#include "zygisk.hpp"
+
+using zygisk::Api;
+using zygisk::AppSpecializeArgs;
+using zygisk::ServerSpecializeArgs;
+using namespace std::string_view_literals;
+
+class TrickyStore : public zygisk::ModuleBase {
+public:
+    void onLoad(Api *api, JNIEnv *env) override {
+        this->api_ = api;
+        this->env_ = env;
+    }
+
+    void preAppSpecialize(AppSpecializeArgs *args) override {
+        const char *process = env_->GetStringUTFChars(args->nice_name, nullptr);
+        if (process == "com.google.android.gms.unstable"sv) {
+            LOGI("spoofing build vars in %s!", process);
+            auto buildClass = env_->FindClass("android/os/Build");
+            auto buildVersionClass = env_->FindClass("android/os/Build$VERSION");
+
+#define SET_FIELD(CLAZZ, FIELD, VALUE) ({ \
+            auto id = env_->GetStaticFieldID(CLAZZ, FIELD, "Ljava/lang/String;"); \
+            env_->SetStaticObjectField(buildClass, id, env_->NewStringUTF(VALUE)); })
+
+            SET_FIELD(buildClass, "MANUFACTURER", "Google");
+            SET_FIELD(buildClass, "MODEL", "Pixel");
+            SET_FIELD(buildClass, "FINGERPRINT",
+                            "google/sailfish/sailfish:8.1.0/OPM1.171019.011/4448085:user/release-keys");
+            SET_FIELD(buildClass, "BRAND", "google");
+            SET_FIELD(buildClass, "PRODUCT", "sailfish");
+            SET_FIELD(buildClass, "DEVICE", "sailfish");
+            SET_FIELD(buildVersionClass, "RELEASE", "8.1.0");
+            SET_FIELD(buildClass, "ID", "OPM1.171019.011");
+            SET_FIELD(buildVersionClass, "INCREMENTAL", "4448085");
+            SET_FIELD(buildVersionClass, "SECURITY_PATCH", "2017-12-05");
+            SET_FIELD(buildClass, "TYPE", "user");
+            SET_FIELD(buildClass, "TAGS", "release-keys");
+        }
+        env_->ReleaseStringUTFChars(args->nice_name, process);
+        api_->setOption(zygisk::DLCLOSE_MODULE_LIBRARY);
+    }
+
+    void preServerSpecialize(ServerSpecializeArgs *args) override {
+        api_->setOption(zygisk::DLCLOSE_MODULE_LIBRARY);
+    }
+
+private:
+    Api *api_;
+    JNIEnv *env_;
+};
+
+// Register our module class and the companion handler function
+REGISTER_ZYGISK_MODULE(TrickyStore)
+// REGISTER_ZYGISK_COMPANION(companion_handler)