diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d72ae92..3486e27 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,9 +9,7 @@ on: jobs: build: - runs-on: ubuntu-latest - steps: - name: Check out uses: actions/checkout@v4 @@ -19,23 +17,24 @@ jobs: submodules: "recursive" fetch-depth: 0 + - name: Setup Java + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: 21 + - name: Setup Gradle - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@v3 with: gradle-home-cache-cleanup: true - - name: Set up JDK 17 - uses: actions/setup-java@v4 + - name: Setup Android SDK + uses: android-actions/setup-android@v3 with: - distribution: 'temurin' - java-version: '17' - - - name: Grant execute permission for gradlew - run: chmod +x gradlew + packages: '' - name: Build with Gradle run: | - yes | $ANDROID_HOME/cmdline-tools/latest/bin/sdkmanager --licenses > /dev/null ./gradlew zipRelease ./gradlew zipDebug diff --git a/.gitmodules b/.gitmodules index a2aeccd..ccd2f91 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,6 @@ -[submodule "module/src/main/cpp/external/libcxx"] - path = module/src/main/cpp/external/libcxx - url = https://github.com/topjohnwu/libcxx [submodule "module/src/main/cpp/external/LSPlt"] path = module/src/main/cpp/external/LSPlt url = https://github.com/LSPosed/LSPlt +[submodule "module/src/main/cpp/external/glaze"] + path = module/src/main/cpp/external/glaze + url = https://github.com/stephenberry/glaze diff --git a/README.md b/README.md index f9eaeae..95e372a 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,28 @@ format: If you can not pass strong integrity, you can try to enable build vars spoofing by creating a file `/data/adb/tricky_store/spoof_build_vars`. +After doing that, TrickyStore will automatically generate an example config json +inside `/data/adb/tricky_store/spoof_build_vars` on next reboot. Then you can manually +edit your spoof config. + +Here is an example of spoof config: + +```json +{ + "manufacturer": "Google", + "model": "Pixel", + "fingerprint": "google/sailfish/sailfish:8.1.0/OPM1.171019.011/4448085:user/release-keys", + "brand": "google", + "product": "sailfish", + "device": "sailfish", + "release": "8.1.0", + "id": "OPM1.171019.011", + "incremental": "4448085", + "security_patch": "2017-12-05", + "type": "user", + "tags": "release-keys" +} +``` Zygisk (or Zygisk Next) is needed for this feature to work. ## Support TEE broken devices @@ -72,4 +94,5 @@ com.google.android.gms! - [FrameworkPatch](https://github.com/chiteroman/FrameworkPatch) - [BootloaderSpoofer](https://github.com/chiteroman/BootloaderSpoofer) - [KeystoreInjection](https://github.com/aviraxp/Zygisk-KeystoreInjection) -- [LSPosed](https://github.com/LSPosed/LSPosed) +- [LSPosed](https://github.com/LSPosed/LSPosed) +- [Glaze](https://github.com/stephenberry/glaze) diff --git a/build.gradle.kts b/build.gradle.kts index 3fb6ad2..96dbfba 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -33,12 +33,12 @@ val androidMinSdkVersion by extra(31) val androidTargetSdkVersion by extra(34) val androidCompileSdkVersion by extra(34) val androidBuildToolsVersion by extra("34.0.0") -val androidCompileNdkVersion by extra("27.0.11902837") +val androidCompileNdkVersion by extra("27.0.12077973") val androidSourceCompatibility by extra(JavaVersion.VERSION_17) val androidTargetCompatibility by extra(JavaVersion.VERSION_17) tasks.register("Delete", Delete::class) { - delete(rootProject.buildDir) + delete(layout.buildDirectory) } fun Project.configureBaseExtension() { @@ -72,6 +72,7 @@ fun Project.configureBaseExtension() { } lint { + checkReleaseBuilds = false abortOnError = true } diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index eddff0b..6c6d6be 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -1,5 +1,5 @@ [versions] -agp = "8.5.0" +agp = "8.5.1" bcpkix-jdk18on = "1.78.1" kotlin = "2.0.0" annotation = "1.8.0" @@ -7,8 +7,10 @@ annotation = "1.8.0" [libraries] annotation = { module = "androidx.annotation:annotation", version.ref = "annotation" } bcpkix-jdk18on = { module = "org.bouncycastle:bcpkix-jdk18on", version.ref = "bcpkix-jdk18on" } +cxx = { module = "org.lsposed.libcxx:libcxx", version = "27.0.12077973" } [plugins] agp-app = { id = "com.android.application", version.ref = "agp" } -jetbrains-kotlin-android = { id = "org.jetbrains.kotlin.android", version.ref = "kotlin" } android-library = { id = "com.android.library", version.ref = "agp" } +jetbrains-kotlin-android = { id = "org.jetbrains.kotlin.android", version.ref = "kotlin" } +lsplugin-cmaker = { id = "org.lsposed.lsplugin.cmaker", version = "1.2" } diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index e708b1c..e644113 100644 Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 91900bd..09523c0 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,7 @@ -#Sun Dec 31 12:28:57 CST 2023 distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip +networkTimeout=10000 +validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew index 4f906e0..1aa94a4 100755 --- a/gradlew +++ b/gradlew @@ -1,7 +1,7 @@ -#!/usr/bin/env sh +#!/bin/sh # -# Copyright 2015 the original author or authors. +# Copyright © 2015-2021 the original authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,67 +17,99 @@ # ############################################################################## -## -## Gradle start up script for UN*X -## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# ############################################################################## # Attempt to set APP_HOME + # Resolve links: $0 may be a link -PRG="$0" -# Need this for relative symlinks. -while [ -h "$PRG" ] ; do - ls=`ls -ld "$PRG"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '/.*' > /dev/null; then - PRG="$link" - else - PRG=`dirname "$PRG"`"/$link" - fi +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac done -SAVED="`pwd`" -cd "`dirname \"$PRG\"`/" >/dev/null -APP_HOME="`pwd -P`" -cd "$SAVED" >/dev/null -APP_NAME="Gradle" -APP_BASE_NAME=`basename "$0"` - -# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' +# This is normally unused +# shellcheck disable=SC2034 +APP_BASE_NAME=${0##*/} +# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036) +APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit # Use the maximum available, or set MAX_FD != -1 to use that value. -MAX_FD="maximum" +MAX_FD=maximum warn () { echo "$*" -} +} >&2 die () { echo echo "$*" echo exit 1 -} +} >&2 # OS specific support (must be 'true' or 'false'). cygwin=false msys=false darwin=false nonstop=false -case "`uname`" in - CYGWIN* ) - cygwin=true - ;; - Darwin* ) - darwin=true - ;; - MINGW* ) - msys=true - ;; - NONSTOP* ) - nonstop=true - ;; +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; esac CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar @@ -87,9 +119,9 @@ CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar if [ -n "$JAVA_HOME" ] ; then if [ -x "$JAVA_HOME/jre/sh/java" ] ; then # IBM's JDK on AIX uses strange locations for the executables - JAVACMD="$JAVA_HOME/jre/sh/java" + JAVACMD=$JAVA_HOME/jre/sh/java else - JAVACMD="$JAVA_HOME/bin/java" + JAVACMD=$JAVA_HOME/bin/java fi if [ ! -x "$JAVACMD" ] ; then die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME @@ -98,88 +130,120 @@ Please set the JAVA_HOME variable in your environment to match the location of your Java installation." fi else - JAVACMD="java" - which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + JAVACMD=java + if ! command -v java >/dev/null 2>&1 + then + die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. Please set the JAVA_HOME variable in your environment to match the location of your Java installation." + fi fi # Increase the maximum file descriptors if we can. -if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then - MAX_FD_LIMIT=`ulimit -H -n` - if [ $? -eq 0 ] ; then - if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then - MAX_FD="$MAX_FD_LIMIT" - fi - ulimit -n $MAX_FD - if [ $? -ne 0 ] ; then - warn "Could not set maximum file descriptor limit: $MAX_FD" - fi - else - warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" - fi -fi - -# For Darwin, add options to specify how the application appears in the dock -if $darwin; then - GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" -fi - -# For Cygwin or MSYS, switch paths to Windows format before running java -if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then - APP_HOME=`cygpath --path --mixed "$APP_HOME"` - CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` - - JAVACMD=`cygpath --unix "$JAVACMD"` - - # We build the pattern for arguments to be converted via cygpath - ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` - SEP="" - for dir in $ROOTDIRSRAW ; do - ROOTDIRS="$ROOTDIRS$SEP$dir" - SEP="|" - done - OURCYGPATTERN="(^($ROOTDIRS))" - # Add a user-defined pattern to the cygpath arguments - if [ "$GRADLE_CYGPATTERN" != "" ] ; then - OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" - fi - # Now convert the arguments - kludge to limit ourselves to /bin/sh - i=0 - for arg in "$@" ; do - CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` - CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option - - if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition - eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` - else - eval `echo args$i`="\"$arg\"" - fi - i=`expr $i + 1` - done - case $i in - 0) set -- ;; - 1) set -- "$args0" ;; - 2) set -- "$args0" "$args1" ;; - 3) set -- "$args0" "$args1" "$args2" ;; - 4) set -- "$args0" "$args1" "$args2" "$args3" ;; - 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; - 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; - 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; - 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; - 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC2039,SC3045 + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC2039,SC3045 + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" esac fi -# Escape application args -save () { - for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done - echo " " -} -APP_ARGS=`save "$@"` +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. -# Collect all arguments for the java command, following the shell quoting and substitution rules -eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + + # Now convert the arguments - kludge to limit ourselves to /bin/sh + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) + fi + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg + done +fi + + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Collect all arguments for the java command: +# * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments, +# and any embedded shellness will be escaped. +# * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be +# treated as '${Hostname}' itself on the command line. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Stop when "xargs" is not available. +if ! command -v xargs >/dev/null 2>&1 +then + die "xargs is not available" +fi + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# + +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat index ac1b06f..7101f8e 100644 --- a/gradlew.bat +++ b/gradlew.bat @@ -14,7 +14,7 @@ @rem limitations under the License. @rem -@if "%DEBUG%" == "" @echo off +@if "%DEBUG%"=="" @echo off @rem ########################################################################## @rem @rem Gradle startup script for Windows @@ -25,7 +25,8 @@ if "%OS%"=="Windows_NT" setlocal set DIRNAME=%~dp0 -if "%DIRNAME%" == "" set DIRNAME=. +if "%DIRNAME%"=="" set DIRNAME=. +@rem This is normally unused set APP_BASE_NAME=%~n0 set APP_HOME=%DIRNAME% @@ -40,13 +41,13 @@ if defined JAVA_HOME goto findJavaFromJavaHome set JAVA_EXE=java.exe %JAVA_EXE% -version >NUL 2>&1 -if "%ERRORLEVEL%" == "0" goto execute +if %ERRORLEVEL% equ 0 goto execute -echo. -echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. -echo. -echo Please set the JAVA_HOME variable in your environment to match the -echo location of your Java installation. +echo. 1>&2 +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2 +echo. 1>&2 +echo Please set the JAVA_HOME variable in your environment to match the 1>&2 +echo location of your Java installation. 1>&2 goto fail @@ -56,11 +57,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe if exist "%JAVA_EXE%" goto execute -echo. -echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% -echo. -echo Please set the JAVA_HOME variable in your environment to match the -echo location of your Java installation. +echo. 1>&2 +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2 +echo. 1>&2 +echo Please set the JAVA_HOME variable in your environment to match the 1>&2 +echo location of your Java installation. 1>&2 goto fail @@ -75,13 +76,15 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar :end @rem End local scope for the variables with windows NT shell -if "%ERRORLEVEL%"=="0" goto mainEnd +if %ERRORLEVEL% equ 0 goto mainEnd :fail rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of rem the _cmd.exe /c_ return code! -if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 -exit /b 1 +set EXIT_CODE=%ERRORLEVEL% +if %EXIT_CODE% equ 0 set EXIT_CODE=1 +if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE% +exit /b %EXIT_CODE% :mainEnd if "%OS%"=="Windows_NT" endlocal diff --git a/module/build.gradle.kts b/module/build.gradle.kts index bc84efa..5eef58f 100644 --- a/module/build.gradle.kts +++ b/module/build.gradle.kts @@ -5,6 +5,7 @@ import java.security.MessageDigest plugins { alias(libs.plugins.agp.app) + alias(libs.plugins.lsplugin.cmaker) } val moduleId: String by rootProject.extra @@ -16,9 +17,9 @@ val abiList: List by rootProject.extra val androidMinSdkVersion: Int by rootProject.extra val releaseFlags = arrayOf( - "-Oz", "-flto", + "-O3", "-flto", "-Wno-unused", "-Wno-unused-parameter", - "-Wl,--exclude-libs,ALL", "-Wl,--gc-sections", + "-Wl,--exclude-libs,ALL", "-Wl,-icf=all,--lto-O3", "-Wl,-s,-x,--gc-sections" ) android { @@ -26,31 +27,63 @@ android { ndk { abiFilters.addAll(abiList) } - externalNativeBuild { - cmake { - cppFlags("-std=c++20") - arguments( - "-DANDROID_STL=none", - "-DMODULE_NAME=$moduleId" - ) - } - } } + + buildFeatures { + prefab = true + } + externalNativeBuild { cmake { + version = "3.28.0+" path("src/main/cpp/CMakeLists.txt") } } +} + +cmaker { + default { + val cmakeArgs = arrayOf( + "-DANDROID_STL=none", + "-DMODULE_NAME=$moduleId", + ) + arguments += cmakeArgs + abiFilters("arm64-v8a", "x86_64") + } buildTypes { - release { - externalNativeBuild.cmake { - cFlags += releaseFlags + when (it.name) { + "release" -> { cppFlags += releaseFlags + cFlags += releaseFlags } } + val commonFlags = arrayOf( + // Silent noisy warnings + "-Wno-reorder-ctor", + "-Wno-overloaded-virtual", + "-Wno-unused-function", + "-Wno-unused-but-set-variable", + "-Wno-unused-private-field", + "-Wno-missing-braces", + "-Wno-delete-non-abstract-non-virtual-dtor", + "-Wno-unused-variable", + "-Wno-sometimes-uninitialized", + "-Wno-logical-op-parentheses", + "-Wno-shift-count-overflow", + "-Wno-deprecated-declarations", + "-Wno-infinite-recursion", + "-Wno-format", + "-Wno-deprecated-volatile", + ) + cppFlags += commonFlags + cFlags += commonFlags } } +dependencies { + compileOnly(libs.cxx) +} + androidComponents.onVariants { variant -> afterEvaluate { val variantLowered = variant.name.lowercase() diff --git a/module/src/main/cpp/CMakeLists.txt b/module/src/main/cpp/CMakeLists.txt index b6f703c..ff849c6 100644 --- a/module/src/main/cpp/CMakeLists.txt +++ b/module/src/main/cpp/CMakeLists.txt @@ -1,11 +1,20 @@ -cmake_minimum_required(VERSION 3.22.1) +cmake_minimum_required(VERSION 3.28) project(sample) +if (CCACHE) + set(CMAKE_CXX_COMPILER_LAUNCHER ${CCACHE}) + set(CMAKE_C_COMPILER_LAUNCHER ${CCACHE}) +endif () + +find_package(cxx REQUIRED CONFIG) +link_libraries(cxx::cxx) + +find_program(CCACHE ccache) + set(LINKER_FLAGS "-ffixed-x18 -Wl,--hash-style=both") -set(CXX_FLAGS "${CXX_FLAGS} -fno-exceptions -fno-rtti") - -set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${CXX_FLAGS}") +set(CMAKE_CXX_STANDARD 23) +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-exceptions -fno-rtti") set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${LINKER_FLAGS}") set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} ${LINKER_FLAGS}") @@ -14,31 +23,30 @@ add_library(elf_util STATIC elf_util/elf_util.cpp) add_library(my_logging STATIC logging/logging.cpp) add_subdirectory(external) -link_libraries(cxx) target_include_directories(my_logging PUBLIC logging/include) target_include_directories(elf_util PUBLIC elf_util/include) -target_link_libraries(my_logging cxx log) -target_link_libraries(elf_util cxx lsplt my_logging) +target_link_libraries(my_logging log) +target_link_libraries(elf_util lsplt my_logging) # libutils stub add_library(utils SHARED binder/stub_utils.cpp) +target_compile_options(utils PRIVATE -fvisibility=default -fno-visibility-inlines-hidden) target_include_directories(utils PUBLIC binder/include) # libbinder stub add_library(binder SHARED binder/stub_binder.cpp) target_include_directories(binder PUBLIC binder/include) -target_link_libraries(binder utils) +target_link_libraries(binder PRIVATE utils) add_executable(libinject.so inject/main.cpp inject/utils.cpp) -target_link_libraries(libinject.so lsplt my_logging) +target_link_libraries(libinject.so PRIVATE lsplt my_logging) target_compile_options(libinject.so PRIVATE -fvisibility=hidden -fvisibility-inlines-hidden) add_library(${MODULE_NAME} SHARED binder_interceptor.cpp) -target_link_libraries(${MODULE_NAME} log binder utils elf_util my_logging) +target_link_libraries(${MODULE_NAME} PRIVATE log binder utils elf_util my_logging) target_compile_options(${MODULE_NAME} PRIVATE -fvisibility=hidden -fvisibility-inlines-hidden) add_library(tszygisk SHARED zygisk/main.cpp) -target_link_libraries(tszygisk log my_logging) -target_compile_options(tszygisk PRIVATE -fvisibility=hidden -fvisibility-inlines-hidden) +target_link_libraries(tszygisk PRIVATE log my_logging glaze::glaze) diff --git a/module/src/main/cpp/external/CMakeLists.txt b/module/src/main/cpp/external/CMakeLists.txt index cd62f58..0cbf52d 100644 --- a/module/src/main/cpp/external/CMakeLists.txt +++ b/module/src/main/cpp/external/CMakeLists.txt @@ -6,101 +6,7 @@ set(SOURCES LSPlt/lsplt/src/main/jni/lsplt.cc LSPlt/lsplt/src/main/jni/elf_util. add_library(lsplt STATIC ${SOURCES}) target_include_directories(lsplt PUBLIC LSPlt/lsplt/src/main/jni/include) target_include_directories(lsplt PRIVATE LSPlt/lsplt/src/main/jni) - -target_link_libraries(lsplt PUBLIC my_logging cxx) +target_link_libraries(lsplt PUBLIC my_logging) # end lsplt -# cxx -set(LIBCXX_SOURCES - algorithm.cpp - # any.cpp - atomic.cpp - barrier.cpp - # bind.cpp - charconv.cpp - chrono.cpp - condition_variable.cpp - condition_variable_destructor.cpp - # debug.cpp - exception.cpp - # filesystem/directory_iterator.cpp - # filesystem/int128_builtins.cpp - # filesystem/operations.cpp - functional.cpp - future.cpp - hash.cpp - # ios.cpp - # ios.instantiations.cpp - # iostream.cpp - # locale.cpp - memory.cpp - mutex.cpp - mutex_destructor.cpp - new.cpp - optional.cpp - random.cpp - # regex.cpp - # ryu/d2fixed.cpp - # ryu/d2s.cpp - # ryu/f2s.cpp - shared_mutex.cpp - stdexcept.cpp - string.cpp - # strstream.cpp - system_error.cpp - thread.cpp - # typeinfo.cpp - utility.cpp - valarray.cpp - variant.cpp - vector.cpp -) - -list(TRANSFORM LIBCXX_SOURCES PREPEND libcxx/src/) - -set(LIBCXX_EXPORT_FLAGS - -DLIBCXX_BUILDING_LIBCXXABI - -D_LIBCPP_NO_EXCEPTIONS - -D_LIBCPP_NO_RTTI - -D_LIBCPP_BUILDING_LIBRARY - -D_LIBCPP_DISABLE_VISIBILITY_ANNOTATIONS - -D_LIBCXXABI_NO_EXCEPTIONS - -D_LIBCPP_HAS_NO_LOCALIZATION -) -set(LIBCXX_FLAGS - -fvisibility-global-new-delete-hidden - -fvisibility=hidden - -fvisibility-inlines-hidden -) -set(LIBCXX_EXPORT_INCLUDES libcxx/include) -set(LIBCXX_INCLUDES libcxx/src) - -set(LIBCXXABI_SOURCES - abort_message.cpp - cxa_aux_runtime.cpp - cxa_default_handlers.cpp - cxa_exception_storage.cpp - cxa_guard.cpp - cxa_handlers.cpp - cxa_noexception.cpp - cxa_thread_atexit.cpp - cxa_vector.cpp - cxa_virtual.cpp - stdlib_exception.cpp - stdlib_new_delete.cpp - stdlib_stdexcept.cpp - stdlib_typeinfo.cpp -) -list(TRANSFORM LIBCXXABI_SOURCES PREPEND libcxx/src/abi/) -set(LIBCXXABI_FLAGS - -Wno-macro-redefined - -Wno-unknown-attributes - -DHAS_THREAD_LOCAL) -set(LIBCXXABI_INCLUDES libcxx/include/abi) - -add_library(cxx STATIC ${LIBCXX_SOURCES} ${LIBCXXABI_SOURCES}) -target_compile_options(cxx PUBLIC ${LIBCXX_EXPORT_FLAGS}) -target_compile_options(cxx PRIVATE ${LIBCXX_FLAGS} ${LIBCXXABI_FLAGS} -ffunction-sections -fdata-sections) -target_include_directories(cxx PUBLIC ${LIBCXX_EXPORT_INCLUDES}) -target_include_directories(cxx PRIVATE ${LIBCXX_INCLUDES} ${LIBCXXABI_INCLUDES}) -# end cxx +add_subdirectory(glaze) diff --git a/module/src/main/cpp/external/glaze b/module/src/main/cpp/external/glaze new file mode 160000 index 0000000..53b69c4 --- /dev/null +++ b/module/src/main/cpp/external/glaze @@ -0,0 +1 @@ +Subproject commit 53b69c447f98b89f656c0e6bda19833d682bb44b diff --git a/module/src/main/cpp/external/libcxx b/module/src/main/cpp/external/libcxx deleted file mode 160000 index 12c8f4e..0000000 --- a/module/src/main/cpp/external/libcxx +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 12c8f4e93f196a700137e983dcceeac43cf807f2 diff --git a/module/src/main/cpp/zygisk/main.cpp b/module/src/main/cpp/zygisk/main.cpp index 22a0e31..5c1117b 100644 --- a/module/src/main/cpp/zygisk/main.cpp +++ b/module/src/main/cpp/zygisk/main.cpp @@ -3,7 +3,9 @@ #include #include #include +#include +#include "glaze/glaze.hpp" #include "logging.hpp" #include "zygisk.hpp" @@ -12,6 +14,48 @@ using zygisk::AppSpecializeArgs; using zygisk::ServerSpecializeArgs; using namespace std::string_view_literals; +struct spoof_config { + std::string manufacturer{"Google"}; + std::string model{"Pixel"}; + std::string fingerprint{"google/sailfish/sailfish:8.1.0/OPM1.171019.011/4448085:user/release-keys"}; + std::string brand{"google"}; + std::string product{"sailfish"}; + std::string device{"sailfish"}; + std::string release{"8.1.0"}; + std::string id{"OPM1.171019.011"}; + std::string incremental{"4448085"}; + std::string security_patch{"2017-12-05"}; + std::string type{"user"}; + std::string tags{"release-keys"}; +}; + + +ssize_t xread(int fd, void *buffer, size_t count) { + ssize_t total = 0; + char *buf = (char *)buffer; + while (count > 0) { + ssize_t ret = read(fd, buf, count); + if (ret < 0) return -1; + buf += ret; + total += ret; + count -= ret; + } + return total; +} + +ssize_t xwrite(int fd, void *buffer, size_t count) { + ssize_t total = 0; + char *buf = (char *)buffer; + while (count > 0) { + ssize_t ret = write(fd, buf, count); + if (ret < 0) return -1; + buf += ret; + total += ret; + count -= ret; + } + return total; +} + class TrickyStore : public zygisk::ModuleBase { public: void onLoad(Api *api, JNIEnv *env) override { @@ -21,15 +65,30 @@ public: void preAppSpecialize(AppSpecializeArgs *args) override { api_->setOption(zygisk::DLCLOSE_MODULE_LIBRARY); - int enabled = 0; + spoof_config spoofConfig{}; { auto fd = api_->connectCompanion(); - if (fd >= 0) { - read(fd, &enabled, sizeof(enabled)); + if (fd >= 0) [[likely]] { + // read enabled + xread(fd, &enabled, sizeof(enabled)); + if (enabled) { + size_t bufferSize = 0; + std::string buffer; + // read size first + xread(fd, &bufferSize, sizeof(bufferSize)); + // resize and receive + buffer.resize(bufferSize); + xread(fd, buffer.data(), bufferSize); + // parse + if (glz::read_json(spoofConfig, buffer)) [[unlikely]] { + LOGE("[preAppSpecialize] spoofConfig parse error"); + } + } close(fd); } } + if (!enabled) return; if (args->app_data_dir == nullptr) { return; @@ -47,23 +106,18 @@ public: auto buildClass = env_->FindClass("android/os/Build"); auto buildVersionClass = env_->FindClass("android/os/Build$VERSION"); -#define SET_FIELD(CLAZZ, FIELD, VALUE) ({ \ - auto id = env_->GetStaticFieldID(CLAZZ, FIELD, "Ljava/lang/String;"); \ - env_->SetStaticObjectField(buildClass, id, env_->NewStringUTF(VALUE)); }) - - SET_FIELD(buildClass, "MANUFACTURER", "Google"); - SET_FIELD(buildClass, "MODEL", "Pixel"); - SET_FIELD(buildClass, "FINGERPRINT", - "google/sailfish/sailfish:8.1.0/OPM1.171019.011/4448085:user/release-keys"); - SET_FIELD(buildClass, "BRAND", "google"); - SET_FIELD(buildClass, "PRODUCT", "sailfish"); - SET_FIELD(buildClass, "DEVICE", "sailfish"); - SET_FIELD(buildVersionClass, "RELEASE", "8.1.0"); - SET_FIELD(buildClass, "ID", "OPM1.171019.011"); - SET_FIELD(buildVersionClass, "INCREMENTAL", "4448085"); - SET_FIELD(buildVersionClass, "SECURITY_PATCH", "2017-12-05"); - SET_FIELD(buildClass, "TYPE", "user"); - SET_FIELD(buildClass, "TAGS", "release-keys"); + setField(buildClass, "MANUFACTURER", std::move(spoofConfig.manufacturer)); + setField(buildClass, "MODEL", std::move(spoofConfig.model)); + setField(buildClass, "FINGERPRINT", std::move(spoofConfig.fingerprint)); + setField(buildClass, "BRAND", std::move(spoofConfig.brand)); + setField(buildClass, "PRODUCT", std::move(spoofConfig.product)); + setField(buildClass, "DEVICE", std::move(spoofConfig.device)); + setField(buildVersionClass, "RELEASE", std::move(spoofConfig.release)); + setField(buildClass, "ID", std::move(spoofConfig.id)); + setField(buildVersionClass, "INCREMENTAL", std::move(spoofConfig.incremental)); + setField(buildVersionClass, "SECURITY_PATCH", std::move(spoofConfig.security_patch)); + setField(buildClass, "TYPE", std::move(spoofConfig.type)); + setField(buildClass, "TAGS", std::move(spoofConfig.tags)); } env_->ReleaseStringUTFChars(args->nice_name, nice_name); @@ -77,14 +131,64 @@ public: private: Api *api_; JNIEnv *env_; + + inline void setField(jclass clazz, const char* field, std::string&& value) { + auto id = env_->GetStaticFieldID(clazz, field, "Ljava/lang/String;"); + env_->SetStaticObjectField(clazz, id, env_->NewStringUTF(value.c_str())); + } }; +static inline void write_spoof_configs(const struct spoof_config& spoofConfig) { + std::string buffer{}; + + if (glz::write(spoofConfig, buffer)) [[unlikely]] { + // This should NEVER happen, but it's not the reason we don't handle the case + LOGE("[write_spoof_configs] Failed to parse json to std::string"); + return; + } + + // Remove old one first + std::filesystem::remove("/data/adb/tricky_store/spoof_build_vars"sv); + FILE* file = fopen("/data/adb/tricky_store/spoof_build_vars", "w"); + if (!file) [[unlikely]] { + LOGE("[write_spoof_configs] Failed to open spoof_build_vars"); + return; + } + + if (fprintf(file, "%s", buffer.c_str()) < 0) [[unlikely]] { + LOGE("[write_spoof_configs] Failed to write spoof_build_vars"); + fclose(file); + return; + } + + fclose(file); + LOGI("[write_spoof_configs] write done!"); +} + static void companion_handler(int fd) { int enabled = access("/data/adb/tricky_store/spoof_build_vars", F_OK) == 0; - write(fd, &enabled, sizeof(enabled)); + xwrite(fd, &enabled, sizeof(enabled)); + + if (!enabled) { + return; + } + + spoof_config spoofConfig{}; + auto ec = glz::read_file_json(spoofConfig, "/data/adb/tricky_store/spoof_build_vars"sv, std::string{}); + if (ec) [[unlikely]] { + LOGW("[companion_handler] Failed to parse spoof_build_vars, writing and using default spoof config..."); + write_spoof_configs(spoofConfig); + } + + std::string buffer = glz::write_json(spoofConfig).value_or(""); + size_t bufferSize = buffer.size(); + // Send buffer size first + xwrite(fd, &bufferSize, sizeof(bufferSize)); + // client resize string stl and receive buffer + xwrite(fd, buffer.data(), bufferSize); } // Register our module class and the companion handler function REGISTER_ZYGISK_MODULE(TrickyStore) -REGISTER_ZYGISK_COMPANION(companion_handler) +REGISTER_ZYGISK_COMPANION(companion_handler) \ No newline at end of file diff --git a/service/build.gradle.kts b/service/build.gradle.kts index 97acb67..01d3db1 100644 --- a/service/build.gradle.kts +++ b/service/build.gradle.kts @@ -23,19 +23,27 @@ android { ) } } + kotlinOptions { jvmTarget = "17" } + buildTypes { release { signingConfig = signingConfigs["debug"] } } + packaging { resources { excludes += "**" } } + + lint { + checkReleaseBuilds = false + abortOnError = true + } } dependencies { diff --git a/service/proguard-rules.pro b/service/proguard-rules.pro index 65b9810..13ae71a 100644 --- a/service/proguard-rules.pro +++ b/service/proguard-rules.pro @@ -31,3 +31,8 @@ -keep class org.bouncycastle.jcajce.provider.** { *; } -keep class org.bouncycastle.jce.provider.** { *; } -dontwarn javax.naming.** + +-repackageclasses +-allowaccessmodification +-overloadaggressively +-renamesourcefileattribute diff --git a/stub/build.gradle.kts b/stub/build.gradle.kts index 1a5e464..ccf1405 100644 --- a/stub/build.gradle.kts +++ b/stub/build.gradle.kts @@ -17,6 +17,11 @@ android { ) } } + + lint { + checkReleaseBuilds = false + abortOnError = true + } } dependencies {