Added Zygisk hide for 27.0 and renamed unmount.cpp

2025-09-06 06:37:02 +00:00 · 2024-04-24 07:44:00 +02:00
parent 71eee6bf92
commit e03060eb22
5 changed files with 61 additions and 8 deletions
--- a/module/jni/Android.mk
+++ b/module/jni/Android.mk
@@ -3,7 +3,7 @@ LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
 LOCAL_C_INCLUDES := $(LOCAL_PATH)/include $(LOCAL_PATH)/elfio
 LOCAL_MODULE := zygisk
-LOCAL_SRC_FILES := utils.cpp map_parser.cpp mount_parser.cpp mountinfo_parser.cpp unmount.cpp main.cpp
+LOCAL_SRC_FILES := utils.cpp map_parser.cpp mount_parser.cpp mountinfo_parser.cpp modules.cpp main.cpp
 LOCAL_STATIC_LIBRARIES := libcxx
 LOCAL_LDLIBS := -llog
 include $(BUILD_SHARED_LIBRARY)
--- a/module/jni/include/logging.hpp
+++ b/module/jni/include/logging.hpp
@@ -1,7 +1,8 @@
 #pragma once
 #include <android/log.h>
-#include <string.h>
-#include <errno.h>
+#include <cstring>
+#include <cerrno>
+#include <cinttypes>

 #ifndef NDEBUG
 static constexpr auto TAG = "ZygiskAssistant/JNI";
--- a/module/jni/include/modules.hpp
+++ b/module/jni/include/modules.hpp
@@ -0,0 +1,5 @@
+#pragma once
+
+void doUnmount();
+void doRemount();
+void doHideZygisk();
--- a/module/jni/main.cpp
+++ b/module/jni/main.cpp
@@ -1,7 +1,6 @@
 #include <unistd.h>
 #include <sched.h>
 #include <sys/mount.h>
-#include <grp.h>

 #include <cstdint>
 #include <functional>
@@ -9,14 +8,12 @@
 #include "zygisk.hpp"
 #include "logging.hpp"
 #include "utils.hpp"
+#include "modules.hpp"

 using zygisk::Api;
 using zygisk::AppSpecializeArgs;
 using zygisk::ServerSpecializeArgs;

-void doUnmount();
-void doRemount();
-
 static std::function<void()> callbackFunction = []() {};

 /*
@@ -121,6 +118,8 @@ public:
                doRemount();
            }

+            doHideZygisk();
+
            // Call only once per process.
            callbackFunction = []() {};
        };
--- a/module/jni/modules.cpp
+++ b/module/jni/modules.cpp
@@ -2,11 +2,13 @@
 #include <vector>
 #include <set>
 #include <unordered_map>
-
+#include <cstdint>
 #include <sys/mount.h>
+#include <elfio/elfio.hpp>

 #include "zygisk.hpp"
 #include "logging.hpp"
+#include "map_parser.hpp"
 #include "mount_parser.hpp"
 #include "mountinfo_parser.hpp"
 #include "utils.hpp"
@@ -128,3 +130,49 @@ void doRemount()
        }
    }
 }
+
+/*
+ * Is it guaranteed to work? No.
+ * At least it has lots of error checking so if something goes wrong
+ * the state should remain relatively safe.
+ */
+void doHideZygisk()
+{
+    using namespace ELFIO;
+
+    elfio reader;
+    std::string filePath;
+    uintptr_t startAddress = 0, bssAddress = 0;
+
+    for (const auto &map : parseMapsFromPath("/proc/self/maps"))
+    {
+        if (map.getPathname().ends_with("/libnativebridge.so") && map.getPerms() == "r--p")
+        {
+            // First ro page should be the ELF header
+            filePath = map.getPathname();
+            startAddress = map.getAddressStart();
+            break;
+        }
+    }
+
+    ASSERT_EXIT("doHideZygisk", startAddress != 0, return);
+    ASSERT_EXIT("doHideZygisk", reader.load(filePath), return);
+
+    size_t bssSize = 0;
+    for (const auto &sec : reader.sections)
+    {
+        if (sec->get_name() == ".bss")
+        {
+            bssAddress = startAddress + sec->get_address();
+            bssSize = static_cast<size_t>(sec->get_size());
+            break;
+        }
+    }
+
+    ASSERT_EXIT("doHideZygisk", bssAddress != 0, return);
+    LOGD("Found .bss for \"%s\" at 0x%" PRIxPTR " sized %" PRIuPTR " bytes.", filePath.c_str(), bssAddress, bssSize);
+
+    uint8_t *pHadError = reinterpret_cast<uint8_t *>(memchr(reinterpret_cast<void *>(bssAddress), 0x01, bssSize));
+    ASSERT_EXIT("doHideZygisk", pHadError != nullptr, return);
+    *pHadError = 0;
+}