diff --git a/app/build.gradle b/app/build.gradle index 30a9da3..4cb25e1 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -8,7 +8,7 @@ android { minSdkVersion 29 targetSdkVersion 30 versionCode 1820 - versionName "3.5" + versionName "3.6" } signingConfigs { diff --git a/app/src/main/java/toolkit/coderstory/CorePatchForQ.java b/app/src/main/java/toolkit/coderstory/CorePatchForQ.java index c53372a..8d98f5e 100644 --- a/app/src/main/java/toolkit/coderstory/CorePatchForQ.java +++ b/app/src/main/java/toolkit/coderstory/CorePatchForQ.java @@ -18,60 +18,54 @@ import de.robv.android.xposed.XposedHelpers; import de.robv.android.xposed.callbacks.XC_LoadPackage; -import static android.content.pm.ApplicationInfo.FLAG_SYSTEM; - public class CorePatchForQ extends XposedHelper implements IXposedHookLoadPackage, IXposedHookZygoteInit { XSharedPreferences prefs = new XSharedPreferences(BuildConfig.APPLICATION_ID, "conf"); @Override public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws IllegalAccessException, InvocationTargetException, InstantiationException { // 允许降级 - if (prefs.getBoolean("downgrade", true)) { - Class packageClazz = XposedHelpers.findClass("android.content.pm.PackageParser.Package", loadPackageParam.classLoader); + Class packageClazz = XposedHelpers.findClass("android.content.pm.PackageParser.Package", loadPackageParam.classLoader); hookAllMethods("com.android.server.pm.PackageManagerService", loadPackageParam.classLoader, "checkDowngrade", new XC_MethodHook() { public void beforeHookedMethod(MethodHookParam methodHookParam) throws Throwable { super.beforeHookedMethod(methodHookParam); - Object packageInfoLite = methodHookParam.args[0]; - if (prefs.getBoolean("downgrade", true)) { - Field field = packageClazz.getField("mVersionCode"); - field.setAccessible(true); - field.set(packageInfoLite, 0); - field = packageClazz.getField("mVersionCodeMajor"); - field.setAccessible(true); - field.set(packageInfoLite, 0); - } - } - }); - } - if (prefs.getBoolean("authcreak", true)) { - hookAllMethods("android.util.jar.StrictJarVerifier", loadPackageParam.classLoader, "verifyMessageDigest", XC_MethodReplacement.returnConstant(true)); - hookAllMethods("android.util.jar.StrictJarVerifier", loadPackageParam.classLoader, "verify", XC_MethodReplacement.returnConstant(true)); - hookAllMethods("java.security.MessageDigest", loadPackageParam.classLoader, "isEqual", XC_MethodReplacement.returnConstant(true)); + Object packageInfoLite = methodHookParam.args[0]; - hookAllMethods("com.android.server.pm.PackageManagerServiceUtils", loadPackageParam.classLoader, "verifySignatures", new XC_MethodHook() { - @Override - protected void beforeHookedMethod(MethodHookParam param) throws Throwable { - super.beforeHookedMethod(param); - if (prefs.getBoolean("zipauthcreak", true)) { - param.setResult(Boolean.FALSE); + if (prefs.getBoolean("downgrade", true)) { + Field field = packageClazz.getField("mVersionCode"); + field.setAccessible(true); + field.set(packageInfoLite, 0); + field = packageClazz.getField("mVersionCodeMajor"); + field.setAccessible(true); + field.set(packageInfoLite, 0); + } } } }); - Class signingDetails = XposedHelpers.findClass("android.content.pm.PackageParser.SigningDetails", loadPackageParam.classLoader); - Constructor findConstructorExact = XposedHelpers.findConstructorExact(signingDetails, Signature[].class, Integer.TYPE); - findConstructorExact.setAccessible(true); - Class packageParserException = XposedHelpers.findClass("android.content.pm.PackageParser.PackageParserException", loadPackageParam.classLoader); - Field error = XposedHelpers.findField(packageParserException, "error"); - error.setAccessible(true); - Object[] signingDetailsArgs = new Object[2]; - signingDetailsArgs[0] = new Signature[]{new Signature(SIGNATURE)}; - signingDetailsArgs[1] = 1; - final Object newInstance = findConstructorExact.newInstance(signingDetailsArgs); - hookAllMethods("android.util.apk.ApkSignatureVerifier", loadPackageParam.classLoader, "verifyV1Signature", new XC_MethodHook() { - public void afterHookedMethod(MethodHookParam methodHookParam) throws Throwable { - super.afterHookedMethod(methodHookParam); + hookAllMethods("android.util.jar.StrictJarVerifier", loadPackageParam.classLoader, "verifyMessageDigest", + new ReturnConstant(prefs, "authcreak", true)); + hookAllMethods("android.util.jar.StrictJarVerifier", loadPackageParam.classLoader, "verify", + new ReturnConstant(prefs, "authcreak", true)); + hookAllMethods("java.security.MessageDigest", loadPackageParam.classLoader, "isEqual", + new ReturnConstant(prefs, "authcreak", true)); + hookAllMethods("com.android.server.pm.PackageManagerServiceUtils", loadPackageParam.classLoader, "verifySignatures", + new ReturnConstant(prefs, "authcreak", false)); + + Class signingDetails = XposedHelpers.findClass("android.content.pm.PackageParser.SigningDetails", loadPackageParam.classLoader); + Constructor findConstructorExact = XposedHelpers.findConstructorExact(signingDetails, Signature[].class, Integer.TYPE); + findConstructorExact.setAccessible(true); + Class packageParserException = XposedHelpers.findClass("android.content.pm.PackageParser.PackageParserException", loadPackageParam.classLoader); + Field error = XposedHelpers.findField(packageParserException, "error"); + error.setAccessible(true); + Object[] signingDetailsArgs = new Object[2]; + signingDetailsArgs[0] = new Signature[]{new Signature(SIGNATURE)}; + signingDetailsArgs[1] = 1; + final Object newInstance = findConstructorExact.newInstance(signingDetailsArgs); + hookAllMethods("android.util.apk.ApkSignatureVerifier", loadPackageParam.classLoader, "verifyV1Signature", new XC_MethodHook() { + public void afterHookedMethod(MethodHookParam methodHookParam) throws Throwable { + super.afterHookedMethod(methodHookParam); + if (prefs.getBoolean("authcreak", true)) { Throwable throwable = methodHookParam.getThrowable(); if (throwable != null) { Throwable cause = throwable.getCause(); @@ -87,58 +81,62 @@ public void afterHookedMethod(MethodHookParam methodHookParam) throws Throwable } } } - }); - } - if (prefs.getBoolean("digestCreak", true)) { - //New package has a different signature - //处理覆盖安装但签名不一致 - Class signingDetails = XposedHelpers.findClass("android.content.pm.PackageParser.SigningDetails", loadPackageParam.classLoader); - hookAllMethods(signingDetails, "checkCapability", new XC_MethodHook() { - @Override - protected void beforeHookedMethod(MethodHookParam param) throws Throwable { - super.beforeHookedMethod(param); + } + }); + + //New package has a different signature + //处理覆盖安装但签名不一致 + hookAllMethods(signingDetails, "checkCapability", new XC_MethodHook() { + @Override + protected void beforeHookedMethod(MethodHookParam param) throws Throwable { + super.beforeHookedMethod(param); + if (prefs.getBoolean("digestCreak", true)) { if ((Integer) param.args[1] != 4 && prefs.getBoolean("authcreak", true)) { param.setResult(Boolean.TRUE); } } - }); - hookAllMethods(signingDetails, "checkCapabilityRecover", - new XC_MethodHook() { - @Override - protected void beforeHookedMethod(MethodHookParam param) throws Throwable { - super.beforeHookedMethod(param); + } + }); + hookAllMethods(signingDetails, "checkCapabilityRecover", + new XC_MethodHook() { + @Override + protected void beforeHookedMethod(MethodHookParam param) throws Throwable { + super.beforeHookedMethod(param); + if (prefs.getBoolean("digestCreak", true)) { if ((Integer) param.args[1] != 4 && prefs.getBoolean("authcreak", true)) { param.setResult(Boolean.TRUE); } } - }); + } + }); - // if app is system app, allow to use hidden api, even if app not using a system signature - findAndHookMethod("android.content.pm.ApplicationInfo", loadPackageParam.classLoader, "isPackageWhitelistedForHiddenApis", new XC_MethodHook() { - @Override + // if app is system app, allow to use hidden api, even if app not using a system signature + findAndHookMethod("android.content.pm.ApplicationInfo", loadPackageParam.classLoader, "isPackageWhitelistedForHiddenApis", new XC_MethodHook() { + @Override protected void beforeHookedMethod(MethodHookParam param) throws Throwable { - super.beforeHookedMethod(param); + super.beforeHookedMethod(param); + if (prefs.getBoolean("digestCreak", true)) { ApplicationInfo info = (ApplicationInfo) param.thisObject; if ((info.flags & ApplicationInfo.FLAG_SYSTEM) != 0 || (info.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0) { param.setResult(true); } } + } }); - } } @Override public void initZygote(StartupParam startupParam) { - if (prefs.getBoolean("enhancedMode", false)) { - hookAllMethods("android.content.pm.PackageParser", null, "getApkSigningVersion", XC_MethodReplacement.returnConstant(1)); - hookAllConstructors("android.util.jar.StrictJarVerifier", new XC_MethodHook() { - @Override - protected void beforeHookedMethod(MethodHookParam param) throws Throwable { - super.beforeHookedMethod(param); + hookAllMethods("android.content.pm.PackageParser", null, "getApkSigningVersion", XC_MethodReplacement.returnConstant(1)); + hookAllConstructors("android.util.jar.StrictJarVerifier", new XC_MethodHook() { + @Override + protected void beforeHookedMethod(MethodHookParam param) throws Throwable { + super.beforeHookedMethod(param); + if (prefs.getBoolean("enhancedMode", false)) { param.args[3] = Boolean.FALSE; } - }); - } + } + }); } } diff --git a/app/src/main/java/toolkit/coderstory/CorePatchForR.java b/app/src/main/java/toolkit/coderstory/CorePatchForR.java index 911d295..bda57b1 100644 --- a/app/src/main/java/toolkit/coderstory/CorePatchForR.java +++ b/app/src/main/java/toolkit/coderstory/CorePatchForR.java @@ -23,7 +23,6 @@ import de.robv.android.xposed.XposedHelpers; import de.robv.android.xposed.callbacks.XC_LoadPackage; - public class CorePatchForR extends XposedHelper implements IXposedHookLoadPackage, IXposedHookZygoteInit { XSharedPreferences prefs = new XSharedPreferences(BuildConfig.APPLICATION_ID, "conf"); @@ -35,71 +34,80 @@ public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) Log.d(MainHook.TAG, "digestCreak" + prefs.getBoolean("digestCreak->", true)); // 允许降级 - if (prefs.getBoolean("downgrade", true)) { - findAndHookMethod("com.android.server.pm.PackageManagerService", loadPackageParam.classLoader, - "checkDowngrade", - "com.android.server.pm.parsing.pkg.AndroidPackage", - "android.content.pm.PackageInfoLite", - XC_MethodReplacement.returnConstant(null)); - // exists on flyme 9(Android 11) only - findAndHookMethod("com.android.server.pm.PackageManagerService", loadPackageParam.classLoader, - "checkDowngrade", - "android.content.pm.PackageInfoLite", - "android.content.pm.PackageInfoLite", - XC_MethodReplacement.returnConstant(1)); - } - if (prefs.getBoolean("authcreak", true)) { - // apk内文件修改后 digest校验会失败 - hookAllMethods("android.util.jar.StrictJarVerifier", loadPackageParam.classLoader, "verifyMessageDigest", XC_MethodReplacement.returnConstant(true)); - hookAllMethods("android.util.jar.StrictJarVerifier", loadPackageParam.classLoader, "verify", XC_MethodReplacement.returnConstant(true)); - hookAllMethods("java.security.MessageDigest", loadPackageParam.classLoader, "isEqual", XC_MethodReplacement.returnConstant(true)); - - // Targeting R+ (version " + Build.VERSION_CODES.R + " and above) requires" - // + " the resources.arsc of installed APKs to be stored uncompressed" - // + " and aligned on a 4-byte boundary - // target >=30 的情况下 resources.arsc 必须是未压缩的且4K对齐 - hookAllMethods("android.content.res.AssetManager", loadPackageParam.classLoader, "containsAllocatedTable", XC_MethodReplacement.returnConstant(false)); - - // No signature found in package of version " + minSignatureSchemeVersion - // + " or newer for package " + apkPath - findAndHookMethod("android.util.apk.ApkSignatureVerifier", loadPackageParam.classLoader, "getMinimumSignatureSchemeVersionForTargetSdk", int.class, XC_MethodReplacement.returnConstant(0)); - findAndHookMethod("com.android.apksig.ApkVerifier", loadPackageParam.classLoader, "getMinimumSignatureSchemeVersionForTargetSdk", int.class, XC_MethodReplacement.returnConstant(0)); - - // Package " + packageName + " signatures do not match previously installed version; ignoring!" - // public boolean checkCapability(String sha256String, @CertCapabilities int flags) { - // public boolean checkCapability(SigningDetails oldDetails, @CertCapabilities int flags) - hookAllMethods("android.content.pm.PackageParser", loadPackageParam.classLoader, "checkCapability", new XC_MethodHook() { - @Override - protected void beforeHookedMethod(MethodHookParam param) { - // Don't handle PERMISSION (grant SIGNATURE permissions to pkgs with this cert) - // Or applications will have all privileged permissions - // https://cs.android.com/android/platform/superproject/+/master:frameworks/base/core/java/android/content/pm/PackageParser.java;l=5947?q=CertCapabilities + findAndHookMethod("com.android.server.pm.PackageManagerService", loadPackageParam.classLoader, + "checkDowngrade", + "com.android.server.pm.parsing.pkg.AndroidPackage", + "android.content.pm.PackageInfoLite", + new ReturnConstant(prefs, "downgrade", null)); + + // exists on flyme 9(Android 11) only + findAndHookMethod("com.android.server.pm.PackageManagerService", loadPackageParam.classLoader, + "checkDowngrade", + "android.content.pm.PackageInfoLite", + "android.content.pm.PackageInfoLite", + new ReturnConstant(prefs, "downgrade", true)); + + + // apk内文件修改后 digest校验会失败 + hookAllMethods("android.util.jar.StrictJarVerifier", loadPackageParam.classLoader, "verifyMessageDigest", + new ReturnConstant(prefs, "authcreak", true)); + hookAllMethods("android.util.jar.StrictJarVerifier", loadPackageParam.classLoader, "verify", + new ReturnConstant(prefs, "authcreak", true)); + hookAllMethods("java.security.MessageDigest", loadPackageParam.classLoader, "isEqual", + new ReturnConstant(prefs, "authcreak", true)); + + // Targeting R+ (version " + Build.VERSION_CODES.R + " and above) requires" + // + " the resources.arsc of installed APKs to be stored uncompressed" + // + " and aligned on a 4-byte boundary + // target >=30 的情况下 resources.arsc 必须是未压缩的且4K对齐 + hookAllMethods("android.content.res.AssetManager", loadPackageParam.classLoader, "containsAllocatedTable", + new ReturnConstant(prefs, "authcreak", false)); + + // No signature found in package of version " + minSignatureSchemeVersion + // + " or newer for package " + apkPath + findAndHookMethod("android.util.apk.ApkSignatureVerifier", loadPackageParam.classLoader, "getMinimumSignatureSchemeVersionForTargetSdk", int.class, + new ReturnConstant(prefs, "authcreak", 0)); + findAndHookMethod("com.android.apksig.ApkVerifier", loadPackageParam.classLoader, "getMinimumSignatureSchemeVersionForTargetSdk", int.class, + new ReturnConstant(prefs, "authcreak", 0)); + + // Package " + packageName + " signatures do not match previously installed version; ignoring!" + // public boolean checkCapability(String sha256String, @CertCapabilities int flags) { + // public boolean checkCapability(SigningDetails oldDetails, @CertCapabilities int flags) + hookAllMethods("android.content.pm.PackageParser", loadPackageParam.classLoader, "checkCapability", new XC_MethodHook() { + @Override + protected void beforeHookedMethod(MethodHookParam param) { + // Don't handle PERMISSION (grant SIGNATURE permissions to pkgs with this cert) + // Or applications will have all privileged permissions + // https://cs.android.com/android/platform/superproject/+/master:frameworks/base/core/java/android/content/pm/PackageParser.java;l=5947?q=CertCapabilities + if (prefs.getBoolean("authcreak", true)) { if ((Integer) param.args[1] != 4) { param.setResult(true); } } - }); - - // 当verifyV1Signature抛出转换异常时,替换一个签名作为返回值 - // 如果用户已安装apk,并且其定义了私有权限,则安装时会因签名与模块内硬编码的不一致而被拒绝。尝试从待安装apk中获取签名。如果其中apk的签名和已安装的一致(只动了内容)就没有问题。此策略可能有潜在的安全隐患。 - Class pkc = XposedHelpers.findClass("sun.security.pkcs.PKCS7", loadPackageParam.classLoader); - Constructor constructor = XposedHelpers.findConstructorExact(pkc, byte[].class); - constructor.setAccessible(true); - Class ASV = XposedHelpers.findClass("android.util.apk.ApkSignatureVerifier", loadPackageParam.classLoader); - Class sJarClass = XposedHelpers.findClass("android.util.jar.StrictJarFile", loadPackageParam.classLoader); - Constructor constructorExact = XposedHelpers.findConstructorExact(sJarClass, String.class, boolean.class, boolean.class); - constructorExact.setAccessible(true); - Class signingDetails = XposedHelpers.findClass("android.content.pm.PackageParser.SigningDetails", loadPackageParam.classLoader); - Constructor findConstructorExact = XposedHelpers.findConstructorExact(signingDetails, Signature[].class, Integer.TYPE); - findConstructorExact.setAccessible(true); - Class packageParserException = XposedHelpers.findClass("android.content.pm.PackageParser.PackageParserException", loadPackageParam.classLoader); - Field error = XposedHelpers.findField(packageParserException, "error"); - error.setAccessible(true); - Object[] signingDetailsArgs = new Object[2]; - signingDetailsArgs[1] = 1; - hookAllMethods("android.util.jar.StrictJarVerifier", loadPackageParam.classLoader, "verifyBytes", new XC_MethodHook() { - public void afterHookedMethod(MethodHookParam param) throws Throwable { - super.afterHookedMethod(param); + } + }); + + // 当verifyV1Signature抛出转换异常时,替换一个签名作为返回值 + // 如果用户已安装apk,并且其定义了私有权限,则安装时会因签名与模块内硬编码的不一致而被拒绝。尝试从待安装apk中获取签名。如果其中apk的签名和已安装的一致(只动了内容)就没有问题。此策略可能有潜在的安全隐患。 + Class pkc = XposedHelpers.findClass("sun.security.pkcs.PKCS7", loadPackageParam.classLoader); + Constructor constructor = XposedHelpers.findConstructorExact(pkc, byte[].class); + constructor.setAccessible(true); + Class ASV = XposedHelpers.findClass("android.util.apk.ApkSignatureVerifier", loadPackageParam.classLoader); + Class sJarClass = XposedHelpers.findClass("android.util.jar.StrictJarFile", loadPackageParam.classLoader); + Constructor constructorExact = XposedHelpers.findConstructorExact(sJarClass, String.class, boolean.class, boolean.class); + constructorExact.setAccessible(true); + Class signingDetails = XposedHelpers.findClass("android.content.pm.PackageParser.SigningDetails", loadPackageParam.classLoader); + Constructor findConstructorExact = XposedHelpers.findConstructorExact(signingDetails, Signature[].class, Integer.TYPE); + findConstructorExact.setAccessible(true); + Class packageParserException = XposedHelpers.findClass("android.content.pm.PackageParser.PackageParserException", loadPackageParam.classLoader); + Field error = XposedHelpers.findField(packageParserException, "error"); + error.setAccessible(true); + Object[] signingDetailsArgs = new Object[2]; + signingDetailsArgs[1] = 1; + hookAllMethods("android.util.jar.StrictJarVerifier", loadPackageParam.classLoader, "verifyBytes", new XC_MethodHook() { + public void afterHookedMethod(MethodHookParam param) throws Throwable { + super.afterHookedMethod(param); + if (prefs.getBoolean("digestCreak", true)) { final Object block = constructor.newInstance(param.args[0]); Object[] infos = (Object[]) XposedHelpers.callMethod(block, "getSignerInfos"); Object info = infos[0]; @@ -107,21 +115,22 @@ public void afterHookedMethod(MethodHookParam param) throws Throwable { param.setResult(verifiedSignerCertChain.toArray( new X509Certificate[0])); } - }); - hookAllMethods("android.util.apk.ApkSignatureVerifier", loadPackageParam.classLoader, "verifyV1Signature", new XC_MethodHook() { - public void afterHookedMethod(MethodHookParam methodHookParam) throws Throwable { - super.afterHookedMethod(methodHookParam); - if (prefs.getBoolean("digestCreak", true)) { - Throwable throwable = methodHookParam.getThrowable(); - if (throwable != null) { - final Object origJarFile = constructorExact.newInstance(methodHookParam.args[0], true, false); - final ZipEntry manifestEntry = (ZipEntry) XposedHelpers.callMethod(origJarFile, "findEntry", "AndroidManifest.xml"); - final Certificate[][] lastCerts = (Certificate[][]) XposedHelpers.callStaticMethod(ASV, "loadCertificates", origJarFile, manifestEntry); - final Signature[] lastSigs = (Signature[]) XposedHelpers.callStaticMethod(ASV, "convertToSignatures", (Object) lastCerts); - if (lastSigs != null) { - signingDetailsArgs[0] = lastSigs; - } else { - signingDetailsArgs[0] = new Signature[]{new Signature(SIGNATURE)}; + } + }); + hookAllMethods("android.util.apk.ApkSignatureVerifier", loadPackageParam.classLoader, "verifyV1Signature", new XC_MethodHook() { + public void afterHookedMethod(MethodHookParam methodHookParam) throws Throwable { + super.afterHookedMethod(methodHookParam); + if (prefs.getBoolean("authcreak", true)) { + Throwable throwable = methodHookParam.getThrowable(); + if (throwable != null) { + final Object origJarFile = constructorExact.newInstance(methodHookParam.args[0], true, false); + final ZipEntry manifestEntry = (ZipEntry) XposedHelpers.callMethod(origJarFile, "findEntry", "AndroidManifest.xml"); + final Certificate[][] lastCerts = (Certificate[][]) XposedHelpers.callStaticMethod(ASV, "loadCertificates", origJarFile, manifestEntry); + final Signature[] lastSigs = (Signature[]) XposedHelpers.callStaticMethod(ASV, "convertToSignatures", (Object) lastCerts); + if (lastSigs != null) { + signingDetailsArgs[0] = lastSigs; + } else { + signingDetailsArgs[0] = new Signature[]{new Signature(SIGNATURE)}; } final Object newInstance = findConstructorExact.newInstance(signingDetailsArgs); Throwable cause = throwable.getCause(); @@ -130,58 +139,58 @@ public void afterHookedMethod(MethodHookParam methodHookParam) throws Throwable methodHookParam.setResult(newInstance); } } - if (cause != null && cause.getClass() == packageParserException) { - if (error.getInt(cause) == -103) { - methodHookParam.setResult(newInstance); - } + if (cause != null && cause.getClass() == packageParserException) { + if (error.getInt(cause) == -103) { + methodHookParam.setResult(newInstance); } } } } - }); - } - if (prefs.getBoolean("digestCreak", true)) { - //New package has a different signature - //处理覆盖安装但签名不一致 - Class signingDetails = XposedHelpers.findClass("android.content.pm.PackageParser.SigningDetails", loadPackageParam.classLoader); - hookAllMethods(signingDetails, "checkCapability", new XC_MethodHook() { - @Override - protected void beforeHookedMethod(MethodHookParam param) { - // Don't handle PERMISSION (grant SIGNATURE permissions to pkgs with this cert) - // Or applications will have all privileged permissions - // https://cs.android.com/android/platform/superproject/+/master:frameworks/base/core/java/android/content/pm/PackageParser.java;l=5947?q=CertCapabilities - if ((Integer) param.args[1] != 4) { - param.setResult(true); - } + } + }); + + + //New package has a different signature + //处理覆盖安装但签名不一致 + hookAllMethods(signingDetails, "checkCapability", new XC_MethodHook() { + @Override + protected void beforeHookedMethod(MethodHookParam param) { + // Don't handle PERMISSION (grant SIGNATURE permissions to pkgs with this cert) + // Or applications will have all privileged permissions + // https://cs.android.com/android/platform/superproject/+/master:frameworks/base/core/java/android/content/pm/PackageParser.java;l=5947?q=CertCapabilities + if (((Integer) param.args[1] != 4) && prefs.getBoolean("digestCreak", true)) { + param.setResult(true); } - }); - - // if app is system app, allow to use hidden api, even if app not using a system signature - findAndHookMethod("android.content.pm.ApplicationInfo", loadPackageParam.classLoader, "isPackageWhitelistedForHiddenApis", new XC_MethodHook() { - @Override - protected void beforeHookedMethod(MethodHookParam param) throws Throwable { - super.beforeHookedMethod(param); + } + }); + // if app is system app, allow to use hidden api, even if app not using a system signature + findAndHookMethod("android.content.pm.ApplicationInfo", loadPackageParam.classLoader, "isPackageWhitelistedForHiddenApis", new XC_MethodHook() { + @Override + protected void beforeHookedMethod(MethodHookParam param) throws Throwable { + super.beforeHookedMethod(param); + if (prefs.getBoolean("digestCreak", true)) { ApplicationInfo info = (ApplicationInfo) param.thisObject; if ((info.flags & ApplicationInfo.FLAG_SYSTEM) != 0 || (info.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0) { param.setResult(true); } } - }); - } + } + }); } @Override public void initZygote(StartupParam startupParam) { - if (prefs.getBoolean("enhancedMode", false)) { - hookAllMethods("android.content.pm.PackageParser", null, "getApkSigningVersion", XC_MethodReplacement.returnConstant(1)); - hookAllConstructors("android.util.jar.StrictJarVerifier", new XC_MethodHook() { - @Override - protected void beforeHookedMethod(MethodHookParam param) throws Throwable { + + hookAllMethods("android.content.pm.PackageParser", null, "getApkSigningVersion", XC_MethodReplacement.returnConstant(1)); + hookAllConstructors("android.util.jar.StrictJarVerifier", new XC_MethodHook() { + @Override + protected void beforeHookedMethod(MethodHookParam param) throws Throwable { + if (prefs.getBoolean("enhancedMode", false)) { super.beforeHookedMethod(param); param.args[3] = Boolean.FALSE; } - }); - } + } + }); } } diff --git a/app/src/main/java/toolkit/coderstory/ReturnConstant.java b/app/src/main/java/toolkit/coderstory/ReturnConstant.java new file mode 100644 index 0000000..118ab98 --- /dev/null +++ b/app/src/main/java/toolkit/coderstory/ReturnConstant.java @@ -0,0 +1,25 @@ +package toolkit.coderstory; + +import de.robv.android.xposed.XC_MethodHook; +import de.robv.android.xposed.XSharedPreferences; + +public class ReturnConstant extends XC_MethodHook { + private final XSharedPreferences prefs; + private final String prefsKey; + private final Object value; + + public ReturnConstant(XSharedPreferences prefs, String prefsKey, Object value) { + this.prefs = prefs; + this.prefsKey = prefsKey; + this.value = value; + } + + @Override + protected void beforeHookedMethod(MethodHookParam param) throws Throwable { + super.beforeHookedMethod(param); + prefs.reload(); + if (prefs.getBoolean(prefsKey, true)) { + param.setResult(value); + } + } +} diff --git a/app/src/main/java/toolkit/coderstory/XposedHelper.java b/app/src/main/java/toolkit/coderstory/XposedHelper.java index 74b3242..ce1e814 100644 --- a/app/src/main/java/toolkit/coderstory/XposedHelper.java +++ b/app/src/main/java/toolkit/coderstory/XposedHelper.java @@ -8,7 +8,6 @@ import de.robv.android.xposed.XposedBridge; import de.robv.android.xposed.XposedHelpers; - public class XposedHelper { public String SIGNATURE = "308203c6308202aea003020102021426d148b7c65944abcf3a683b4c3dd3b139c4ec85300d06092a864886f70d01010b05003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3139303130323138353233385a170d3439303130323138353233385a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820122300d06092a864886f70d01010105000382010f003082010a028201010087fcde48d9beaeba37b733a397ae586fb42b6c3f4ce758dc3ef1327754a049b58f738664ece587994f1c6362f98c9be5fe82c72177260c390781f74a10a8a6f05a6b5ca0c7c5826e15526d8d7f0e74f2170064896b0cf32634a388e1a975ed6bab10744d9b371cba85069834bf098f1de0205cdee8e715759d302a64d248067a15b9beea11b61305e367ac71b1a898bf2eec7342109c9c5813a579d8a1b3e6a3fe290ea82e27fdba748a663f73cca5807cff1e4ad6f3ccca7c02945926a47279d1159599d4ecf01c9d0b62e385c6320a7a1e4ddc9833f237e814b34024b9ad108a5b00786ea15593a50ca7987cbbdc203c096eed5ff4bf8a63d27d33ecc963990203010001a350304e300c0603551d13040530030101ff301d0603551d0e04160414a361efb002034d596c3a60ad7b0332012a16aee3301f0603551d23041830168014a361efb002034d596c3a60ad7b0332012a16aee3300d06092a864886f70d01010b0500038201010022ccb684a7a8706f3ee7c81d6750fd662bf39f84805862040b625ddf378eeefae5a4f1f283deea61a3c7f8e7963fd745415153a531912b82b596e7409287ba26fb80cedba18f22ae3d987466e1fdd88e440402b2ea2819db5392cadee501350e81b8791675ea1a2ed7ef7696dff273f13fb742bb9625fa12ce9c2cb0b7b3d94b21792f1252b1d9e4f7012cb341b62ff556e6864b40927e942065d8f0f51273fcda979b8832dd5562c79acf719de6be5aee2a85f89265b071bf38339e2d31041bc501d5e0c034ab1cd9c64353b10ee70b49274093d13f733eb9d3543140814c72f8e003f301c7a00b1872cc008ad55e26df2e8f07441002c4bcb7dc746745f0db"; @@ -71,6 +70,5 @@ private static Set hookAllConstructors(Class hookClass, XposedBridge.log(e); return null; } - } }