these-android-re/android_of_theseus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

read reflection data from json

Browse source
This commit is contained in:
Jean-Marie 'Histausse' Mineau 2025-02-06 16:59:07 +01:00
parent c11101b46a
commit 0b92b87bbe
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
6 changed files with 124 additions and 143 deletions
Download patch file Download diff file Expand all files Collapse all files

2
patcher/Cargo.lock generated
View file

@ -815,6 +815,8 @@ dependencies = [
"clap",
"env_logger",
"reqwest",
"serde",
"serde_json",
]
[[package]]

2
patcher/Cargo.toml
View file

@ -12,3 +12,5 @@ anyhow = "1.0.95"
clap = { version = "4.5.27", features = ["derive"] }
env_logger = "0.11.6"
reqwest = { version = "0.12.12", default-features = false, features = ["blocking", "rustls-tls"] }
serde = "1.0.217"
serde_json = "1.0.138"

97
patcher/src/get_apk.rs
View file

@ -1,97 +0,0 @@
use androscalpel::Apk;
use clap::Args;
use std::fs::{read_to_string, File};
use std::io::Cursor;
use std::path::PathBuf;
use std::time::Duration;
use crate::labeling;
#[derive(Clone, Args, Debug)]
pub struct ApkLocation {
#[arg(short, long, conflicts_with = "sha256")]
pub path: Option<PathBuf>,
#[arg(long, conflicts_with = "path", requires = "androzoo_key")]
pub sha256: Option<String>,
#[command(flatten)]
pub androzoo_key: Option<AndrozooKey>,
}
impl ApkLocation {
pub fn get_id(&self) -> String {
match self {
ApkLocation {
path: Some(path), ..
} => path.as_path().file_name().unwrap().to_str().unwrap().into(),
ApkLocation {
sha256: Some(sha256),
..
} => sha256.clone(),
_ => panic!("Invalid ApkLocation"),
}
}
}
#[derive(Clone, Args, Debug)]
pub struct AndrozooKey {
#[arg(long, group = "androzoo_key", conflicts_with = "api_key")]
api_key_path: Option<PathBuf>,
#[arg(long, group = "androzoo_key", conflicts_with = "api_key_path")]
api_key: Option<String>,
}
impl AndrozooKey {
fn get_key(&self) -> String {
match self {
AndrozooKey {
api_key_path: Some(path),
..
} => read_to_string(path)
.expect("Failed to read key from file")
.trim()
.to_string(),
AndrozooKey {
api_key: Some(key), ..
} => key.trim().to_string(),
_ => panic!("No key here"),
}
}
}
pub fn get_apk(location: &ApkLocation) -> Apk {
match location {
ApkLocation {
androzoo_key: Some(key),
sha256: Some(sha256),
..
} => {
let key = key.get_key();
let url = reqwest::Url::parse_with_params(
"https://androzoo.uni.lu/api/download",
&[("apikey", key), ("sha256", sha256.clone())],
)
.expect("Failed to parse url");
let res = reqwest::blocking::Client::builder()
.timeout(Duration::from_secs(300))
.build()
.expect("Failed to build client")
.get(url)
.send()
.expect("Failed to download apk");
match res.status() {
reqwest::StatusCode::OK => (),
s => panic!("Failed to download apk: {:?}", s),
}
Apk::load_apk(
&mut Cursor::new(res.bytes().expect("Failed to get APK bytes")),
labeling,
false,
)
.unwrap()
}
ApkLocation {
path: Some(path), ..
} => Apk::load_apk(File::open(path).unwrap(), labeling, false).unwrap(),
_ => panic!("Don't know what to do with:\n{:#?}", location),
}
}

12
patcher/src/lib.rs
View file

@ -4,14 +4,14 @@ use anyhow::{bail, Context, Result};
use std::collections::{HashMap, HashSet};
use std::sync::LazyLock;
pub mod get_apk;
use serde::{Deserialize, Serialize};
// TODO:
// Check what
// https://cs.android.com/android/platform/superproject/main/+/main:art/runtime/reflection.cc;drc=83db0626fad8c6e0508754fffcbbd58e539d14a5;l=698
// does.
#[derive(Clone, PartialEq, Debug)]
#[derive(Clone, PartialEq, Debug, Deserialize, Serialize)]
pub struct ReflectionData {
pub invoke_data: Vec<ReflectionInvokeData>,
pub class_new_inst_data: Vec<ReflectionClassNewInstData>,
@ -95,7 +95,7 @@ impl ReflectionData {
/// Structure storing the runtime information of a reflection call using
/// `java.lang.reflect.Method.invoke()`.
#[derive(Clone, PartialEq, Debug)]
#[derive(Clone, PartialEq, Debug, Deserialize, Serialize)]
pub struct ReflectionInvokeData {
/// The method called by `java.lang.reflect.Method.invoke()`
pub method: IdMethod,
@ -109,7 +109,7 @@ pub struct ReflectionInvokeData {
/// Structure storing the runtime information of a reflection instanciation using
/// `java.lang.Class.newInstance()`.
#[derive(Clone, PartialEq, Debug)]
#[derive(Clone, PartialEq, Debug, Deserialize, Serialize)]
pub struct ReflectionClassNewInstData {
/// The constructor called by `java.lang.Class.newInstance()`
pub constructor: IdMethod,
@ -121,7 +121,7 @@ pub struct ReflectionClassNewInstData {
/// Structure storing the runtime information of a reflection instanciation using
/// `java.lang.reflect.Constructor.newInstance()`.
#[derive(Clone, PartialEq, Debug)]
#[derive(Clone, PartialEq, Debug, Deserialize, Serialize)]
pub struct ReflectionCnstrNewInstData {
/// The constructor calleb by `java.lang.reflect.Constructor.newInstance()`
pub constructor: IdMethod,
@ -191,7 +191,7 @@ static CNSTR_GET_DEC_CLS: LazyLock<IdMethod> = LazyLock::new(|| {
});
/// Function passed to [`androscalpel::Apk::load_apk`] to label the instructions of interest.
fn labeling(_mth: &IdMethod, ins: &Instruction, addr: usize) -> Option<String> {
pub fn labeling(_mth: &IdMethod, ins: &Instruction, addr: usize) -> Option<String> {
match ins {
Instruction::InvokeVirtual { method, .. }
if method == &*MTH_INVOKE

41
patcher/src/main.rs
View file

@ -1,13 +1,14 @@
use std::collections::HashMap;
use std::io::Cursor;
use std::fs::File;
use std::io::{Cursor, Read};
use std::path::PathBuf;
use androscalpel::IdMethod;
use androscalpel::Apk;
use patcher::get_apk::{get_apk, ApkLocation};
use patcher::{
transform_method, ReflectionClassNewInstData, ReflectionCnstrNewInstData, ReflectionData,
ReflectionInvokeData,
labeling,
transform_method,
ReflectionData, // ReflectionInvokeData, ReflectionClassNewInstData, ReflectionCnstrNewInstData,
};
use clap::Parser;
@ -15,8 +16,6 @@ use clap::Parser;
#[derive(Parser, Debug)]
#[command(version, about, long_about = None, arg_required_else_help = true)]
struct Cli {
#[clap(flatten)]
apk: ApkLocation,
#[arg(short, long)]
out: PathBuf,
#[arg(short, long)]
@ -25,13 +24,24 @@ struct Cli {
zipalign: Option<PathBuf>,
#[arg(short, long)]
apksigner: Option<PathBuf>,
#[arg(short, long)]
path: PathBuf,
#[arg(short, long)]
reflection_data: PathBuf,
}
fn main() {
env_logger::init();
let cli = Cli::parse();
let mut apk = get_apk(&cli.apk);
let mut apk = Apk::load_apk(File::open(&cli.path).unwrap(), labeling, false).unwrap();
//println!("{:#?}", apk.list_classes());
let mut json = String::new();
File::open(&cli.reflection_data)
.unwrap()
.read_to_string(&mut json)
.unwrap();
let reflection_data: ReflectionData = serde_json::from_str(&json).unwrap();
/*
let reflection_data = ReflectionData {
invoke_data: vec![
ReflectionInvokeData {
@ -102,12 +112,15 @@ fn main() {
addr: 0x22,
}],
};
println!("{}", serde_json::to_string(&reflection_data).unwrap());
*/
for method in reflection_data.get_method_referenced().iter() {
let class = apk.get_class_mut(&method.class_).unwrap();
//println!("{:#?}", class.direct_methods.keys());
//println!("{:#?}", class.virtual_methods.keys());
let method = class.virtual_methods.get_mut(method).unwrap();
transform_method(method, &reflection_data).unwrap();
if let Some(class) = apk.get_class_mut(&method.class_) {
//println!("{:#?}", class.direct_methods.keys());
//println!("{:#?}", class.virtual_methods.keys());
let method = class.virtual_methods.get_mut(method).unwrap();
transform_method(method, &reflection_data).unwrap();
}
}
let mut dex_files = vec![];
let mut files = apk.gen_raw_dex().unwrap();
@ -127,7 +140,7 @@ fn main() {
}
// TODO: aapt would be a lot more stable
apk_frauder::replace_dex(
cli.apk.path.unwrap(),
cli.path,
cli.out,
&mut dex_files,
cli.keystore,