these-android-re/android_of_theseus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix move result and arg len

Browse source
This commit is contained in:
Jean-Marie Mineau 2025-02-03 17:04:22 +01:00
parent 3996bf1b2e
commit 6b15bbf748
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
6 changed files with 62 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

0
patcher/.cargo/config → patcher/.cargo/config.toml
View file

47
patcher/Cargo.lock generated
View file

@ -1,6 +1,6 @@
# This file is automatically @generated by Cargo. # This file is automatically @generated by Cargo.
# It is not intended for manual editing. # It is not intended for manual editing.
version = 3 version = 4
[[package]] [[package]]
name = "addr2line" name = "addr2line"
@ -35,12 +35,12 @@ dependencies = [
[[package]] [[package]]
name = "androscalpel" name = "androscalpel"
version = "0.1.0" version = "0.1.0"
source = "git+ssh://git@git.mineau.eu/histausse/androscalpel.git#4b4ef6032dd3a9a756607b327b4224f18d2ce94f" source = "git+ssh://git@git.mineau.eu/histausse/androscalpel.git?rev=095ce2ce9340a7050aceb11ba626a1a9a966436a#095ce2ce9340a7050aceb11ba626a1a9a966436a"
dependencies = [ dependencies = [
"adler", "adler",
"androscalpel_serializer 0.1.0 (git+ssh://git@git.mineau.eu/histausse/androscalpel.git)", "androscalpel_serializer",
"anyhow", "anyhow",
"apk_frauder 0.1.0 (git+ssh://git@git.mineau.eu/histausse/androscalpel.git)", "apk_frauder",
"log", "log",
"rayon", "rayon",
"serde", "serde",
@ -51,33 +51,16 @@ dependencies = [
[[package]] [[package]]
name = "androscalpel_serializer" name = "androscalpel_serializer"
version = "0.1.0" version = "0.1.0"
source = "git+ssh://git@git.mineau.eu/histausse/androscalpel.git?rev=095ce2ce9340a7050aceb11ba626a1a9a966436a#095ce2ce9340a7050aceb11ba626a1a9a966436a"
dependencies = [ dependencies = [
"androscalpel_serializer_derive 0.1.0", "androscalpel_serializer_derive",
"log",
]
[[package]]
name = "androscalpel_serializer"
version = "0.1.0"
source = "git+ssh://git@git.mineau.eu/histausse/androscalpel.git#4b4ef6032dd3a9a756607b327b4224f18d2ce94f"
dependencies = [
"androscalpel_serializer_derive 0.1.0 (git+ssh://git@git.mineau.eu/histausse/androscalpel.git)",
"log", "log",
] ]
[[package]] [[package]]
name = "androscalpel_serializer_derive" name = "androscalpel_serializer_derive"
version = "0.1.0" version = "0.1.0"
dependencies = [ source = "git+ssh://git@git.mineau.eu/histausse/androscalpel.git?rev=095ce2ce9340a7050aceb11ba626a1a9a966436a#095ce2ce9340a7050aceb11ba626a1a9a966436a"
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "androscalpel_serializer_derive"
version = "0.1.0"
source = "git+ssh://git@git.mineau.eu/histausse/androscalpel.git#4b4ef6032dd3a9a756607b327b4224f18d2ce94f"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
@ -146,19 +129,9 @@ dependencies = [
[[package]] [[package]]
name = "apk_frauder" name = "apk_frauder"
version = "0.1.0" version = "0.1.0"
source = "git+ssh://git@git.mineau.eu/histausse/androscalpel.git?rev=095ce2ce9340a7050aceb11ba626a1a9a966436a#095ce2ce9340a7050aceb11ba626a1a9a966436a"
dependencies = [ dependencies = [
"androscalpel_serializer 0.1.0", "androscalpel_serializer",
"flate2",
"log",
"rand",
]
[[package]]
name = "apk_frauder"
version = "0.1.0"
source = "git+ssh://git@git.mineau.eu/histausse/androscalpel.git#4b4ef6032dd3a9a756607b327b4224f18d2ce94f"
dependencies = [
"androscalpel_serializer 0.1.0 (git+ssh://git@git.mineau.eu/histausse/androscalpel.git)",
"flate2", "flate2",
"log", "log",
"rand", "rand",
@ -838,7 +811,7 @@ version = "0.1.0"
dependencies = [ dependencies = [
"androscalpel", "androscalpel",
"anyhow", "anyhow",
"apk_frauder 0.1.0", "apk_frauder",
"clap", "clap",
"env_logger", "env_logger",
"reqwest", "reqwest",

5
patcher/Cargo.toml
View file

@ -6,9 +6,8 @@ edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies] [dependencies]
androscalpel = { git = "ssh://git@git.mineau.eu/histausse/androscalpel.git" } androscalpel = { git = "ssh://git@git.mineau.eu/histausse/androscalpel.git", rev = "095ce2ce9340a7050aceb11ba626a1a9a966436a" }
#apk_frauder = { git = "ssh://git@git.mineau.eu/histausse/androscalpel.git" } apk_frauder = { git = "ssh://git@git.mineau.eu/histausse/androscalpel.git", rev = "095ce2ce9340a7050aceb11ba626a1a9a966436a"}
apk_frauder = { path = "/home/histausse/workspace/dev/Project/androscalpel/apk_frauder" }
anyhow = "1.0.95" anyhow = "1.0.95"
clap = { version = "4.5.27", features = ["derive"] } clap = { version = "4.5.27", features = ["derive"] }
env_logger = "0.11.6" env_logger = "0.11.6"

4
patcher/src/get_apk.rs
View file

@ -1,6 +1,6 @@
use androscalpel::Apk; use androscalpel::Apk;
use clap::Args; use clap::Args;
use std::fs::read_to_string; use std::fs::{read_to_string, File};
use std::path::PathBuf; use std::path::PathBuf;
use std::time::Duration; use std::time::Duration;
@ -83,7 +83,7 @@ pub fn get_apk(location: &ApkLocation) -> Apk {
} }
ApkLocation { ApkLocation {
path: Some(path), .. path: Some(path), ..
} => Apk::load_apk(path.into(), false, false).unwrap(), } => Apk::load_apk(File::open(path).unwrap(), |_, _, _| None, false).unwrap(),
_ => panic!("Don't know what to do with:\n{:#?}", location), _ => panic!("Don't know what to do with:\n{:#?}", location),
} }
} }

46
patcher/src/lib.rs
View file

@ -1,4 +1,4 @@
use androscalpel::{IdMethod, IdType, Instruction, Method}; use androscalpel::{IdMethod, Instruction, Method};
use anyhow::{bail, Context, Result}; use anyhow::{bail, Context, Result};
use std::sync::LazyLock; use std::sync::LazyLock;
@ -83,19 +83,34 @@ pub fn transform_method(meth: &mut Method, ref_data: &ReflectionData) -> Result<
nb_arg_reg: 0, nb_arg_reg: 0,
}; };
let mut new_insns = vec![]; let mut new_insns = vec![];
for ins in &code.insns { let mut iter = code.insns.iter().peekable();
while let Some(ins) = iter.next() {
match ins { match ins {
Instruction::InvokeVirtual { method, args } if method == &*MTH_INVOKE => { Instruction::InvokeVirtual { method, args } if method == &*MTH_INVOKE => {
// TODO move ret ? let move_ret = match iter.peek() {
Some(Instruction::MoveResult { .. })
| Some(Instruction::MoveResultWide { .. })
| Some(Instruction::MoveResultObject { .. }) => iter.next().cloned(),
_ => None,
};
// TODO: rever from get_invoke_block failure // TODO: rever from get_invoke_block failure
let label: String = "TODO_NAME_THIS".into(); let label: String = "TODO_NAME_THIS".into();
for ins in get_invoke_block(ref_data, args.as_slice(), &mut register_info, &label)? for ins in get_invoke_block(
.into_iter() ref_data,
args.as_slice(),
&mut register_info,
&label,
move_ret.clone(),
)?
.into_iter()
{ {
println!(" \x1b[92m{}\x1b[0m", ins.__str__()); println!(" \x1b[92m{}\x1b[0m", ins.__str__());
new_insns.push(ins); new_insns.push(ins);
} }
new_insns.push(ins.clone()); new_insns.push(ins.clone());
if let Some(move_ret) = move_ret {
new_insns.push(move_ret);
}
println!(" \x1b[91m{}\x1b[0m", ins.__str__()); println!(" \x1b[91m{}\x1b[0m", ins.__str__());
let lab = Instruction::Label { let lab = Instruction::Label {
name: format!("{label}_END"), name: format!("{label}_END"),
@ -134,6 +149,7 @@ fn get_invoke_block(
invoke_arg: &[u16], invoke_arg: &[u16],
reg_inf: &mut RegistersInfo, reg_inf: &mut RegistersInfo,
label: &str, label: &str,
move_result: Option<Instruction>,
) -> Result<Vec<Instruction>> { ) -> Result<Vec<Instruction>> {
let (method_obj, obj_inst, arg_arr) = if let &[a, b, c] = invoke_arg { let (method_obj, obj_inst, arg_arr) = if let &[a, b, c] = invoke_arg {
(a, b, c) (a, b, c)
@ -216,9 +232,22 @@ fn get_invoke_block(
method: MTH_GET_PARAMS_TY.clone(), method: MTH_GET_PARAMS_TY.clone(),
args: vec![method_obj], args: vec![method_obj],
}); });
insns.push(Instruction::MoveResultObject { insns.push(Instruction::MoveResultObject { to: reg_inf.array });
to: reg_inf.array, // wrong name, but available for tmp val // First check the number of args
insns.push(Instruction::ArrayLength {
dest: reg_inf.array_index,
arr: reg_inf.array,
}); });
insns.push(Instruction::Const {
reg: reg_inf.array_val,
lit: ref_data.method.proto.get_parameters().len() as i32,
});
insns.push(Instruction::IfNe {
a: reg_inf.array_index,
b: reg_inf.array_val,
label: format!("{label}_END_OF_CALL_1"), // TODO: rename 1
});
// then the type of each arg
for (i, param) in ref_data for (i, param) in ref_data
.method .method
.proto .proto
@ -274,6 +303,9 @@ fn get_invoke_block(
method: ref_data.method.clone(), method: ref_data.method.clone(),
args: (reg_inf.first_arg..reg_inf.first_arg + 1 + nb_args as u16).collect(), args: (reg_inf.first_arg..reg_inf.first_arg + 1 + nb_args as u16).collect(),
}); });
if let Some(move_result) = move_result {
insns.push(move_result);
}
insns.push(Instruction::Goto { insns.push(Instruction::Goto {
label: format!("{label}_END"), label: format!("{label}_END"),
}); });

10
test_apks/tests/java/classes/com/example/theseus/tests/MainActivity.java
View file

@ -50,6 +50,7 @@ public class MainActivity extends Activity {
ClassLoader cl = MainActivity.class.getClassLoader(); ClassLoader cl = MainActivity.class.getClassLoader();
Class clz = cl.loadClass("com.example.theseus.tests.Reflectee"); Class clz = cl.loadClass("com.example.theseus.tests.Reflectee");
Method mth = clz.getMethod("transfer", String.class); Method mth = clz.getMethod("transfer", String.class);
/*
String name = mth.getName(); String name = mth.getName();
Class[] params = mth.getParameterTypes(); Class[] params = mth.getParameterTypes();
Class ret = mth.getReturnType(); Class ret = mth.getReturnType();
@ -60,7 +61,14 @@ public class MainActivity extends Activity {
Log.e("[TEST]", ret.toString()); Log.e("[TEST]", ret.toString());
Log.e("[TEST]", dec.toString()); Log.e("[TEST]", dec.toString());
Log.e("[TEST]", "---------------------------------"); Log.e("[TEST]", "---------------------------------");
if (name.equals("transfer") && Arrays.equals(params, new Class[] {String.class}) && ret == String.class && dec == Reflectee.class) { */
Class[] params = mth.getParameterTypes();
if (
mth.getName().equals("transfer") &&
ret == String.class &&
dec == Reflectee.class &&
params.length == 1 &&
params[0] == String.class {
Log.e("[TEST]", "OK"); Log.e("[TEST]", "OK");
} }
String newData = (String) mth.invoke(r, data); String newData = (String) mth.invoke(r, data);