these-android-re/android_of_theseus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

compare string descr instead of type

Browse source
This commit is contained in:
Jean-Marie 'Histausse' Mineau 2025-03-24 18:14:46 +01:00
parent aa78127087
commit 982f32caf3
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
3 changed files with 107 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

3
patcher/src/dex_types.rs
View file

@ -42,6 +42,9 @@ pub(crate) static CNSTR_GET_DEC_CLS: LazyLock<IdMethod> = LazyLock::new(|| {
IdMethod::from_smali("Ljava/lang/reflect/Constructor;->getDeclaringClass()Ljava/lang/Class;") IdMethod::from_smali("Ljava/lang/reflect/Constructor;->getDeclaringClass()Ljava/lang/Class;")
.unwrap() .unwrap()
}); });
pub(crate) static CLT_GET_DESCR_STRING: LazyLock<IdMethod> = LazyLock::new(|| {
IdMethod::from_smali("Ljava/lang/Class;->descriptorString()Ljava/lang/String;").unwrap()
});
pub(crate) static OBJ_TO_SCAL_BOOL: LazyLock<IdMethod> = pub(crate) static OBJ_TO_SCAL_BOOL: LazyLock<IdMethod> =
LazyLock::new(|| IdMethod::from_smali("Ljava/lang/Boolean;->booleanValue()Z").unwrap()); LazyLock::new(|| IdMethod::from_smali("Ljava/lang/Boolean;->booleanValue()Z").unwrap());
pub(crate) static OBJ_TO_SCAL_BYTE: LazyLock<IdMethod> = pub(crate) static OBJ_TO_SCAL_BYTE: LazyLock<IdMethod> =

112
patcher/src/reflection_patcher.rs
View file

@ -344,11 +344,34 @@ fn gen_tester_method(
reg: reg_arr_idx, // wrong name, but available for tmp val reg: reg_arr_idx, // wrong name, but available for tmp val
lit: param, lit: param,
}); });
insns.push(Instruction::IfNe { insns.push(Instruction::InvokeVirtual {
method: CLT_GET_DESCR_STRING.clone(),
args: vec![reg_arr_idx as u16],
});
insns.push(Instruction::MoveResultObject { to: reg_arr_idx });
insns.push(Instruction::InvokeVirtual {
method: CLT_GET_DESCR_STRING.clone(),
args: vec![reg_arr_val as u16],
});
insns.push(Instruction::MoveResultObject { to: reg_arr_val });
insns.push(Instruction::InvokeVirtual {
method: STR_EQ.clone(),
args: vec![reg_arr_idx as u16, reg_arr_val as u16],
});
insns.push(Instruction::MoveResult {
to: reg_arr_idx, // wrong name, but available for tmp val
});
insns.push(Instruction::IfEqZ {
a: reg_arr_idx, a: reg_arr_idx,
b: reg_arr_val,
label: no_label.clone(), label: no_label.clone(),
}) });
// Comparing Type does not work when different types share the same name (eg type from
// another class loader)
//insns.push(Instruction::IfNe {
// a: reg_arr_idx,
// b: reg_arr_val,
// label: no_label.clone(),
//})
} }
if !is_constructor { if !is_constructor {
insns.append(&mut vec![ insns.append(&mut vec![
@ -388,11 +411,34 @@ fn gen_tester_method(
reg: reg_arr_val, // wrong name, but available for tmp val reg: reg_arr_val, // wrong name, but available for tmp val
lit: method_to_test.proto.get_return_type(), lit: method_to_test.proto.get_return_type(),
}, },
Instruction::IfNe { Instruction::InvokeVirtual {
method: CLT_GET_DESCR_STRING.clone(),
args: vec![reg_arr_idx as u16],
},
Instruction::MoveResultObject { to: reg_arr_idx },
Instruction::InvokeVirtual {
method: CLT_GET_DESCR_STRING.clone(),
args: vec![reg_arr_val as u16],
},
Instruction::MoveResultObject { to: reg_arr_val },
Instruction::InvokeVirtual {
method: STR_EQ.clone(),
args: vec![reg_arr_idx as u16, reg_arr_val as u16],
},
Instruction::MoveResult {
to: reg_arr_idx, // wrong name, but available for tmp val
},
Instruction::IfEqZ {
a: reg_arr_idx, a: reg_arr_idx,
b: reg_arr_val,
label: no_label.clone(), label: no_label.clone(),
}, },
// Comparing Type does not work when different types share the same name (eg type from
// another class loader)
//Instruction::IfNe {
// a: reg_arr_idx,
// b: reg_arr_val,
// label: no_label.clone(),
//},
// Check Declaring Type // Check Declaring Type
Instruction::InvokeVirtual { Instruction::InvokeVirtual {
method: MTH_GET_DEC_CLS.clone(), method: MTH_GET_DEC_CLS.clone(),
@ -415,11 +461,34 @@ fn gen_tester_method(
reg: reg_arr_val, // wrong name, but available for tmp val reg: reg_arr_val, // wrong name, but available for tmp val
lit: method_to_test.class_.clone(), lit: method_to_test.class_.clone(),
}, },
Instruction::IfNe { Instruction::InvokeVirtual {
method: CLT_GET_DESCR_STRING.clone(),
args: vec![reg_arr_idx as u16],
},
Instruction::MoveResultObject { to: reg_arr_idx },
Instruction::InvokeVirtual {
method: CLT_GET_DESCR_STRING.clone(),
args: vec![reg_arr_val as u16],
},
Instruction::MoveResultObject { to: reg_arr_val },
Instruction::InvokeVirtual {
method: STR_EQ.clone(),
args: vec![reg_arr_idx as u16, reg_arr_val as u16],
},
Instruction::MoveResult {
to: reg_arr_idx, // wrong name, but available for tmp val
},
Instruction::IfEqZ {
a: reg_arr_idx, a: reg_arr_idx,
b: reg_arr_val,
label: no_label.clone(), label: no_label.clone(),
}, },
// Comparing Type does not work when different types share the same name (eg type from
// another class loader)
//Instruction::IfNe {
// a: reg_arr_idx,
// b: reg_arr_val,
// label: no_label.clone(),
//},
Instruction::Const { Instruction::Const {
reg: reg_arr_val, reg: reg_arr_val,
lit: 1, lit: 1,
@ -869,11 +938,36 @@ fn get_class_new_inst_block(
reg: reg_inf.array_index, // wrong name, but available for tmp val reg: reg_inf.array_index, // wrong name, but available for tmp val
lit: ref_data.constructor.class_.clone(), lit: ref_data.constructor.class_.clone(),
}, },
Instruction::IfNe { Instruction::InvokeVirtual {
method: CLT_GET_DESCR_STRING.clone(),
args: vec![reg_inf.array_index as u16],
},
Instruction::MoveResultObject {
to: reg_inf.array_index,
},
Instruction::InvokeVirtual {
method: CLT_GET_DESCR_STRING.clone(),
args: vec![class_reg as u16],
},
Instruction::MoveResultObject { to: class_reg },
Instruction::InvokeVirtual {
method: STR_EQ.clone(),
args: vec![reg_inf.array_index as u16, class_reg as u16],
},
Instruction::MoveResult {
to: reg_inf.array_index, // wrong name, but available for tmp val
},
Instruction::IfEqZ {
a: reg_inf.array_index, a: reg_inf.array_index,
b: class_reg,
label: abort_label.clone(), label: abort_label.clone(),
}, },
// Comparing Type does not work when different types share the same name (eg type from
// another class loader)
//Instruction::IfNe {
// a: reg_inf.array_index,
// b: class_reg,
// label: abort_label.clone(),
//},
Instruction::NewInstance { Instruction::NewInstance {
reg: obj_reg, reg: obj_reg,
lit: ref_data.constructor.class_.clone(), lit: ref_data.constructor.class_.clone(),

1
test_apks/dynloading/java/classes/com/example/theseus/dynloading/MainActivity.java
View file

@ -195,6 +195,7 @@ public class MainActivity extends Activity {
Method mth = clz.getMethod("getColliderId"); Method mth = clz.getMethod("getColliderId");
String id = (String)mth.invoke(null); String id = (String)mth.invoke(null);
//Utils.popup(this, "Result", id); //Utils.popup(this, "Result", id);
Utils.popup(this, "TEST", clz.descriptorString());
String expectedId = "A"; String expectedId = "A";
if (id.equals(expectedId)) { if (id.equals(expectedId)) {
Utils.popup(this, "OK", "The right class was loaded: " + id); Utils.popup(this, "OK", "The right class was loaded: " + id);