POC

2025-01-31 14:21:06 +01:00 · 2025-01-31 14:21:06 +01:00 · c423a3f5cd
commit c423a3f5cd
parent 2e0794c3e3
5 changed files with 61 additions and 21 deletions
--- a/patcher/.gitignore
+++ b/patcher/.gitignore
@ -0,0 +1 @@
+target
--- a/patcher/Cargo.lock
+++ b/patcher/Cargo.lock
@ -38,9 +38,9 @@ version = "0.1.0"
 source = "git+ssh://git@git.mineau.eu/histausse/androscalpel.git#4b4ef6032dd3a9a756607b327b4224f18d2ce94f"
 dependencies = [
 "adler",
- "androscalpel_serializer",
+ "androscalpel_serializer 0.1.0 (git+ssh://git@git.mineau.eu/histausse/androscalpel.git)",
 "anyhow",
- "apk_frauder",
+ "apk_frauder 0.1.0 (git+ssh://git@git.mineau.eu/histausse/androscalpel.git)",
 "log",
 "rayon",
 "serde",
@ -48,15 +48,32 @@ dependencies = [
 "sha1",
 ]

+[[package]]
+name = "androscalpel_serializer"
+version = "0.1.0"
+dependencies = [
+ "androscalpel_serializer_derive 0.1.0",
+ "log",
+]
+
 [[package]]
 name = "androscalpel_serializer"
 version = "0.1.0"
 source = "git+ssh://git@git.mineau.eu/histausse/androscalpel.git#4b4ef6032dd3a9a756607b327b4224f18d2ce94f"
 dependencies = [
- "androscalpel_serializer_derive",
+ "androscalpel_serializer_derive 0.1.0 (git+ssh://git@git.mineau.eu/histausse/androscalpel.git)",
 "log",
 ]

+[[package]]
+name = "androscalpel_serializer_derive"
+version = "0.1.0"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "androscalpel_serializer_derive"
 version = "0.1.0"
@ -126,12 +143,22 @@ dependencies = [
 "backtrace",
 ]

+[[package]]
+name = "apk_frauder"
+version = "0.1.0"
+dependencies = [
+ "androscalpel_serializer 0.1.0",
+ "flate2",
+ "log",
+ "rand",
+]
+
 [[package]]
 name = "apk_frauder"
 version = "0.1.0"
 source = "git+ssh://git@git.mineau.eu/histausse/androscalpel.git#4b4ef6032dd3a9a756607b327b4224f18d2ce94f"
 dependencies = [
- "androscalpel_serializer",
+ "androscalpel_serializer 0.1.0 (git+ssh://git@git.mineau.eu/histausse/androscalpel.git)",
 "flate2",
 "log",
 "rand",
@ -260,9 +287,9 @@ checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990"

 [[package]]
 name = "cpufeatures"
-version = "0.2.16"
+version = "0.2.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "16b80225097f2e5ae4e7179dd2266824648f3e2f49d9134d584b76389d31c4c3"
+checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280"
 dependencies = [
 "libc",
 ]
@ -811,7 +838,7 @@ version = "0.1.0"
 dependencies = [
 "androscalpel",
 "anyhow",
- "apk_frauder",
+ "apk_frauder 0.1.0",
 "clap",
 "env_logger",
 "reqwest",
@ -1066,9 +1093,9 @@ checksum = "c7fb8039b3032c191086b10f11f319a6e99e1e82889c5cc6046f515c9db1d497"

 [[package]]
 name = "rustls"
-version = "0.23.21"
+version = "0.23.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8f287924602bf649d949c63dc8ac8b235fa5387d394020705b80c4eb597ce5b8"
+checksum = "9fb9263ab4eb695e42321db096e3b8fbd715a59b154d5c88d82db2175b681ba7"
 dependencies = [
 "once_cell",
 "ring",
@ -1115,9 +1142,9 @@ checksum = "f7c45b9784283f1b2e7fb61b42047c2fd678ef0960d4f6f1eba131594cc369d4"

 [[package]]
 name = "ryu"
-version = "1.0.18"
+version = "1.0.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f"
+checksum = "6ea1a2d0a644769cc99faa24c3ad26b379b786fe7c36fd3c546254801650e6dd"

 [[package]]
 name = "serde"
@ -1141,9 +1168,9 @@ dependencies = [

 [[package]]
 name = "serde_json"
-version = "1.0.137"
+version = "1.0.138"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "930cfb6e6abf99298aaad7d29abbef7a9999a9a8806a40088f55f0dcec03146b"
+checksum = "d434192e7da787e94a6ea7e9670b26a036d0ca41e0b7efb2676dd32bae872949"
 dependencies = [
 "itoa",
 "memchr",
@ -1390,9 +1417,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"

 [[package]]
 name = "unicode-ident"
-version = "1.0.15"
+version = "1.0.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "11cd88e12b17c6494200a9c1b683a04fcac9573ed74cd1b62aeb2727c5592243"
+checksum = "a210d160f08b701c8721ba1c726c11662f877ea6b7094007e1ca9a1041945034"

 [[package]]
 name = "untrusted"
@ -1543,9 +1570,9 @@ dependencies = [

 [[package]]
 name = "webpki-roots"
-version = "0.26.7"
+version = "0.26.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5d642ff16b7e79272ae451b7322067cdc17cadf68c23264be9d94a32319efe7e"
+checksum = "2210b291f7ea53617fbafcc4939f10914214ec15aace5ba62293a668f322c5c9"
 dependencies = [
 "rustls-pki-types",
 ]
--- a/patcher/Cargo.toml
+++ b/patcher/Cargo.toml
@ -7,7 +7,8 @@ edition = "2021"

 [dependencies]
 androscalpel = { git = "ssh://git@git.mineau.eu/histausse/androscalpel.git" }
-apk_frauder = { git = "ssh://git@git.mineau.eu/histausse/androscalpel.git" }
+#apk_frauder = { git = "ssh://git@git.mineau.eu/histausse/androscalpel.git" }
+apk_frauder = { path = "/home/histausse/workspace/dev/Project/androscalpel/apk_frauder" }
 anyhow = "1.0.95"
 clap = { version = "4.5.27", features = ["derive"] }
 env_logger = "0.11.6"
--- a/patcher/src/lib.rs
+++ b/patcher/src/lib.rs
@ -35,6 +35,8 @@ impl RegistersInfo {
 const INVOKE: &str =
    "Ljava/lang/reflect/Method;->invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;";

+// Interesting stuff: https://cs.android.com/android/platform/superproject/main/+/main:art/runtime/verifier/reg_type.h;drc=83db0626fad8c6e0508754fffcbbd58e539d14a5;l=94
+// https://cs.android.com/android/platform/superproject/main/+/main:art/runtime/verifier/method_verifier.cc;drc=83db0626fad8c6e0508754fffcbbd58e539d14a5;l=5328
 pub fn transform_method(meth: &mut Method, ref_data: &ReflectionData) -> Result<()> {
    let invoke = IdMethod::from_smali(INVOKE)?;
    // checking meth.annotations might be usefull at some point
@ -124,7 +126,7 @@ fn get_invoke_block(
        from: obj_inst,
        to: reg_inf.first_arg,
    });
-    for i in 0..nb_args {
+    for (i, param) in ref_data.method.proto.get_parameters().iter().enumerate() {
        insns.push(Instruction::Const {
            reg: reg_inf.array_index,
            lit: i as i32,
@ -134,6 +136,10 @@ fn get_invoke_block(
            arr: arg_arr as u8, // TODO
            idx: reg_inf.array_index,
        });
+        insns.push(Instruction::CheckCast {
+            reg: reg_inf.array_val,
+            lit: param.clone(),
+        });
        insns.push(Instruction::MoveObject {
            from: reg_inf.array_val as u16,
            to: reg_inf.first_arg + 1 + i as u16,
--- a/patcher/src/main.rs
+++ b/patcher/src/main.rs
@ -18,6 +18,10 @@ struct Cli {
    out: PathBuf,
    #[arg(short, long)]
    keystore: PathBuf,
+    #[arg(short, long)]
+    zipalign: Option<PathBuf>,
+    #[arg(short, long)]
+    apksigner: Option<PathBuf>,
 }

 fn main() {
@ -67,13 +71,14 @@ fn main() {
        }
        i += 1;
    }
+    // TODO: aapt would be a lot more stable
    apk_frauder::replace_dex(
        cli.apk.path.unwrap(),
        cli.out,
        &mut dex_files,
        cli.keystore,
-        None::<PathBuf>,
-        None::<PathBuf>,
+        cli.zipalign,
+        cli.apksigner,
        None::<HashMap<_, Option<Cursor<&[u8]>>>>,
    );
 }