You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
106 lines
3.1 KiB
106 lines
3.1 KiB
#include "bypass.h"
|
|
|
|
namespace ligma
|
|
{
|
|
namespace bypass
|
|
{
|
|
void init(const std::function<bool(std::uintptr_t, void*)>& callback)
|
|
{
|
|
ligma::utils::on_image_load("libil2cpp.so", callback);
|
|
ligma::utils::on_image_load("libxlua.so",
|
|
[&](std::uintptr_t module_base, void* module_handle) -> bool
|
|
{
|
|
LOGI("libxlua.so base -> %p, module_handle -> %p", module_base, module_handle);
|
|
ligma::hook::make_hook(dlsym(module_handle, "luaL_loadbufferx"), &load_bufferx_hook);
|
|
LOGI("installed libxlua.so hooks!");
|
|
return false;
|
|
}
|
|
);
|
|
|
|
ligma::utils::on_image_load("libtersafe.so",
|
|
[&](std::uintptr_t module_base, void* module_handle) -> bool
|
|
{
|
|
LOGI("libtersafe.so -> %p, module_handle -> %p", module_base, module_handle);
|
|
mprotect(PAGE_START(module_base + 0x0325B84), getpagesize(), PROT_READ | PROT_WRITE);
|
|
*reinterpret_cast<decltype(&std::strcat)*>(module_base + 0x0325B84) = &strcat_hook;
|
|
return false;
|
|
}
|
|
);
|
|
fopen_ptr = dlsym(dlopen("libc.so", RTLD_NOLOAD), "fopen");
|
|
system_prop_get = dlsym(dlopen("libc.so", RTLD_NOLOAD), "__system_property_get");
|
|
|
|
ligma::hook::make_hook(fopen_ptr, &fopen_hook);
|
|
ligma::hook::make_hook(system_prop_get, &system_property_hook);
|
|
}
|
|
|
|
__attribute__((noinline))
|
|
char* strcat_hook(char* destination, const char* source)
|
|
{
|
|
if (!destination || !source)
|
|
return NULL;
|
|
|
|
if (!strncmp(destination, "retval=1", strlen("retval=1")))
|
|
{
|
|
destination[strlen("retval=1") - 1] = '0';
|
|
memset(destination + strlen("retval=1"), NULL, strlen("|emulator_name="));
|
|
LOGI("destination string after -> %s", destination);
|
|
return destination;
|
|
}
|
|
return std::strcat(destination, source);
|
|
}
|
|
|
|
//
|
|
// dont let a single lua script load!
|
|
//
|
|
__attribute__((noinline))
|
|
int load_bufferx_hook(void* L, const char* buff, size_t sz, const char* name, const char* mode)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
//
|
|
// the first module loaded by default is libtprt.so, it opens base.apk and checks its MD5.
|
|
// we make it open the original apk :)
|
|
//
|
|
__attribute__((noinline))
|
|
FILE* fopen_hook(const char* path, const char* mode)
|
|
{
|
|
if (std::strstr(path, ".apk")) // support older versions of android.
|
|
path = "/data/app/base_orig.apk";
|
|
|
|
// no need to be opening my .so :)
|
|
if (std::strstr(path, "libligma.so"))
|
|
return nullptr;
|
|
|
|
fopen_mutex.lock();
|
|
ligma::hook::disable(fopen_ptr);
|
|
const auto result = fopen(path, mode);
|
|
ligma::hook::enable(fopen_ptr);
|
|
fopen_mutex.unlock();
|
|
return result;
|
|
}
|
|
|
|
//
|
|
// spoof all hwids to "what do you call nuts on your chin? a dick down your throat you fucking retard!"
|
|
//
|
|
__attribute__((noinline))
|
|
int system_property_hook(const char* name, char* value)
|
|
{
|
|
system_prop_mutex.lock();
|
|
ligma::hook::disable(system_prop_get);
|
|
__system_property_get(name, value);
|
|
ligma::hook::enable(system_prop_get);
|
|
system_prop_mutex.unlock();
|
|
|
|
//
|
|
// few things we dont spoof...
|
|
//
|
|
if (!strcmp(name, "persist.sys.timezone") &&
|
|
!strcmp(name, "ro.build.version.sdk"))
|
|
value = HWID_VALUE;
|
|
|
|
return strlen(value);
|
|
}
|
|
}
|
|
}
|