|
|
|
|
#include "bypass.h"
|
|
|
|
|
|
|
|
|
|
namespace ligma
|
|
|
|
|
{
|
|
|
|
|
namespace bypass
|
|
|
|
|
{
|
|
|
|
|
void init()
|
|
|
|
|
{
|
|
|
|
|
fopen_ptr = dlsym(dlopen("libc.so", RTLD_NOLOAD), "fopen");
|
|
|
|
|
system_prop_get = dlsym(dlopen("libc.so", RTLD_NOLOAD), "__system_property_get");
|
|
|
|
|
|
|
|
|
|
const auto cubehawk_base = reinterpret_cast<std::uintptr_t>(dlopen("libcubehawk.so", RTLD_LAZY));
|
|
|
|
|
const auto libtersafe_base = reinterpret_cast<std::uintptr_t>(dlopen("libtersafe.so", RTLD_LAZY));
|
|
|
|
|
|
|
|
|
|
shithook::make_hook(fopen_ptr, reinterpret_cast<void*>(&fopen_hook));
|
|
|
|
|
shithook::make_hook(reinterpret_cast<void*>(cubehawk_base + offset_emulator_check), reinterpret_cast<void*>(&emulator_check));
|
|
|
|
|
|
|
|
|
|
LOGI("disabled emulator checks....");
|
|
|
|
|
LOGI("disabled patch checks....");
|
|
|
|
|
|
|
|
|
|
shithook::make_hook(reinterpret_cast<void*>(libtersafe_base + offset_ischeat_packet), reinterpret_cast<void*>(&tss_sdk_ischeatpacket));
|
|
|
|
|
shithook::make_hook(system_prop_get, reinterpret_cast<void*>(&system_property_hook));
|
|
|
|
|
|
|
|
|
|
LOGI("disabled is cheat packet checks.....");
|
|
|
|
|
LOGI("disabled hwid checks.....");
|
|
|
|
|
|
|
|
|
|
shithook::make_hook(reinterpret_cast<void*>(cubehawk_base + offset_mshook_function), reinterpret_cast<void*>(&ms_hook_function));
|
|
|
|
|
LOGI("disabling all MSHookFunction calls! (no more back buffer hook!)");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// the first module loaded by default is libtprt.so, it opens base.apk and checks its MD5.
|
|
|
|
|
//
|
|
|
|
|
__attribute__((noinline))
|
|
|
|
|
FILE* fopen_hook(const char* path, const char* mode)
|
|
|
|
|
{
|
|
|
|
|
LOGI("fopen called! path = %s, mode = %s", path, mode);
|
|
|
|
|
if (strstr(path, "base.apk"))
|
|
|
|
|
{
|
|
|
|
|
path = "/data/app/base_orig.apk";
|
|
|
|
|
LOGI("spoofing to original base.apk!");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fopen_mutex.lock();
|
|
|
|
|
shithook::disable(fopen_ptr);
|
|
|
|
|
const auto result = fopen(path, mode);
|
|
|
|
|
shithook::enable(fopen_ptr);
|
|
|
|
|
fopen_mutex.unlock();
|
|
|
|
|
|
|
|
|
|
LOGI("fopen result = %p", result);
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// the original function returns 1 if no emulator is found else a number associated with an emulator.
|
|
|
|
|
//
|
|
|
|
|
__attribute__((noinline))
|
|
|
|
|
signed int emulator_check(const char* a1, const char* a2)
|
|
|
|
|
{
|
|
|
|
|
LOGI("emulator check called.... spoofing emulator....");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// never send is cheat packet....
|
|
|
|
|
//
|
|
|
|
|
__attribute__((noinline))
|
|
|
|
|
int tss_sdk_ischeatpacket(int a1)
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// spoof all hwids to "what do you call nuts on your chin? a dick down your throat you fucking retard!"
|
|
|
|
|
//
|
|
|
|
|
__attribute__((noinline))
|
|
|
|
|
int system_property_hook(const char* name, char* value)
|
|
|
|
|
{
|
|
|
|
|
LOGI("trying to get HWID = %s", name);
|
|
|
|
|
system_prop_mutex.lock();
|
|
|
|
|
shithook::disable(system_prop_get);
|
|
|
|
|
__system_property_get(name, value);
|
|
|
|
|
shithook::enable(system_prop_get);
|
|
|
|
|
system_prop_mutex.unlock();
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// dont spoof persist.sys.timezone or these other ones.
|
|
|
|
|
//
|
|
|
|
|
if (strcmp(name, "persist.sys.timezone") != 0 &&
|
|
|
|
|
strcmp(name, "ro.build.fingerprint") != 0 &&
|
|
|
|
|
strcmp(name, "ro.revision") != 0 &&
|
|
|
|
|
strcmp(name, "ro.build.version.sdk") != 0)
|
|
|
|
|
{
|
|
|
|
|
LOGI("spoofing hwid = %s, to = %s", value, HWID_VALUE);
|
|
|
|
|
value = HWID_VALUE;
|
|
|
|
|
}
|
|
|
|
|
return strlen(value);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void ms_hook_function(int* a1, int a2, int* a3)
|
|
|
|
|
{
|
|
|
|
|
LOGI("MSHookFunction called, hooking = %p, to = %p", a1, a2);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
