diff --git a/ligma-cheat/ligma-cheat/bypass/bypass.cpp b/ligma-cheat/ligma-cheat/bypass/bypass.cpp index c642de08b..cedd1ecbc 100644 --- a/ligma-cheat/ligma-cheat/bypass/bypass.cpp +++ b/ligma-cheat/ligma-cheat/bypass/bypass.cpp @@ -13,9 +13,12 @@ namespace ligma ligma::utils::on_image_load("libil2cpp.so", callback); ligma::utils::on_image_load("libxlua.so", [&](const std::uintptr_t module_base) { + LOGI("libxlua.so base = %p", module_base); // install lua hooks when libxlua.so gets loaded... - loadbufferx = dlsym(reinterpret_cast(module_base), "luaL_loadbufferx"); - ligma::hook::make_hook(loadbufferx, reinterpret_cast(&loadbufferx_hook)); + ligma::hook::make_hook( + dlsym(reinterpret_cast(module_base), "luaL_loadbufferx"), + reinterpret_cast(&load_bufferx_hook) + ); }); // these hooks can be registered at anytime. @@ -32,7 +35,7 @@ namespace ligma // dont let a single lua script load! // __attribute__((noinline)) - int loadbufferx_hook(void* L, const char* buff, size_t sz, const char* name, const char* mode) + int load_bufferx_hook(void* L, const char* buff, size_t sz, const char* name, const char* mode) { return NULL; } // @@ -43,10 +46,11 @@ namespace ligma FILE* fopen_hook(const char* path, const char* mode) { if (strstr(path, ".apk")) // support older versions of android. - { path = "/data/app/base_orig.apk"; - LOGI("spoofed base.apk to original apk!"); - } + + // no need to be opening my .so :) + if (strstr(path, "libligma.so")) + return nullptr; fopen_mutex.lock(); ligma::hook::disable(fopen_ptr); @@ -57,7 +61,7 @@ namespace ligma } // - // this is used to gain code execution exactly when il2cpp.so is loaded... + // this is used to gain code execution exactly when a module is loaded (for the first time) // __attribute__((noinline)) void* dlopen_hook(const char* filename, int flags) @@ -65,18 +69,21 @@ namespace ligma dlopen_mutex.lock(); ligma::hook::disable(dlopen_ptr); const auto result = dlopen(filename, reinterpret_cast(RTLD_NEXT)); - if(ligma::utils::get_callbacks()->size()) // only enable hook if we still have callbacks... + if(ligma::utils::get_callbacks()->size()) ligma::hook::enable(dlopen_ptr); dlopen_mutex.unlock(); // - // if there is a callback for this module, call it and remove it from the map. + // if there is a callback for this module, call it and then remove it. // - const auto callback = ligma::utils::get_callbacks()->find(filename); - if (callback != ligma::utils::get_callbacks()->end()) + for (const auto& [file_key, callback] : *ligma::utils::get_callbacks()) { - callback->second(reinterpret_cast(result)); - ligma::utils::get_callbacks()->erase(filename); + if (strstr(filename, file_key.c_str())) + { + callback(reinterpret_cast(result)); + ligma::utils::get_callbacks()->erase(file_key); + break; + } } return result; } @@ -100,10 +107,8 @@ namespace ligma strcmp(name, "ro.build.fingerprint") != 0 && strcmp(name, "ro.revision") != 0 && strcmp(name, "ro.build.version.sdk") != 0) - { - LOGI("spoofed hwid = %s, to = %s", value, HWID_VALUE); value = HWID_VALUE; - } + return strlen(value); } } diff --git a/ligma-cheat/ligma-cheat/bypass/bypass.h b/ligma-cheat/ligma-cheat/bypass/bypass.h index 83a261db9..d2606e6ef 100644 --- a/ligma-cheat/ligma-cheat/bypass/bypass.h +++ b/ligma-cheat/ligma-cheat/bypass/bypass.h @@ -17,20 +17,17 @@ namespace ligma { inline void* fopen_ptr = nullptr; inline void* system_prop_get = nullptr; - inline void* loadbufferx = nullptr; inline void* dlopen_ptr = nullptr; // every shithook you make you will need a mutex. inline std::mutex fopen_mutex; inline std::mutex system_prop_mutex; - inline std::mutex loadbufferx_mutex; inline std::mutex dlopen_mutex; - inline std::function il2cpp_callback; void init(const std::function& callback); void* dlopen_hook(const char* filename, int flags); FILE* fopen_hook(const char* path, const char* mode); int system_property_hook(const char* name, char* value); - int loadbufferx_hook(void* L, const char* buff, size_t sz, const char* name, const char* mode); + int load_bufferx_hook(void* L, const char* buff, size_t sz, const char* name, const char* mode); } } \ No newline at end of file diff --git a/ligma-cheat/ligma-cheat/ligma-cheat.vcxproj b/ligma-cheat/ligma-cheat/ligma-cheat.vcxproj index a8c0d4c86..ec3f1bd9d 100644 --- a/ligma-cheat/ligma-cheat/ligma-cheat.vcxproj +++ b/ligma-cheat/ligma-cheat/ligma-cheat.vcxproj @@ -160,14 +160,9 @@ adb logcat -c - adb push $(SolutionDir)\ARM\Release\libligma_cheat.so /data/app/com.activision.callofduty.shooter-1/lib/arm/libligma.so - start cmd /k "title 'ligma filter' & adb logcat | findstr ligma" - start cmd /k "title 'codm logs' & adb logcat | findstr com.activision.callofduty.shooter" - -start cmd /k "title 'all logs' & adb logcat" adb shell am start -n com.activision.callofduty.shooter/com.tencent.tmgp.cod.PermissionGrantActivity @@ -184,14 +179,9 @@ adb shell am start -n com.activision.callofduty.shooter/com.tencent.tmgp.cod.Per adb logcat -c - adb push $(SolutionDir)\ARM\Release\libligma_cheat.so /data/app/com.activision.callofduty.shooter-1/lib/arm/libligma.so - start cmd /k "title 'ligma filter' & adb logcat | findstr ligma" - start cmd /k "title 'codm logs' & adb logcat | findstr com.activision.callofduty.shooter" - -start cmd /k "title 'all logs' & adb logcat" adb shell am start -n com.activision.callofduty.shooter/com.tencent.tmgp.cod.PermissionGrantActivity