Android_Reverse_Engineering
/
codm
6
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

callback system works!

Browse Source
workingdir/cra0-upated
xerox 4 years ago
parent 68dd54d34c
commit 1049f10a92
3 changed files with 22 additions and 30 deletions
Show Stats Download Patch File Download Diff File

37
ligma-cheat/ligma-cheat/bypass/bypass.cpp
Unescape View File

@ -13,9 +13,12 @@ namespace ligma
ligma::utils::on_image_load("libil2cpp.so", callback); ligma::utils::on_image_load("libil2cpp.so", callback);
ligma::utils::on_image_load("libxlua.so", [&](const std::uintptr_t module_base) ligma::utils::on_image_load("libxlua.so", [&](const std::uintptr_t module_base)
{ {
LOGI("libxlua.so base = %p", module_base);
// install lua hooks when libxlua.so gets loaded... // install lua hooks when libxlua.so gets loaded...
loadbufferx = dlsym(reinterpret_cast<void*>(module_base), "luaL_loadbufferx"); ligma::hook::make_hook(
ligma::hook::make_hook(loadbufferx, reinterpret_cast<void*>(&loadbufferx_hook)); dlsym(reinterpret_cast<void*>(module_base), "luaL_loadbufferx"),
reinterpret_cast<void*>(&load_bufferx_hook)
);
}); });
// these hooks can be registered at anytime. // these hooks can be registered at anytime.
@ -32,7 +35,7 @@ namespace ligma
// dont let a single lua script load! // dont let a single lua script load!
// //
__attribute__((noinline)) __attribute__((noinline))
int loadbufferx_hook(void* L, const char* buff, size_t sz, const char* name, const char* mode) int load_bufferx_hook(void* L, const char* buff, size_t sz, const char* name, const char* mode)
{ return NULL; } { return NULL; }
// //
@ -43,10 +46,11 @@ namespace ligma
FILE* fopen_hook(const char* path, const char* mode) FILE* fopen_hook(const char* path, const char* mode)
{ {
if (strstr(path, ".apk")) // support older versions of android. if (strstr(path, ".apk")) // support older versions of android.
{
path = "/data/app/base_orig.apk"; path = "/data/app/base_orig.apk";
LOGI("spoofed base.apk to original apk!");
} // no need to be opening my .so :)
if (strstr(path, "libligma.so"))
return nullptr;
fopen_mutex.lock(); fopen_mutex.lock();
ligma::hook::disable(fopen_ptr); ligma::hook::disable(fopen_ptr);
@ -57,7 +61,7 @@ namespace ligma
} }
// //
// this is used to gain code execution exactly when il2cpp.so is loaded... // this is used to gain code execution exactly when a module is loaded (for the first time)
// //
__attribute__((noinline)) __attribute__((noinline))
void* dlopen_hook(const char* filename, int flags) void* dlopen_hook(const char* filename, int flags)
@ -65,18 +69,21 @@ namespace ligma
dlopen_mutex.lock(); dlopen_mutex.lock();
ligma::hook::disable(dlopen_ptr); ligma::hook::disable(dlopen_ptr);
const auto result = dlopen(filename, reinterpret_cast<int>(RTLD_NEXT)); const auto result = dlopen(filename, reinterpret_cast<int>(RTLD_NEXT));
if(ligma::utils::get_callbacks()->size()) // only enable hook if we still have callbacks... if(ligma::utils::get_callbacks()->size())
ligma::hook::enable(dlopen_ptr); ligma::hook::enable(dlopen_ptr);
dlopen_mutex.unlock(); dlopen_mutex.unlock();
// //
// if there is a callback for this module, call it and remove it from the map. // if there is a callback for this module, call it and then remove it.
// //
const auto callback = ligma::utils::get_callbacks()->find(filename); for (const auto& [file_key, callback] : *ligma::utils::get_callbacks())
if (callback != ligma::utils::get_callbacks()->end()) {
if (strstr(filename, file_key.c_str()))
{ {
callback->second(reinterpret_cast<std::uintptr_t>(result)); callback(reinterpret_cast<std::uintptr_t>(result));
ligma::utils::get_callbacks()->erase(filename); ligma::utils::get_callbacks()->erase(file_key);
break;
}
} }
return result; return result;
} }
@ -100,10 +107,8 @@ namespace ligma
strcmp(name, "ro.build.fingerprint") != 0 && strcmp(name, "ro.build.fingerprint") != 0 &&
strcmp(name, "ro.revision") != 0 && strcmp(name, "ro.revision") != 0 &&
strcmp(name, "ro.build.version.sdk") != 0) strcmp(name, "ro.build.version.sdk") != 0)
{
LOGI("spoofed hwid = %s, to = %s", value, HWID_VALUE);
value = HWID_VALUE; value = HWID_VALUE;
}
return strlen(value); return strlen(value);
} }
} }

5
ligma-cheat/ligma-cheat/bypass/bypass.h
Unescape View File

@ -17,20 +17,17 @@ namespace ligma
{ {
inline void* fopen_ptr = nullptr; inline void* fopen_ptr = nullptr;
inline void* system_prop_get = nullptr; inline void* system_prop_get = nullptr;
inline void* loadbufferx = nullptr;
inline void* dlopen_ptr = nullptr; inline void* dlopen_ptr = nullptr;
// every shithook you make you will need a mutex. // every shithook you make you will need a mutex.
inline std::mutex fopen_mutex; inline std::mutex fopen_mutex;
inline std::mutex system_prop_mutex; inline std::mutex system_prop_mutex;
inline std::mutex loadbufferx_mutex;
inline std::mutex dlopen_mutex; inline std::mutex dlopen_mutex;
inline std::function<void(std::uintptr_t)> il2cpp_callback;
void init(const std::function<void(std::uintptr_t)>& callback); void init(const std::function<void(std::uintptr_t)>& callback);
void* dlopen_hook(const char* filename, int flags); void* dlopen_hook(const char* filename, int flags);
FILE* fopen_hook(const char* path, const char* mode); FILE* fopen_hook(const char* path, const char* mode);
int system_property_hook(const char* name, char* value); int system_property_hook(const char* name, char* value);
int loadbufferx_hook(void* L, const char* buff, size_t sz, const char* name, const char* mode); int load_bufferx_hook(void* L, const char* buff, size_t sz, const char* name, const char* mode);
} }
} }

10
ligma-cheat/ligma-cheat/ligma-cheat.vcxproj
Unescape View File

@ -160,14 +160,9 @@
</Link> </Link>
<PostBuildEvent> <PostBuildEvent>
<Command>adb logcat -c <Command>adb logcat -c
adb push $(SolutionDir)\ARM\Release\libligma_cheat.so /data/app/com.activision.callofduty.shooter-1/lib/arm/libligma.so adb push $(SolutionDir)\ARM\Release\libligma_cheat.so /data/app/com.activision.callofduty.shooter-1/lib/arm/libligma.so
start cmd /k "title 'ligma filter' &amp; adb logcat | findstr ligma" start cmd /k "title 'ligma filter' &amp; adb logcat | findstr ligma"
start cmd /k "title 'codm logs' &amp; adb logcat | findstr com.activision.callofduty.shooter" start cmd /k "title 'codm logs' &amp; adb logcat | findstr com.activision.callofduty.shooter"
start cmd /k "title 'all logs' &amp; adb logcat"
adb shell am start -n com.activision.callofduty.shooter/com.tencent.tmgp.cod.PermissionGrantActivity adb shell am start -n com.activision.callofduty.shooter/com.tencent.tmgp.cod.PermissionGrantActivity
</Command> </Command>
</PostBuildEvent> </PostBuildEvent>
@ -184,14 +179,9 @@ adb shell am start -n com.activision.callofduty.shooter/com.tencent.tmgp.cod.Per
</Link> </Link>
<PostBuildEvent> <PostBuildEvent>
<Command>adb logcat -c <Command>adb logcat -c
adb push $(SolutionDir)\ARM\Release\libligma_cheat.so /data/app/com.activision.callofduty.shooter-1/lib/arm/libligma.so adb push $(SolutionDir)\ARM\Release\libligma_cheat.so /data/app/com.activision.callofduty.shooter-1/lib/arm/libligma.so
start cmd /k "title 'ligma filter' &amp; adb logcat | findstr ligma" start cmd /k "title 'ligma filter' &amp; adb logcat | findstr ligma"
start cmd /k "title 'codm logs' &amp; adb logcat | findstr com.activision.callofduty.shooter" start cmd /k "title 'codm logs' &amp; adb logcat | findstr com.activision.callofduty.shooter"
start cmd /k "title 'all logs' &amp; adb logcat"
adb shell am start -n com.activision.callofduty.shooter/com.tencent.tmgp.cod.PermissionGrantActivity adb shell am start -n com.activision.callofduty.shooter/com.tencent.tmgp.cod.PermissionGrantActivity
</Command> </Command>
</PostBuildEvent> </PostBuildEvent>

Write Preview
Loading…
Cancel
Save