#include "bypass.h" namespace ligma { namespace bypass { // // you might need to change your paths for dlopen! // void init() { fopen_ptr = dlsym(dlopen("libc.so", RTLD_NOLOAD), "fopen"); system_prop_get = dlsym(dlopen("libc.so", RTLD_NOLOAD), "__system_property_get"); loadbufferx = dlsym(dlopen("libxlua.so", RTLD_NOW), "luaL_loadbufferx"); ligma::hook::make_hook(loadbufferx, reinterpret_cast(&loadbufferx_hook)); ligma::hook::make_hook(fopen_ptr, reinterpret_cast(&fopen_hook)); ligma::hook::make_hook(system_prop_get, reinterpret_cast(&system_property_hook)); } // // dont let a single lua script load! // int loadbufferx_hook(void* L, const char* buff, size_t sz, const char* name, const char* mode) { return NULL; } // // the first module loaded by default is libtprt.so, it opens base.apk and checks its MD5. // we make it open the original apk :) // __attribute__((noinline)) FILE* fopen_hook(const char* path, const char* mode) { if (strstr(path, "base.apk")) { path = "/data/app/base_orig.apk"; LOGI("spoofed base.apk to original apk!"); } fopen_mutex.lock(); ligma::hook::disable(fopen_ptr); const auto result = fopen(path, mode); ligma::hook::enable(fopen_ptr); fopen_mutex.unlock(); return result; } // // spoof all hwids to "what do you call nuts on your chin? a dick down your throat you fucking retard!" // __attribute__((noinline)) int system_property_hook(const char* name, char* value) { system_prop_mutex.lock(); ligma::hook::disable(system_prop_get); __system_property_get(name, value); ligma::hook::enable(system_prop_get); system_prop_mutex.unlock(); // // dont spoof persist.sys.timezone or these other ones. // if (strcmp(name, "persist.sys.timezone") != 0 && strcmp(name, "ro.build.fingerprint") != 0 && strcmp(name, "ro.revision") != 0 && strcmp(name, "ro.build.version.sdk") != 0) { LOGI("spoofed hwid = %s, to = %s", value, HWID_VALUE); value = HWID_VALUE; } return strlen(value); } } }