Android_Reverse_Engineering
/
codm
6
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'edd689b4db'
${ noResults }
codm/ligma (bypass)/ligma/bypass/bypass.cpp

73 lines
2.1 KiB
Raw Blame History

#include "bypass.h"
namespace ligma
{
namespace bypass
{
//
// you might need to change your paths for dlopen!
//
void init()
{
fopen_ptr = dlsym(dlopen("libc.so", RTLD_NOLOAD), "fopen");
system_prop_get = dlsym(dlopen("libc.so", RTLD_NOLOAD), "__system_property_get");
loadbufferx = dlsym(dlopen("libxlua.so", RTLD_NOW), "luaL_loadbufferx");
ligma::hook::make_hook(loadbufferx, reinterpret_cast<void*>(&loadbufferx_hook));
ligma::hook::make_hook(fopen_ptr, reinterpret_cast<void*>(&fopen_hook));
ligma::hook::make_hook(system_prop_get, reinterpret_cast<void*>(&system_property_hook));
}
//
// dont let a single lua script load!
//
int loadbufferx_hook(void* L, const char* buff, size_t sz, const char* name, const char* mode)
{ return NULL; }
//
// the first module loaded by default is libtprt.so, it opens base.apk and checks its MD5.
// we make it open the original apk :)
//
__attribute__((noinline))
FILE* fopen_hook(const char* path, const char* mode)
{
if (strstr(path, "base.apk"))
{
path = "/data/app/base_orig.apk";
LOGI("spoofed base.apk to original apk!");
}
fopen_mutex.lock();
ligma::hook::disable(fopen_ptr);
const auto result = fopen(path, mode);
ligma::hook::enable(fopen_ptr);
fopen_mutex.unlock();
return result;
}
//
// spoof all hwids to "what do you call nuts on your chin? a dick down your throat you fucking retard!"
//
__attribute__((noinline))
int system_property_hook(const char* name, char* value)
{
system_prop_mutex.lock();
ligma::hook::disable(system_prop_get);
__system_property_get(name, value);
ligma::hook::enable(system_prop_get);
system_prop_mutex.unlock();
//
// dont spoof persist.sys.timezone or these other ones.
//
if (strcmp(name, "persist.sys.timezone") != 0 &&
strcmp(name, "ro.build.fingerprint") != 0 &&
strcmp(name, "ro.revision") != 0 &&
strcmp(name, "ro.build.version.sdk") != 0)
{
LOGI("spoofed hwid = %s, to = %s", value, HWID_VALUE);
value = HWID_VALUE;
}
return strlen(value);
}
}
}
Reference in new issue View Git Blame Copy Permalink