Trang chủ Khám phá Trợ giúp
Đăng nhập
xiongzhu
/
frida-rcs-hack
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Browse Source

.

xiongzhu 1 năm trước cách đây
mục cha
c021cde275
commit
03599d7f94
1 tập tin đã thay đổi với 71 bổ sung38 xóa
Split View Hiển thị tình trạng sai khác
  1. 71 38
      scripts/provider.js

+ 71 - 38
scripts/provider.js
Xem Tập Tin 

@@ -197,50 +197,83 @@ setImmediate(() => {
 
             cursor.close()
 
             return value
 
         }
 
+        const ActivityThread = Java.use('android.app.ActivityThread')
 
+        ActivityThread.installContentProviders.overload('android.content.Context', 'java.util.List').implementation =
 
+            function (context, providers) {
 
+                Log.i('installContentProviders')
 
+                const res = this.installContentProviders(context, providers)
 
 
-        const classLoaders = Java.enumerateClassLoadersSync()
 
-        const SettingsProviderClassLoader = classLoaders.find((i) => i.toString().includes('SettingsProvider'))
 
-        Log.i('SettingsProviderClassLoader: ' + SettingsProviderClassLoader)
 
-        Java.classFactory.loader = SettingsProviderClassLoader
 
-        const genRanHex = (size) => [...Array(size)].map(() => Math.floor(Math.random() * 16).toString(16)).join('')
 
-
 
-        const ssaidGms = genRanHex(16)
 
-        const ssaidVending = genRanHex(16)
 
-        const SettingsProvider = Java.use('com.android.providers.settings.SettingsProvider')
 
-        SettingsProvider.getSecureSetting.overload('java.lang.String', 'int').implementation = function (key, userId) {
 
-            const res = this.getSecureSetting(key, userId)
 
-            Log.i(`getSecureSetting(${key}, ${userId}) = ${res}`)
 
-            if (key === 'android_id') {
 
-                Log.e(`getSystemSetting(${key}, ${userId}) = ${ssaidGms}`)
 
-                if (res.getPackageName() === 'com.google.android.gms') {
 
-                    Log.s(`spoofed ${res.value} -> ${ssaidGms}`)
 
-                    res.value.value = ssaidGms
 
-                } else if (res.getPackageName() === 'com.android.vending') {
 
-                    Log.s(`spoofed ${res.value} -> ${ssaidGms}`)
 
-                    res.value.value = ssaidVending
 
-                }
 
+                return res
 
             }
 
+
 
+        const ContentProviderHelper = Java.use('com.android.server.am.ContentProviderHelper')
 
+        ContentProviderHelper.getContentProvider.overload(
 
+            'android.app.IApplicationThread',
 
+            'java.lang.String',
 
+            'java.lang.String',
 
+            'int',
 
+            'boolean'
 
+        ).implementation = function (caller, name, callingPkg, callingUid, stable) {
 
+            Log.i(`getContentProvider(${name}, ${callingPkg})`)
 
+            const res = this.getContentProvider(caller, name, callingPkg, callingUid, stable)
 
             return res
 
         }
 
-        SettingsProvider.getGlobalSetting.overload('java.lang.String').implementation = function (key) {
 
-            const res = this.getGlobalSetting(key)
 
-            Log.i(`getGlobalSetting(${key}) = ${res}`)
 
-            return res
 
-        }
 
-        SettingsProvider.getSystemSetting.overload('java.lang.String', 'int').implementation = function (key, userId) {
 
-            const res = this.getSystemSetting(key, userId)
 
-            Log.i(`getSystemSetting(${key}, ${userId}) = ${res}`)
 
-            return res
 
-        }
 
-        SettingsProvider.query.overload(
 
-            'android.net.Uri',
 
-            '[Ljava.lang.String;',
 
+        ContentProviderHelper.getContentProviderExternal.overload(
 
             'java.lang.String',
 
-            '[Ljava.lang.String;',
 
+            'int',
 
+            'android.os.IBinder',
 
             'java.lang.String'
 
-        ).implementation = function (uri, projection, selection, selectionArgs, sortOrder) {
 
-            Log.i(`query(${uri}, ${projection}, ${selection}, ${selectionArgs}, ${sortOrder})`)
 
-            return this.query(uri, projection, selection, selectionArgs, sortOrder)
 
+        ).implementation = function (name, userId, token, tag) {
 
+            Log.i(`getContentProviderExternal(${name})`)
 
+            const res = this.getContentProviderExternal(name, userId, token, tag)
 
+            return res
 
         }
 
+
 
+         
+
 
+        const classLoaders = Java.enumerateClassLoadersSync()
 
+        classLoaders.find((i) => Log.i(i.toString()))
 
+        // Log.i('SettingsProviderClassLoader: ' + SettingsProviderClassLoader)
 
+        // Java.classFactory.loader = SettingsProviderClassLoader
 
+        // const genRanHex = (size) => [...Array(size)].map(() => Math.floor(Math.random() * 16).toString(16)).join('')
 
+
 
+        // const ssaidGms = genRanHex(16)
 
+        // const ssaidVending = genRanHex(16)
 
+        // const SettingsProvider = Java.use('com.android.providers.settings.SettingsProvider')
 
+        // SettingsProvider.getSecureSetting.overload('java.lang.String', 'int').implementation = function (key, userId) {
 
+        //     const res = this.getSecureSetting(key, userId)
 
+        //     Log.i(`getSecureSetting(${key}, ${userId}) = ${res}`)
 
+        //     if (key === 'android_id') {
 
+        //         Log.e(`getSystemSetting(${key}, ${userId}) = ${ssaidGms}`)
 
+        //         if (res.getPackageName() === 'com.google.android.gms') {
 
+        //             Log.s(`spoofed ${res.value} -> ${ssaidGms}`)
 
+        //             res.value.value = ssaidGms
 
+        //         } else if (res.getPackageName() === 'com.android.vending') {
 
+        //             Log.s(`spoofed ${res.value} -> ${ssaidGms}`)
 
+        //             res.value.value = ssaidVending
 
+        //         }
 
+        //     }
 
+        //     return res
 
+        // }
 
+        // SettingsProvider.getGlobalSetting.overload('java.lang.String').implementation = function (key) {
 
+        //     const res = this.getGlobalSetting(key)
 
+        //     Log.i(`getGlobalSetting(${key}) = ${res}`)
 
+        //     return res
 
+        // }
 
+        // SettingsProvider.getSystemSetting.overload('java.lang.String', 'int').implementation = function (key, userId) {
 
+        //     const res = this.getSystemSetting(key, userId)
 
+        //     Log.i(`getSystemSetting(${key}, ${userId}) = ${res}`)
 
+        //     return res
 
+        // }
 
+        // SettingsProvider.query.overload(
 
+        //     'android.net.Uri',
 
+        //     '[Ljava.lang.String;',
 
+        //     'java.lang.String',
 
+        //     '[Ljava.lang.String;',
 
+        //     'java.lang.String'
 
+        // ).implementation = function (uri, projection, selection, selectionArgs, sortOrder) {
 
+        //     Log.i(`query(${uri}, ${projection}, ${selection}, ${selectionArgs}, ${sortOrder})`)
 
+        //     return this.query(uri, projection, selection, selectionArgs, sortOrder)
 
+        // }
 
     })
 
 })