├── PmsHookBinderInvocationHandler.smali ├── README.md ├── ServiceManagerWraper.smali ├── apksign.bat ├── cyy_game.keystore ├── kstools.bat ├── kstools.jar ├── libs ├── baksmali.jar └── smali.jar ├── src_code └── kstools │ ├── .classpath │ ├── .fatjar │ ├── .project │ ├── .settings │ └── org.eclipse.jdt.core.prefs │ ├── bin │ └── cn │ │ └── wjdiankong │ │ ├── jw │ │ ├── Const.class │ │ ├── DoWorkUtils.class │ │ ├── FileUtils.class │ │ └── JWMain.class │ │ └── kstools │ │ ├── AnalysisApk.class │ │ └── ApkSign.class │ ├── file │ ├── PmsHookBinderInvocationHandler.class │ ├── ServiceManagerWraper.class │ └── src.apk │ ├── kstools_fat.jar │ ├── libs │ ├── AXMLPrinter2.jar │ └── xmlpull_1_1_3_4c.jar │ └── src │ └── cn │ └── wjdiankong │ ├── jw │ ├── Const.java │ ├── DoWorkUtils.java │ ├── FileUtils.java │ └── JWMain.java │ └── kstools │ ├── AnalysisApk.java │ └── ApkSign.java └── 操作说明.txt /PmsHookBinderInvocationHandler.smali: -------------------------------------------------------------------------------- 1 | .class public Lcn/wjdiankong/hookpms/PmsHookBinderInvocationHandler; 2 | .super Ljava/lang/Object; 3 | .source "PmsHookBinderInvocationHandler.java" 4 | 5 | # interfaces 6 | .implements Ljava/lang/reflect/InvocationHandler; 7 | 8 | 9 | # instance fields 10 | .field private SIGN:Ljava/lang/String; 11 | 12 | .field private appPkgName:Ljava/lang/String; 13 | 14 | .field private base:Ljava/lang/Object; 15 | 16 | 17 | # direct methods 18 | .method public constructor (Ljava/lang/Object;Ljava/lang/String;Ljava/lang/String;I)V 19 | .locals 4 20 | .param p1, "base" # Ljava/lang/Object; 21 | .param p2, "sign" # Ljava/lang/String; 22 | .param p3, "appPkgName" # Ljava/lang/String; 23 | .param p4, "hashCode" # I 24 | 25 | .prologue 26 | .line 22 27 | invoke-direct {p0}, Ljava/lang/Object;->()V 28 | 29 | .line 20 30 | const-string v1, "" 31 | 32 | iput-object v1, p0, Lcn/wjdiankong/hookpms/PmsHookBinderInvocationHandler;->appPkgName:Ljava/lang/String; 33 | 34 | .line 24 35 | :try_start_0 36 | iput-object p1, p0, Lcn/wjdiankong/hookpms/PmsHookBinderInvocationHandler;->base:Ljava/lang/Object; 37 | 38 | .line 25 39 | iput-object p2, p0, Lcn/wjdiankong/hookpms/PmsHookBinderInvocationHandler;->SIGN:Ljava/lang/String; 40 | 41 | .line 26 42 | iput-object p3, p0, Lcn/wjdiankong/hookpms/PmsHookBinderInvocationHandler;->appPkgName:Ljava/lang/String; 43 | :try_end_0 44 | .catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0 45 | 46 | .line 30 47 | :goto_0 48 | return-void 49 | 50 | .line 27 51 | :catch_0 52 | move-exception v0 53 | 54 | .line 28 55 | .local v0, "e":Ljava/lang/Exception; 56 | const-string v1, "jw" 57 | 58 | new-instance v2, Ljava/lang/StringBuilder; 59 | 60 | const-string v3, "error:" 61 | 62 | invoke-direct {v2, v3}, Ljava/lang/StringBuilder;->(Ljava/lang/String;)V 63 | 64 | invoke-static {v0}, Landroid/util/Log;->getStackTraceString(Ljava/lang/Throwable;)Ljava/lang/String; 65 | 66 | move-result-object v3 67 | 68 | invoke-virtual {v2, v3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; 69 | 70 | move-result-object v2 71 | 72 | invoke-virtual {v2}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String; 73 | 74 | move-result-object v2 75 | 76 | invoke-static {v1, v2}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I 77 | 78 | goto :goto_0 79 | .end method 80 | 81 | 82 | # virtual methods 83 | .method public invoke(Ljava/lang/Object;Ljava/lang/reflect/Method;[Ljava/lang/Object;)Ljava/lang/Object; 84 | .locals 7 85 | .param p1, "proxy" # Ljava/lang/Object; 86 | .param p2, "method" # Ljava/lang/reflect/Method; 87 | .param p3, "args" # [Ljava/lang/Object; 88 | .annotation system Ldalvik/annotation/Throws; 89 | value = { 90 | Ljava/lang/Throwable; 91 | } 92 | .end annotation 93 | 94 | .prologue 95 | const/4 v6, 0x0 96 | 97 | .line 34 98 | const-string v4, "jw" 99 | 100 | invoke-virtual {p2}, Ljava/lang/reflect/Method;->getName()Ljava/lang/String; 101 | 102 | move-result-object v5 103 | 104 | invoke-static {v4, v5}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I 105 | 106 | .line 35 107 | const-string v4, "getPackageInfo" 108 | 109 | invoke-virtual {p2}, Ljava/lang/reflect/Method;->getName()Ljava/lang/String; 110 | 111 | move-result-object v5 112 | 113 | invoke-virtual {v4, v5}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z 114 | 115 | move-result v4 116 | 117 | if-eqz v4, :cond_0 118 | 119 | .line 36 120 | aget-object v2, p3, v6 121 | 122 | check-cast v2, Ljava/lang/String; 123 | 124 | .line 37 125 | .local v2, "pkgName":Ljava/lang/String; 126 | const/4 v4, 0x1 127 | 128 | aget-object v0, p3, v4 129 | 130 | check-cast v0, Ljava/lang/Integer; 131 | 132 | .line 38 133 | .local v0, "flag":Ljava/lang/Integer; 134 | invoke-virtual {v0}, Ljava/lang/Integer;->intValue()I 135 | 136 | move-result v4 137 | 138 | const/16 v5, 0x40 139 | 140 | if-ne v4, v5, :cond_0 141 | 142 | iget-object v4, p0, Lcn/wjdiankong/hookpms/PmsHookBinderInvocationHandler;->appPkgName:Ljava/lang/String; 143 | 144 | invoke-virtual {v4, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z 145 | 146 | move-result v4 147 | 148 | if-eqz v4, :cond_0 149 | 150 | .line 39 151 | new-instance v3, Landroid/content/pm/Signature; 152 | 153 | iget-object v4, p0, Lcn/wjdiankong/hookpms/PmsHookBinderInvocationHandler;->SIGN:Ljava/lang/String; 154 | 155 | invoke-direct {v3, v4}, Landroid/content/pm/Signature;->(Ljava/lang/String;)V 156 | 157 | .line 40 158 | .local v3, "sign":Landroid/content/pm/Signature; 159 | iget-object v4, p0, Lcn/wjdiankong/hookpms/PmsHookBinderInvocationHandler;->base:Ljava/lang/Object; 160 | 161 | invoke-virtual {p2, v4, p3}, Ljava/lang/reflect/Method;->invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; 162 | 163 | move-result-object v1 164 | 165 | check-cast v1, Landroid/content/pm/PackageInfo; 166 | 167 | .line 41 168 | .local v1, "info":Landroid/content/pm/PackageInfo; 169 | iget-object v4, v1, Landroid/content/pm/PackageInfo;->signatures:[Landroid/content/pm/Signature; 170 | 171 | aput-object v3, v4, v6 172 | 173 | .line 45 174 | .end local v0 # "flag":Ljava/lang/Integer; 175 | .end local v1 # "info":Landroid/content/pm/PackageInfo; 176 | .end local v2 # "pkgName":Ljava/lang/String; 177 | .end local v3 # "sign":Landroid/content/pm/Signature; 178 | :goto_0 179 | return-object v1 180 | 181 | :cond_0 182 | iget-object v4, p0, Lcn/wjdiankong/hookpms/PmsHookBinderInvocationHandler;->base:Ljava/lang/Object; 183 | 184 | invoke-virtual {p2, v4, p3}, Ljava/lang/reflect/Method;->invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; 185 | 186 | move-result-object v1 187 | 188 | goto :goto_0 189 | .end method 190 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | #Android中自动爆破签名工具 2 |
3 | ##在使用该工具之前,一定要配置好JAVA_HOME和aapt工具目录! 4 | ##将需要操作的apk文件放在当前目录下,默认名称是src.apk 5 | ##如果要修改apk名称可以去kstools.bat中进行修改 6 | 7 |
8 | #注意: 9 | 10 | ##第一种加固apk:如果是加固的apk,在脱壳之后进行修复之后的apk 11 | ##需要先将加固前的apk放到目录下,然后直接拖apk文件到apksign.bat中运行获取签名信息,运行结束之后保存在apksign.txt中;然后将修复之后的apk文件命名为src.apk,放在当前目录下,直接运行kstools.bat即可 12 | ##对于加固app有很多特殊情况,所以如果操作失败,可以自行编写代码获取加固app的签名信息,方法很多,自行网上搜索。 13 |
14 | ##第二种非加固apk:如果是非加固的app,直接将apk拷贝到当前目录下,命名为src.apk,直接运行kstools.bat即可,如果目录下还存在apksign.txt文件,需要手动删除该文件。以免使用错误签名! 15 | 16 |
17 | #操作签名失败 18 | ##在操作的过程中如果发现还是失败,第一反应先确定是否是签名获取错误,导致最终的hook失败。可以自行验证签名信息是否正确。 19 | 20 |
21 | #作者:尼古拉斯.赵四(四哥) 22 | ##在使用过程中有任何问题,请联系我,不了解原理的同学可以查看文章说明:点击查看 23 | 24 | 25 | -------------------------------------------------------------------------------- /ServiceManagerWraper.smali: -------------------------------------------------------------------------------- 1 | .class public Lcn/wjdiankong/hookpms/ServiceManagerWraper; 2 | .super Ljava/lang/Object; 3 | .source "ServiceManagerWraper.java" 4 | 5 | 6 | # direct methods 7 | .method public constructor ()V 8 | .locals 0 9 | 10 | .prologue 11 | .line 14 12 | invoke-direct {p0}, Ljava/lang/Object;->()V 13 | 14 | return-void 15 | .end method 16 | 17 | .method public static hookPMS(Landroid/content/Context;)V 18 | .locals 3 19 | .param p0, "context" # Landroid/content/Context; 20 | 21 | .prologue 22 | .line 46 23 | const-string v0, "30820253308201bca00302010202044bbb0361300d06092a864886f70d0101050500306d310e300c060355040613054368696e61310f300d06035504080c06e58c97e4baac310f300d06035504070c06e58c97e4baac310f300d060355040a0c06e885bee8aeaf311b3019060355040b0c12e697a0e7babfe4b89ae58aa1e7b3bbe7bb9f310b30090603550403130251513020170d3130303430363039343831375a180f32323834303132303039343831375a306d310e300c060355040613054368696e61310f300d06035504080c06e58c97e4baac310f300d06035504070c06e58c97e4baac310f300d060355040a0c06e885bee8aeaf311b3019060355040b0c12e697a0e7babfe4b89ae58aa1e7b3bbe7bb9f310b300906035504031302515130819f300d06092a864886f70d010101050003818d0030818902818100a15e9756216f694c5915e0b529095254367c4e64faeff07ae13488d946615a58ddc31a415f717d019edc6d30b9603d3e2a7b3de0ab7e0cf52dfee39373bc472fa997027d798d59f81d525a69ecf156e885fd1e2790924386b2230cc90e3b7adc95603ddcf4c40bdc72f22db0f216a99c371d3bf89cba6578c60699e8a0d536950203010001300d06092a864886f70d01010505000381810094a9b80e80691645dd42d6611775a855f71bcd4d77cb60a8e29404035a5e00b21bcc5d4a562482126bd91b6b0e50709377ceb9ef8c2efd12cc8b16afd9a159f350bb270b14204ff065d843832720702e28b41491fbc3a205f5f2f42526d67f17614d8a974de6487b2c866efede3b4e49a0f916baa3c1336fd2ee1b1629652049" 24 | 25 | .line 47 26 | .local v0, "qqSign":Ljava/lang/String; 27 | const-string v1, "com.tencent.mobileqq" 28 | 29 | const/4 v2, 0x0 30 | 31 | invoke-static {p0, v0, v1, v2}, Lcn/wjdiankong/hookpms/ServiceManagerWraper;->hookPMS(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;I)V 32 | 33 | .line 48 34 | return-void 35 | .end method 36 | 37 | .method public static hookPMS(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;I)V 38 | .locals 16 39 | .param p0, "context" # Landroid/content/Context; 40 | .param p1, "signed" # Ljava/lang/String; 41 | .param p2, "appPkgName" # Ljava/lang/String; 42 | .param p3, "hashCode" # I 43 | 44 | .prologue 45 | .line 19 46 | :try_start_0 47 | const-string v12, "android.app.ActivityThread" 48 | 49 | invoke-static {v12}, Ljava/lang/Class;->forName(Ljava/lang/String;)Ljava/lang/Class; 50 | 51 | move-result-object v2 52 | 53 | .line 21 54 | .local v2, "activityThreadClass":Ljava/lang/Class;, "Ljava/lang/Class<*>;" 55 | const-string v12, "currentActivityThread" 56 | 57 | const/4 v13, 0x0 58 | 59 | new-array v13, v13, [Ljava/lang/Class; 60 | 61 | invoke-virtual {v2, v12, v13}, Ljava/lang/Class;->getDeclaredMethod(Ljava/lang/String;[Ljava/lang/Class;)Ljava/lang/reflect/Method; 62 | 63 | move-result-object v4 64 | 65 | .line 22 66 | .local v4, "currentActivityThreadMethod":Ljava/lang/reflect/Method; 67 | const/4 v12, 0x0 68 | 69 | const/4 v13, 0x0 70 | 71 | new-array v13, v13, [Ljava/lang/Object; 72 | 73 | invoke-virtual {v4, v12, v13}, Ljava/lang/reflect/Method;->invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; 74 | 75 | move-result-object v3 76 | 77 | .line 24 78 | .local v3, "currentActivityThread":Ljava/lang/Object; 79 | const-string v12, "sPackageManager" 80 | 81 | invoke-virtual {v2, v12}, Ljava/lang/Class;->getDeclaredField(Ljava/lang/String;)Ljava/lang/reflect/Field; 82 | 83 | move-result-object v11 84 | 85 | .line 25 86 | .local v11, "sPackageManagerField":Ljava/lang/reflect/Field; 87 | const/4 v12, 0x1 88 | 89 | invoke-virtual {v11, v12}, Ljava/lang/reflect/Field;->setAccessible(Z)V 90 | 91 | .line 26 92 | invoke-virtual {v11, v3}, Ljava/lang/reflect/Field;->get(Ljava/lang/Object;)Ljava/lang/Object; 93 | 94 | move-result-object v10 95 | 96 | .line 28 97 | .local v10, "sPackageManager":Ljava/lang/Object; 98 | const-string v12, "android.content.pm.IPackageManager" 99 | 100 | invoke-static {v12}, Ljava/lang/Class;->forName(Ljava/lang/String;)Ljava/lang/Class; 101 | 102 | move-result-object v6 103 | 104 | .line 30 105 | .local v6, "iPackageManagerInterface":Ljava/lang/Class;, "Ljava/lang/Class<*>;" 106 | invoke-virtual {v6}, Ljava/lang/Class;->getClassLoader()Ljava/lang/ClassLoader; 107 | 108 | move-result-object v12 109 | 110 | .line 31 111 | const/4 v13, 0x1 112 | 113 | new-array v13, v13, [Ljava/lang/Class; 114 | 115 | const/4 v14, 0x0 116 | 117 | aput-object v6, v13, v14 118 | 119 | .line 32 120 | new-instance v14, Lcn/wjdiankong/hookpms/PmsHookBinderInvocationHandler; 121 | 122 | const/4 v15, 0x0 123 | 124 | move-object/from16 v0, p1 125 | 126 | move-object/from16 v1, p2 127 | 128 | invoke-direct {v14, v10, v0, v1, v15}, Lcn/wjdiankong/hookpms/PmsHookBinderInvocationHandler;->(Ljava/lang/Object;Ljava/lang/String;Ljava/lang/String;I)V 129 | 130 | .line 29 131 | invoke-static {v12, v13, v14}, Ljava/lang/reflect/Proxy;->newProxyInstance(Ljava/lang/ClassLoader;[Ljava/lang/Class;Ljava/lang/reflect/InvocationHandler;)Ljava/lang/Object; 132 | 133 | move-result-object v9 134 | 135 | .line 34 136 | .local v9, "proxy":Ljava/lang/Object; 137 | invoke-virtual {v11, v3, v9}, Ljava/lang/reflect/Field;->set(Ljava/lang/Object;Ljava/lang/Object;)V 138 | 139 | .line 36 140 | invoke-virtual/range {p0 .. p0}, Landroid/content/Context;->getPackageManager()Landroid/content/pm/PackageManager; 141 | 142 | move-result-object v8 143 | 144 | .line 37 145 | .local v8, "pm":Landroid/content/pm/PackageManager; 146 | invoke-virtual {v8}, Ljava/lang/Object;->getClass()Ljava/lang/Class; 147 | 148 | move-result-object v12 149 | 150 | const-string v13, "mPM" 151 | 152 | invoke-virtual {v12, v13}, Ljava/lang/Class;->getDeclaredField(Ljava/lang/String;)Ljava/lang/reflect/Field; 153 | 154 | move-result-object v7 155 | 156 | .line 38 157 | .local v7, "mPmField":Ljava/lang/reflect/Field; 158 | const/4 v12, 0x1 159 | 160 | invoke-virtual {v7, v12}, Ljava/lang/reflect/Field;->setAccessible(Z)V 161 | 162 | .line 39 163 | invoke-virtual {v7, v8, v9}, Ljava/lang/reflect/Field;->set(Ljava/lang/Object;Ljava/lang/Object;)V 164 | :try_end_0 165 | .catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0 166 | 167 | .line 43 168 | .end local v2 # "activityThreadClass":Ljava/lang/Class;, "Ljava/lang/Class<*>;" 169 | .end local v3 # "currentActivityThread":Ljava/lang/Object; 170 | .end local v4 # "currentActivityThreadMethod":Ljava/lang/reflect/Method; 171 | .end local v6 # "iPackageManagerInterface":Ljava/lang/Class;, "Ljava/lang/Class<*>;" 172 | .end local v7 # "mPmField":Ljava/lang/reflect/Field; 173 | .end local v8 # "pm":Landroid/content/pm/PackageManager; 174 | .end local v9 # "proxy":Ljava/lang/Object; 175 | .end local v10 # "sPackageManager":Ljava/lang/Object; 176 | .end local v11 # "sPackageManagerField":Ljava/lang/reflect/Field; 177 | :goto_0 178 | return-void 179 | 180 | .line 40 181 | :catch_0 182 | move-exception v5 183 | 184 | .line 41 185 | .local v5, "e":Ljava/lang/Exception; 186 | const-string v12, "jw" 187 | 188 | new-instance v13, Ljava/lang/StringBuilder; 189 | 190 | const-string v14, "hook pms error:" 191 | 192 | invoke-direct {v13, v14}, Ljava/lang/StringBuilder;->(Ljava/lang/String;)V 193 | 194 | invoke-static {v5}, Landroid/util/Log;->getStackTraceString(Ljava/lang/Throwable;)Ljava/lang/String; 195 | 196 | move-result-object v14 197 | 198 | invoke-virtual {v13, v14}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; 199 | 200 | move-result-object v13 201 | 202 | invoke-virtual {v13}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String; 203 | 204 | move-result-object v13 205 | 206 | invoke-static {v12, v13}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I 207 | 208 | goto :goto_0 209 | .end method 210 | -------------------------------------------------------------------------------- /apksign.bat: -------------------------------------------------------------------------------- 1 | cd %~dp0 2 | java -Xmx2048m -XX:-UseParallelGC -XX:MinHeapFreeRatio=15 -jar kstools.jar ++sign %~n1 3 | pause -------------------------------------------------------------------------------- /cyy_game.keystore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/cyy_game.keystore -------------------------------------------------------------------------------- /kstools.bat: -------------------------------------------------------------------------------- 1 | cd %~dp0 2 | set aapt_path=D:\Android_tools\AndroidSdk\build-tools\23.0.1\aapt.exe 3 | java -Xmx2048m -XX:-UseParallelGC -XX:MinHeapFreeRatio=15 -jar kstools.jar ++hook %~dp0 src.apk %aapt_path% 1338303158 4 | adb install -r signed.apk 5 | pause.. 6 | -------------------------------------------------------------------------------- /kstools.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/kstools.jar -------------------------------------------------------------------------------- /libs/baksmali.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/libs/baksmali.jar -------------------------------------------------------------------------------- /libs/smali.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/libs/smali.jar -------------------------------------------------------------------------------- /src_code/kstools/.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /src_code/kstools/.fatjar: -------------------------------------------------------------------------------- 1 | #Fat Jar Configuration File 2 | #Fri Apr 21 15:22:07 GMT+08:00 2017 3 | onejar.license.required=true 4 | manifest.classpath= 5 | manifest.removesigners=true 6 | onejar.checkbox=false 7 | jarname=kstools_fat.jar 8 | manifest.mergeall=true 9 | manifest.mainclass=cn.wjdiankong.jw.JWMain 10 | manifest.file= 11 | jarname.isextern=false 12 | onejar.expand= 13 | excludes= 14 | includes= 15 | -------------------------------------------------------------------------------- /src_code/kstools/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | kstools 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | 15 | org.eclipse.jdt.core.javanature 16 | 17 | 18 | -------------------------------------------------------------------------------- /src_code/kstools/.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | eclipse.preferences.version=1 2 | org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled 3 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8 4 | org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve 5 | org.eclipse.jdt.core.compiler.compliance=1.8 6 | org.eclipse.jdt.core.compiler.debug.lineNumber=generate 7 | org.eclipse.jdt.core.compiler.debug.localVariable=generate 8 | org.eclipse.jdt.core.compiler.debug.sourceFile=generate 9 | org.eclipse.jdt.core.compiler.problem.assertIdentifier=error 10 | org.eclipse.jdt.core.compiler.problem.enumIdentifier=error 11 | org.eclipse.jdt.core.compiler.source=1.8 12 | -------------------------------------------------------------------------------- /src_code/kstools/bin/cn/wjdiankong/jw/Const.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/src_code/kstools/bin/cn/wjdiankong/jw/Const.class -------------------------------------------------------------------------------- /src_code/kstools/bin/cn/wjdiankong/jw/DoWorkUtils.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/src_code/kstools/bin/cn/wjdiankong/jw/DoWorkUtils.class -------------------------------------------------------------------------------- /src_code/kstools/bin/cn/wjdiankong/jw/FileUtils.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/src_code/kstools/bin/cn/wjdiankong/jw/FileUtils.class -------------------------------------------------------------------------------- /src_code/kstools/bin/cn/wjdiankong/jw/JWMain.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/src_code/kstools/bin/cn/wjdiankong/jw/JWMain.class -------------------------------------------------------------------------------- /src_code/kstools/bin/cn/wjdiankong/kstools/AnalysisApk.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/src_code/kstools/bin/cn/wjdiankong/kstools/AnalysisApk.class -------------------------------------------------------------------------------- /src_code/kstools/bin/cn/wjdiankong/kstools/ApkSign.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/src_code/kstools/bin/cn/wjdiankong/kstools/ApkSign.class -------------------------------------------------------------------------------- /src_code/kstools/file/PmsHookBinderInvocationHandler.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/src_code/kstools/file/PmsHookBinderInvocationHandler.class -------------------------------------------------------------------------------- /src_code/kstools/file/ServiceManagerWraper.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/src_code/kstools/file/ServiceManagerWraper.class -------------------------------------------------------------------------------- /src_code/kstools/file/src.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/src_code/kstools/file/src.apk -------------------------------------------------------------------------------- /src_code/kstools/kstools_fat.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/src_code/kstools/kstools_fat.jar -------------------------------------------------------------------------------- /src_code/kstools/libs/AXMLPrinter2.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/src_code/kstools/libs/AXMLPrinter2.jar -------------------------------------------------------------------------------- /src_code/kstools/libs/xmlpull_1_1_3_4c.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/src_code/kstools/libs/xmlpull_1_1_3_4c.jar -------------------------------------------------------------------------------- /src_code/kstools/src/cn/wjdiankong/jw/Const.java: -------------------------------------------------------------------------------- 1 | package cn.wjdiankong.jw; 2 | 3 | import java.io.File; 4 | 5 | public final class Const { 6 | 7 | public final static String METAINFO = "META-INF/"; 8 | public final static String unZipDir = File.separator + "unzipapk" + File.separator; 9 | 10 | public final static String smaliTmpDir = File.separator + "smali_tmp"; 11 | public final static String signLineTag = ".line 46"; 12 | public final static String pkgNameLineTag = ".local v0, \"qqSign\":Ljava/lang/String;"; 13 | public final static String pmsSmaliDir = "cn" + File.separator + "wjdiankong" + File.separator + "hookpms" + File.separator; 14 | public final static String smaliFileHandler = "PmsHookBinderInvocationHandler.smali"; 15 | public final static String smaliFilePMS = "ServiceManagerWraper.smali"; 16 | public final static String applicationAttachLineTag = ".method protected attachBaseContext(Landroid/content/Context;)V"; 17 | public final static String applicationCreateLineTag = ".method public onCreate()V"; 18 | public final static String activityCreateLineTag = ".method protected onCreate(Landroid/os/Bundle;)V"; 19 | public final static String methodEndStr = ".end method"; 20 | public final static String hookAttachCodeStr = "\tinvoke-static {p1}, Lcn/wjdiankong/hookpms/ServiceManagerWraper;->hookPMS(Landroid/content/Context;)V\n"; 21 | public final static String hookCreateCodeStr = "\tinvoke-static/range {p0 .. p0}, Lcn/wjdiankong/hookpms/ServiceManagerWraper;->hookPMS(Landroid/content/Context;)V\n"; 22 | 23 | public static String entryClassName = ""; 24 | public static String appSign = ""; 25 | public static String appPkgName = ""; 26 | public static boolean isApplicationEntry = true; 27 | 28 | } 29 | -------------------------------------------------------------------------------- /src_code/kstools/src/cn/wjdiankong/jw/DoWorkUtils.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/src_code/kstools/src/cn/wjdiankong/jw/DoWorkUtils.java -------------------------------------------------------------------------------- /src_code/kstools/src/cn/wjdiankong/jw/FileUtils.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/src_code/kstools/src/cn/wjdiankong/jw/FileUtils.java -------------------------------------------------------------------------------- /src_code/kstools/src/cn/wjdiankong/jw/JWMain.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/src_code/kstools/src/cn/wjdiankong/jw/JWMain.java -------------------------------------------------------------------------------- /src_code/kstools/src/cn/wjdiankong/kstools/AnalysisApk.java: -------------------------------------------------------------------------------- 1 | package cn.wjdiankong.kstools; 2 | 3 | import java.io.File; 4 | import java.io.IOException; 5 | import java.util.Enumeration; 6 | import java.util.zip.ZipEntry; 7 | import java.util.zip.ZipFile; 8 | 9 | import org.xmlpull.v1.XmlPullParser; 10 | 11 | import android.content.res.AXmlResourceParser; 12 | import cn.wjdiankong.jw.Const; 13 | 14 | public class AnalysisApk { 15 | 16 | private static String enterActivityName = ""; 17 | private static String actionName = ""; 18 | private static String categoryName = ""; 19 | private static String pkgName = ""; 20 | 21 | private final static String CATE_MAIN = "android.intent.action.MAIN"; 22 | private final static String CATE_LAUNCHER = "android.intent.category.LAUNCHER"; 23 | private static boolean isLauncher = false; 24 | 25 | public static String getAppEnterApplication(String apkUrl){ 26 | isLauncher = false; 27 | ZipFile zipFile; 28 | try { 29 | zipFile = new ZipFile(new File(apkUrl)); 30 | Enumeration enumeration = zipFile.entries(); 31 | ZipEntry zipEntry = null; 32 | while (enumeration.hasMoreElements()) { 33 | zipEntry = (ZipEntry) enumeration.nextElement(); 34 | if (!zipEntry.isDirectory() && "AndroidManifest.xml".equals(zipEntry.getName())) { 35 | try { 36 | AXmlResourceParser parser = new AXmlResourceParser(); 37 | parser.open(zipFile.getInputStream(zipEntry)); 38 | while (true) { 39 | int type = parser.next(); 40 | if (type == XmlPullParser.END_DOCUMENT) { 41 | break; 42 | } 43 | switch (type) { 44 | case XmlPullParser.START_TAG: { 45 | String tagName = parser.getName(); 46 | if("manifest".equals(tagName)){ 47 | for (int i = 0; i != parser.getAttributeCount(); ++i) { 48 | String attrName = parser.getAttributeName(i); 49 | if("package".equals(attrName)){ 50 | pkgName = parser.getAttributeValue(i); 51 | Const.appPkgName = pkgName; 52 | } 53 | } 54 | }else if("application".equals(tagName)){ 55 | for (int i = 0; i != parser.getAttributeCount(); ++i) { 56 | String attrName = parser.getAttributeName(i); 57 | if("name".equals(attrName)){ 58 | String appName = parser.getAttributeValue(i); 59 | if(appName.startsWith(".")){ 60 | Const.isApplicationEntry = true; 61 | return pkgName + appName; 62 | } 63 | return appName; 64 | } 65 | } 66 | }else if("activity".equals(tagName)){ 67 | isLauncher = false; 68 | for (int i = 0; i != parser.getAttributeCount(); ++i) { 69 | String attrName = parser.getAttributeName(i); 70 | if("name".equals(attrName)){ 71 | enterActivityName = parser.getAttributeValue(i); 72 | break; 73 | } 74 | } 75 | }else if("action".equals(tagName)){ 76 | for (int i = 0; i != parser.getAttributeCount(); ++i) { 77 | String attrName = parser.getAttributeName(i); 78 | if("name".equals(attrName)){ 79 | actionName = parser.getAttributeValue(i); 80 | break; 81 | } 82 | } 83 | }else if("category".equals(tagName)){ 84 | for (int i = 0; i != parser.getAttributeCount(); ++i) { 85 | String attrName = parser.getAttributeName(i); 86 | if("name".equals(attrName)){ 87 | categoryName = parser.getAttributeValue(i); 88 | if(CATE_LAUNCHER.equals(categoryName)){ 89 | isLauncher = true; 90 | } 91 | break; 92 | } 93 | } 94 | } 95 | } 96 | break; 97 | 98 | case XmlPullParser.END_TAG:{ 99 | String tagName = parser.getName(); 100 | if("intent-filter".equals(tagName)){ 101 | if(CATE_MAIN.equals(actionName) && isLauncher){ 102 | if(enterActivityName.startsWith(".")){ 103 | Const.isApplicationEntry = false; 104 | return pkgName + enterActivityName; 105 | } 106 | Const.isApplicationEntry = false; 107 | return enterActivityName; 108 | } 109 | } 110 | } 111 | break; 112 | } 113 | } 114 | } catch (Exception e) { 115 | e.printStackTrace(); 116 | } 117 | } 118 | } 119 | } catch (IOException e) { 120 | } 121 | return null; 122 | } 123 | 124 | } 125 | -------------------------------------------------------------------------------- /src_code/kstools/src/cn/wjdiankong/kstools/ApkSign.java: -------------------------------------------------------------------------------- 1 | package cn.wjdiankong.kstools; 2 | 3 | import java.io.InputStream; 4 | import java.security.cert.Certificate; 5 | import java.util.Enumeration; 6 | import java.util.jar.JarEntry; 7 | import java.util.jar.JarFile; 8 | 9 | public class ApkSign { 10 | 11 | private static char[] toChars(byte[] mSignature) { 12 | byte[] sig = mSignature; 13 | final int N = sig.length; 14 | final int N2 = N * 2; 15 | char[] text = new char[N2]; 16 | for (int j = 0; j < N; j++) { 17 | byte v = sig[j]; 18 | int d = (v >> 4) & 0xf; 19 | text[j * 2] = (char) (d >= 10 ? ('a' + d - 10) : ('0' + d)); 20 | d = v & 0xf; 21 | text[j * 2 + 1] = (char) (d >= 10 ? ('a' + d - 10) : ('0' + d)); 22 | } 23 | return text; 24 | } 25 | 26 | private static Certificate[] loadCertificates(JarFile jarFile, JarEntry je, byte[] readBuffer) { 27 | try { 28 | InputStream is = jarFile.getInputStream(je); 29 | while (is.read(readBuffer, 0, readBuffer.length) != -1) { 30 | } 31 | is.close(); 32 | return (Certificate[]) (je != null ? je.getCertificates() : null); 33 | } catch (Exception e) { 34 | } 35 | return null; 36 | } 37 | 38 | public static String getApkSignInfo(String apkFilePath) { 39 | byte[] readBuffer = new byte[8192]; 40 | Certificate[] certs = null; 41 | try { 42 | JarFile jarFile = new JarFile(apkFilePath); 43 | Enumeration entries = jarFile.entries(); 44 | while (entries.hasMoreElements()) { 45 | JarEntry je = (JarEntry) entries.nextElement(); 46 | if (je.isDirectory()) { 47 | continue; 48 | } 49 | if (je.getName().startsWith("META-INF/")) { 50 | continue; 51 | } 52 | Certificate[] localCerts = loadCertificates(jarFile, je, readBuffer); 53 | if (certs == null) { 54 | certs = localCerts; 55 | } else { 56 | for (int i = 0; i < certs.length; i++) { 57 | boolean found = false; 58 | for (int j = 0; j < localCerts.length; j++) { 59 | if (certs[i] != null && certs[i].equals(localCerts[j])) { 60 | found = true; 61 | break; 62 | } 63 | } 64 | if (!found || certs.length != localCerts.length) { 65 | jarFile.close(); 66 | return null; 67 | } 68 | } 69 | } 70 | } 71 | jarFile.close(); 72 | return new String(toChars(certs[0].getEncoded())); 73 | } catch (Exception e) { 74 | e.printStackTrace(); 75 | } 76 | return null; 77 | } 78 | 79 | } 80 | -------------------------------------------------------------------------------- /操作说明.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fourbrother/kstools/9a8d739f849b80eed0780fc54ed44a20322be141/操作说明.txt --------------------------------------------------------------------------------