├── .gitattributes ├── .gitignore ├── LICENSE ├── Manual.md ├── README.md ├── build.gradle ├── gradle.properties ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── module.example.gradle ├── module ├── .gitignore ├── build.gradle └── src │ └── main │ ├── AndroidManifest.xml │ ├── cpp │ ├── CMakeLists.txt │ ├── frida-gumjs-example.cpp │ ├── frida-gumjs-example.h │ ├── includes │ │ ├── arm64-v8a │ │ │ ├── frida-gum.h │ │ │ └── frida-gumjs.h │ │ └── armeabi-v7a │ │ │ ├── frida-gum.h │ │ │ └── frida-gumjs.h │ └── main.cpp │ └── pkg.conf ├── settings.gradle └── template └── magisk_module ├── .gitattributes ├── META-INF └── com │ └── google │ └── android │ ├── update-binary │ └── updater-script ├── README.md ├── customize.sh ├── post-fs-data.sh ├── riru.sh ├── uninstall.sh └── verify.sh /.gitattributes: -------------------------------------------------------------------------------- 1 | *.prop text eol=lf 2 | *.sh text eol=lf -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.iml 2 | .gradle 3 | /local.properties 4 | .idea 5 | /.idea/caches/build_file_checksums.ser 6 | /.idea/libraries 7 | /.idea/modules.xml 8 | /.idea/workspace.xml 9 | .DS_Store 10 | /build 11 | /captures 12 | /out 13 | .externalNativeBuild 14 | .cxx 15 | module.gradle 16 | /module/src/main/cpp/arm64-v8a 17 | /module/src/main/cpp/armeabi-v7a -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Rikka 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Manual.md: -------------------------------------------------------------------------------- 1 | ## 插件安装 2 | 1. 手机必须安装面具 3 | 2. 在magisk manager中安装riru插件,riru版本23+ 4 | 3. 在magisk manager中安装riru-xcube-v1.0.zip,重启手机 5 | 6 | ## 插件使用 7 | 1. 在手机/data/local/tmp/pkg.conf中写入要hook的目标应用包名,每个包名一行,例如: 8 | ``` 9 | com.tencent.mtt 10 | com.tencent.qq 11 | ``` 12 | 2. 将frida hook用的js脚本重命名放到/data/local/tmp/myscript.js 13 | 3. 启动目标应用 -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Riru - Template 2 | 3 | [Riru](https://github.com/RikkaApps/Riru) module template. 4 | 5 | ## Build 6 | 7 | 1. Rename `module.example.gradle` to `module.gradle` 8 | 2. Replace module info in `module.gradle` (all lines end with "replace with yours") 9 | 3. Write your codes 10 | 4. Run gradle task `:module:assembleRelease` task from Android Studio or command line, zip will be saved in `out`. 11 | 12 | ## File structure 13 | 14 | A Riru module is a Magisk module, please read [Magisk module document](https://topjohnwu.github.io/Magisk/guides.html#magisk-modules) first. 15 | 16 | In addition, currently the only necessary file (folder) is `/data/adb/riru/modules/`. Riru will check if it exists and load `/system/lib(64)/libriru_.so`. 17 | 18 | ## API changes 19 | 20 | ### API v10 (from Riru v23) 21 | 22 |
23 | Background of rirud: 24 | 25 | Riru v22.0 move config files to `/data/adb`, this makes patch SELinux rules a must. However Magisk's `sepolicy.rule` actually not work for maybe lots of devices. As the release of Riru v22.0, these people "suddenly" appears. 26 | 27 | `sepolicy.rule` support was added from Magisk v20.2, a long time ago, no one report to Magisk 😒. 28 | 29 | To workaround this "problem", "rirud" is introduced. It will be started by `post-fs-data.sh` and run a socket runs under `u:r:zygote:s0` context. All file operations can be done through this socket. 30 |
31 | 32 | 33 | From Riru v23, "read file" and "read dir" function are added for "rirud". Modules can use this to read files that zygote itself has not permission to access. Note, for hide purpose, "rirud" socket is only available before system_server is started. 34 | 35 | In order to give the module enough freedom (like how to allocate memory), there is no "API". The module needs to implement socket codes by itself. 36 | 37 |
38 | 39 | Pseudocode of read file: 40 | 41 | ``` 42 | socket(PF_UNIX, SOCK_STREAM) 43 | setup_sockaddr("rirud") 44 | 45 | write(ACTION_READ_FILE /* 4 */, sizeof(uint32)) 46 | write(path_size, sizeof(uint32)) 47 | write(path, path_size) 48 | 49 | errno = read(sizeof(int32_t)) // errno of "open" in "rirud" 50 | if (errno != 0) return 51 | 52 | bytes_count = read(sizeof(int32_t)) 53 | 54 | if (bytes_count > 0) { 55 | // file has size 56 | // read total "bytes_count" bytes 57 | } else if (bytes_count == 0) { 58 | // file has no size, read until 0 59 | // read until 0 60 | } 61 | ``` 62 | 63 |
64 | 65 |
66 | 67 | Pseudocode of read dir: 68 | 69 | ``` 70 | socket(PF_UNIX, SOCK_STREAM) 71 | setup_sockaddr("rirud") 72 | 73 | write(ACTION_READ_DIR /* 5 */, sizeof(uint32)) 74 | write(path_size, sizeof(uint32)) 75 | write(path, path_size) 76 | 77 | errno = read(sizeof(int32_t)) // errno of "opendir" in "rirud" 78 | if (errno != 0) return 79 | 80 | while (true) { 81 | write(1 /* continue */, sizeof(uint8)) 82 | 83 | reply = read(sizeof(int32)) 84 | if (reply == -1) break // end 85 | if (reply != 0) continue // reply is errno of "readdir" in "rirud" 86 | 87 | d_type = read(sizeof(uchar)) 88 | d_name = read(256) 89 | } 90 | ``` 91 | 92 |
93 | 94 | Example implementation: 95 | 96 | ### API v9 (from Riru v22) 97 | 98 | #### API 99 | 100 | Functions like `nativeForkAnd...` do not need to be exported directly. The only function to export is `void *init(void *)`. See the comment of `init` and template's implementation for more. 101 | 102 | This has these advantages: 103 | 104 | * Module can support different Riru versions 105 | * Riru itself will not relay on ".prop" file (unreliable) to get module information 106 | 107 | #### Riru 108 | 109 | Starting v22.0, Riru has switched to "native bridge" (`ro.dalvik.vm.native.bridge`) to inject zygote, this will lead Riru and modules be loaded later ([`LoadNativeBridge`](https://cs.android.com/android/platform/superproject/+/android-11.0.0_r1:art/libnativebridge/native_bridge.cc;l=227) vs `__attribute__((constructor))`). 110 | 111 | For most modules, this should have no problem, but modules like Xposed frameworks may have to make changes. 112 | 113 | > Magisk may provider Riru-like features in the far future, and of course, it will have more strict restrictions, module codes will not be run in zygote. Maybe Xposed framework modules should prepare for this? 114 | 115 | Riru v22 also provides hide function to make the memory of the module to anonymous memory ([see the implementation](https://github.com/RikkaApps/Riru/blob/master/core/src/main/cpp/hide.cpp)). This is an opt-in behavior (`module->supportHide`) and Riru itself also has a global toggle (`/data/adb/riru/enable_hide`). 116 | 117 | #### Module installer 118 | 119 | `RIRU_PATH` has been changed to `/data/adb/riru` for hide purpose. If you have other files in `/data/misc/riru`, move them here (or anywhere else if you want). 120 | 121 | Note `/data/adb/riru` have the same SELinux like other Magisk files (set by Riru in post-fs-data), `u:object_r:magisk_file:s0`. DO NOT reset the context to something else. -------------------------------------------------------------------------------- /build.gradle: -------------------------------------------------------------------------------- 1 | apply plugin: 'idea' 2 | 3 | idea.module { 4 | excludeDirs += file('out') 5 | resourceDirs += file('template') 6 | resourceDirs += file('scripts') 7 | } 8 | 9 | buildscript { 10 | repositories { 11 | google() 12 | jcenter() 13 | } 14 | dependencies { 15 | classpath 'com.android.tools.build:gradle:4.1.1' 16 | } 17 | } 18 | 19 | allprojects { 20 | repositories { 21 | google() 22 | jcenter() 23 | } 24 | } 25 | 26 | task clean(type: Delete) { 27 | delete rootProject.buildDir 28 | } 29 | 30 | ext { 31 | minSdkVersion = 23 32 | targetSdkVersion = 30 33 | } 34 | -------------------------------------------------------------------------------- /gradle.properties: -------------------------------------------------------------------------------- 1 | # Project-wide Gradle settings. 2 | # IDE (e.g. Android Studio) users: 3 | # Gradle settings configured through the IDE *will override* 4 | # any settings specified in this file. 5 | # For more details on how to configure your build environment visit 6 | # http://www.gradle.org/docs/current/userguide/build_environment.html 7 | # Specifies the JVM arguments used for the daemon process. 8 | # The setting is particularly useful for tweaking memory settings. 9 | org.gradle.jvmargs=-Xmx1536m 10 | # When configured, Gradle will run in incubating parallel mode. 11 | # This option should only be used with decoupled projects. More details, visit 12 | # http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects 13 | # org.gradle.parallel=true 14 | # AndroidX package structure to make it clearer which packages are bundled with the 15 | # Android operating system, and which are packaged with your app's APK 16 | # https://developer.android.com/topic/libraries/support-library/androidx-rn 17 | android.useAndroidX=true 18 | # Automatically convert third-party libraries to use AndroidX 19 | android.enableJetifier=true 20 | # https://github.com/google/prefab/issues/122 21 | android.prefabVersion=1.1.2 -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/svengong/xcubebase_riru/b441a3d685592a84c2d95e9e129ba364a9f9f062/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | #Fri Oct 09 23:12:33 CST 2020 2 | distributionBase=GRADLE_USER_HOME 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-6.6.1-all.zip 4 | distributionPath=wrapper/dists 5 | zipStorePath=wrapper/dists 6 | zipStoreBase=GRADLE_USER_HOME 7 | -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | ############################################################################## 4 | ## 5 | ## Gradle start up script for UN*X 6 | ## 7 | ############################################################################## 8 | 9 | # Attempt to set APP_HOME 10 | # Resolve links: $0 may be a link 11 | PRG="$0" 12 | # Need this for relative symlinks. 13 | while [ -h "$PRG" ] ; do 14 | ls=`ls -ld "$PRG"` 15 | link=`expr "$ls" : '.*-> \(.*\)$'` 16 | if expr "$link" : '/.*' > /dev/null; then 17 | PRG="$link" 18 | else 19 | PRG=`dirname "$PRG"`"/$link" 20 | fi 21 | done 22 | SAVED="`pwd`" 23 | cd "`dirname \"$PRG\"`/" >/dev/null 24 | APP_HOME="`pwd -P`" 25 | cd "$SAVED" >/dev/null 26 | 27 | APP_NAME="Gradle" 28 | APP_BASE_NAME=`basename "$0"` 29 | 30 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 31 | DEFAULT_JVM_OPTS="" 32 | 33 | # Use the maximum available, or set MAX_FD != -1 to use that value. 34 | MAX_FD="maximum" 35 | 36 | warn () { 37 | echo "$*" 38 | } 39 | 40 | die () { 41 | echo 42 | echo "$*" 43 | echo 44 | exit 1 45 | } 46 | 47 | # OS specific support (must be 'true' or 'false'). 48 | cygwin=false 49 | msys=false 50 | darwin=false 51 | nonstop=false 52 | case "`uname`" in 53 | CYGWIN* ) 54 | cygwin=true 55 | ;; 56 | Darwin* ) 57 | darwin=true 58 | ;; 59 | MINGW* ) 60 | msys=true 61 | ;; 62 | NONSTOP* ) 63 | nonstop=true 64 | ;; 65 | esac 66 | 67 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 68 | 69 | # Determine the Java command to use to start the JVM. 70 | if [ -n "$JAVA_HOME" ] ; then 71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 72 | # IBM's JDK on AIX uses strange locations for the executables 73 | JAVACMD="$JAVA_HOME/jre/sh/java" 74 | else 75 | JAVACMD="$JAVA_HOME/bin/java" 76 | fi 77 | if [ ! -x "$JAVACMD" ] ; then 78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 79 | 80 | Please set the JAVA_HOME variable in your environment to match the 81 | location of your Java installation." 82 | fi 83 | else 84 | JAVACMD="java" 85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 86 | 87 | Please set the JAVA_HOME variable in your environment to match the 88 | location of your Java installation." 89 | fi 90 | 91 | # Increase the maximum file descriptors if we can. 92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 93 | MAX_FD_LIMIT=`ulimit -H -n` 94 | if [ $? -eq 0 ] ; then 95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 96 | MAX_FD="$MAX_FD_LIMIT" 97 | fi 98 | ulimit -n $MAX_FD 99 | if [ $? -ne 0 ] ; then 100 | warn "Could not set maximum file descriptor limit: $MAX_FD" 101 | fi 102 | else 103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 104 | fi 105 | fi 106 | 107 | # For Darwin, add options to specify how the application appears in the dock 108 | if $darwin; then 109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 110 | fi 111 | 112 | # For Cygwin, switch paths to Windows format before running java 113 | if $cygwin ; then 114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 116 | JAVACMD=`cygpath --unix "$JAVACMD"` 117 | 118 | # We build the pattern for arguments to be converted via cygpath 119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 120 | SEP="" 121 | for dir in $ROOTDIRSRAW ; do 122 | ROOTDIRS="$ROOTDIRS$SEP$dir" 123 | SEP="|" 124 | done 125 | OURCYGPATTERN="(^($ROOTDIRS))" 126 | # Add a user-defined pattern to the cygpath arguments 127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 129 | fi 130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 131 | i=0 132 | for arg in "$@" ; do 133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 135 | 136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 138 | else 139 | eval `echo args$i`="\"$arg\"" 140 | fi 141 | i=$((i+1)) 142 | done 143 | case $i in 144 | (0) set -- ;; 145 | (1) set -- "$args0" ;; 146 | (2) set -- "$args0" "$args1" ;; 147 | (3) set -- "$args0" "$args1" "$args2" ;; 148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 154 | esac 155 | fi 156 | 157 | # Escape application args 158 | save () { 159 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 160 | echo " " 161 | } 162 | APP_ARGS=$(save "$@") 163 | 164 | # Collect all arguments for the java command, following the shell quoting and substitution rules 165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" 166 | 167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 169 | cd "$(dirname "$0")" 170 | fi 171 | 172 | exec "$JAVACMD" "$@" 173 | -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem Gradle startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | set DIRNAME=%~dp0 12 | if "%DIRNAME%" == "" set DIRNAME=. 13 | set APP_BASE_NAME=%~n0 14 | set APP_HOME=%DIRNAME% 15 | 16 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 17 | set DEFAULT_JVM_OPTS= 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | 53 | :win9xME_args 54 | @rem Slurp the command line arguments. 55 | set CMD_LINE_ARGS= 56 | set _SKIP=2 57 | 58 | :win9xME_args_slurp 59 | if "x%~1" == "x" goto execute 60 | 61 | set CMD_LINE_ARGS=%* 62 | 63 | :execute 64 | @rem Setup the command line 65 | 66 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 67 | 68 | @rem Execute Gradle 69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 70 | 71 | :end 72 | @rem End local scope for the variables with windows NT shell 73 | if "%ERRORLEVEL%"=="0" goto mainEnd 74 | 75 | :fail 76 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 77 | rem the _cmd.exe /c_ return code! 78 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 79 | exit /b 1 80 | 81 | :mainEnd 82 | if "%OS%"=="Windows_NT" endlocal 83 | 84 | :omega 85 | -------------------------------------------------------------------------------- /module.example.gradle: -------------------------------------------------------------------------------- 1 | ext { 2 | // FIXME replace with yours 3 | moduleId = "template" 4 | moduleName = "Template" 5 | moduleAuthor = "Template" 6 | moduleDescription = "Riru module template." 7 | moduleVersion = "v1.0" 8 | moduleVersionCode = 1 9 | 10 | moduleMinRiruApiVersion = 9 11 | moduleMinRiruVersionName = "v22.0" 12 | moduleRiruApiVersion = 10 13 | 14 | moduleProp = [ 15 | name : moduleName, 16 | version : moduleVersion, 17 | versionCode: moduleVersionCode.toString(), 18 | author : moduleAuthor, 19 | description: moduleDescription, 20 | minApi : moduleMinRiruApiVersion 21 | ] 22 | 23 | magiskModuleProp = [ 24 | id : "riru-${moduleId.replace('_', '-')}", 25 | name : "Riru - ${moduleProp['name']}", 26 | version : moduleProp['version'], 27 | versionCode: moduleProp['versionCode'], 28 | author : moduleProp['author'], 29 | description: moduleProp['description'] 30 | ] 31 | } -------------------------------------------------------------------------------- /module/.gitignore: -------------------------------------------------------------------------------- 1 | /.externalNativeBuild 2 | /build 3 | /release -------------------------------------------------------------------------------- /module/build.gradle: -------------------------------------------------------------------------------- 1 | apply plugin: 'com.android.library' 2 | apply from: file(rootProject.file('module.gradle')) 3 | 4 | android { 5 | compileSdkVersion rootProject.ext.targetSdkVersion 6 | defaultConfig { 7 | minSdkVersion rootProject.ext.minSdkVersion 8 | targetSdkVersion rootProject.ext.targetSdkVersion 9 | externalNativeBuild { 10 | cmake { 11 | arguments "-DMODULE_NAME:STRING=riru_$moduleId", 12 | "-DRIRU_MODULE_API_VERSION=$moduleRiruApiVersion", 13 | "-DRIRU_MODULE_VERSION=$moduleVersionCode", 14 | "-DRIRU_MODULE_VERSION_NAME:STRING=\"$moduleVersion\"" 15 | 16 | abiFilters "armeabi-v7a","arm64-v8a" 17 | } 18 | } 19 | } 20 | buildFeatures { 21 | prefab true 22 | } 23 | externalNativeBuild { 24 | cmake { 25 | path "src/main/cpp/CMakeLists.txt" 26 | version "3.10.2" 27 | } 28 | } 29 | } 30 | 31 | repositories { 32 | mavenLocal() 33 | jcenter() 34 | maven { url 'https://dl.bintray.com/rikkaw/Libraries' } 35 | } 36 | 37 | dependencies { 38 | // This is prefab aar which contains "riru.h" 39 | // If you want to use older versions of AGP, 40 | // you can copy this file from https://github.com/RikkaApps/Riru/blob/master/riru/src/main/cpp/include_riru/riru.h 41 | 42 | // The default version of prefab in AGP has problem to process header only package, 43 | // you may have to add android.prefabVersion=1.1.2 in your gradle.properties. 44 | // See https://github.com/google/prefab/issues/122 45 | 46 | implementation 'rikka.ndk:riru:10' 47 | } 48 | 49 | def outDir = file("$rootDir/out") 50 | def magiskDir = file("$outDir/magisk_module") 51 | def zipName = "${magiskModuleProp['id'].replace('_', '-')}-${magiskModuleProp['version']}.zip" 52 | def riruDir = "$magiskDir/riru" 53 | 54 | 55 | import org.apache.tools.ant.filters.FixCrLfFilter 56 | 57 | import java.nio.file.Files 58 | import java.security.MessageDigest 59 | 60 | static def calcSha256(file) { 61 | def md = MessageDigest.getInstance("SHA-256") 62 | file.eachByte 4096, { bytes, size -> 63 | md.update(bytes, 0, size); 64 | } 65 | return md.digest().encodeHex() 66 | } 67 | 68 | static def renameOrFail(File from, File to) { 69 | if (!from.renameTo(to)) { 70 | throw new IOException("Unable reanme file $from to $to") 71 | } 72 | } 73 | 74 | android.libraryVariants.all { variant -> 75 | def task = variant.assembleProvider.get() 76 | task.doLast { 77 | // clear 78 | delete { delete magiskDir } 79 | 80 | // copy from template 81 | copy { 82 | from "$rootDir/template/magisk_module" 83 | into magiskDir.path 84 | exclude 'riru.sh' 85 | } 86 | // copy riru.sh 87 | copy { 88 | from "$rootDir/template/magisk_module" 89 | into magiskDir.path 90 | include 'riru.sh' 91 | filter { line -> 92 | line.replaceAll('%%%RIRU_MODULE_ID%%%', moduleId) 93 | .replaceAll('%%%RIRU_MODULE_API_VERSION%%%', moduleRiruApiVersion.toString()) 94 | .replaceAll('%%%RIRU_MODULE_MIN_API_VERSION%%%', moduleMinRiruApiVersion.toString()) 95 | .replaceAll('%%%RIRU_MODULE_MIN_RIRU_VERSION_NAME%%%', moduleMinRiruVersionName) 96 | } 97 | filter(FixCrLfFilter.class, 98 | eol: FixCrLfFilter.CrLf.newInstance("lf")) 99 | } 100 | // copy .git files manually since gradle exclude it by default 101 | Files.copy(file("$rootDir/template/magisk_module/.gitattributes").toPath(), file("${magiskDir.path}/.gitattributes").toPath()) 102 | 103 | // generate module.prop 104 | def modulePropText = "" 105 | magiskModuleProp.each { k, v -> modulePropText += "$k=$v\n" } 106 | modulePropText = modulePropText.trim() 107 | file("$magiskDir/module.prop").text = modulePropText 108 | 109 | // generate module.prop for Riru 110 | def riruModulePropText = "" 111 | moduleProp.each { k, v -> riruModulePropText += "$k=$v\n" } 112 | riruModulePropText = riruModulePropText.trim() 113 | file(riruDir).mkdirs() 114 | 115 | // module.prop.new will be renamed to module.prop in post-fs-data.sh 116 | file("$riruDir/module.prop.new").text = riruModulePropText 117 | 118 | // copy native files 119 | def nativeOutDir = file("build/intermediates/cmake/$variant.name/obj") 120 | 121 | file("$magiskDir/system").mkdirs() 122 | file("$magiskDir/system_x86").mkdirs() 123 | renameOrFail(file("$nativeOutDir/arm64-v8a"), file("$magiskDir/system/lib64")) 124 | renameOrFail(file("$nativeOutDir/armeabi-v7a"), file("$magiskDir/system/lib")) 125 | // renameOrFail(file("$nativeOutDir/x86_64"), file("$magiskDir/system_x86/lib64")) 126 | // renameOrFail(file("$nativeOutDir/x86"), file("$magiskDir/system_x86/lib")) 127 | 128 | // generate sha1sum 129 | fileTree("$magiskDir").matching { 130 | exclude "README.md", "META-INF" 131 | }.visit { f -> 132 | if (f.directory) return 133 | file(f.file.path + ".sha256sum").text = calcSha256(f.file) 134 | } 135 | } 136 | task.finalizedBy zipMagiskMoudle 137 | } 138 | 139 | task zipMagiskMoudle(type: Zip) { 140 | from magiskDir 141 | archiveName zipName 142 | destinationDir outDir 143 | } -------------------------------------------------------------------------------- /module/src/main/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /module/src/main/cpp/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.4.1) 2 | 3 | if (NOT DEFINED MODULE_NAME) 4 | message(FATAL_ERROR "MODULE_NAME is not set") 5 | endif () 6 | 7 | add_definitions(-DRIRU_MODULE) 8 | add_definitions(-DRIRU_MODULE_API_VERSION=${RIRU_MODULE_API_VERSION}) 9 | add_definitions(-DRIRU_MODULE_VERSION=${RIRU_MODULE_VERSION}) 10 | add_definitions(-DRIRU_MODULE_VERSION_NAME=${RIRU_MODULE_VERSION_NAME}) 11 | 12 | message("Build type: ${CMAKE_BUILD_TYPE}") 13 | 14 | set(CMAKE_CXX_STANDARD 11) 15 | 16 | set(LINKER_FLAGS "-ffixed-x18 -Wl,--hash-style=both") 17 | set(C_FLAGS "-Werror=format -fdata-sections -ffunction-sections") 18 | 19 | if (CMAKE_BUILD_TYPE STREQUAL "Release") 20 | set(C_FLAGS "${C_FLAGS} -O2 -fvisibility=hidden -fvisibility-inlines-hidden") 21 | set(LINKER_FLAGS "${LINKER_FLAGS} -Wl,-exclude-libs,ALL -Wl,--gc-sections") 22 | else () 23 | set(C_FLAGS "${C_FLAGS} -O0") 24 | endif () 25 | 26 | set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${C_FLAGS}") 27 | set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${C_FLAGS}") 28 | 29 | set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${LINKER_FLAGS}") 30 | set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} ${LINKER_FLAGS}") 31 | 32 | find_package(riru REQUIRED CONFIG) 33 | 34 | add_library(gumjs STATIC IMPORTED) 35 | set_target_properties(gumjs 36 | PROPERTIES IMPORTED_LOCATION 37 | ${CMAKE_SOURCE_DIR}/${ANDROID_ABI}/libfrida-gumjs.a) 38 | 39 | add_library(${MODULE_NAME} SHARED frida-gumjs-example.cpp main.cpp ) 40 | target_link_libraries(${MODULE_NAME} gumjs log riru::riru) 41 | set_target_properties(${MODULE_NAME} PROPERTIES LINK_FLAGS_RELEASE -s) 42 | -------------------------------------------------------------------------------- /module/src/main/cpp/frida-gumjs-example.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Compile with: 3 | * 4 | * clang -fPIC -DANDROID -ffunction-sections -fdata-sections -march=armv7-a -mfloat-abi=softfp -mfpu=vfpv3-d16 -Os -pipe -g3 -mthumb frida-gumjs-example.c -o frida-gumjs-example -L. -lfrida-gumjs -llog -ldl -lm -pthread -Wl,--gc-sections,-z,noexecstack,-z,relro,-z,now -fuse-ld=gold -fuse-ld=gold -Wl,--icf=all,--fix-cortex-a8 5 | * 6 | * Visit https://frida.re to learn more about Frida. 7 | */ 8 | 9 | #if defined(__arm__) 10 | #include "includes/armeabi-v7a/frida-gumjs.h" 11 | #elif defined(__aarch64__) 12 | 13 | #include "includes/arm64-v8a/frida-gumjs.h" 14 | 15 | #endif 16 | 17 | 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | 24 | #define LOGTAG "Xcube_gumjshook" 25 | #define LOGV(...) __android_log_print(ANDROID_LOG_VERBOSE, LOGTAG , __VA_ARGS__) 26 | #define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG , LOGTAG, __VA_ARGS__) 27 | #define LOGI(...) __android_log_print(ANDROID_LOG_INFO , LOGTAG, __VA_ARGS__) 28 | #define LOGW(...) __android_log_print(ANDROID_LOG_WARN , LOGTAG, __VA_ARGS__) 29 | #define LOGE(...) __android_log_print(ANDROID_LOG_ERROR , LOGTAG, __VA_ARGS__) 30 | 31 | #include 32 | 33 | //https://stackoverflow.com/questions/19355783/getting-os-version-with-ndk-in-c 34 | static void on_message(GumScript *script, const gchar *message, GBytes *data, gpointer user_data); 35 | 36 | int gumjsHook(); 37 | 38 | char *readfile(const char *filepath); 39 | 40 | const char *filepath = "/data/local/tmp/myscript.js"; 41 | const char *confpath = "/data/local/tmp/pkg.conf"; 42 | static pthread_mutex_t mtx = PTHREAD_MUTEX_INITIALIZER; 43 | static pthread_cond_t cond = PTHREAD_COND_INITIALIZER; 44 | static GumScriptBackend *backend; 45 | static GCancellable *cancellable = NULL; 46 | static GError *error = NULL; 47 | static GumScript *script; 48 | static GMainContext *context; 49 | static GMainLoop *loop; 50 | 51 | extern "C" 52 | JNIEXPORT void JNICALL Java_org_xtgo_xcube_base_MainActivity_gumjsHook( 53 | JNIEnv *env, 54 | jobject /* this */) { 55 | gumjsHook(); 56 | } 57 | 58 | 59 | char *readfile(const char *filepath) { 60 | FILE *file = fopen(filepath, "r"); 61 | if (file == NULL) { 62 | LOGE("file open failed"); 63 | return NULL; 64 | } 65 | 66 | struct stat statbuf{}; 67 | stat(filepath, &statbuf); 68 | int filesize = statbuf.st_size; 69 | 70 | void *buffer = malloc(filesize + 1); 71 | memset(buffer, 0, filesize + 1); 72 | int count = 0; 73 | int total = 0; 74 | while ((count = fread((char *) buffer + total, sizeof(char), 1024, file)) != 0) { 75 | total += count; 76 | } 77 | if (file != NULL) { 78 | fclose(file); 79 | } 80 | return (char *) buffer; 81 | } 82 | 83 | int hookFunc() { 84 | LOGD ("[*] gumjsHook()"); 85 | gum_init_embedded(); 86 | backend = gum_script_backend_obtain_qjs(); 87 | char *js = readfile(filepath); 88 | if (!js) { 89 | return 1; 90 | } 91 | 92 | script = gum_script_backend_create_sync(backend, "example", js, cancellable, &error); 93 | g_assert (error == NULL); 94 | gum_script_set_message_handler(script, on_message, NULL, NULL); 95 | gum_script_load_sync(script, cancellable); 96 | //下面这段代码会执行一下已有的事件 97 | context = g_main_context_get_thread_default(); 98 | while (g_main_context_pending(context)) 99 | g_main_context_iteration(context, FALSE); 100 | //到这里说明脚本已经加载完成,通知主线程继续执行 101 | pthread_mutex_lock(&mtx); 102 | pthread_cond_signal(&cond); 103 | pthread_mutex_unlock(&mtx); 104 | 105 | loop = g_main_loop_new(g_main_context_get_thread_default(), FALSE); 106 | g_main_loop_run(loop);//block here 107 | 108 | return 0; 109 | } 110 | 111 | int gumjsHook() { 112 | pthread_t pthread; 113 | int result = pthread_create(&pthread, NULL, 114 | (void *(*)(void *)) (hookFunc), NULL); 115 | struct timeval now; 116 | struct timespec outtime; 117 | pthread_mutex_lock(&mtx); 118 | gettimeofday(&now, NULL); 119 | outtime.tv_sec = now.tv_sec + 5; 120 | outtime.tv_nsec = now.tv_usec * 1000; 121 | pthread_cond_timedwait(&cond, &mtx, &outtime); 122 | pthread_mutex_unlock(&mtx); 123 | if (result != 0) { 124 | LOGD("create thread failed"); 125 | } else { 126 | LOGD("create thread success"); 127 | } 128 | return result; 129 | } 130 | 131 | static void 132 | on_message(GumScript *script, const gchar *message, 133 | GBytes *data, gpointer user_data) { 134 | JsonParser *parser; 135 | JsonObject *root; 136 | const gchar *type; 137 | 138 | parser = json_parser_new(); 139 | json_parser_load_from_data(parser, message, -1, NULL); 140 | root = json_node_get_object(json_parser_get_root(parser)); 141 | 142 | type = json_object_get_string_member(root, "type"); 143 | if (strcmp(type, "log") == 0) { 144 | const gchar *log_message; 145 | log_message = json_object_get_string_member(root, "payload"); 146 | LOGD ("[*] log : %s ", log_message); 147 | } else { 148 | LOGD ("[*] %s ", message); 149 | } 150 | 151 | g_object_unref(parser); 152 | } 153 | 154 | -------------------------------------------------------------------------------- /module/src/main/cpp/frida-gumjs-example.h: -------------------------------------------------------------------------------- 1 | // 2 | // Created by p_svengong on 2021/1/18. 3 | // 4 | 5 | #ifndef RIRU_MODULETEMPLATE_MASTERV23_FRIDA_GUMJS_EXAMPLE_H 6 | #define RIRU_MODULETEMPLATE_MASTERV23_FRIDA_GUMJS_EXAMPLE_H 7 | 8 | #endif //RIRU_MODULETEMPLATE_MASTERV23_FRIDA_GUMJS_EXAMPLE_H 9 | int gumjsHook(); -------------------------------------------------------------------------------- /module/src/main/cpp/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | #include "frida-gumjs-example.h" 8 | 9 | 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | //#include 16 | #define LOGTAG "Xcube_gumjshook" 17 | #define LOGV(...) __android_log_print(ANDROID_LOG_VERBOSE, LOGTAG , __VA_ARGS__) 18 | #define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG , LOGTAG, __VA_ARGS__) 19 | #define LOGI(...) __android_log_print(ANDROID_LOG_INFO , LOGTAG, __VA_ARGS__) 20 | #define LOGW(...) __android_log_print(ANDROID_LOG_WARN , LOGTAG, __VA_ARGS__) 21 | #define LOGE(...) __android_log_print(ANDROID_LOG_ERROR , LOGTAG, __VA_ARGS__) 22 | #if defined(__arm__) 23 | #include "includes/armeabi-v7a/frida-gumjs.h" 24 | #elif defined(__aarch64__) 25 | 26 | #include "includes/arm64-v8a/frida-gumjs.h" 27 | #endif 28 | 29 | int mysystem(char *cmdstring, char *buf, int len); 30 | 31 | static int enable_hack; 32 | static jstring *_appDataDir; 33 | 34 | // 仅在测试app生效 35 | int rirutest(JNIEnv *env, jstring appDataDir) { 36 | 37 | if (!appDataDir) { 38 | LOGD("forkAndSpecializePre appDataDir null"); 39 | return 0; 40 | } 41 | const char *app_data_dir = env->GetStringUTFChars(appDataDir, NULL); 42 | int user = 0; 43 | static char package_name[256]; 44 | if (sscanf(app_data_dir, "/data/%*[^/]/%d/%s", &user, package_name) != 2) { 45 | if (sscanf(app_data_dir, "/data/%*[^/]/%s", package_name) != 1) { 46 | package_name[0] = '\0'; 47 | LOGW("can't parse %s", app_data_dir); 48 | return 0; 49 | } 50 | } 51 | env->ReleaseStringUTFChars(appDataDir, app_data_dir); 52 | // LOGD("package [ %s ] starting...", package_name); 53 | 54 | char cmd_string[1024]; 55 | const char *filepath = "/data/local/tmp/pkg.conf"; 56 | sprintf(cmd_string, "cat %s", filepath); 57 | int bufsize = 1024 * 10; 58 | char buf[bufsize]; 59 | mysystem(cmd_string, buf, bufsize); 60 | 61 | int ret = 0; 62 | char *item = NULL; 63 | char *delims = "\r\n"; 64 | item = strtok(buf, delims); 65 | 66 | while (item != NULL) { 67 | // LOGD("package item: %s", item); 68 | if (strcmp(item, package_name) == 0) { 69 | ret = 1; 70 | break; 71 | } else { 72 | ret = 0; 73 | } 74 | item = strtok(NULL, delims); 75 | } 76 | return ret; 77 | } 78 | 79 | // 用readjs方法中的方式比较简单,但是由于尝试在zygote进程中读取文件,才试到这里的方法 80 | // 这个方法作为一个通用方法就不改回去了 81 | int mysystem(char *cmdstring, char *buf, int len) { 82 | int fd[2]; 83 | pid_t pid; 84 | int n, count; 85 | memset(buf, 0, len); 86 | if (pipe(fd) < 0) 87 | return -1; 88 | if ((pid = fork()) < 0){ 89 | LOGE("fork faild"); 90 | return -1; 91 | } 92 | else if (pid > 0) { 93 | close(fd[1]); 94 | count = 0; 95 | while ((n = read(fd[0], buf + count, len)) > 0 && count > len) 96 | count += n; 97 | close(fd[0]); 98 | if (waitpid(pid, NULL, 0) > 0) 99 | return -1; 100 | } else { 101 | close(fd[0]); 102 | if (fd[1] != STDOUT_FILENO) { 103 | if (dup2(fd[1], STDOUT_FILENO) != STDOUT_FILENO) { 104 | return -1; 105 | } 106 | close(fd[1]); 107 | } 108 | if (execl("/system/bin/sh", "sh", "-c", cmdstring, (char *) 0) == -1){ 109 | LOGE("execl (%s) faild", cmdstring); 110 | return -1; 111 | } 112 | 113 | } 114 | return 0; 115 | } 116 | 117 | static void forkAndSpecializePre( 118 | JNIEnv *env, jclass clazz, jint *_uid, jint *gid, jintArray *gids, jint *runtimeFlags, 119 | jobjectArray *rlimits, jint *mountExternal, jstring *seInfo, jstring *niceName, 120 | jintArray *fdsToClose, jintArray *fdsToIgnore, jboolean *is_child_zygote, 121 | jstring *instructionSet, jstring *appDataDir, jboolean *isTopApp, 122 | jobjectArray *pkgDataInfoList, 123 | jobjectArray *whitelistedDataInfoList, jboolean *bindMountAppDataDirs, 124 | jboolean *bindMountAppStorageDirs) { 125 | 126 | // enable_hack = rirutest(env, *appDataDir); 127 | _appDataDir = appDataDir; 128 | // in zygote process, 129 | } 130 | 131 | static void forkAndSpecializePost(JNIEnv *env, jclass clazz, jint res) { 132 | if (res == 0) { 133 | // in app process 134 | enable_hack = rirutest(env, *_appDataDir); 135 | if (enable_hack) { 136 | gumjsHook(); 137 | } 138 | 139 | } else { 140 | // in zygote process, res is child pid 141 | // don't print log here, see https://github.com/RikkaApps/Riru/blob/77adfd6a4a6a81bfd20569c910bc4854f2f84f5e/riru-core/jni/main/jni_native_method.cpp#L55-L66 142 | } 143 | } 144 | 145 | static void specializeAppProcessPre( 146 | JNIEnv *env, jclass clazz, jint *_uid, jint *gid, jintArray *gids, jint *runtimeFlags, 147 | jobjectArray *rlimits, jint *mountExternal, jstring *seInfo, jstring *niceName, 148 | jboolean *startChildZygote, jstring *instructionSet, jstring *appDataDir, 149 | jboolean *isTopApp, jobjectArray *pkgDataInfoList, jobjectArray *whitelistedDataInfoList, 150 | jboolean *bindMountAppDataDirs, jboolean *bindMountAppStorageDirs) { 151 | // added from Android 10, but disabled at least in Google Pixel devices 152 | } 153 | 154 | static void specializeAppProcessPost( 155 | JNIEnv *env, jclass clazz) { 156 | // added from Android 10, but disabled at least in Google Pixel devices 157 | } 158 | 159 | static void forkSystemServerPre( 160 | JNIEnv *env, jclass clazz, uid_t *uid, gid_t *gid, jintArray *gids, jint *runtimeFlags, 161 | jobjectArray *rlimits, jlong *permittedCapabilities, jlong *effectiveCapabilities) { 162 | 163 | } 164 | 165 | static void forkSystemServerPost(JNIEnv *env, jclass clazz, jint res) { 166 | if (res == 0) { 167 | // in system server process 168 | } else { 169 | // in zygote process, res is child pid 170 | // don't print log here, see https://github.com/RikkaApps/Riru/blob/77adfd6a4a6a81bfd20569c910bc4854f2f84f5e/riru-core/jni/main/jni_native_method.cpp#L55-L66 171 | } 172 | } 173 | 174 | static int shouldSkipUid(int uid) { 175 | // by default, Riru only call module functions in "normal app processes" (10000 <= uid % 100000 <= 19999) 176 | // false = don't skip 177 | return false; 178 | } 179 | 180 | static void onModuleLoaded() { 181 | // called when the shared library of Riru core is loaded 182 | } 183 | 184 | extern "C" { 185 | 186 | int riru_api_version; 187 | RiruApiV9 *riru_api_v9; 188 | 189 | /* 190 | * Init will be called three times. 191 | * 192 | * The first time: 193 | * Returns the highest version number supported by both Riru and the module. 194 | * 195 | * arg: (int *) Riru's API version 196 | * returns: (int *) the highest possible API version 197 | * 198 | * The second time: 199 | * Returns the RiruModuleX struct created by the module. 200 | * (X is the return of the first call) 201 | * 202 | * arg: (RiruApiVX *) RiruApi strcut, this pointer can be saved for further use 203 | * returns: (RiruModuleX *) RiruModule strcut 204 | * 205 | * The second time: 206 | * Let the module to cleanup (such as RiruModuleX struct created before). 207 | * 208 | * arg: null 209 | * returns: (ignored) 210 | * 211 | */ 212 | void *init(void *arg) { 213 | static int step = 0; 214 | step += 1; 215 | 216 | static void *_module; 217 | 218 | switch (step) { 219 | case 1: { 220 | auto core_max_api_version = *(int *) arg; 221 | riru_api_version = 222 | core_max_api_version <= RIRU_MODULE_API_VERSION ? core_max_api_version 223 | : RIRU_MODULE_API_VERSION; 224 | return &riru_api_version; 225 | } 226 | case 2: { 227 | switch (riru_api_version) { 228 | // RiruApiV10 and RiruModuleInfoV10 are equal to V9 229 | case 10: 230 | case 9: { 231 | riru_api_v9 = (RiruApiV9 *) arg; 232 | 233 | auto module = (RiruModuleInfoV9 *) malloc(sizeof(RiruModuleInfoV9)); 234 | memset(module, 0, sizeof(RiruModuleInfoV9)); 235 | _module = module; 236 | 237 | module->supportHide = true; 238 | 239 | module->version = RIRU_MODULE_VERSION; 240 | module->versionName = RIRU_MODULE_VERSION_NAME; 241 | module->onModuleLoaded = onModuleLoaded; 242 | module->shouldSkipUid = shouldSkipUid; 243 | module->forkAndSpecializePre = forkAndSpecializePre; 244 | module->forkAndSpecializePost = forkAndSpecializePost; 245 | module->specializeAppProcessPre = specializeAppProcessPre; 246 | module->specializeAppProcessPost = specializeAppProcessPost; 247 | module->forkSystemServerPre = forkSystemServerPre; 248 | module->forkSystemServerPost = forkSystemServerPost; 249 | return module; 250 | } 251 | default: { 252 | return nullptr; 253 | } 254 | } 255 | } 256 | case 3: { 257 | free(_module); 258 | return nullptr; 259 | } 260 | default: { 261 | return nullptr; 262 | } 263 | } 264 | } 265 | } -------------------------------------------------------------------------------- /module/src/main/pkg.conf: -------------------------------------------------------------------------------- 1 | org.xtgo.xcube.base2 2 | org.xtgo.xcube.base -------------------------------------------------------------------------------- /settings.gradle: -------------------------------------------------------------------------------- 1 | include ':module' 2 | -------------------------------------------------------------------------------- /template/magisk_module/.gitattributes: -------------------------------------------------------------------------------- 1 | # Declare files that will always have LF line endings on checkout. 2 | META-INF/** text eol=lf 3 | *.prop text eol=lf 4 | *.sh text eol=lf 5 | *.md text eol=lf 6 | sepolicy.rule text eol=lf 7 | 8 | # Denote all files that are truly binary and should not be modified. 9 | system/** binary 10 | system_x86/** binary -------------------------------------------------------------------------------- /template/magisk_module/META-INF/com/google/android/update-binary: -------------------------------------------------------------------------------- 1 | #!/sbin/sh 2 | 3 | ################# 4 | # Initialization 5 | ################# 6 | 7 | umask 022 8 | 9 | # Global vars 10 | TMPDIR=/dev/tmp 11 | PERSISTDIR=/sbin/.magisk/mirror/persist 12 | 13 | rm -rf $TMPDIR 2>/dev/null 14 | mkdir -p $TMPDIR 15 | 16 | # echo before loading util_functions 17 | ui_print() { echo "$1"; } 18 | 19 | require_new_magisk() { 20 | ui_print "*******************************" 21 | ui_print " Please install Magisk v19.0+! " 22 | ui_print "*******************************" 23 | exit 1 24 | } 25 | 26 | is_legacy_script() { 27 | unzip -l "$ZIPFILE" install.sh | grep -q install.sh 28 | return $? 29 | } 30 | 31 | print_modname() { 32 | local len 33 | len=`echo -n $MODNAME | wc -c` 34 | len=$((len + 2)) 35 | local pounds=`printf "%${len}s" | tr ' ' '*'` 36 | ui_print "$pounds" 37 | ui_print " $MODNAME " 38 | ui_print "$pounds" 39 | ui_print "*******************" 40 | ui_print " Powered by Magisk " 41 | ui_print "*******************" 42 | } 43 | 44 | ############## 45 | # Environment 46 | ############## 47 | 48 | OUTFD=$2 49 | ZIPFILE=$3 50 | 51 | mount /data 2>/dev/null 52 | 53 | # Load utility functions 54 | [ -f /data/adb/magisk/util_functions.sh ] || require_new_magisk 55 | . /data/adb/magisk/util_functions.sh 56 | [ $MAGISK_VER_CODE -gt 18100 ] || require_new_magisk 57 | 58 | # Preperation for flashable zips 59 | setup_flashable 60 | 61 | # Mount partitions 62 | mount_partitions 63 | 64 | # Detect version and architecture 65 | api_level_arch_detect 66 | 67 | # Setup busybox and binaries 68 | $BOOTMODE && boot_actions || recovery_actions 69 | 70 | ############## 71 | # Preparation 72 | ############## 73 | 74 | # Extract prop file 75 | unzip -o "$ZIPFILE" module.prop -d $TMPDIR >&2 76 | [ ! -f $TMPDIR/module.prop ] && abort "! Unable to extract zip file!" 77 | 78 | $BOOTMODE && MODDIRNAME=modules_update || MODDIRNAME=modules 79 | MODULEROOT=$NVBASE/$MODDIRNAME 80 | MODID=`grep_prop id $TMPDIR/module.prop` 81 | MODPATH=$MODULEROOT/$MODID 82 | MODNAME=`grep_prop name $TMPDIR/module.prop` 83 | 84 | # Create mod paths 85 | rm -rf $MODPATH 2>/dev/null 86 | mkdir -p $MODPATH 87 | 88 | ########## 89 | # Install 90 | ########## 91 | 92 | if is_legacy_script; then 93 | unzip -oj "$ZIPFILE" module.prop install.sh uninstall.sh 'common/*' -d $TMPDIR >&2 94 | 95 | # Load install script 96 | . $TMPDIR/install.sh 97 | 98 | # Callbacks 99 | print_modname 100 | on_install 101 | 102 | # Custom uninstaller 103 | [ -f $TMPDIR/uninstall.sh ] && cp -af $TMPDIR/uninstall.sh $MODPATH/uninstall.sh 104 | 105 | # Skip mount 106 | $SKIPMOUNT && touch $MODPATH/skip_mount 107 | 108 | # prop file 109 | $PROPFILE && cp -af $TMPDIR/system.prop $MODPATH/system.prop 110 | 111 | # Module info 112 | cp -af $TMPDIR/module.prop $MODPATH/module.prop 113 | 114 | # post-fs-data scripts 115 | $POSTFSDATA && cp -af $TMPDIR/post-fs-data.sh $MODPATH/post-fs-data.sh 116 | 117 | # service scripts 118 | $LATESTARTSERVICE && cp -af $TMPDIR/service.sh $MODPATH/service.sh 119 | 120 | ui_print "- Setting permissions" 121 | set_permissions 122 | else 123 | print_modname 124 | 125 | unzip -o "$ZIPFILE" customize.sh -d $MODPATH >&2 126 | 127 | if ! grep -q '^SKIPUNZIP=1$' $MODPATH/customize.sh 2>/dev/null; then 128 | ui_print "- Extracting module files" 129 | unzip -o "$ZIPFILE" -x 'META-INF/*' -d $MODPATH >&2 130 | 131 | # Default permissions 132 | set_perm_recursive $MODPATH 0 0 0755 0644 133 | fi 134 | 135 | # Load customization script 136 | [ -f $MODPATH/customize.sh ] && . $MODPATH/customize.sh 137 | fi 138 | 139 | # Handle replace folders 140 | for TARGET in $REPLACE; do 141 | ui_print "- Replace target: $TARGET" 142 | mktouch $MODPATH$TARGET/.replace 143 | done 144 | 145 | if $BOOTMODE; then 146 | # Update info for Magisk Manager 147 | mktouch $NVBASE/modules/$MODID/update 148 | cp -af $MODPATH/module.prop $NVBASE/modules/$MODID/module.prop 149 | fi 150 | 151 | # Copy over custom sepolicy rules 152 | if [ -f $MODPATH/sepolicy.rule -a -e $PERSISTDIR ]; then 153 | ui_print "- Installing custom sepolicy patch" 154 | PERSISTMOD=$PERSISTDIR/magisk/$MODID 155 | mkdir -p $PERSISTMOD 156 | cp -af $MODPATH/sepolicy.rule $PERSISTMOD/sepolicy.rule 157 | fi 158 | 159 | # Remove stuffs that don't belong to modules 160 | rm -rf \ 161 | $MODPATH/system/placeholder $MODPATH/customize.sh \ 162 | $MODPATH/README.md $MODPATH/.git* 2>/dev/null 163 | 164 | ############## 165 | # Finalizing 166 | ############## 167 | 168 | cd / 169 | $BOOTMODE || recovery_cleanup 170 | rm -rf $TMPDIR 171 | 172 | ui_print "- Done" 173 | exit 0 -------------------------------------------------------------------------------- /template/magisk_module/META-INF/com/google/android/updater-script: -------------------------------------------------------------------------------- 1 | #MAGISK 2 | -------------------------------------------------------------------------------- /template/magisk_module/README.md: -------------------------------------------------------------------------------- 1 | # Riru - Template -------------------------------------------------------------------------------- /template/magisk_module/customize.sh: -------------------------------------------------------------------------------- 1 | SKIPUNZIP=1 2 | 3 | # check_architecture 4 | if [ "$ARCH" != "arm" ] && [ "$ARCH" != "arm64" ] && [ "$ARCH" != "x86" ] && [ "$ARCH" != "x64" ]; then 5 | abort "! Unsupported platform: $ARCH" 6 | else 7 | ui_print "- Device platform: $ARCH" 8 | fi 9 | 10 | # extract verify.sh 11 | ui_print "- Extracting verify.sh" 12 | unzip -o "$ZIPFILE" 'verify.sh' -d "$TMPDIR" >&2 13 | if [ ! -f "$TMPDIR/verify.sh" ]; then 14 | ui_print "*********************************************************" 15 | ui_print "! Unable to extract verify.sh!" 16 | ui_print "! This zip may be corrupted, please try downloading again" 17 | abort "*********************************************************" 18 | fi 19 | . $TMPDIR/verify.sh 20 | 21 | # extract riru.sh 22 | extract "$ZIPFILE" 'riru.sh' "$MODPATH" 23 | . $MODPATH/riru.sh 24 | 25 | check_riru_version 26 | 27 | # extract libs 28 | ui_print "- Extracting module files" 29 | 30 | extract "$ZIPFILE" 'module.prop' "$MODPATH" 31 | extract "$ZIPFILE" 'post-fs-data.sh' "$MODPATH" 32 | extract "$ZIPFILE" 'uninstall.sh' "$MODPATH" 33 | #extract "$ZIPFILE" 'sepolicy.rule' "$MODPATH" 34 | 35 | if [ "$ARCH" = "x86" ] || [ "$ARCH" = "x64" ]; then 36 | ui_print "- Extracting x86 libraries" 37 | extract "$ZIPFILE" "system_x86/lib/libriru_$RIRU_MODULE_ID.so" "$MODPATH" 38 | mv "$MODPATH/system_x86" "$MODPATH/system" 39 | 40 | if [ "$IS64BIT" = true ]; then 41 | ui_print "- Extracting x64 libraries" 42 | extract "$ZIPFILE" "system_x86/lib64/libriru_$RIRU_MODULE_ID.so" "$MODPATH" 43 | mv "$MODPATH/system_x86/lib64" "$MODPATH/system/lib64" 44 | fi 45 | else 46 | ui_print "- Extracting arm libraries" 47 | extract "$ZIPFILE" "system/lib/libriru_$RIRU_MODULE_ID.so" "$MODPATH" 48 | 49 | if [ "$IS64BIT" = true ]; then 50 | ui_print "- Extracting arm64 libraries" 51 | extract "$ZIPFILE" "system/lib64/libriru_$RIRU_MODULE_ID.so" "$MODPATH" 52 | fi 53 | fi 54 | 55 | set_perm_recursive "$MODPATH" 0 0 0755 0644 56 | 57 | # extract Riru files 58 | ui_print "- Extracting extra files" 59 | [ -d "$RIRU_MODULE_PATH" ] || mkdir -p "$RIRU_MODULE_PATH" || abort "! Can't create $RIRU_MODULE_PATH" 60 | 61 | rm -f "$RIRU_MODULE_PATH/module.prop.new" 62 | extract "$ZIPFILE" 'riru/module.prop.new' "$RIRU_MODULE_PATH" true 63 | set_perm "$RIRU_MODULE_PATH/module.prop.new" 0 0 0600 $RIRU_SECONTEXT -------------------------------------------------------------------------------- /template/magisk_module/post-fs-data.sh: -------------------------------------------------------------------------------- 1 | #!/system/bin/sh 2 | MODDIR=${0%/*} 3 | [ ! -f "$MODDIR/riru.sh" ] && exit 1 4 | . $MODDIR/riru.sh 5 | 6 | # Rename module.prop.new 7 | if [ -f "$RIRU_MODULE_PATH/module.prop.new" ]; then 8 | rm "$RIRU_MODULE_PATH/module.prop" 9 | mv "$RIRU_MODULE_PATH/module.prop.new" "$RIRU_MODULE_PATH/module.prop" 10 | fi -------------------------------------------------------------------------------- /template/magisk_module/riru.sh: -------------------------------------------------------------------------------- 1 | #!/sbin/sh 2 | RIRU_PATH="/data/adb/riru" 3 | RIRU_MODULE_ID="%%%RIRU_MODULE_ID%%%" 4 | RIRU_MODULE_PATH="$RIRU_PATH/modules/$RIRU_MODULE_ID" 5 | RIRU_SECONTEXT="u:object_r:magisk_file:s0" 6 | 7 | # used by /data/adb/riru/util_functions.sh 8 | RIRU_MODULE_API_VERSION=%%%RIRU_MODULE_API_VERSION%%% 9 | RIRU_MODULE_MIN_API_VERSION=%%%RIRU_MODULE_MIN_API_VERSION%%% 10 | RIRU_MODULE_MIN_RIRU_VERSION_NAME="%%%RIRU_MODULE_MIN_RIRU_VERSION_NAME%%%" 11 | 12 | # this function will be used when /data/adb/riru/util_functions.sh not exits 13 | check_riru_version() { 14 | if [ ! -f "$RIRU_PATH/api_version" ] && [ ! -f "$RIRU_PATH/api_version.new" ]; then 15 | ui_print "*********************************************************" 16 | ui_print "! Riru $RIRU_MIN_VERSION_NAME or above is required" 17 | ui_print "! Please install Riru from Magisk Manager or https://github.com/RikkaApps/Riru/releases" 18 | abort "*********************************************************" 19 | fi 20 | local_api_version=$(cat "$RIRU_PATH/api_version.new") || local_api_version=$(cat "$RIRU_PATH/api_version") || local_api_version=0 21 | [ "$local_api_version" -eq "$local_api_version" ] || local_api_version=0 22 | ui_print "- Riru API version: $local_api_version" 23 | if [ "$local_api_version" -lt $RIRU_MODULE_MIN_API_VERSION ]; then 24 | ui_print "*********************************************************" 25 | ui_print "! Riru $RIRU_MIN_VERSION_NAME or above is required" 26 | ui_print "! Please upgrade Riru from Magisk Manager or https://github.com/RikkaApps/Riru/releases" 27 | abort "*********************************************************" 28 | fi 29 | } 30 | 31 | if [ -f /data/adb/riru/util_functions.sh ]; then 32 | ui_print "- Load /data/adb/riru/util_functions.sh" 33 | . /data/adb/riru/util_functions.sh 34 | else 35 | ui_print "- Can't find /data/adb/riru/util_functions.sh" 36 | fi -------------------------------------------------------------------------------- /template/magisk_module/uninstall.sh: -------------------------------------------------------------------------------- 1 | #!/sbin/sh 2 | MODDIR=${0%/*} 3 | [ ! -f "$MODDIR/riru.sh" ] && exit 1 4 | . $MODDIR/riru.sh 5 | 6 | rm -rf "$RIRU_MODULE_PATH" -------------------------------------------------------------------------------- /template/magisk_module/verify.sh: -------------------------------------------------------------------------------- 1 | TMPDIR_FOR_VERIFY="$TMPDIR/.vunzip" 2 | mkdir "$TMPDIR_FOR_VERIFY" 3 | 4 | abort_verify() { 5 | ui_print "*********************************************************" 6 | ui_print "! $1" 7 | ui_print "! This zip may be corrupted, please try downloading again" 8 | abort "*********************************************************" 9 | } 10 | 11 | # extract 12 | extract() { 13 | zip=$1 14 | file=$2 15 | dir=$3 16 | junk_paths=$4 17 | [ -z "$junk_paths" ] && junk_paths=false 18 | opts="-o" 19 | [ $junk_paths = true ] && opts="-oj" 20 | 21 | file_path="" 22 | hash_path="" 23 | if [ $junk_paths = true ]; then 24 | file_path="$dir/$(basename "$file")" 25 | hash_path="$TMPDIR_FOR_VERIFY/$(basename "$file").sha256sum" 26 | else 27 | file_path="$dir/$file" 28 | hash_path="$TMPDIR_FOR_VERIFY/$file.sha256sum" 29 | fi 30 | 31 | unzip $opts "$zip" "$file" -d "$dir" >&2 32 | [ -f "$file_path" ] || abort_verify "$file not exists" 33 | 34 | unzip $opts "$zip" "$file.sha256sum" -d "$TMPDIR_FOR_VERIFY" >&2 35 | [ -f "$hash_path" ] || abort_verify "$file.sha256sum not exists" 36 | 37 | (echo "$(cat "$hash_path") $file_path" | sha256sum -c -s -) || abort_verify "Failed to verify $file" 38 | ui_print "- Verified $file" >&1 39 | } --------------------------------------------------------------------------------