├── ChangShengJian ├── AndroidMasterKeys.jar ├── MZLog.java ├── MZLog.smali ├── baksmali-2.0.3.jar ├── crackme1.apk ├── libcore.zip ├── signapk.jar ├── smali-2.0.3.jar ├── testkey.pk8 └── testkey.x509.pem ├── KongQueLing ├── JNI_ENV_FUNCTIONS.xlsx ├── crackme1.apk ├── crackme2.apk ├── debugJNIOnload.avi ├── defs.h ├── dump.idc └── dumpdex.avi ├── LiBieGou ├── JavaHook │ ├── EvilApk4.apk │ ├── Introspy │ │ ├── AUTHORS.txt │ │ ├── CHANGELOG.md │ │ ├── Introspy-Android Config.apk │ │ ├── Introspy-Android Config │ │ │ ├── .classpath │ │ │ ├── .project │ │ │ ├── .settings │ │ │ │ └── org.eclipse.jdt.core.prefs │ │ │ ├── AndroidManifest.xml │ │ │ ├── proguard.cfg │ │ │ ├── project.properties │ │ │ ├── res │ │ │ │ ├── drawable-hdpi │ │ │ │ │ └── ic_launcher.png │ │ │ │ ├── drawable-ldpi │ │ │ │ │ └── ic_launcher.png │ │ │ │ ├── drawable-mdpi │ │ │ │ │ └── ic_launcher.png │ │ │ │ ├── layout │ │ │ │ │ ├── list_filter_types.xml │ │ │ │ │ ├── list_item.xml │ │ │ │ │ ├── listfragment.xml │ │ │ │ │ └── main.xml │ │ │ │ └── values │ │ │ │ │ └── strings.xml │ │ │ └── src │ │ │ │ └── com │ │ │ │ └── introspy │ │ │ │ └── config │ │ │ │ ├── AndroidListFragmentActivity.java │ │ │ │ ├── ApplicationFilter.java │ │ │ │ ├── AsyncOp.java │ │ │ │ ├── HookTypes.java │ │ │ │ ├── InjectConfig.java │ │ │ │ └── UpdateAppList.java │ │ ├── Introspy-Android Core.apk │ │ ├── Introspy-Android Core │ │ │ ├── .classpath │ │ │ ├── .project │ │ │ ├── .settings │ │ │ │ └── org.eclipse.jdt.core.prefs │ │ │ ├── AndroidManifest.xml │ │ │ ├── bin │ │ │ │ ├── AndroidManifest.xml │ │ │ │ ├── Introspy-Android Core.apk │ │ │ │ ├── classes.dex │ │ │ │ ├── classes │ │ │ │ │ └── com │ │ │ │ │ │ └── introspy │ │ │ │ │ │ ├── core │ │ │ │ │ │ ├── ApplicationConfig.class │ │ │ │ │ │ ├── ApplicationState$1.class │ │ │ │ │ │ ├── ApplicationState.class │ │ │ │ │ │ ├── BuildConfig.class │ │ │ │ │ │ ├── HookConfig.class │ │ │ │ │ │ ├── IntroHook.class │ │ │ │ │ │ ├── IntroStringHelper.class │ │ │ │ │ │ ├── IntrospyAndroid.class │ │ │ │ │ │ ├── LoadConfig.class │ │ │ │ │ │ ├── LoggerWrap.class │ │ │ │ │ │ ├── Main$1.class │ │ │ │ │ │ ├── Main$2.class │ │ │ │ │ │ ├── Main$3.class │ │ │ │ │ │ ├── Main.class │ │ │ │ │ │ ├── R$attr.class │ │ │ │ │ │ ├── R$dimen.class │ │ │ │ │ │ ├── R$string.class │ │ │ │ │ │ ├── R$style.class │ │ │ │ │ │ ├── R.class │ │ │ │ │ │ └── package-info.class │ │ │ │ │ │ ├── custom_hooks │ │ │ │ │ │ ├── CustomHookList.class │ │ │ │ │ │ ├── HookExampleImpl.class │ │ │ │ │ │ ├── HookStrings.class │ │ │ │ │ │ └── StringInit.class │ │ │ │ │ │ ├── hooks │ │ │ │ │ │ ├── FuncIPC.class │ │ │ │ │ │ ├── HookList.class │ │ │ │ │ │ ├── Intro_CHECK_FS_SET.class │ │ │ │ │ │ ├── Intro_CHECK_HOSTNAME_VERIFIER.class │ │ │ │ │ │ ├── Intro_CHECK_SHARED_PREF.class │ │ │ │ │ │ ├── Intro_CHECK_URI.class │ │ │ │ │ │ ├── Intro_CONTAINS_SHARED_PREF.class │ │ │ │ │ │ ├── Intro_CRYPTO.class │ │ │ │ │ │ ├── Intro_CRYPTO_FINAL.class │ │ │ │ │ │ ├── Intro_CRYPTO_FINAL_UTIL.class │ │ │ │ │ │ ├── Intro_CRYPTO_INIT.class │ │ │ │ │ │ ├── Intro_CRYPTO_KEY.class │ │ │ │ │ │ ├── Intro_CRYPTO_KEYSTORE.class │ │ │ │ │ │ ├── Intro_CRYPTO_KEYSTORE_HOSTNAME.class │ │ │ │ │ │ ├── Intro_CRYPTO_PBEKEY.class │ │ │ │ │ │ ├── Intro_DUMP.class │ │ │ │ │ │ ├── Intro_DUMP_INTENT.class │ │ │ │ │ │ ├── Intro_ExecSQL.class │ │ │ │ │ │ ├── Intro_FILE_CHECK_DIR.class │ │ │ │ │ │ ├── Intro_FILE_CHECK_MODE.class │ │ │ │ │ │ ├── Intro_FILE_PARENT.class │ │ │ │ │ │ ├── Intro_GET_ALL_SHARED_PREF.class │ │ │ │ │ │ ├── Intro_GET_HASH.class │ │ │ │ │ │ ├── Intro_GET_KEY.class │ │ │ │ │ │ ├── Intro_GET_SHARED_PREF.class │ │ │ │ │ │ ├── Intro_HASH.class │ │ │ │ │ │ ├── Intro_IPC_MODIFIED.class │ │ │ │ │ │ ├── Intro_IPC_RECEIVER.class │ │ │ │ │ │ ├── Intro_PREF_PARENT.class │ │ │ │ │ │ ├── Intro_PUT_SHARED_PREF.class │ │ │ │ │ │ ├── Intro_SHOULD_NOT_BE_USED.class │ │ │ │ │ │ ├── Intro_SQLite_INSERT.class │ │ │ │ │ │ ├── Intro_SQLite_UPDATE.class │ │ │ │ │ │ ├── Intro_SSL_CHECK_TRUST_MANAGER.class │ │ │ │ │ │ ├── Intro_SSL_CHECK_TRUST_SOCKETFACTORY.class │ │ │ │ │ │ ├── Intro_URI_REGISTER.class │ │ │ │ │ │ ├── Intro_WEBVIEW_JS_BRIDGE.class │ │ │ │ │ │ ├── Intro_WEBVIEW_SET.class │ │ │ │ │ │ └── package-info.class │ │ │ │ │ │ └── logging │ │ │ │ │ │ ├── Logger.class │ │ │ │ │ │ ├── LoggerConfig.class │ │ │ │ │ │ ├── LoggerDB.class │ │ │ │ │ │ ├── LoggerErrorHandler.class │ │ │ │ │ │ ├── LoggerFile.class │ │ │ │ │ │ ├── LoggerTraces.class │ │ │ │ │ │ ├── SQLiteIntrospy.class │ │ │ │ │ │ ├── SQLiteIntrospyHelper.class │ │ │ │ │ │ ├── SQLiteIntrospyLog.class │ │ │ │ │ │ └── package-info.class │ │ │ │ ├── dexedLibs │ │ │ │ │ ├── android-support-v4-7bb1c4642d4f2feff359623c21ee30c8.jar │ │ │ │ │ └── substrate-api-6c7ea4ba6848ba7873541e373320284f.jar │ │ │ │ ├── jarlist.cache │ │ │ │ └── resources.ap_ │ │ │ ├── gen │ │ │ │ └── com │ │ │ │ │ └── introspy │ │ │ │ │ └── core │ │ │ │ │ ├── BuildConfig.java │ │ │ │ │ └── R.java │ │ │ ├── ic_launcher-web.png │ │ │ ├── libs │ │ │ │ ├── android-support-v4.jar │ │ │ │ └── substrate-api.jar │ │ │ ├── proguard-project.txt │ │ │ ├── project.properties │ │ │ ├── res │ │ │ │ └── values │ │ │ │ │ ├── dimens.xml │ │ │ │ │ ├── strings.xml │ │ │ │ │ └── styles.xml │ │ │ └── src │ │ │ │ └── com │ │ │ │ └── introspy │ │ │ │ ├── core │ │ │ │ ├── ApplicationConfig.java │ │ │ │ ├── ApplicationState.java │ │ │ │ ├── HookConfig.java │ │ │ │ ├── IntroHook.java │ │ │ │ ├── IntroStringHelper.java │ │ │ │ ├── IntrospyAndroid.java │ │ │ │ ├── LoadConfig.java │ │ │ │ ├── LoggerWrap.java │ │ │ │ ├── Main.java │ │ │ │ └── package-info.java │ │ │ │ ├── custom_hooks │ │ │ │ ├── CustomHookList.java │ │ │ │ ├── HookExampleImpl.java │ │ │ │ ├── HookStrings.java │ │ │ │ └── StringInit.java │ │ │ │ ├── hooks │ │ │ │ ├── HookCryptoImpl.java │ │ │ │ ├── HookFileSystemImpl.java │ │ │ │ ├── HookGeneric.java │ │ │ │ ├── HookHashImpl.java │ │ │ │ ├── HookIPCImpl.java │ │ │ │ ├── HookKeyImpl.java │ │ │ │ ├── HookList.java │ │ │ │ ├── HookSQLiteImpl.java │ │ │ │ ├── HookSSLImpl.java │ │ │ │ ├── HookSharedPrefImpl.java │ │ │ │ ├── HookWebviewImpl.java │ │ │ │ └── package-info.java │ │ │ │ └── logging │ │ │ │ ├── Logger.java │ │ │ │ ├── LoggerConfig.java │ │ │ │ ├── LoggerDB.java │ │ │ │ ├── LoggerErrorHandler.java │ │ │ │ ├── LoggerFile.java │ │ │ │ ├── LoggerTraces.java │ │ │ │ ├── SQLiteIntrospy.java │ │ │ │ ├── SQLiteIntrospyHelper.java │ │ │ │ ├── SQLiteIntrospyLog.java │ │ │ │ └── package-info.java │ │ ├── LICENSE │ │ ├── README.md │ │ ├── TODO.txt │ │ └── images │ │ │ ├── GUI.png │ │ │ ├── Thumbs.db │ │ │ ├── adding_hook_impl.PNG │ │ │ ├── adding_hooks.PNG │ │ │ ├── cydia_installed.png │ │ │ ├── example_logcat.png │ │ │ ├── html_report_android.PNG │ │ │ ├── impl_handle.PNG │ │ │ └── new_object.PNG │ ├── cydia.apk │ └── decrypt.py ├── adbi-master │ ├── README.md │ ├── build.sh │ ├── clean.sh │ ├── hijack │ │ ├── hijack.c │ │ ├── jni │ │ │ └── Android.mk │ │ ├── libs │ │ │ └── armeabi │ │ │ │ └── hijack │ │ └── obj │ │ │ └── local │ │ │ └── armeabi │ │ │ ├── hijack │ │ │ └── objs │ │ │ └── hijack │ │ │ └── __ │ │ │ ├── hijack.o │ │ │ └── hijack.o.d │ └── instruments │ │ ├── base │ │ ├── base.c │ │ ├── base.h │ │ ├── hook.c │ │ ├── hook.h │ │ ├── jni │ │ │ ├── Android.mk │ │ │ └── Application.mk │ │ ├── obj │ │ │ └── local │ │ │ │ └── armeabi │ │ │ │ ├── libbase.a │ │ │ │ └── objs │ │ │ │ └── base │ │ │ │ └── __ │ │ │ │ ├── base.o │ │ │ │ ├── base.o.d │ │ │ │ ├── hook.o │ │ │ │ ├── hook.o.d │ │ │ │ ├── util.o │ │ │ │ └── util.o.d │ │ ├── util.c │ │ └── util.h │ │ └── example │ │ ├── hookjni.c │ │ ├── hookjni_arm.c │ │ ├── jni │ │ └── Android.mk │ │ ├── libs │ │ └── armeabi │ │ │ └── libexample.so │ │ └── obj │ │ └── local │ │ └── armeabi │ │ ├── libexample.so │ │ └── objs │ │ └── example │ │ └── __ │ │ ├── hookjni.o │ │ ├── hookjni.o.d │ │ ├── hookjni_arm.o │ │ └── hookjni_arm.o.d ├── reference │ ├── ptrace.h │ └── systemcalllist.txt ├── test1 │ ├── jni │ │ ├── Android.mk │ │ ├── Application.mk │ │ ├── hook1.c │ │ ├── hook2.c │ │ ├── hook3.c │ │ ├── hook4.c │ │ ├── hook5.c │ │ ├── inject.c │ │ ├── inject2.c │ │ └── target.c │ ├── libs │ │ └── armeabi │ │ │ ├── hook1 │ │ │ ├── hook2 │ │ │ ├── hook3 │ │ │ ├── hook4 │ │ │ ├── hook5 │ │ │ ├── libinject.so │ │ │ ├── libinject2.so │ │ │ └── target │ └── obj │ │ └── local │ │ └── armeabi │ │ ├── hook1 │ │ ├── hook2 │ │ ├── hook3 │ │ ├── hook4 │ │ ├── hook5 │ │ ├── libinject.so │ │ ├── libinject2.so │ │ ├── objs │ │ ├── hook1 │ │ │ ├── hook1.o │ │ │ └── hook1.o.d │ │ ├── hook2 │ │ │ ├── hook2.o │ │ │ └── hook2.o.d │ │ ├── hook3 │ │ │ ├── hook3.o │ │ │ └── hook3.o.d │ │ ├── hook4 │ │ │ ├── hook4.o │ │ │ └── hook4.o.d │ │ ├── hook5 │ │ │ ├── hook5.o │ │ │ └── hook5.o.d │ │ ├── inject │ │ │ ├── inject.o │ │ │ └── inject.o.d │ │ ├── inject2 │ │ │ ├── inject2.o │ │ │ └── inject2.o.d │ │ └── target │ │ │ ├── target.o │ │ │ └── target.o.d │ │ └── target └── test2 │ └── test2.apk └── readme.md /ChangShengJian/AndroidMasterKeys.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/ChangShengJian/AndroidMasterKeys.jar -------------------------------------------------------------------------------- /ChangShengJian/MZLog.java: -------------------------------------------------------------------------------- 1 | package com.mzheng; 2 | 3 | import java.util.Arrays; 4 | 5 | import android.util.Log; 6 | 7 | public class MZLog { 8 | 9 | public static void Log(String tag, String msg) 10 | { 11 | Log.d(tag, msg); 12 | } 13 | 14 | public static void Log(Object someObj) 15 | { 16 | Log("mzheng", someObj.toString()); 17 | } 18 | 19 | public static void Log(Object[] someObj) 20 | { 21 | Log("mzheng",Arrays.toString(someObj)); 22 | } 23 | 24 | } 25 | -------------------------------------------------------------------------------- /ChangShengJian/MZLog.smali: -------------------------------------------------------------------------------- 1 | .class public Lcom/mzheng/MZLog; 2 | .super Ljava/lang/Object; 3 | .source "MZLog.java" 4 | 5 | 6 | # direct methods 7 | .method public constructor ()V 8 | .registers 1 9 | 10 | .prologue 11 | .line 7 12 | invoke-direct {p0}, Ljava/lang/Object;->()V 13 | 14 | return-void 15 | .end method 16 | 17 | .method public static Log(Ljava/lang/Object;)V 18 | .registers 3 19 | .param p0, "someObj" # Ljava/lang/Object; 20 | 21 | .prologue 22 | .line 16 23 | const-string v0, "mzheng" 24 | 25 | invoke-virtual {p0}, Ljava/lang/Object;->toString()Ljava/lang/String; 26 | 27 | move-result-object v1 28 | 29 | invoke-static {v0, v1}, Lcom/mzheng/MZLog;->Log(Ljava/lang/String;Ljava/lang/String;)V 30 | 31 | .line 17 32 | return-void 33 | .end method 34 | 35 | .method public static Log(Ljava/lang/String;Ljava/lang/String;)V 36 | .registers 2 37 | .param p0, "tag" # Ljava/lang/String; 38 | .param p1, "msg" # Ljava/lang/String; 39 | 40 | .prologue 41 | .line 11 42 | invoke-static {p0, p1}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I 43 | 44 | .line 12 45 | return-void 46 | .end method 47 | 48 | .method public static Log([Ljava/lang/Object;)V 49 | .registers 3 50 | .param p0, "someObj" # [Ljava/lang/Object; 51 | 52 | .prologue 53 | .line 21 54 | const-string v0, "mzheng" 55 | 56 | invoke-static {p0}, Ljava/util/Arrays;->toString([Ljava/lang/Object;)Ljava/lang/String; 57 | 58 | move-result-object v1 59 | 60 | invoke-static {v0, v1}, Lcom/mzheng/MZLog;->Log(Ljava/lang/String;Ljava/lang/String;)V 61 | 62 | .line 22 63 | return-void 64 | .end method 65 | -------------------------------------------------------------------------------- /ChangShengJian/baksmali-2.0.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/ChangShengJian/baksmali-2.0.3.jar -------------------------------------------------------------------------------- /ChangShengJian/crackme1.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/ChangShengJian/crackme1.apk -------------------------------------------------------------------------------- /ChangShengJian/libcore.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/ChangShengJian/libcore.zip -------------------------------------------------------------------------------- /ChangShengJian/signapk.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/ChangShengJian/signapk.jar -------------------------------------------------------------------------------- /ChangShengJian/smali-2.0.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/ChangShengJian/smali-2.0.3.jar -------------------------------------------------------------------------------- /ChangShengJian/testkey.pk8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/ChangShengJian/testkey.pk8 -------------------------------------------------------------------------------- /ChangShengJian/testkey.x509.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEqDCCA5CgAwIBAgIJAJNurL4H8gHfMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD 3 | VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g 4 | VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE 5 | AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe 6 | Fw0wODAyMjkwMTMzNDZaFw0zNTA3MTcwMTMzNDZaMIGUMQswCQYDVQQGEwJVUzET 7 | MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G 8 | A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p 9 | ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI 10 | hvcNAQEBBQADggENADCCAQgCggEBANaTGQTexgskse3HYuDZ2CU+Ps1s6x3i/waM 11 | qOi8qM1r03hupwqnbOYOuw+ZNVn/2T53qUPn6D1LZLjk/qLT5lbx4meoG7+yMLV4 12 | wgRDvkxyGLhG9SEVhvA4oU6Jwr44f46+z4/Kw9oe4zDJ6pPQp8PcSvNQIg1QCAcy 13 | 4ICXF+5qBTNZ5qaU7Cyz8oSgpGbIepTYOzEJOmc3Li9kEsBubULxWBjf/gOBzAzU 14 | RNps3cO4JFgZSAGzJWQTT7/emMkod0jb9WdqVA2BVMi7yge54kdVMxHEa5r3b97s 15 | zI5p58ii0I54JiCUP5lyfTwE/nKZHZnfm644oLIXf6MdW2r+6R8CAQOjgfwwgfkw 16 | HQYDVR0OBBYEFEhZAFY9JyxGrhGGBaR0GawJyowRMIHJBgNVHSMEgcEwgb6AFEhZ 17 | AFY9JyxGrhGGBaR0GawJyowRoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE 18 | CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH 19 | QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG 20 | CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJAJNurL4H8gHfMAwGA1Ud 21 | EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHqvlozrUMRBBVEY0NqrrwFbinZa 22 | J6cVosK0TyIUFf/azgMJWr+kLfcHCHJsIGnlw27drgQAvilFLAhLwn62oX6snb4Y 23 | LCBOsVMR9FXYJLZW2+TcIkCRLXWG/oiVHQGo/rWuWkJgU134NDEFJCJGjDbiLCpe 24 | +ZTWHdcwauTJ9pUbo8EvHRkU3cYfGmLaLfgn9gP+pWA7LFQNvXwBnDa6sppCccEX 25 | 31I828XzgXpJ4O+mDL1/dBd+ek8ZPUP0IgdyZm5MTYPhvVqGCHzzTy3sIeJFymwr 26 | sBbmg2OAUNLEMO6nwmocSdN2ClirfxqCzJOLSDE4QyS9BAH6EhY6UFcOaE0= 27 | -----END CERTIFICATE----- 28 | -------------------------------------------------------------------------------- /KongQueLing/JNI_ENV_FUNCTIONS.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/KongQueLing/JNI_ENV_FUNCTIONS.xlsx -------------------------------------------------------------------------------- /KongQueLing/crackme1.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/KongQueLing/crackme1.apk -------------------------------------------------------------------------------- /KongQueLing/crackme2.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/KongQueLing/crackme2.apk -------------------------------------------------------------------------------- /KongQueLing/debugJNIOnload.avi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/KongQueLing/debugJNIOnload.avi -------------------------------------------------------------------------------- /KongQueLing/defs.h: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | This file contains definitions used by the Hex-Rays decompiler output. 4 | It has type definitions and convenience macros to make the 5 | output more readable. 6 | 7 | Copyright (c) 2007 Hex-Rays sprl 8 | 9 | */ 10 | 11 | #if defined(__GNUC__) 12 | #define FMT_64 "ll" 13 | typedef long long ll; 14 | typedef unsigned long long ull; 15 | #elif defined(_MSC_VER) 16 | typedef __int64 ll; 17 | typedef unsigned __int64 ull; 18 | #define FMT_64 "I64" 19 | #elif defined (__BORLANDC__) 20 | typedef __int64 ll; 21 | typedef unsigned __int64 ull; 22 | #define FMT_64 "L" 23 | #else 24 | #error "unknown compiler" 25 | #endif 26 | typedef unsigned int uint; 27 | typedef unsigned char uchar; 28 | typedef unsigned short ushort; 29 | typedef unsigned long ulong; 30 | 31 | // Partially defined types: 32 | #define _BYTE char 33 | #define _WORD short 34 | #define _DWORD long 35 | #define _QWORD ll 36 | #define _LONGLONG __int128 37 | 38 | #ifndef _WINDOWS_ 39 | typedef char BYTE; 40 | typedef short WORD; 41 | typedef long DWORD; 42 | typedef long LONG; 43 | #endif 44 | typedef ll QWORD; 45 | #ifndef __cplusplus 46 | typedef int bool; // we want to use bool in our C programs 47 | #endif 48 | 49 | // Some convenience macros to make partial accesses nicer 50 | // first unsigned macros: 51 | #define LOBYTE(x) (*((_BYTE*)&(x))) // low byte 52 | #define LOWORD(x) (*((_WORD*)&(x))) // low word 53 | #define LODWORD(x) (*((_DWORD*)&(x))) // low dword 54 | #define HIBYTE(x) (*((_BYTE*)&(x)+1)) 55 | #define HIWORD(x) (*((_WORD*)&(x)+1)) 56 | #define HIDWORD(x) (*((_DWORD*)&(x)+1)) 57 | #define BYTEn(x, n) (*((_BYTE*)&(x)+n)) 58 | #define WORDn(x, n) (*((_WORD*)&(x)+n)) 59 | #define BYTE1(x) BYTEn(x, 1) // byte 1 (counting from 0) 60 | #define BYTE2(x) BYTEn(x, 2) 61 | #define BYTE3(x) BYTEn(x, 3) 62 | #define BYTE4(x) BYTEn(x, 4) 63 | #define BYTE5(x) BYTEn(x, 5) 64 | #define BYTE6(x) BYTEn(x, 6) 65 | #define BYTE7(x) BYTEn(x, 7) 66 | #define BYTE8(x) BYTEn(x, 8) 67 | #define BYTE9(x) BYTEn(x, 9) 68 | #define BYTE10(x) BYTEn(x, 10) 69 | #define BYTE11(x) BYTEn(x, 11) 70 | #define BYTE12(x) BYTEn(x, 12) 71 | #define BYTE13(x) BYTEn(x, 13) 72 | #define BYTE14(x) BYTEn(x, 14) 73 | #define BYTE15(x) BYTEn(x, 15) 74 | #define WORD1(x) WORDn(x, 1) 75 | #define WORD2(x) WORDn(x, 2) // third word of the object, unsigned 76 | #define WORD3(x) WORDn(x, 3) 77 | #define WORD4(x) WORDn(x, 4) 78 | #define WORD5(x) WORDn(x, 5) 79 | #define WORD6(x) WORDn(x, 6) 80 | #define WORD7(x) WORDn(x, 7) 81 | 82 | // now signed macros (the same but with sign extension) 83 | #define SLOBYTE(x) (*((char*)&(x))) 84 | #define SLOWORD(x) (*((short*)&(x))) 85 | #define SLODWORD(x) (*((long*)&(x))) 86 | #define SHIBYTE(x) (*((char*)&(x)+1)) 87 | #define SHIWORD(x) (*((short*)&(x)+1)) 88 | #define SHIDWORD(x) (*((long*)&(x)+1)) 89 | #define SBYTEn(x, n) (*((char*)&(x)+n)) 90 | #define SWORDn(x, n) (*((short*)&(x)+n)) 91 | #define SBYTE1(x) SBYTEn(x, 1) 92 | #define SBYTE2(x) SBYTEn(x, 2) 93 | #define SBYTE3(x) SBYTEn(x, 3) 94 | #define SBYTE4(x) SBYTEn(x, 4) 95 | #define SBYTE5(x) SBYTEn(x, 5) 96 | #define SBYTE6(x) SBYTEn(x, 6) 97 | #define SBYTE7(x) SBYTEn(x, 7) 98 | #define SBYTE8(x) SBYTEn(x, 8) 99 | #define SBYTE9(x) SBYTEn(x, 9) 100 | #define SBYTE10(x) SBYTEn(x, 10) 101 | #define SBYTE11(x) SBYTEn(x, 11) 102 | #define SBYTE12(x) SBYTEn(x, 12) 103 | #define SBYTE13(x) SBYTEn(x, 13) 104 | #define SBYTE14(x) SBYTEn(x, 14) 105 | #define SBYTE15(x) SBYTEn(x, 15) 106 | #define SWORD1(x) SWORDn(x, 1) 107 | #define SWORD2(x) SWORDn(x, 2) 108 | #define SWORD3(x) SWORDn(x, 3) 109 | #define SWORD4(x) SWORDn(x, 4) 110 | #define SWORD5(x) SWORDn(x, 5) 111 | #define SWORD6(x) SWORDn(x, 6) 112 | #define SWORD7(x) SWORDn(x, 7) 113 | 114 | // Macros to represent some assembly instructions 115 | // Feel free to modify them 116 | 117 | #define __ROL__(x, y) __rotl__(x, y) // Rotate left 118 | #define __ROR__(x, y) __rotr__(x, y) // Rotate right 119 | #define __RCL__(x, y) invalid_operation // Rotate left thru carry 120 | #define __RCR__(x, y) invalid_operation // Rotate right thru carry 121 | #define __MKCADD__(x, y) invalid_operation // Generate carry flag for an addition 122 | #define __MKOADD__(x, y) invalid_operation // Generate overflow flag for an addition 123 | #define __MKCSHL__(x, y) invalid_operation // Generate carry flag for a shift left 124 | #define __MKCSHR__(x, y) invalid_operation // Generate carry flag for a shift right 125 | #define __MKCRCL__(x, y) invalid_operation // Generate carry flag for a RCL 126 | #define __MKCRCR__(x, y) invalid_operation // Generate carry flag for a RCR 127 | #define __SETO__(x, y) invalid_operation // Generate overflow flags for (x-y) 128 | 129 | 130 | // In the decompilation listing there are some objects declarared as _UNKNOWN 131 | // because we could not determine their types. Since the C compiler does not 132 | // accept void item declarations, we replace them by anything of our choice, 133 | // for example a char: 134 | 135 | #define _UNKNOWN char 136 | 137 | #ifdef _MSC_VER 138 | #define snprintf _snprintf 139 | #define vsnprintf _vsnprintf 140 | #endif 141 | -------------------------------------------------------------------------------- /KongQueLing/dump.idc: -------------------------------------------------------------------------------- 1 | static main(void) 2 | { 3 | auto fp, begin, end, dexbyte; 4 | fp = fopen("C:\\dump.dex", "wb"); 5 | begin = r0; 6 | end = r0 + r1; 7 | for ( dexbyte = begin; dexbyte < end; dexbyte ++ ) 8 | fputc(Byte(dexbyte), fp); 9 | } 10 | -------------------------------------------------------------------------------- /KongQueLing/dumpdex.avi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/KongQueLing/dumpdex.avi -------------------------------------------------------------------------------- /LiBieGou/JavaHook/EvilApk4.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/EvilApk4.apk -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/AUTHORS.txt: -------------------------------------------------------------------------------- 1 | Creators 2 | -------- 3 | Marc Blanchou 4 | 5 | 6 | Maintainers 7 | ----------- 8 | ... 9 | 10 | 11 | Contributors 12 | ------------ 13 | ... -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/CHANGELOG.md -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Config.apk -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | Introspy-Android Config 4 | 5 | 6 | 7 | 8 | 9 | com.android.ide.eclipse.adt.ResourceManagerBuilder 10 | 11 | 12 | 13 | 14 | com.android.ide.eclipse.adt.PreCompilerBuilder 15 | 16 | 17 | 18 | 19 | org.eclipse.jdt.core.javabuilder 20 | 21 | 22 | 23 | 24 | com.android.ide.eclipse.adt.ApkBuilder 25 | 26 | 27 | 28 | 29 | 30 | com.android.ide.eclipse.adt.AndroidNature 31 | org.eclipse.jdt.core.javanature 32 | 33 | 34 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | eclipse.preferences.version=1 2 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6 3 | org.eclipse.jdt.core.compiler.compliance=1.6 4 | org.eclipse.jdt.core.compiler.source=1.6 5 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | 9 | 10 | 14 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/proguard.cfg: -------------------------------------------------------------------------------- 1 | -optimizationpasses 5 2 | -dontusemixedcaseclassnames 3 | -dontskipnonpubliclibraryclasses 4 | -dontpreverify 5 | -verbose 6 | -optimizations !code/simplification/arithmetic,!field/*,!class/merging/* 7 | 8 | -keep public class * extends android.app.Activity 9 | -keep public class * extends android.app.Application 10 | -keep public class * extends android.app.Service 11 | -keep public class * extends android.content.BroadcastReceiver 12 | -keep public class * extends android.content.ContentProvider 13 | -keep public class * extends android.app.backup.BackupAgentHelper 14 | -keep public class * extends android.preference.Preference 15 | -keep public class com.android.vending.licensing.ILicensingService 16 | 17 | -keepclasseswithmembernames class * { 18 | native ; 19 | } 20 | 21 | -keepclasseswithmembers class * { 22 | public (android.content.Context, android.util.AttributeSet); 23 | } 24 | 25 | -keepclasseswithmembers class * { 26 | public (android.content.Context, android.util.AttributeSet, int); 27 | } 28 | 29 | -keepclassmembers class * extends android.app.Activity { 30 | public void *(android.view.View); 31 | } 32 | 33 | -keepclassmembers enum * { 34 | public static **[] values(); 35 | public static ** valueOf(java.lang.String); 36 | } 37 | 38 | -keep class * implements android.os.Parcelable { 39 | public static final android.os.Parcelable$Creator *; 40 | } 41 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/project.properties: -------------------------------------------------------------------------------- 1 | # This file is automatically generated by Android Tools. 2 | # Do not modify this file -- YOUR CHANGES WILL BE ERASED! 3 | # 4 | # This file must be checked in Version Control Systems. 5 | # 6 | # To customize properties used by the Ant build system use, 7 | # "ant.properties", and override values to adapt the script to your 8 | # project structure. 9 | 10 | # Project target. 11 | target=android-19 12 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/res/drawable-hdpi/ic_launcher.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Config/res/drawable-hdpi/ic_launcher.png -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/res/drawable-ldpi/ic_launcher.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Config/res/drawable-ldpi/ic_launcher.png -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/res/drawable-mdpi/ic_launcher.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Config/res/drawable-mdpi/ic_launcher.png -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/res/layout/list_filter_types.xml: -------------------------------------------------------------------------------- 1 | 2 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/res/layout/list_item.xml: -------------------------------------------------------------------------------- 1 | 2 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/res/layout/listfragment.xml: -------------------------------------------------------------------------------- 1 | 2 | 8 | 9 | 16 | 17 | 22 | 23 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/res/layout/main.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | 13 | 19 | 20 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/res/values/strings.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Introspy Config 4 | 5 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/src/com/introspy/config/AndroidListFragmentActivity.java: -------------------------------------------------------------------------------- 1 | package com.introspy.config; 2 | 3 | import android.app.Activity; 4 | import android.os.Bundle; 5 | 6 | public class AndroidListFragmentActivity extends Activity { 7 | /** Called when the activity is first created. */ 8 | @Override 9 | public void onCreate(Bundle savedInstanceState) { 10 | super.onCreate(savedInstanceState); 11 | setContentView(R.layout.main); 12 | } 13 | } -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/src/com/introspy/config/ApplicationFilter.java: -------------------------------------------------------------------------------- 1 | package com.introspy.config; 2 | 3 | import android.os.Bundle; 4 | import android.util.Log; 5 | import android.util.SparseBooleanArray; 6 | import android.view.LayoutInflater; 7 | import android.view.View; 8 | import android.view.ViewGroup; 9 | import android.widget.ArrayAdapter; 10 | import android.widget.ListAdapter; 11 | import android.widget.ListView; 12 | 13 | public class ApplicationFilter extends UpdateAppList { 14 | 15 | private Boolean _alwaysOverwriteConfig = false; 16 | 17 | @Override 18 | public void onCreate(Bundle savedInstanceState) { 19 | super.onCreate(savedInstanceState); 20 | 21 | try { 22 | _context = this.getActivity().getApplicationContext(); 23 | 24 | updateAppList(); 25 | 26 | ListAdapter myListAdapter = new ArrayAdapter( 27 | getActivity(), 28 | R.layout.list_item, 29 | _completeAppList); 30 | 31 | setListAdapter(myListAdapter); 32 | } catch (Exception e) { 33 | Log.w("Introspy", "error: " + e); 34 | } 35 | } 36 | 37 | @Override 38 | public View onCreateView(LayoutInflater inflater, ViewGroup container, 39 | Bundle savedInstanceState) { 40 | return inflater.inflate(R.layout.listfragment, container, false); 41 | 42 | } 43 | 44 | @Override 45 | public void onListItemClick(ListView l, View v, int position, long id) { 46 | try { 47 | _lastItemSelected = _appList.get(position); 48 | int count = getListView().getCount(); 49 | SparseBooleanArray sparseBooleanArray = getListView().getCheckedItemPositions(); 50 | _lastItemChecked = false; 51 | for (int i = 0; i < count; i++){ 52 | if (sparseBooleanArray.get(i) && i == position) { 53 | _lastItemChecked = true; 54 | } 55 | } 56 | // commit the change to preferences 57 | _sp.edit().putBoolean(_lastItemSelected, _lastItemChecked).commit(); 58 | 59 | } catch (Exception e) { 60 | Log.w("IntrospyConfig", "Error:onListItemClick:" + e + 61 | "\n SP: "+ _sp); 62 | } 63 | InjectConfig.getInstance().writeConfig(_lastItemChecked, 64 | _lastItemSelected, _context); 65 | InjectConfig.getInstance().commit(); 66 | } 67 | 68 | @Override 69 | public void onStart() { 70 | super.onStart(); 71 | try { 72 | _sp = _context.getSharedPreferences("ApplicationFilter", 0); 73 | Boolean setup = _sp.getBoolean("Enabled", false); 74 | 75 | if (setup == false) { 76 | _sp.edit().putBoolean("Enabled", true).commit(); 77 | for(String item : _appList) { 78 | _sp.edit().putBoolean(item, false).commit(); 79 | } 80 | 81 | final ListView list = getListView(); 82 | for (int i = 0; i < getListAdapter().getCount(); i++) { 83 | list.setItemChecked(i, false); 84 | } 85 | } 86 | // create preferences with the appDir as key 87 | // TODO: uninstalled apps are never cleaned 88 | // it does not create a bug because installed apps 89 | // are compared against what is in the preferences 90 | // but it keeps an history of all apps ever installed 91 | // ..no time to change this behavior 92 | else { 93 | final ListView list = getListView(); 94 | for (int i = 0; i < _appList.size(); i++) { 95 | String appDir = _appList.get(i); 96 | Boolean checked = _sp.getBoolean(appDir, false); 97 | list.setItemChecked(i, checked); 98 | // overwrite / remove the config file even if preferences 99 | // state otherwise because the tester may remove/add it 100 | if (_alwaysOverwriteConfig) { 101 | InjectConfig.getInstance().writeConfig( 102 | checked, appDir, _context); 103 | } 104 | } 105 | if (_alwaysOverwriteConfig) 106 | InjectConfig.getInstance().commit(); 107 | } 108 | } 109 | catch (Exception e) { 110 | Log.w("IntrospyConfig", "Error: " + e); 111 | } 112 | } 113 | } 114 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/src/com/introspy/config/AsyncOp.java: -------------------------------------------------------------------------------- 1 | package com.introspy.config; 2 | 3 | import android.content.Context; 4 | import android.os.AsyncTask; 5 | 6 | @SuppressWarnings("rawtypes") 7 | public class AsyncOp extends AsyncTask { 8 | public AsyncOp(Context _context) { 9 | // TODO Auto-generated constructor stub 10 | } 11 | 12 | // will be used to not freeze the GUI while executing commands 13 | @Override 14 | protected Object doInBackground(Object... params) { 15 | //if (!InjectConfig.getInstance().execute((String) params[0])) { 16 | //Toast.makeText(getActivity(), "This app. needs root!", 17 | // Toast.LENGTH_LONG).show(); 18 | //} 19 | return null; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/src/com/introspy/config/HookTypes.java: -------------------------------------------------------------------------------- 1 | package com.introspy.config; 2 | 3 | import android.content.SharedPreferences; 4 | import android.os.Bundle; 5 | import android.util.Log; 6 | import android.view.LayoutInflater; 7 | import android.view.View; 8 | import android.view.ViewGroup; 9 | import android.widget.ArrayAdapter; 10 | import android.widget.ListAdapter; 11 | import android.widget.ListView; 12 | 13 | public class HookTypes extends UpdateAppList { 14 | 15 | private Boolean _alwaysOverwriteConfig = false; 16 | 17 | protected static String[] _hookTypes ={ 18 | "GENERAL CRYPTO", 19 | "KEY", 20 | "HASH", 21 | "FS", 22 | "IPC", 23 | "PREF", 24 | "URI", 25 | "SSL", 26 | "WEBVIEW", 27 | "CUSTOM HOOKS", 28 | "SQLite (NO DB)", 29 | "_ STACK TRACES", 30 | "_ NO DB" 31 | }; 32 | 33 | public static String[] getHookTypes() { 34 | return _hookTypes; 35 | } 36 | 37 | @Override 38 | public void onCreate(Bundle savedInstanceState) { 39 | super.onCreate(savedInstanceState); 40 | 41 | _context = this.getActivity().getApplicationContext(); 42 | 43 | ListAdapter myListAdapter = new ArrayAdapter( 44 | getActivity(), 45 | R.layout.list_filter_types, 46 | _hookTypes); 47 | 48 | setListAdapter(myListAdapter); 49 | } 50 | 51 | @Override 52 | public View onCreateView(LayoutInflater inflater, ViewGroup container, 53 | Bundle savedInstanceState) { 54 | return inflater.inflate(R.layout.listfragment, container, false); 55 | } 56 | 57 | @Override 58 | public void onListItemClick(ListView l, View v, int position, long id) { 59 | 60 | // save new config in prefs 61 | super.onListItemClick(l, v, position, id); 62 | 63 | // only update the list once (slow) 64 | // TODO: add asyncTask on this 65 | // and update list of apps regularly 66 | // (currently need to restart the app to refresh the list) 67 | if (_appList.isEmpty()) 68 | updateAppList(); 69 | 70 | // get list of supposedly monitored apps from prefs 71 | SharedPreferences _sp_appFilter = 72 | _context.getSharedPreferences("ApplicationFilter", 0); 73 | 74 | // update selected apps with the new config 75 | for (int i = 0; i < _appList.size(); i++) { 76 | String appDir = _appList.get(i); 77 | Boolean checked = _sp_appFilter.getBoolean(appDir, false); 78 | // overwrite / remove the config file even if preferences 79 | // state otherwise because the tester may remove/add it 80 | if (_alwaysOverwriteConfig) 81 | InjectConfig.getInstance().writeConfig(checked, appDir, _context); 82 | else if (checked) { 83 | InjectConfig.getInstance().enableApp(appDir, _context); 84 | } 85 | } 86 | InjectConfig.getInstance().commit(); 87 | 88 | } 89 | 90 | @Override 91 | public void onStart() { 92 | super.onStart(); 93 | try { 94 | _sp = _context.getSharedPreferences("HookTypes", 0); 95 | Boolean setup = _sp.getBoolean("Enabled", false); 96 | 97 | if (setup == false) { 98 | _sp.edit().putBoolean("Enabled", true).commit(); 99 | 100 | final ListView list = getListView(); 101 | for (int i = 0; i < _hookTypes.length; i++) { 102 | 103 | // disable the NO DB or STACK TRACES by default 104 | if (_hookTypes[i].contains("NO DB") || 105 | _hookTypes[i].contains("STACK TRACES")) { 106 | _sp.edit().putBoolean(_hookTypes[i], false).commit(); 107 | list.setItemChecked(i, false); 108 | } 109 | else { 110 | _sp.edit().putBoolean(_hookTypes[i], true).commit(); 111 | list.setItemChecked(i, true); 112 | } 113 | } 114 | } 115 | else { 116 | final ListView list = getListView(); 117 | for (int i = 0; i < _hookTypes.length; i++) { 118 | list.setItemChecked(i, _sp.getBoolean(_hookTypes[i], false)); 119 | } 120 | } 121 | } 122 | catch (Exception e) { 123 | Log.w("IntrospyConfig", "Error: " + e + "\n "+e.fillInStackTrace()); 124 | } 125 | } 126 | } 127 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/src/com/introspy/config/InjectConfig.java: -------------------------------------------------------------------------------- 1 | package com.introspy.config; 2 | 3 | import android.content.Context; 4 | import android.content.SharedPreferences; 5 | import android.util.Log; 6 | 7 | public class InjectConfig { 8 | 9 | private static String _TAG = "IntrospyGUI"; 10 | 11 | private static InjectConfig _instance = null; 12 | 13 | protected InjectConfig() { 14 | } 15 | static InjectConfig getInstance() { 16 | if (_instance == null) 17 | _instance = new InjectConfig(); 18 | return _instance; 19 | } 20 | 21 | public String getHookTypesFromPrefs(Context context) { 22 | String[] hookTypes = HookTypes.getHookTypes(); 23 | SharedPreferences sp = 24 | context.getSharedPreferences("HookTypes", 0); 25 | String ret = ""; 26 | 27 | for (int i = 0; i < hookTypes.length; i++) { 28 | if (sp.getBoolean(hookTypes[i], false)) { 29 | ret += hookTypes[i]; 30 | ret += ","; 31 | } 32 | } 33 | 34 | ret = ret.substring(0, ret.length() - 1); 35 | // ret += "\n"; 36 | return ret; 37 | } 38 | 39 | public void enableApp(String appDir, Context context) { 40 | String path = appDir + "/introspy.config"; 41 | _command += "su -c echo '" + getHookTypesFromPrefs(context) + "' > " + path + " ; su -c chmod 664 " + path + " ; "; 42 | } 43 | 44 | public void disableApp(String appDir) { 45 | String path = appDir + "/introspy.config"; 46 | _command += "su -c rm " + path + " ; "; 47 | } 48 | 49 | private String _command = ""; 50 | 51 | public Boolean commit() { 52 | if (_command.isEmpty()) 53 | return false; 54 | Log.i(_TAG, _command); 55 | try { 56 | Runtime.getRuntime().exec(_command); 57 | } catch (Exception e) { 58 | _command = ""; 59 | Log.w(_TAG, "error: this app needs to be root."); 60 | return false; 61 | } 62 | _command = ""; 63 | return true; 64 | } 65 | 66 | public void writeConfig(Boolean enable, String appDir, Context context) { 67 | if (enable) 68 | enableApp(appDir, context); 69 | else 70 | disableApp(appDir); 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Config/src/com/introspy/config/UpdateAppList.java: -------------------------------------------------------------------------------- 1 | package com.introspy.config; 2 | 3 | import java.util.ArrayList; 4 | import java.util.List; 5 | 6 | import android.app.ListFragment; 7 | import android.content.Context; 8 | import android.content.SharedPreferences; 9 | import android.util.Log; 10 | import android.util.SparseBooleanArray; 11 | import android.view.View; 12 | import android.widget.ListView; 13 | 14 | public class UpdateAppList extends ListFragment { 15 | 16 | protected SharedPreferences _sp; 17 | protected ArrayList _appList = 18 | new ArrayList(); 19 | protected ArrayList _completeAppList = 20 | new ArrayList(); 21 | protected Context _context; 22 | 23 | protected String _lastItemSelected = null; 24 | protected Boolean _lastItemChecked = null; 25 | 26 | @Override 27 | public void onListItemClick(ListView l, View v, int position, long id) { 28 | try { 29 | _lastItemSelected = 30 | getListView().getItemAtPosition(position).toString(); 31 | // String prompt = 32 | // "clicked item: " + _lastItemSelected + "\n\n"; 33 | // prompt += "selected items: \n"; 34 | 35 | int count = getListView().getCount(); 36 | 37 | SparseBooleanArray sparseBooleanArray = getListView().getCheckedItemPositions(); 38 | _lastItemChecked = false; 39 | for (int i = 0; i < count; i++){ 40 | if (sparseBooleanArray.get(i)) { 41 | // prompt += getListView().getItemAtPosition(i).toString() + "\n"; 42 | if (i == position) 43 | _lastItemChecked = true; 44 | } 45 | } 46 | 47 | // commit the change to preferences 48 | _sp.edit().putBoolean(_lastItemSelected, _lastItemChecked).commit(); 49 | 50 | } catch (Exception e) { 51 | Log.w("IntrospyConfig", "Error:onListItemClick:" + e + 52 | "\n SP: "+ _sp); 53 | } 54 | } 55 | 56 | protected void updateAppList() { 57 | android.content.pm.PackageManager pm = _context.getPackageManager(); 58 | List list = pm.getInstalledPackages(0); 59 | 60 | for(android.content.pm.PackageInfo pi : list) { 61 | try{ 62 | android.content.pm.ApplicationInfo ai = pm.getApplicationInfo(pi.packageName, 0); 63 | String currAppName = pm.getApplicationLabel(pi.applicationInfo).toString(); 64 | if ((ai.flags & 129) == 0) { 65 | // one list for display and one list to keep track of app dirs 66 | _completeAppList.add("[" + currAppName + "]\n" + 67 | pi.applicationInfo.packageName); 68 | _appList.add(pi.applicationInfo.dataDir); 69 | } 70 | 71 | } catch (Exception e) { 72 | Log.w("IntrospyConfig", "Error: " + e); 73 | } 74 | } 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core.apk -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | Introspy-Android Core 4 | 5 | 6 | 7 | 8 | 9 | com.android.ide.eclipse.adt.ResourceManagerBuilder 10 | 11 | 12 | 13 | 14 | com.android.ide.eclipse.adt.PreCompilerBuilder 15 | 16 | 17 | 18 | 19 | org.eclipse.jdt.core.javabuilder 20 | 21 | 22 | 23 | 24 | com.android.ide.eclipse.adt.ApkBuilder 25 | 26 | 27 | 28 | 29 | 30 | com.android.ide.eclipse.adt.AndroidNature 31 | org.eclipse.jdt.core.javanature 32 | 33 | 34 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | eclipse.preferences.version=1 2 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6 3 | org.eclipse.jdt.core.compiler.compliance=1.6 4 | org.eclipse.jdt.core.compiler.source=1.6 5 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | 10 | 11 | 12 | 13 | 14 | 15 | 18 | ".classpath" 19 | 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | 10 | 11 | 12 | 13 | 14 | 15 | 18 | ".classpath" 19 | 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/Introspy-Android Core.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/Introspy-Android Core.apk -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes.dex: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes.dex -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/ApplicationConfig.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/ApplicationConfig.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/ApplicationState$1.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/ApplicationState$1.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/ApplicationState.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/ApplicationState.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/BuildConfig.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/BuildConfig.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/HookConfig.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/HookConfig.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/IntroHook.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/IntroHook.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/IntroStringHelper.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/IntroStringHelper.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/IntrospyAndroid.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/IntrospyAndroid.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/LoadConfig.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/LoadConfig.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/LoggerWrap.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/LoggerWrap.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/Main$1.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/Main$1.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/Main$2.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/Main$2.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/Main$3.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/Main$3.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/Main.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/Main.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/R$attr.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/R$attr.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/R$dimen.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/R$dimen.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/R$string.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/R$string.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/R$style.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/R$style.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/R.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/R.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/package-info.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/core/package-info.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/custom_hooks/CustomHookList.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/custom_hooks/CustomHookList.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/custom_hooks/HookExampleImpl.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/custom_hooks/HookExampleImpl.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/custom_hooks/HookStrings.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/custom_hooks/HookStrings.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/custom_hooks/StringInit.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/custom_hooks/StringInit.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/FuncIPC.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/FuncIPC.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/HookList.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/HookList.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CHECK_FS_SET.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CHECK_FS_SET.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CHECK_HOSTNAME_VERIFIER.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CHECK_HOSTNAME_VERIFIER.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CHECK_SHARED_PREF.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CHECK_SHARED_PREF.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CHECK_URI.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CHECK_URI.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CONTAINS_SHARED_PREF.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CONTAINS_SHARED_PREF.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CRYPTO.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CRYPTO.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CRYPTO_FINAL.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CRYPTO_FINAL.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CRYPTO_FINAL_UTIL.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CRYPTO_FINAL_UTIL.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CRYPTO_INIT.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CRYPTO_INIT.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CRYPTO_KEY.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CRYPTO_KEY.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CRYPTO_KEYSTORE.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CRYPTO_KEYSTORE.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CRYPTO_KEYSTORE_HOSTNAME.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CRYPTO_KEYSTORE_HOSTNAME.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CRYPTO_PBEKEY.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_CRYPTO_PBEKEY.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_DUMP.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_DUMP.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_DUMP_INTENT.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_DUMP_INTENT.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_ExecSQL.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_ExecSQL.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_FILE_CHECK_DIR.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_FILE_CHECK_DIR.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_FILE_CHECK_MODE.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_FILE_CHECK_MODE.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_FILE_PARENT.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_FILE_PARENT.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_GET_ALL_SHARED_PREF.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_GET_ALL_SHARED_PREF.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_GET_HASH.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_GET_HASH.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_GET_KEY.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_GET_KEY.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_GET_SHARED_PREF.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_GET_SHARED_PREF.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_HASH.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_HASH.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_IPC_MODIFIED.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_IPC_MODIFIED.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_IPC_RECEIVER.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_IPC_RECEIVER.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_PREF_PARENT.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_PREF_PARENT.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_PUT_SHARED_PREF.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_PUT_SHARED_PREF.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_SHOULD_NOT_BE_USED.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_SHOULD_NOT_BE_USED.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_SQLite_INSERT.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_SQLite_INSERT.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_SQLite_UPDATE.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_SQLite_UPDATE.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_SSL_CHECK_TRUST_MANAGER.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_SSL_CHECK_TRUST_MANAGER.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_SSL_CHECK_TRUST_SOCKETFACTORY.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_SSL_CHECK_TRUST_SOCKETFACTORY.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_URI_REGISTER.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_URI_REGISTER.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_WEBVIEW_JS_BRIDGE.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_WEBVIEW_JS_BRIDGE.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_WEBVIEW_SET.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/Intro_WEBVIEW_SET.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/package-info.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/hooks/package-info.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/Logger.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/Logger.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/LoggerConfig.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/LoggerConfig.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/LoggerDB.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/LoggerDB.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/LoggerErrorHandler.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/LoggerErrorHandler.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/LoggerFile.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/LoggerFile.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/LoggerTraces.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/LoggerTraces.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/SQLiteIntrospy.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/SQLiteIntrospy.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/SQLiteIntrospyHelper.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/SQLiteIntrospyHelper.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/SQLiteIntrospyLog.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/SQLiteIntrospyLog.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/package-info.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/classes/com/introspy/logging/package-info.class -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/dexedLibs/android-support-v4-7bb1c4642d4f2feff359623c21ee30c8.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/dexedLibs/android-support-v4-7bb1c4642d4f2feff359623c21ee30c8.jar -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/dexedLibs/substrate-api-6c7ea4ba6848ba7873541e373320284f.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/dexedLibs/substrate-api-6c7ea4ba6848ba7873541e373320284f.jar -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/jarlist.cache: -------------------------------------------------------------------------------- 1 | # cache for current jar dependency. DO NOT EDIT. 2 | # format is 3 | # Encoding is UTF-8 4 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/resources.ap_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/bin/resources.ap_ -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/gen/com/introspy/core/BuildConfig.java: -------------------------------------------------------------------------------- 1 | /** Automatically generated file. DO NOT MODIFY */ 2 | package com.introspy.core; 3 | 4 | public final class BuildConfig { 5 | public final static boolean DEBUG = true; 6 | } -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/gen/com/introspy/core/R.java: -------------------------------------------------------------------------------- 1 | /* AUTO-GENERATED FILE. DO NOT MODIFY. 2 | * 3 | * This class was automatically generated by the 4 | * aapt tool from the resource data it found. It 5 | * should not be modified by hand. 6 | */ 7 | 8 | package com.introspy.core; 9 | 10 | public final class R { 11 | public static final class attr { 12 | } 13 | public static final class dimen { 14 | /** Default screen margins, per the Android Design guidelines. 15 | */ 16 | public static final int activity_horizontal_margin=0x7f020000; 17 | public static final int activity_vertical_margin=0x7f020001; 18 | } 19 | public static final class string { 20 | public static final int action_settings=0x7f030001; 21 | public static final int app_name=0x7f030000; 22 | } 23 | public static final class style { 24 | /** 25 | Base application theme, dependent on API level. This theme is replaced 26 | by AppBaseTheme from res/values-vXX/styles.xml on newer devices. 27 | 28 | 29 | Theme customizations available in newer API levels can go in 30 | res/values-vXX/styles.xml, while customizations related to 31 | backward-compatibility can go here. 32 | 33 | */ 34 | public static final int AppBaseTheme=0x7f040000; 35 | /** Application theme. 36 | All customizations that are NOT specific to a particular API-level can go here. 37 | */ 38 | public static final int AppTheme=0x7f040001; 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/ic_launcher-web.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/ic_launcher-web.png -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/libs/android-support-v4.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/libs/android-support-v4.jar -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/libs/substrate-api.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/Introspy-Android Core/libs/substrate-api.jar -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/proguard-project.txt: -------------------------------------------------------------------------------- 1 | # To enable ProGuard in your project, edit project.properties 2 | # to define the proguard.config property as described in that file. 3 | # 4 | # Add project specific ProGuard rules here. 5 | # By default, the flags in this file are appended to flags specified 6 | # in ${sdk.dir}/tools/proguard/proguard-android.txt 7 | # You can edit the include path and order by changing the ProGuard 8 | # include property in project.properties. 9 | # 10 | # For more details, see 11 | # http://developer.android.com/guide/developing/tools/proguard.html 12 | 13 | # Add any project specific keep options here: 14 | 15 | # If your project uses WebView with JS, uncomment the following 16 | # and specify the fully qualified class name to the JavaScript interface 17 | # class: 18 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview { 19 | # public *; 20 | #} 21 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/project.properties: -------------------------------------------------------------------------------- 1 | # This file is automatically generated by Android Tools. 2 | # Do not modify this file -- YOUR CHANGES WILL BE ERASED! 3 | # 4 | # This file must be checked in Version Control Systems. 5 | # 6 | # To customize properties used by the Ant build system edit 7 | # "ant.properties", and override values to adapt the script to your 8 | # project structure. 9 | # 10 | # To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home): 11 | #proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt 12 | 13 | # Project target. 14 | target=android-19 15 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/res/values/dimens.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 16dp 5 | 16dp 6 | 7 | 8 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/res/values/strings.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Introspy Android Core 5 | Settings 6 | 7 | 8 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/res/values/styles.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 7 | 14 | 15 | 16 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/core/ApplicationConfig.java: -------------------------------------------------------------------------------- 1 | package com.introspy.core; 2 | 3 | import android.content.Context; 4 | 5 | public class ApplicationConfig { 6 | 7 | private static String _packageName = null; 8 | private static String _dataDir = null; 9 | private static LoadConfig _loadConfig = null; 10 | private static Boolean _enabled = false; 11 | private static Context _context = null; 12 | 13 | public static boolean g_verbose_errors = false; 14 | public static boolean g_debug = false; 15 | public static boolean g_hook_em_all = true; 16 | 17 | // Private constructor prevents instantiation from other classes 18 | private ApplicationConfig() {} 19 | 20 | // get 21 | public static String getPackageName() { 22 | return _packageName; 23 | } 24 | public static String getDataDir() { 25 | return _dataDir; 26 | } 27 | public static LoadConfig getLoadConfig() { 28 | if (_loadConfig == null) 29 | _loadConfig = new LoadConfig(); 30 | return _loadConfig; 31 | } 32 | public static Context getContext() { 33 | return _context; 34 | } 35 | 36 | // set 37 | public static void setPackageName(String packageName) { 38 | _packageName = packageName; 39 | } 40 | public static void setDataDir(String dataDir) { 41 | _dataDir = dataDir; 42 | } 43 | public static void setContext(Context context) { 44 | _context = context; 45 | } 46 | 47 | // #### 48 | public static void disable() { 49 | _enabled = false; 50 | } 51 | public static void enable() { 52 | _enabled = true; 53 | } 54 | 55 | public static boolean isEnabled() { 56 | return _enabled; 57 | } 58 | 59 | } 60 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/core/ApplicationState.java: -------------------------------------------------------------------------------- 1 | package com.introspy.core; 2 | 3 | import java.lang.reflect.Method; 4 | 5 | import com.introspy.logging.LoggerConfig; 6 | import com.saurik.substrate.MS; 7 | 8 | import android.content.Context; 9 | import android.content.pm.PackageInfo; 10 | import android.content.pm.PackageManager; 11 | import android.content.pm.PackageManager.NameNotFoundException; 12 | import android.util.Log; 13 | 14 | public class ApplicationState { 15 | // static private String _TAG = LoggerConfig.getTag(); 16 | // static private String _TAG_LOG = LoggerConfig.getTagLog(); 17 | static private String _TAG_ERROR = LoggerConfig.getTagError(); 18 | 19 | @SuppressWarnings({ "unchecked", "rawtypes" }) 20 | protected static void initApplicationState(Class resources) { 21 | 22 | String methodName = "getPackageName"; 23 | Class[] params = new Class[]{}; 24 | Method pMethod = null; 25 | try { 26 | pMethod = resources.getMethod(methodName, params); 27 | } catch (Exception e) { 28 | Log.w(_TAG_ERROR, "Error - No such method: " + methodName); 29 | return; 30 | } 31 | 32 | final MS.MethodPointer old = new MS.MethodPointer(); 33 | MS.hookMethod(resources, pMethod, new MS.MethodHook() { 34 | public Object invoked(Object resources, 35 | Object... args) throws Throwable { 36 | 37 | String packageName = (String)old.invoke(resources, args); 38 | if (!packageName.equals("android") && 39 | ApplicationConfig.getPackageName() == null) { 40 | 41 | ApplicationConfig.setPackageName(packageName); 42 | 43 | try { 44 | Class cls = Class.forName("android.app.ContextImpl"); 45 | Class noparams[] = {}; 46 | Method _method = 47 | cls.getDeclaredMethod("getApplicationContext", noparams); 48 | 49 | Context context = (Context) _method.invoke(resources); 50 | ApplicationConfig.setContext(context); 51 | 52 | //PackageManager pm = context.getPackageManager(); 53 | _method = cls.getDeclaredMethod("getPackageManager", noparams); 54 | PackageManager pm = (PackageManager) _method.invoke(resources); 55 | 56 | 57 | android.content.pm.ApplicationInfo ai = 58 | pm.getApplicationInfo(packageName, 0); 59 | 60 | if ((ai.flags & 0x81) == 0) { 61 | try { 62 | PackageInfo p = pm.getPackageInfo(packageName, 0); 63 | ApplicationConfig.setDataDir(p.applicationInfo.dataDir); 64 | ApplicationConfig.enable(); 65 | } catch (NameNotFoundException e) { 66 | Log.w(_TAG_ERROR, "Error Package name not found ", e); 67 | } 68 | } 69 | } 70 | catch (Exception e) { 71 | Log.w(_TAG_ERROR, "Error when setting the " + 72 | "application state for ["+ packageName +"]: ", e); 73 | } 74 | } 75 | return packageName; 76 | } 77 | }, old); 78 | } 79 | } 80 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/core/HookConfig.java: -------------------------------------------------------------------------------- 1 | package com.introspy.core; 2 | 3 | public class HookConfig { 4 | private String _className; 5 | private String _methodName; 6 | private Class[] _parameters; 7 | private boolean _active; 8 | private String _type; 9 | private IntroHook _IntroHook; 10 | private String _notes; 11 | private String _subType; 12 | 13 | // getters 14 | public String getClassName() { return _className; } 15 | public String getMethodName() { return _methodName; } 16 | public Class[] getParameters() { return _parameters; } 17 | public boolean isActive() { return _active; } 18 | public IntroHook getFunc() { return _IntroHook; } 19 | public String getNotes() { return _notes; } 20 | 21 | public String getType() { return _type; } 22 | public String getSubType() { return _subType; } 23 | 24 | public String getCategory() { 25 | if (_subType.isEmpty()) 26 | return _type; 27 | return _subType; 28 | } 29 | 30 | // constructor 31 | public HookConfig(boolean active, 32 | String type, 33 | String subType, 34 | String className, 35 | String methodName, 36 | IntroHook IntroHook, 37 | Class[] parameters, 38 | String notes) { 39 | 40 | _IntroHook = IntroHook; 41 | _className = className; 42 | _active = active; 43 | _methodName = methodName; 44 | _parameters = parameters; 45 | _type = type; 46 | _subType = subType; 47 | _notes = notes; 48 | } 49 | 50 | // constructor for custom hooks 51 | public HookConfig(boolean active, 52 | String className, 53 | String methodName, 54 | Class[] parameters, 55 | IntroHook IntroHook, 56 | String notes) { 57 | 58 | _IntroHook = IntroHook; 59 | _className = className; 60 | _active = active; 61 | _methodName = methodName; 62 | _parameters = parameters; 63 | _type = "CUSTOM HOOK"; 64 | _subType = "CUSTOM HOOK"; 65 | _notes = notes; 66 | } 67 | 68 | // constructor for custom hooks without notes 69 | public HookConfig(boolean active, 70 | String className, 71 | String methodName, 72 | Class[] parameters, 73 | IntroHook IntroHook) { 74 | 75 | _IntroHook = IntroHook; 76 | _className = className; 77 | _active = active; 78 | _methodName = methodName; 79 | _parameters = parameters; 80 | _type = "CUSTOM HOOK"; 81 | _subType = "CUSTOM HOOK"; 82 | _notes = ""; 83 | } 84 | } 85 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/core/IntroHook.java: -------------------------------------------------------------------------------- 1 | package com.introspy.core; 2 | 3 | import android.util.Log; 4 | 5 | import com.introspy.logging.LoggerConfig; 6 | import com.saurik.substrate.MS; 7 | 8 | @SuppressWarnings("rawtypes") 9 | public 10 | class IntroHook extends LoggerWrap { 11 | protected HookConfig _config = null; 12 | 13 | protected String _TAG = LoggerConfig.getTag(); 14 | protected String _TAG_ERROR = LoggerConfig.getTagError(); 15 | 16 | protected String _className, _methodName, _type; 17 | protected String _packageName, _dataDir; 18 | protected String _notes; 19 | protected Object _resources; 20 | protected Object _args; 21 | 22 | protected Class[] _parameters; 23 | protected MS.MethodPointer _old = null; 24 | 25 | // Protected constructor prevents 26 | // instantiation from other classes 27 | protected IntroHook() { 28 | 29 | } 30 | 31 | public void init(HookConfig config, Object resources, MS.MethodPointer old, Object... args) { 32 | if (_config == null) { 33 | _config = config; 34 | _className = _config.getClassName(); 35 | _methodName = _config.getMethodName(); 36 | _parameters = _config.getParameters(); 37 | _type = _config.getCategory(); 38 | _old = old; 39 | _notes = _config.getNotes(); 40 | 41 | _resources = resources; 42 | 43 | _packageName = ApplicationConfig.getPackageName(); 44 | _dataDir = ApplicationConfig.getDataDir(); 45 | 46 | _logInit(config); 47 | } 48 | } 49 | 50 | public void execute(Object... args) { 51 | // display info on the app related to the hook 52 | _logBasicInfo(); 53 | if (!_config.getNotes().isEmpty()) 54 | _logLine("Notes: " + _notes); 55 | _logLine("-> Resources type: " + 56 | (_resources != null ? _resources.getClass() : "None")); 57 | 58 | try { 59 | if (_config.getParameters() != null) { 60 | int argNb = 0; 61 | for (Class elemParameter : _parameters) { 62 | _logLine("-> Argument " + (argNb + 1) + 63 | ", Data: " + args[argNb].toString() + 64 | " (Type: " + elemParameter.getName() + ")" 65 | ); 66 | argNb++; 67 | } 68 | } 69 | } 70 | catch (Exception e) { 71 | Log.w(_TAG, "-> Error getting arguments"); 72 | } 73 | _logFlush_I(); 74 | } 75 | 76 | @SuppressWarnings("unchecked") 77 | protected Object _hookInvoke(Object... args) throws Throwable { 78 | return _old.invoke(_resources, args); 79 | } 80 | } 81 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/core/IntroStringHelper.java: -------------------------------------------------------------------------------- 1 | package com.introspy.core; 2 | 3 | import android.util.Base64; 4 | 5 | public class IntroStringHelper { 6 | protected String _byteArrayToHex(byte[] a) { 7 | StringBuilder sb = new StringBuilder(); 8 | for(byte b: a) 9 | sb.append(String.format("%02x-", b&0xff)); 10 | sb.deleteCharAt(sb.length()-1); 11 | return sb.toString(); 12 | } 13 | 14 | protected String _byteArrayToReadableStr(byte[] a) { 15 | StringBuilder sb = new StringBuilder(); 16 | for(byte b: a) { 17 | if (b >= 32 && b < 127) 18 | sb.append(String.format("%c", b)); 19 | else 20 | sb.append('.'); 21 | } 22 | //sb.deleteCharAt(sb.length()-1); 23 | return sb.toString(); 24 | } 25 | 26 | protected String _byteArrayToB64(byte[] a) { 27 | return Base64.encodeToString(a, Base64.NO_WRAP); 28 | } 29 | 30 | protected Boolean _isItReadable(String input) { 31 | int readableChar = 0; 32 | for (int i = 0; i < input.length(); i++) { 33 | int c = input.charAt(i); 34 | // Check if a string only contains US-ASCII code point 35 | // if ((c >= 32 && c < 127) || c == 9 || 36 | // c == 13 || c == 10 || c == 0) { 37 | if (c >= 32 && c < 127) { 38 | readableChar++; 39 | } 40 | } 41 | 42 | // can be considered readable if X% characters are ascii 43 | // (0 is considered a character here so that UTF16 44 | // can be considered readable too) 45 | return (readableChar > (input.length() * 0.75) ? true : false); 46 | } 47 | 48 | protected String _escapeXMLChars(String s) { 49 | return s.replaceAll("&", "&") 50 | .replaceAll("'", "'") 51 | .replaceAll("\"", """) 52 | .replaceAll("<", "<") 53 | .replaceAll(">", ">"); 54 | } 55 | 56 | protected String _getReadableByteArr(byte[] input) { 57 | String out = new String(input); 58 | if (!_isItReadable(out)) 59 | out = _byteArrayToB64(input); 60 | else 61 | out = _byteArrayToReadableStr(input); 62 | return out; 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/core/IntrospyAndroid.java: -------------------------------------------------------------------------------- 1 | package com.introspy.core; 2 | 3 | import android.app.Application; 4 | import android.content.Context; 5 | 6 | public class IntrospyAndroid extends Application { 7 | 8 | private static Context context; 9 | 10 | public void onCreate(){ 11 | super.onCreate(); 12 | IntrospyAndroid.context = getApplicationContext(); 13 | } 14 | 15 | public static Context getAppContext() { 16 | return IntrospyAndroid.context; 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/core/LoadConfig.java: -------------------------------------------------------------------------------- 1 | package com.introspy.core; 2 | 3 | import java.io.RandomAccessFile; 4 | import android.text.format.Time; 5 | 6 | public class LoadConfig { 7 | // set to true here makes it faster but won't 8 | // allows to update changes in the file a runtime 9 | private Boolean _onlyCheckOnce = false; 10 | // prevents the app for constantly opening the config file 11 | private Boolean _alreadyChecked = false; 12 | private Boolean _previousCheckValue = false; 13 | 14 | private String _configFileName = "introspy.config"; 15 | 16 | private Time _lastCheck = new Time(); 17 | 18 | private String _hookTypes = ""; 19 | 20 | private static LoadConfig _instance = null; 21 | 22 | protected LoadConfig() { 23 | } 24 | 25 | static public LoadConfig getInstance() { 26 | if (_instance == null) 27 | _instance = new LoadConfig(); 28 | return _instance; 29 | } 30 | 31 | 32 | public String getHookTypes() { 33 | return _hookTypes; 34 | } 35 | 36 | // no config file means the app won't be hooked 37 | public Boolean initConfig(String dataDir) { 38 | if (_alreadyChecked) 39 | return _previousCheckValue; 40 | 41 | Time now = new Time(); 42 | now.setToNow(); 43 | 44 | // check for modifications only every X 45 | if (_lastCheck.toMillis(true) + 3000 >= now.toMillis(true)) { 46 | return _previousCheckValue; 47 | } 48 | 49 | String path = dataDir + "/" + _configFileName; 50 | _hookTypes = readFirstLineOfFile(path); 51 | if (_onlyCheckOnce) 52 | _alreadyChecked = true; 53 | _lastCheck.setToNow(); 54 | 55 | if (_hookTypes.isEmpty()) { 56 | return (_previousCheckValue = false); 57 | } 58 | return (_previousCheckValue = true); 59 | } 60 | 61 | private String readFirstLineOfFile(String fn) { 62 | String lineData = ""; 63 | try{ 64 | RandomAccessFile inFile = new RandomAccessFile(fn, "r"); 65 | lineData = inFile.readLine(); 66 | inFile.close(); 67 | } 68 | // file not found 69 | catch(Exception e){ 70 | // Log.i("IntrospyLog", "--> "+ e); 71 | // app won't be hooked 72 | } 73 | return lineData; 74 | } 75 | } 76 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/core/LoggerWrap.java: -------------------------------------------------------------------------------- 1 | package com.introspy.core; 2 | 3 | import com.introspy.logging.Logger; 4 | 5 | public class LoggerWrap extends IntroStringHelper { 6 | private Logger _l = new Logger(); 7 | 8 | protected void _logInit(HookConfig config) { 9 | _l.logInit(config); 10 | } 11 | 12 | protected void _logLine(String line) { 13 | _l.logLine(line); 14 | } 15 | 16 | protected void _logFlush_I(String notes) { 17 | _l.logFlush_I(notes); 18 | } 19 | protected void _logFlush_W(String notes) { 20 | _l.logFlush_W(notes); 21 | } 22 | 23 | protected void _logFlush_I() { 24 | _l.logFlush_I(); 25 | } 26 | 27 | protected void _logFlush_W() { 28 | _l.logFlush_W(); 29 | } 30 | 31 | protected void _logParameter(String name, String value) { 32 | _l.logParameter(name, value); 33 | } 34 | 35 | protected void _logParameter(String name, Object value) { 36 | _l.logParameter(name, "" + value); 37 | } 38 | 39 | protected void _logReturnValue(String name, String value) { 40 | _l.logReturnValue(name, value); 41 | } 42 | 43 | protected void _logReturnValue(String name, Object value) { 44 | _l.logReturnValue(name, "" + value); 45 | } 46 | 47 | protected void _logBasicInfo() { 48 | _l.logBasicInfo(); 49 | } 50 | 51 | protected String _getFullTraces() { 52 | return _l.getFullTraces(); 53 | } 54 | 55 | protected String _getLightTraces() { 56 | return _l.getLightTraces(); 57 | } 58 | 59 | public void disableDBlogger() { 60 | _l.disableDBlogger(); 61 | } 62 | 63 | public void enableDBlogger() { 64 | _l.enableDBlogger(); 65 | } 66 | 67 | public void enableTraces() { 68 | _l.enableTraces(); 69 | } 70 | 71 | public void disableTraces() { 72 | _l.disableTraces(); 73 | } 74 | 75 | } 76 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/core/Main.java: -------------------------------------------------------------------------------- 1 | package com.introspy.core; 2 | 3 | import java.lang.reflect.GenericDeclaration; 4 | import java.lang.reflect.Member; 5 | import android.util.Log; 6 | 7 | import com.introspy.hooks.HookList; 8 | import com.introspy.custom_hooks.CustomHookList; 9 | import com.introspy.logging.LoggerConfig; 10 | import com.saurik.substrate.*; 11 | 12 | public class Main { 13 | // static private String _TAG = LoggerConfig.getTag(); 14 | static private String _TAG_ERROR = LoggerConfig.getTagError(); 15 | static private String _TAG_LOG = LoggerConfig.getTagLog(); 16 | static private boolean _debug = false; 17 | 18 | public static void initialize() { 19 | HookConfig[] _config = HookList.getHookList(); 20 | HookConfig[] _custom_config = CustomHookList.getHookList(); 21 | 22 | initializeConfig(_config); 23 | initializeConfig(_custom_config); 24 | 25 | MS.hookClassLoad("android.app.ContextImpl", new MS.ClassLoadHook() { 26 | public void classLoaded(Class resources) { 27 | ApplicationState.initApplicationState(resources); 28 | } 29 | }); 30 | } 31 | 32 | protected static void initializeConfig(HookConfig[] config) { 33 | for (final HookConfig elemConfig : config) { 34 | if (!elemConfig.isActive()) 35 | continue; 36 | 37 | MS.hookClassLoad(elemConfig.getClassName(), 38 | new MS.ClassLoadHook() { 39 | public void classLoaded(Class resources) { 40 | _hookMethod(resources, elemConfig); 41 | } 42 | }); 43 | } 44 | } 45 | 46 | @SuppressWarnings({ "unchecked", "rawtypes" }) 47 | protected static void _hookMethod(Class resources, final HookConfig elemConfig) { 48 | 49 | GenericDeclaration pMethod = null; 50 | final String className = elemConfig.getClassName(); 51 | final String methodName = elemConfig.getMethodName(); 52 | final Class[] parameters = elemConfig.getParameters(); 53 | 54 | Log.i(_TAG_LOG, "### Hooking: " + className + "->" + 55 | methodName + "() with " + 56 | parameters.length + " args"); 57 | try { 58 | // check if the method is a constructor 59 | if (className.substring(className.lastIndexOf('.') + 1).equals(methodName)) 60 | pMethod = resources.getDeclaredConstructor(parameters); 61 | else 62 | pMethod = resources.getMethod(methodName, parameters); 63 | } 64 | catch (NoSuchMethodException e) { 65 | Log.w(_TAG_ERROR, "Error - No such method: " + methodName + " with " + 66 | parameters.length + " args"); 67 | for (int j = 0; j < parameters.length; j++) 68 | Log.i(_TAG_ERROR, "Arg "+ (j+1) +" type: " + parameters[j]); 69 | return; 70 | } 71 | 72 | final MS.MethodPointer old = new MS.MethodPointer(); 73 | MS.hookMethod_(resources, (Member) pMethod, 74 | new MS.MethodHook() { 75 | public Object invoked(final Object resources, 76 | final Object... args) throws Throwable { 77 | if (ApplicationConfig.isEnabled()) 78 | _hookMethodImpl(old, resources, elemConfig, args); 79 | return old.invoke(resources, args); 80 | } 81 | }, old); 82 | } 83 | 84 | @SuppressWarnings("rawtypes") 85 | protected static void _hookMethodImpl(final MS.MethodPointer old, 86 | Object resources, final HookConfig elemConfig, 87 | Object... args) { 88 | String packageName = ApplicationConfig.getPackageName(); 89 | String dataDir = ApplicationConfig.getDataDir(); 90 | String type = elemConfig.getSubType(); 91 | 92 | if (packageName != null && dataDir != null && 93 | LoadConfig.getInstance().initConfig(dataDir) && 94 | LoadConfig.getInstance().getHookTypes().contains(type)) { 95 | try { 96 | elemConfig.getFunc().init(elemConfig, resources, old, args); 97 | 98 | if (LoadConfig.getInstance().getHookTypes().contains("STACK TRACES")) 99 | elemConfig.getFunc().enableTraces(); 100 | else 101 | elemConfig.getFunc().disableTraces(); 102 | 103 | if (LoadConfig.getInstance().getHookTypes().contains("NO DB") || 104 | LoadConfig.getInstance().getHookTypes().contains("SQLite")) 105 | elemConfig.getFunc().disableDBlogger(); 106 | else 107 | elemConfig.getFunc().enableDBlogger(); 108 | 109 | elemConfig.getFunc().init(elemConfig, resources, old, args); 110 | if (_debug) 111 | Log.i(_TAG_LOG, "=== Calling: " + elemConfig.getMethodName()); 112 | 113 | elemConfig.getFunc().execute(args); 114 | } catch (Exception e) { 115 | Log.w(_TAG_ERROR, "-> Error in injected code: [" + e + "]" + 116 | "\nApp: " + ApplicationConfig.getPackageName() + 117 | ", method: " + elemConfig.getMethodName() + 118 | ", class: " + elemConfig.getClassName()); 119 | // Log.w(_TAG_ERROR, LoggerErrorHandler._getStackTrace()); 120 | } 121 | } 122 | } 123 | } 124 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/core/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Package containing the core functionality of introspy 3 | */ 4 | /** 5 | * @author marc blanchou 6 | * 7 | */ 8 | package com.introspy.core; -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/custom_hooks/CustomHookList.java: -------------------------------------------------------------------------------- 1 | package com.introspy.custom_hooks; 2 | 3 | import android.content.Intent; 4 | 5 | import com.introspy.core.HookConfig; 6 | 7 | public class CustomHookList { 8 | 9 | static public HookConfig[] getHookList() { 10 | return _hookList; 11 | } 12 | 13 | static private HookConfig[] _hookList = new HookConfig[] { 14 | 15 | new HookConfig(true, // set to true to enable the hook 16 | "java.lang.String", "equals", new Class[]{Object.class}, 17 | // class, method name, arguments 18 | new HookStrings(), 19 | // instance of the implementation extending IntroHook (here in HookExampleInpl.java) 20 | "String Hook"), 21 | 22 | /* new HookConfig(false, // set to true to enable the hook 23 | "android.content.ContextWrapper", "startService", new Class[]{Intent.class}, 24 | // class, method name, arguments 25 | new HookExampleImpl(), 26 | // instance of the implementation extending IntroHook (here in HookExampleInpl.java) 27 | "StartService with an intent as argument"), 28 | */ // notes (optional) 29 | /* new HookConfig(true, // set to true to enable the hook 30 | "java.lang.StringBuilder", "toString", new Class[]{}, 31 | // class, method name, arguments 32 | new StringInit(), 33 | // instance of the implementation extending IntroHook (here in HookExampleInpl.java) 34 | "String Hook"), 35 | */ 36 | // new HookConfig(true, // set to true to enable the hook 37 | // "java.lang.StringBuilder", "append", new Class[]{Object.class}, 38 | // class, method name, arguments 39 | // new StringInit(), 40 | // instance of the implementation extending IntroHook (here in HookExampleInpl.java) 41 | // "StringBuilder Hook"), 42 | 43 | // notes (optional) 44 | /* new HookConfig(true, // set to true to enable the hook 45 | "java.lang.String", "contentEquals", new Class[]{java.lang.StringBuffer.class}, 46 | // class, method name, arguments 47 | new HookStrings(), 48 | // instance of the implementation extending IntroHook (here in HookExampleInpl.java) 49 | "String Hook"), 50 | new HookConfig(true, // set to true to enable the hook 51 | "java.lang.String", "matches", new Class[]{java.lang.String.class}, 52 | // class, method name, arguments 53 | new HookStrings(), 54 | // instance of the implementation extending IntroHook (here in HookExampleInpl.java) 55 | "String Hook"), 56 | new HookConfig(true, // set to true to enable the hook 57 | "java.lang.String", "endsWith", new Class[]{java.lang.String.class}, 58 | // class, method name, arguments 59 | new HookStrings(), 60 | // instance of the implementation extending IntroHook (here in HookExampleInpl.java) 61 | "String Hook"), 62 | new HookConfig(true, // set to true to enable the hook 63 | "java.lang.String", "startsWith", new Class[]{java.lang.String.class}, 64 | // class, method name, arguments 65 | new HookStrings(), 66 | // instance of the implementation extending IntroHook (here in HookExampleInpl.java) 67 | "String Hook"), 68 | new HookConfig(true, // set to true to enable the hook 69 | "java.lang.StringBuilder", "toString", new Class[]{java.lang.String.class}, 70 | // class, method name, arguments 71 | new HookStrings(), 72 | // instance of the implementation extending IntroHook (here in HookExampleInpl.java) 73 | "String Hook"), 74 | */ 75 | // new HookConfig(true, // set to true to enable the hook 76 | // "java.lang.String", "", new Class[]{byte[].class}, 77 | // // class, method name, arguments 78 | // new StringInit(), 79 | // // instance of the implementation extending IntroHook (here in HookExampleInpl.java) 80 | // "String Hook"), 81 | // new HookConfig(true, // set to true to enable the hook 82 | // "android.util.Base64", "decode", new Class[]{java.lang.String.class,Integer.TYPE}, 83 | // class, method name, arguments 84 | // new HookStrings(), 85 | // instance of the implementation extending IntroHook (here in HookExampleInpl.java) 86 | // "Base64 Hook"), 87 | // new HookConfig(true, // set to true to enable the hook 88 | // "android.util.Base64", "decode", new Class[]{byte[].class,Integer.TYPE}, 89 | // class, method name, arguments 90 | // new StringInit(), 91 | // instance of the implementation extending IntroHook (here in HookExampleInpl.java) 92 | // "Base64 Hook"), 93 | 94 | }; 95 | } 96 | 97 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/custom_hooks/HookExampleImpl.java: -------------------------------------------------------------------------------- 1 | package com.introspy.custom_hooks; 2 | 3 | import android.content.Intent; 4 | 5 | import com.introspy.core.IntroHook; 6 | 7 | public class HookExampleImpl extends IntroHook { 8 | @Override 9 | public void execute(Object... args) { 10 | _logBasicInfo(); 11 | _logParameter("Intent details", (Intent)args[0]); 12 | _logFlush_I("Example of a CUSTOM HOOK. Notes: " + _notes); 13 | } 14 | } 15 | 16 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/custom_hooks/HookStrings.java: -------------------------------------------------------------------------------- 1 | package com.introspy.custom_hooks; 2 | 3 | import android.content.Intent; 4 | import android.util.Log; 5 | 6 | import com.introspy.core.IntroHook; 7 | 8 | public class HookStrings extends IntroHook { 9 | @Override 10 | public void execute(Object... args) { 11 | // _logBasicInfo(); 12 | // _logParameter("mzheng Intent details", (String)args[0]); 13 | _logFlush_I( "Method: " + _config.getMethodName()); 14 | _logFlush_I("Equels String:" + (String)args[0]); 15 | } 16 | } 17 | 18 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/custom_hooks/StringInit.java: -------------------------------------------------------------------------------- 1 | package com.introspy.custom_hooks; 2 | 3 | import android.util.Log; 4 | 5 | import com.introspy.core.IntroHook; 6 | 7 | public class StringInit extends IntroHook { 8 | @Override 9 | public void execute(Object... args) { 10 | _logBasicInfo(); 11 | // _logParameter("mzheng Intent details", (String)args[0]); 12 | 13 | ///* 14 | try { 15 | Log.d("mzhengToString", (String)_hookInvoke(args)); 16 | } catch (Throwable e) { 17 | // TODO Auto-generated catch block 18 | e.printStackTrace(); 19 | } 20 | //*/ 21 | } 22 | } 23 | 24 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/hooks/HookCryptoImpl.java: -------------------------------------------------------------------------------- 1 | package com.introspy.hooks; 2 | import com.introspy.core.IntroHook; 3 | 4 | import java.security.Key; 5 | import java.util.Stack; 6 | 7 | import javax.crypto.Cipher; 8 | 9 | import android.util.Log; 10 | 11 | import com.introspy.core.ApplicationConfig; 12 | 13 | class Intro_CRYPTO extends IntroHook { 14 | protected static Cipher _lastCipher; 15 | protected static Integer _lastMode; 16 | } 17 | 18 | class Intro_CRYPTO_FINAL_UTIL extends Intro_CRYPTO { 19 | protected static Stack IVList = new Stack(); 20 | protected String _out = ""; 21 | protected boolean _warning = false; 22 | 23 | protected void _getIV(Cipher cipher) { 24 | if (cipher.getIV() != null) { 25 | String iv = _getReadableByteArr(cipher.getIV()); 26 | _out += "; IV: " + iv; 27 | _logParameter("IV", iv); 28 | 29 | if (cipher.getIV()[0] == 0) { 30 | Log.w("Introspy", "!!! IV of 0"); 31 | _warning = true; 32 | } 33 | else { 34 | // check if this IV has already been used 35 | if (IVList.contains(cipher.getIV())) { 36 | _out += " - !!! Static IV"; 37 | _warning = true; 38 | } 39 | IVList.push(cipher.getIV()); 40 | // keep a list of a max of 10 IVs 41 | if (IVList.size() > 10) 42 | IVList.pop(); 43 | } 44 | } 45 | } 46 | 47 | protected void _getAlgo(Cipher cipher) { 48 | String algo = cipher.getAlgorithm(); 49 | if (algo != null) { 50 | _out = "-> Algo: " + algo; 51 | _logParameter("Algo", algo); 52 | if (cipher.getAlgorithm().contains("ECB")) { 53 | _warning = true; 54 | _out += " - !!! ECB used. ECB mode is broken and should not be used."; 55 | } 56 | } 57 | } 58 | } 59 | 60 | class Intro_CRYPTO_FINAL extends Intro_CRYPTO_FINAL_UTIL { 61 | 62 | private void _getInput(byte[] data) { 63 | if (data != null && data.length != 0) { // when no args to doFinal (used only update()) 64 | String i_sdata = null; 65 | i_sdata = new String(data); 66 | if (i_sdata != null && !i_sdata.isEmpty()) { 67 | if (_isItReadable(i_sdata)) { 68 | i_sdata = _byteArrayToReadableStr(data); 69 | _logParameter("input (Encrypt)", i_sdata); 70 | _logLine("-> ENCRYPT: [" + i_sdata + "]"); 71 | } 72 | else { 73 | String sdata = _byteArrayToB64(data); 74 | _logLine("-> Input data is not in a readable format, " + 75 | "base64: ["+ sdata +"]"); 76 | _logParameter("Output (converted to b64)", sdata); 77 | } 78 | } 79 | } 80 | } 81 | 82 | private void _getOutput(Object... args) { 83 | byte[] data = null; 84 | String o_sdata = null; 85 | // if (cipher == _lastCipher && _lastMode == Cipher.DECRYPT_MODE) 86 | try { 87 | data = (byte[]) _hookInvoke(args); 88 | } 89 | catch (Throwable e) { 90 | Log.i(_TAG_ERROR, "doFinal function failed: "+e); 91 | } 92 | if (data != null) { 93 | o_sdata = new String(data); 94 | if (_isItReadable(o_sdata)) { 95 | o_sdata = _byteArrayToReadableStr(data); 96 | _logParameter("Ouput (Decrypt)", o_sdata); 97 | _logLine("-> DECRYPT: [" + o_sdata + "]"); 98 | } 99 | else { 100 | String sdata = _byteArrayToB64(data); 101 | _logLine("-> Output data is not in a readable format," + 102 | " base64: ["+ sdata +"]"); 103 | _logReturnValue("Output (converted to b64)", sdata); 104 | } 105 | } 106 | // } else { 107 | // } 108 | } 109 | 110 | public void execute(Object... args) { 111 | if (_resources != null) { 112 | _warning = false; 113 | _out = ""; 114 | Cipher cipher = (Cipher) _resources; 115 | 116 | _logBasicInfo(); 117 | 118 | // input 119 | if (args.length != 0 && args[0] != null) { 120 | try { 121 | _getInput((byte[]) args[0]); 122 | } 123 | catch (Exception e) { 124 | Log.w(_TAG_ERROR, "Error in _getInput " + 125 | "(CRYPTO_IMPL->dofinal): " + e); 126 | } 127 | } 128 | 129 | //output 130 | try { 131 | _getOutput(args); 132 | } 133 | catch (Exception e) { 134 | Log.w(_TAG_ERROR, "Error in _getOutput " + 135 | "(CRYPTO_IMPL->dofinal): " + e); 136 | } 137 | 138 | // algo/IV 139 | try { 140 | _getAlgo(cipher); 141 | _getIV(cipher); 142 | } 143 | catch (Exception e) { 144 | Log.w(_TAG_ERROR, "Error in _getAlgo/_getCipher " + 145 | "(CRYPTO_IMPL->dofinal): " + e); 146 | } 147 | 148 | // dump some params 149 | if (cipher.getParameters() != null && ApplicationConfig.g_debug) 150 | _logLine("Parameters: " + cipher.getParameters()); 151 | 152 | if (_warning) 153 | _logFlush_W(_out); 154 | else if (!_out.isEmpty()) 155 | _logFlush_I(_out); 156 | } 157 | else { 158 | Log.w(_TAG_ERROR, 159 | "Error in Intro_CRYPTO: resource is null"); 160 | } 161 | } 162 | } 163 | 164 | class Intro_CRYPTO_INIT extends Intro_CRYPTO { 165 | public void execute(Object... args) { 166 | // let's not care about init since we are hooking 167 | // the key class already 168 | // BUT it can be useful to get a state of the mode 169 | // if needed later 170 | if (_resources != null) { 171 | try { 172 | _lastCipher = (Cipher) _resources; 173 | 174 | // get the mode 175 | Integer mode = _lastMode = (Integer) args[0]; 176 | String smode; 177 | switch (mode) { 178 | case Cipher.DECRYPT_MODE: 179 | smode = "DECRYPT_MODE"; 180 | break; 181 | case Cipher.ENCRYPT_MODE: 182 | smode = "ENCRYPT_MODE"; 183 | break; 184 | default: 185 | smode = "???"; 186 | } 187 | 188 | _logBasicInfo(); 189 | 190 | String out = "-> Mode: " + smode; 191 | 192 | // get the key 193 | Key key = (Key) args[1]; 194 | String skey = ""; 195 | if (key != null) { 196 | skey = _getReadableByteArr(key.getEncoded()); 197 | out += ", Key format: " + key.getFormat() + 198 | ", Key: [" + skey + "]"; 199 | } 200 | _logParameter("Mode", smode); 201 | _logParameter("Key", skey); 202 | _logParameter("Key Format", key.getFormat()); 203 | 204 | _logFlush_I(out); 205 | 206 | } catch (Exception e) { 207 | Log.w(_TAG_ERROR, "Error in Intro_CRYPTO: " + e); 208 | } 209 | } 210 | } 211 | } 212 | 213 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/hooks/HookFileSystemImpl.java: -------------------------------------------------------------------------------- 1 | package com.introspy.hooks; 2 | import com.introspy.core.IntroHook; 3 | 4 | import java.io.File; 5 | 6 | import android.util.Log; 7 | 8 | 9 | class Intro_FILE_PARENT extends IntroHook { 10 | // enherited by the FS hook classes 11 | protected boolean is_SD_card(String path) { 12 | if (path != null && 13 | (path.contains("sdcard") || 14 | path.contains("/storage/"))) { 15 | 16 | // crashes with system app: 17 | // path.contains(Environment.getExternalStorageDirectory().toString() 18 | 19 | //super.execute(config, resources, old, args); 20 | return true; 21 | } 22 | return false; 23 | } 24 | } 25 | 26 | class Intro_FILE_CHECK_DIR extends Intro_FILE_PARENT { 27 | public void execute(Object... args) { 28 | // noisy so display data only when it reads the sdcard 29 | // arg0 is the path 30 | try { 31 | // String root = _dataDir + "/" + args[0]; 32 | String path = "[" + args[0] + "]"; 33 | _logParameter("Path", path); 34 | if (is_SD_card(path)) { 35 | _logBasicInfo(); 36 | _logFlush_W("Read/write on sdcard: " + path); 37 | } else { 38 | // one liner on this to avoid too much noise 39 | _logFlush_I("### FS:"+ _packageName + ":" + path); 40 | } 41 | 42 | } catch (Exception e) { 43 | Log.w("IntrospyLog", "Exception in Intro_FILE_CHECK_DIR: " + e); 44 | Log.w("IntrospyLog", "-> App path: " + _dataDir + 45 | "\n" + e.fillInStackTrace()); 46 | } 47 | } 48 | } 49 | 50 | class Intro_CHECK_FS_SET extends Intro_FILE_PARENT { 51 | public void execute(Object... args) { 52 | // noisy 53 | // arg0 is the path 54 | if ((Boolean)(args[0]) == true && 55 | (Boolean)args[1] == false) { 56 | //super.execute(config, resources, old, args); 57 | File f = (File) _resources; 58 | _logBasicInfo(); 59 | _logParameter("Mode", "WORLD read/write"); 60 | _logParameter("Path", f.getAbsolutePath()); 61 | _logFlush_W("Writing file with WORLD read/write mode: " + 62 | " in " + f.getAbsolutePath()); 63 | } 64 | } 65 | } 66 | 67 | class Intro_FILE_CHECK_MODE extends Intro_FILE_PARENT { 68 | @SuppressWarnings("deprecation") 69 | public void execute(Object... args) { 70 | // arg0 is the path 71 | String path = ": [" + _dataDir + "/" + (String)args[0] + "]"; 72 | if (is_SD_card(path)) { 73 | _logBasicInfo(); 74 | _logParameter("Path", path); 75 | _logFlush_W("Read/write on sdcard: " + path); 76 | } 77 | else { 78 | // arg1 is the mode 79 | Integer mode = (Integer) args[1]; 80 | 81 | String smode; 82 | switch (mode) { 83 | case android.content.Context.MODE_PRIVATE: 84 | smode = "Private"; 85 | break; 86 | case android.content.Context.MODE_WORLD_READABLE: 87 | smode = "!!! World Readable !!!"; 88 | break; 89 | case android.content.Context.MODE_WORLD_WRITEABLE: 90 | smode = "!!! World Writable !!!"; 91 | break; 92 | default: 93 | smode = "???"; 94 | } 95 | smode = "MODE: " + smode; 96 | 97 | if (mode == android.content.Context.MODE_WORLD_READABLE || 98 | mode == android.content.Context.MODE_WORLD_WRITEABLE) { 99 | _logBasicInfo(); 100 | _logParameter("Mode", smode); 101 | _logFlush_W("Writing file with dangerous mode: " + 102 | smode + " in " + path); 103 | } 104 | } 105 | } 106 | } 107 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/hooks/HookGeneric.java: -------------------------------------------------------------------------------- 1 | package com.introspy.hooks; 2 | 3 | import android.util.Log; 4 | 5 | import com.introspy.core.IntroHook; 6 | 7 | class Intro_DUMP extends IntroHook { 8 | protected void _WDump() { 9 | // dump in W logs 10 | Log.w(_TAG, "#### "+ _type +" ###, Package: " + _packageName + 11 | ", localdir: "+_dataDir); 12 | Log.w(_TAG, "Method: " + _config.getMethodName()); 13 | Log.w(_TAG, "Notes: " + _config.getNotes()); 14 | Log.w(_TAG, "Resources type: " + 15 | (_resources != null ? _resources.getClass() : "None (Static method?)")); 16 | 17 | } 18 | 19 | public void execute(Object... args) { 20 | super.execute(args); 21 | // dump a bit more info 22 | // _WDump(); 23 | Log.i(_TAG, "------------------"); 24 | } 25 | } 26 | 27 | class Intro_SHOULD_NOT_BE_USED extends Intro_DUMP { 28 | public void execute(Object... args) { 29 | _logBasicInfo(); 30 | _logFlush_W("This method should not be used." + 31 | (!_notes.isEmpty() ? (" Note: " + _notes) : "")); 32 | } 33 | } -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/hooks/HookHashImpl.java: -------------------------------------------------------------------------------- 1 | package com.introspy.hooks; 2 | import com.introspy.core.IntroHook; 3 | 4 | import java.lang.reflect.Method; 5 | import java.security.MessageDigest; 6 | 7 | import android.util.Log; 8 | 9 | 10 | class Intro_HASH extends IntroHook { 11 | public void execute(Object... args) { 12 | 13 | StackTraceElement[] ste = Thread.currentThread().getStackTrace(); 14 | // this is called within apps and is super noisy so not displaying it 15 | if (ste[7].toString().contains("com.crashlytics.")) 16 | return; 17 | // the above code may only work on android 4.2.2 18 | // replace with the code below if so 19 | /* for (int i = 0; i < ste.length; i++) 20 | if (ste[i].toString().contains("com.crashlytics.")) 21 | return; */ 22 | 23 | if (args[0] != null) { 24 | _logBasicInfo(); 25 | String input = _getReadableByteArr((byte[])args[0]); 26 | 27 | byte[] output = null; 28 | String s_output = ""; 29 | try { 30 | // execution the method to calculate the digest 31 | // using reflection to call digest from the object's instance 32 | try { 33 | Class cls = Class.forName("java.security.MessageDigest"); 34 | Object obj =_resources; 35 | Class noparams[] = {}; 36 | Method xmethod = cls.getDeclaredMethod("digest", noparams); 37 | output = (byte[]) xmethod.invoke(obj); 38 | s_output = _getReadableByteArr(output); 39 | } 40 | catch (Exception e) { 41 | Log.w(_TAG_ERROR, "Error in Hash func: " + e); 42 | } 43 | } 44 | catch (Throwable e) { 45 | Log.w(_TAG_ERROR, "Error in Hash func: " + e); 46 | } 47 | 48 | // use reflection to call a method from this instance 49 | String algoName = null; 50 | try { 51 | Class cls = Class.forName("java.security.MessageDigest"); 52 | Object obj =_resources; 53 | Class noparams[] = {}; 54 | Method xmethod = cls.getDeclaredMethod("getAlgorithm", noparams); 55 | algoName = (String) xmethod.invoke(obj); 56 | } 57 | catch (Exception e) { 58 | algoName = "error: " + e; 59 | } 60 | 61 | _logLine("-> Hash of : [" + input + "] is: [" + 62 | s_output +"] , Algo: [" + algoName + "]"); 63 | 64 | _logParameter("Input", input); 65 | _logParameter("Algo", algoName); 66 | _logReturnValue("Output", s_output); 67 | 68 | if (algoName.contains("MD5")) { 69 | _logFlush_W("MD5 used, this hashing algo " + 70 | "is broken and should not be used"); 71 | } 72 | else 73 | _logFlush_I(); 74 | } 75 | } 76 | } 77 | 78 | class Intro_GET_HASH extends Intro_CRYPTO { 79 | public void execute(Object... args) { 80 | try { 81 | byte[] data = (byte[]) _hookInvoke(args); 82 | MessageDigest dg = (MessageDigest) _resources; 83 | _logBasicInfo(); 84 | 85 | String sdata = _getReadableByteArr(data); 86 | 87 | _logReturnValue("Data", sdata); 88 | _logParameter("Algo", dg); 89 | 90 | _logFlush_I("-> Algo: " + dg + ", Data: " + sdata); 91 | } catch (Throwable e) { 92 | Log.i(_TAG_ERROR, "Error in Fun_GET_HASH" + e); 93 | } 94 | } 95 | } 96 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/hooks/HookIPCImpl.java: -------------------------------------------------------------------------------- 1 | package com.introspy.hooks; 2 | import com.introspy.core.IntroHook; 3 | 4 | import android.content.Intent; 5 | import android.content.IntentFilter; 6 | import android.os.Bundle; 7 | 8 | class FuncIPC extends IntroHook { 9 | protected String getExtras(Intent intent) { 10 | String out = ""; 11 | try { 12 | Bundle bundle = intent.getExtras(); 13 | if (bundle != null) { 14 | for (String key : bundle.keySet()) { 15 | Object value = bundle.get(key); 16 | out += String.format("--> [%s %s (%s)]\n", key, 17 | value.toString(), value.getClass().getName()); 18 | } 19 | out = out.substring(0, out.length() - 1); 20 | } 21 | } 22 | catch (Exception e) { 23 | out = "Cannot get intent extra"; 24 | } 25 | return out; 26 | } 27 | } 28 | 29 | class Intro_DUMP_INTENT extends FuncIPC { 30 | public void execute(Object... args) { 31 | _logBasicInfo(); 32 | 33 | // arg0 is an Intent 34 | Intent intent = (Intent) args[0]; 35 | String out = "-> " + intent; 36 | _logParameter("Intent", intent); 37 | String extra = getExtras(intent); 38 | if (!extra.isEmpty()) { 39 | _logParameter("Extra", extra); 40 | out += "\n-> Extra: \n" + extra + ""; 41 | } 42 | _logFlush_I(out); 43 | } 44 | } 45 | 46 | // Hook: 47 | // Intent registerReceiver (BroadcastReceiver receiver, IntentFilter filter) 48 | // Intent registerReceiver (BroadcastReceiver receiver, IntentFilter filter, 49 | // String broadcastPermission, Handler scheduler) 50 | class Intro_IPC_RECEIVER extends FuncIPC { 51 | public void execute(Object... args) { 52 | _logBasicInfo(); 53 | String out = ""; 54 | 55 | // arg1 is an intent filter 56 | IntentFilter intentFilter = (IntentFilter) args[1]; 57 | if (intentFilter != null) { 58 | out = "-> Intent Filter: \n"; 59 | for (int i = 0; i < intentFilter.countActions(); i++) 60 | out += "--> [Action "+ i +":"+intentFilter.getAction(i)+"]\n"; 61 | out = out.substring(0, out.length() - 1); 62 | _logParameter("Intent Filter", out); 63 | } 64 | 65 | // args[2] is the permissions 66 | if (args.length > 2 && args[2] != null) { 67 | out += ", permissions: " + args[2]; 68 | _logParameter("Permissions", args[2]); 69 | } 70 | _logLine(out); 71 | 72 | if (args.length == 2 || (args.length > 2 && args[2] == null)) 73 | _logFlush_I("-> No permissions explicitely defined for the Receiver"); 74 | else 75 | _logFlush_I(); 76 | } 77 | } 78 | 79 | class Intro_URI_REGISTER extends FuncIPC { 80 | public void execute(Object... args) { 81 | String uriPath = (String)args[1]; 82 | _logParameter("URI Path", uriPath); 83 | 84 | String data = "URI:"+_config.getMethodName()+":" 85 | +_packageName+uriPath; 86 | _logBasicInfo(); 87 | _logFlush_I(data); 88 | } 89 | } 90 | 91 | // IPCs disabled in the manifest can be enabled dynamically 92 | class Intro_IPC_MODIFIED extends FuncIPC { 93 | public void execute(Object... args) { 94 | 95 | // arg1: newState 96 | int newState = (Integer)args[1]; 97 | if (newState == 98 | android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_ENABLED) { 99 | _logBasicInfo(); 100 | _logParameter("New State", "COMPONENT_ENABLED_STATE_ENABLED"); 101 | _logFlush_W("-> !!! Component ["+ args[0] + 102 | "] is ENABLED dynamically"); 103 | } 104 | } 105 | } 106 | 107 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/hooks/HookKeyImpl.java: -------------------------------------------------------------------------------- 1 | package com.introspy.hooks; 2 | 3 | class Intro_CRYPTO_KEY extends Intro_CRYPTO { 4 | 5 | } 6 | 7 | class Intro_GET_KEY extends Intro_CRYPTO_KEY { 8 | public void execute(Object... args) { 9 | byte[] key = (byte[]) args[0]; 10 | if (key != null) { 11 | String skey = _getReadableByteArr(key); 12 | _logParameter("Key", skey); 13 | _logParameter("Algo", args[1]); 14 | _logBasicInfo(); 15 | _logFlush_I("-> Key: ["+skey+"], algo: "+args[1]); 16 | } 17 | } 18 | } 19 | 20 | class Intro_CRYPTO_KEYSTORE_HOSTNAME extends Intro_CRYPTO_KEY { 21 | public void execute(Object... args) { 22 | 23 | _logBasicInfo(); 24 | // arg2 is the passcode for this trustore 25 | if (args[2] != null) { 26 | String passcode = 27 | _getReadableByteArr((byte[]) args[2]); 28 | _logParameter("Passcode", args[2]); 29 | _logFlush_I("-> TrustStore passcode: " + passcode); 30 | } 31 | } 32 | } 33 | 34 | class Intro_CRYPTO_KEYSTORE extends Intro_CRYPTO_KEY { 35 | public void execute(Object... args) { 36 | 37 | _logBasicInfo(); 38 | // arg1 is the passcode for the trustore 39 | if (args[1] != null) { 40 | String passcode = 41 | _getReadableByteArr((byte[]) args[1]); 42 | _logParameter("Passcode", args[1]); 43 | _logFlush_I("-> TrustStore passcode: " + passcode); 44 | } 45 | } 46 | } 47 | 48 | class Intro_CRYPTO_PBEKEY extends Intro_CRYPTO_KEY { 49 | public void execute(Object... args) { 50 | _logBasicInfo(); 51 | 52 | String passcode = new String((char[])args[0]); 53 | String salt = null; 54 | int iterationCount = -1; 55 | if (args.length >= 2 && args[1] != null) { 56 | salt = 57 | _byteArrayToReadableStr((byte[])args[1]); 58 | iterationCount = (Integer)args[2]; 59 | _logParameter("Passcode", passcode); 60 | _logParameter("Salt", salt); 61 | _logParameter("Iterations", iterationCount); 62 | // _logReturnValue("Key", _hookInvoke(args)); 63 | _logFlush_I("-> Passcode: [" + passcode + "], Salt: [" + salt + 64 | "], iterations: " + iterationCount + ""); 65 | } 66 | else { 67 | _logParameter("Passcode", passcode); 68 | _logFlush_I("Passcode: [" + passcode + "]"); 69 | } 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/hooks/HookSQLiteImpl.java: -------------------------------------------------------------------------------- 1 | package com.introspy.hooks; 2 | import com.introspy.core.IntroHook; 3 | 4 | class Intro_ExecSQL extends IntroHook { 5 | public void execute(Object... args) { 6 | // SQLiteDatabase db = (SQLiteDatabase) _resources; 7 | _logBasicInfo(); 8 | _logFlush_I("-> [" + args[0] + "]"); 9 | } 10 | } 11 | 12 | class Intro_SQLite_UPDATE extends IntroHook { 13 | public void execute(Object... args) { 14 | // SQLiteDatabase db = (SQLiteDatabase) _resources; 15 | _logBasicInfo(); 16 | 17 | _logParameter("Table", args[0]); 18 | _logParameter("Content Values", args[1]); 19 | _logParameter("Where", args[2]); 20 | _logParameter("Where Args", args[3]); 21 | 22 | _logFlush_I("-> " + "Table: " + args[0] + ", " + 23 | "ContentValues: " + args[1] + ", " + 24 | "Where: " + args[2] + ", " + 25 | "WhereArgs: " + args[3]); 26 | // TODO: dump 'where' args (array of strings for args[3]) 27 | } 28 | } 29 | 30 | class Intro_SQLite_INSERT extends IntroHook { 31 | public void execute(Object... args) { 32 | // SQLiteDatabase db = (SQLiteDatabase) _resources; 33 | _logBasicInfo(); 34 | 35 | _logParameter("Table", args[0]); 36 | _logParameter("Content Values", args[1]); 37 | 38 | _logFlush_I("-> " + "Table: " + args[0] + ", " + 39 | "ContentValues: " + args[2]); 40 | // TODO: dump this other array of strings 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/hooks/HookSSLImpl.java: -------------------------------------------------------------------------------- 1 | package com.introspy.hooks; 2 | import com.introspy.core.IntroHook; 3 | 4 | import java.security.cert.X509Certificate; 5 | 6 | import javax.net.ssl.TrustManager; 7 | import javax.net.ssl.X509TrustManager; 8 | 9 | import org.apache.http.conn.ssl.SSLSocketFactory; 10 | 11 | // init(KeyManager[] km, TrustManager[] tm, SecureRandom sr) -> 12 | // init(null, trustManagers, null); 13 | class Intro_SSL_CHECK_TRUST_MANAGER extends IntroHook { 14 | public void execute(Object... args) { 15 | 16 | _logBasicInfo(); 17 | TrustManager[] tm_arr = (TrustManager[]) args[1]; 18 | // check the trust manager 19 | if (tm_arr != null && tm_arr[0] != null) { 20 | X509TrustManager tm = (X509TrustManager) tm_arr[0]; 21 | X509Certificate[] chain = new X509Certificate[]{}; 22 | boolean check = false; 23 | try { 24 | tm.checkClientTrusted(chain, ""); 25 | tm.checkServerTrusted(chain, ""); 26 | } catch (Exception e) { // should change to CertificateException 27 | // if it goes here with an invalid cert 28 | // the app may verify certs 29 | check = true; 30 | } 31 | if (!check) 32 | _logFlush_W("The app does not verify SSL certs"); 33 | else 34 | _logFlush_I("Use of a custom Trust Manager, " + 35 | "the app may do cert. pinning (OR potentially validate any cert)"); 36 | } 37 | } 38 | } 39 | 40 | //setSSLSocketFactory(SSLSocketFactory sf) 41 | class Intro_SSL_CHECK_TRUST_SOCKETFACTORY extends IntroHook { 42 | public void execute(Object... args) { 43 | // should only display data when there is a potential issue 44 | 45 | // check not implemented yet 46 | _logBasicInfo(); 47 | _logFlush_W("Use of a custom SSLSocketFactory, " + 48 | "the app may do cert. pinning OR validate any cert"); 49 | } 50 | } 51 | 52 | // setHostnameVerifier(X509HostnameVerifier hostnameVerifier) 53 | class Intro_CHECK_HOSTNAME_VERIFIER extends IntroHook { 54 | public void execute(Object... args) { 55 | 56 | // this only display data when there is a potential issue 57 | if ((org.apache.http.conn.ssl.X509HostnameVerifier)args[0] == 58 | SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER) { 59 | _logBasicInfo(); 60 | _logParameter("SSLSocketFactory", "ALLOW_ALL_HOSTNAME_VERIFIER"); 61 | _logFlush_W("HostNameVerifier set to accept ANY hostname"); 62 | } 63 | } 64 | } 65 | 66 | class Intro_CHECK_URI extends IntroHook { 67 | public void execute(Object... args) { 68 | 69 | // this is noisy so only display data when there is a potential issue 70 | // arg0 is a uri (string or uri (this may not actually work)) 71 | String uri = (String) args[0]; 72 | if (uri.contains("http:")) { 73 | _logBasicInfo(); 74 | _logParameter("URI", uri); 75 | _logFlush_W("No SSL: ["+uri+"]"); 76 | } 77 | } 78 | } 79 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/hooks/HookSharedPrefImpl.java: -------------------------------------------------------------------------------- 1 | package com.introspy.hooks; 2 | import com.introspy.core.IntroHook; 3 | 4 | import java.util.Map; 5 | 6 | import android.content.SharedPreferences; 7 | import android.util.Log; 8 | 9 | class Intro_PREF_PARENT extends IntroHook { 10 | protected static boolean 11 | _allPrefsAlreadyRetrieved = false; 12 | } 13 | 14 | class Intro_CHECK_SHARED_PREF extends IntroHook { 15 | protected static boolean _onlyRetrievedPrefOnce = true; 16 | protected static boolean _prefRetrieved = true; 17 | 18 | @SuppressWarnings("deprecation") 19 | public void execute(Object... args) { 20 | 21 | // this is noisy so only display data when there is a potential issue 22 | if (!_onlyRetrievedPrefOnce || 23 | (_onlyRetrievedPrefOnce && !_prefRetrieved)) { 24 | String prefName = (String) args[0]; 25 | _logParameter("Preference Name", args[0]); 26 | _logLine("### PREF:"+ _packageName + 27 | ":getSharedPref:"+prefName); 28 | // display the pref retrieved 29 | try { 30 | SharedPreferences prefs = (SharedPreferences) 31 | _hookInvoke(args); 32 | if (prefs != null && prefs.getAll().size() > 0) 33 | _logFlush_I("-> " + prefs.getAll()); 34 | } catch (Throwable e) { 35 | _logLine("-> not able to retrieve preferences"); 36 | } 37 | _prefRetrieved = true; 38 | } 39 | 40 | // arg1 is the sharing modes 41 | Integer mode = (Integer) args[1]; 42 | String smode = ""; 43 | 44 | if (mode == android.content.Context.MODE_WORLD_READABLE) 45 | smode = "MODE_WORLD_READABLE"; 46 | else if (mode == android.content.Context.MODE_WORLD_WRITEABLE) 47 | smode = "MODE_WORLD_WRITEABLE"; 48 | 49 | if (!smode.isEmpty()) { 50 | _logParameter("Preference Name", args[0]); 51 | _logParameter("Mode: ", smode); 52 | _logFlush_W("Shared preference accessible to the WORLD. " + 53 | "(MODE: " + smode + ")"); 54 | } 55 | } 56 | } 57 | 58 | class Intro_GET_SHARED_PREF extends IntroHook { 59 | public void execute(Object... args) { 60 | String prefName = (String) args[0]; // name of pref to retrieve 61 | if (prefName == null) { 62 | return; 63 | } 64 | // args[1] is the default value 65 | 66 | _logParameter("Preference Name", args[0]); 67 | String out = "### PREF:"+_packageName + 68 | ":getSharedPref:"+ _methodName + 69 | "; name: [" + args[0] + "]" + 70 | ", default: [" + args[1] + "]"; 71 | 72 | Object o = null; 73 | try { 74 | o = _hookInvoke(args); 75 | } catch (Throwable e) { 76 | // this may throw if incorrect type specified in the code 77 | // Log.w("IntrospyLog", "error in Intro_GET_SHARED_PREF: "+e); 78 | } 79 | 80 | if (o != null) { 81 | out += "; retrieves: ["+o+"]"; 82 | _logReturnValue("Value", o); 83 | _logFlush_I(out); 84 | } 85 | else { 86 | _logLine(out); 87 | _logFlush_I("-> Preference not found or incorrect type specified"); 88 | } 89 | } 90 | } 91 | 92 | class Intro_PUT_SHARED_PREF extends IntroHook { 93 | public void execute(Object... args) { 94 | 95 | String prefName = (String) args[0]; // name of pref to retrieve 96 | _logParameter("Preference Name", args[0]); 97 | _logParameter("Value", args[1]); 98 | String out = "### PREF:"+_packageName + ":writeSharedPref:" 99 | +prefName+", value: "+args[1]; 100 | _logFlush_I(out); 101 | } 102 | } 103 | 104 | class Intro_CONTAINS_SHARED_PREF extends IntroHook { 105 | public void execute(Object... args) { 106 | String out = ""; 107 | String prefName = (String) args[0]; // name of pref to retrieve 108 | 109 | try { 110 | boolean o = (Boolean) _hookInvoke(args); 111 | _logParameter("Preference Name", args[0]); 112 | if (o == false) { 113 | out = "### PREF:"+_packageName+ 114 | ":contains:"+ prefName; 115 | _logReturnValue("Value", o); 116 | _logLine(out); 117 | _logFlush_W("Preference not found (Hidden pref?)"); 118 | } 119 | } catch (Throwable e) { 120 | Log.i("IntrospyLog", "error in Intro_CONTAINS_SHARED_PREF: "+e); 121 | } 122 | } 123 | } 124 | 125 | class Intro_GET_ALL_SHARED_PREF extends Intro_PREF_PARENT { 126 | public void execute(Object... args) { 127 | // display all the prefs retrieved 128 | // only do it once because it's too noisy 129 | if (_allPrefsAlreadyRetrieved) 130 | return; 131 | try { 132 | @SuppressWarnings("unchecked") 133 | Map keys = (Map) _hookInvoke(args); 134 | if ( keys != null && keys.size() > 0) { 135 | _logLine("### PREF:"+_packageName+":getAll:"); 136 | for(Map.Entry entry : keys.entrySet()){ 137 | _logLine("-> " + entry.getKey() + ": " + 138 | entry.getValue().toString()); 139 | } 140 | } 141 | _logFlush_I(); 142 | _allPrefsAlreadyRetrieved = true; 143 | } catch (Throwable e) { 144 | Log.i(_TAG_ERROR, "-> not able to retrieve all " + 145 | "preferences (get All in " + 146 | _packageName+"). Error: " + e); 147 | } 148 | } 149 | } 150 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/hooks/HookWebviewImpl.java: -------------------------------------------------------------------------------- 1 | package com.introspy.hooks; 2 | import com.introspy.core.IntroHook; 3 | 4 | //setPluginState(WebSettings.PluginState state) 5 | // with android.webkit.WebSettings.PluginState.ON 6 | // setJavaScriptEnabled(boolean flag) with true 7 | // setAllowFileAccess (boolean allow) 8 | class Intro_WEBVIEW_SET extends IntroHook { 9 | public void execute(Object... args) { 10 | 11 | // should only display data when first arg is set to true 12 | 13 | if ((Boolean)args[0] == true) { 14 | _logBasicInfo(); 15 | _logFlush_W("-> !!! Set of a potentially dangerous " + 16 | "functionality to true for the webview using "+ 17 | _config.getMethodName() + ", make sure this " + 18 | "functionality is necessary"); 19 | } 20 | } 21 | } 22 | 23 | // addJavascriptInterface(Object object, String name) 24 | class Intro_WEBVIEW_JS_BRIDGE extends IntroHook { 25 | public void execute(Object... args) { 26 | 27 | // this only display data when there is a potential issue 28 | _logBasicInfo(); 29 | _logFlush_W("-> !!! Javascript interface " + 30 | "added for the webview. Details: " + 31 | args[0] + ", name: " + args[1]); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/hooks/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Package containing the hook implementations 3 | */ 4 | /** 5 | * @author marc blanchou 6 | * 7 | */ 8 | package com.introspy.hooks; -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/logging/Logger.java: -------------------------------------------------------------------------------- 1 | package com.introspy.logging; 2 | 3 | import com.introspy.core.*; 4 | 5 | import android.util.Log; 6 | 7 | // note: flush only when done with the logging 8 | // for a function as it dumps stack traces for the call 9 | 10 | public class Logger extends LoggerDB { 11 | 12 | private void clean() { 13 | _out = ""; 14 | _pListArgsBody = ""; 15 | _pListRetBody = ""; 16 | } 17 | 18 | protected void _log(String data) { 19 | _out += data; 20 | } 21 | 22 | // ####### public 23 | 24 | public void logInit(HookConfig config) { 25 | _config = config; 26 | } 27 | 28 | public void logLine(String line) { 29 | _out += line + "\n"; 30 | } 31 | 32 | public void logFlush_I(String notes) { 33 | _notes = notes; 34 | _out += notes; 35 | logFlush_I(); 36 | } 37 | public void logFlush_W(String notes) { 38 | _notes = notes; 39 | _out += "-> !!! " + notes; 40 | logFlush_W(); 41 | } 42 | 43 | // use a static ref to synchronize across threads 44 | public void logFlush_I() { 45 | _addTraces(); 46 | synchronized (_TAG) { 47 | if (_enableDB) 48 | _logInDB("I"); 49 | Log.i(_TAG, _out); 50 | } 51 | clean(); 52 | } 53 | 54 | public void logFlush_W() { 55 | _addTraces(); 56 | synchronized (_TAG) { 57 | if (_enableDB) 58 | _logInDB("W"); 59 | Log.w(_TAG, _out); 60 | } 61 | clean(); 62 | } 63 | 64 | public void logParameter(String name, String value) { 65 | if (_enableDB) 66 | _logDBParameter(name, value); 67 | } 68 | 69 | public void logParameter(String name, Object value) { 70 | if (_enableDB) 71 | _logDBParameter(name, "" + value); 72 | } 73 | 74 | public void logReturnValue(String name, String value) { 75 | if (_enableDB) 76 | _logDBReturnValue(name, value); 77 | } 78 | 79 | public void logReturnValue(String name, Object value) { 80 | if (_enableDB) 81 | _logDBReturnValue(name, "" + value); 82 | } 83 | 84 | public void logBasicInfo() { 85 | _log("### "+ _config.getCategory()+" ### " + 86 | ApplicationConfig.getPackageName() + 87 | " - " + _config.getClassName() + "->" 88 | + _config.getMethodName() + "()\n"); 89 | } 90 | } 91 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/logging/LoggerConfig.java: -------------------------------------------------------------------------------- 1 | package com.introspy.logging; 2 | 3 | import com.introspy.core.HookConfig; 4 | import com.introspy.core.IntroStringHelper; 5 | 6 | public class LoggerConfig extends IntroStringHelper { 7 | protected LoggerConfig() { 8 | } 9 | 10 | protected HookConfig _config; 11 | 12 | public static String _TAG = "Introspy"; 13 | public static String _TAG_ERROR = "IntrospyError"; 14 | public static String _TAG_LOG = "IntrospyLog"; 15 | 16 | public static String getTag() { 17 | return _TAG; 18 | } 19 | 20 | public static String getTagError() { 21 | return _TAG_ERROR; 22 | } 23 | 24 | public static String getTagLog() { 25 | return _TAG_LOG; 26 | } 27 | 28 | protected String _out = ""; 29 | protected String _notes = ""; 30 | protected String _traces = ""; 31 | 32 | protected boolean _enableDB = true; 33 | 34 | // this can be enabled via the _config file 35 | protected boolean _stackTraces = false; 36 | 37 | // change this value to get full traces 38 | protected boolean _fullTraces = false; 39 | 40 | } 41 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/logging/LoggerDB.java: -------------------------------------------------------------------------------- 1 | package com.introspy.logging; 2 | 3 | import android.util.Log; 4 | 5 | public class LoggerDB extends LoggerTraces { 6 | protected String _pListHeader = 7 | "" + 8 | "" + 10 | "" + 11 | ""; 12 | 13 | protected String _pListArgsBody = ""; 14 | /* "arguments" + 15 | "" + 16 | "pasteboardType" + 17 | "public.utf8-plain-text" + 18 | ""; 19 | */ 20 | 21 | // not necessary to include this 22 | protected String _pListRetBody = ""; 23 | /* "returnValue" + 24 | "nil"; 25 | */ 26 | 27 | protected String _pListFooter = 28 | ""; 29 | 30 | protected void _logDBParameter(String name, String value) { 31 | _pListArgsBody += "" + _escapeXMLChars(name) + "" + 32 | "" + _escapeXMLChars(value) + ""; 33 | } 34 | 35 | protected void _logDBReturnValue(String name, String value) { 36 | // not using the name in the DB here yet 37 | _pListRetBody = 38 | "returnValue" + 39 | "" + _escapeXMLChars(value) + ""; 40 | } 41 | 42 | protected String _logCreatePlistArgs() { 43 | return _pListHeader + 44 | "arguments" + 45 | "" + 46 | _pListArgsBody + 47 | "" + 48 | _pListRetBody + 49 | _pListFooter; 50 | } 51 | 52 | protected void _logInDB(String logType) { 53 | try { 54 | SQLiteIntrospy db = SQLiteIntrospy.getInstance(); 55 | db.open(); 56 | db.createRow( 57 | _config.getType(), 58 | _config.getSubType(), 59 | _config.getClassName(), 60 | _config.getMethodName(), 61 | _logCreatePlistArgs(), 62 | logType, 63 | // (logType.equalsIgnoreCase("W") ? _notes : ""), 64 | _escapeXMLChars(_notes), 65 | _escapeXMLChars(_traces)); 66 | db.close(); 67 | } 68 | catch (Exception e) { 69 | Log.w(_TAG_ERROR, "--> Error with DB: " + e); 70 | } 71 | } 72 | 73 | public void disableDBlogger() { 74 | _enableDB = false; 75 | } 76 | 77 | public void enableDBlogger() { 78 | _enableDB = true; 79 | } 80 | } 81 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/logging/LoggerErrorHandler.java: -------------------------------------------------------------------------------- 1 | package com.introspy.logging; 2 | 3 | public class LoggerErrorHandler { 4 | static public String _getStackTrace() { 5 | String out = ""; 6 | StackTraceElement[] ste = 7 | Thread.currentThread().getStackTrace(); 8 | for (int i = 0; i < ste.length; i++) 9 | out += ste[i].toString() + "\n"; 10 | return out.substring(0, out.length() - 1); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/logging/LoggerFile.java: -------------------------------------------------------------------------------- 1 | package com.introspy.logging; 2 | 3 | import java.io.BufferedWriter; 4 | import java.io.File; 5 | import java.io.FileWriter; 6 | import java.io.IOException; 7 | 8 | import com.introspy.core.ApplicationConfig; 9 | 10 | import android.util.Log; 11 | 12 | // This class is not used, a DB is used instead 13 | 14 | public class LoggerFile { 15 | protected void logToFile(String logEntry) { 16 | // junk code 17 | try { 18 | File logFile = new File(ApplicationConfig.getDataDir() + "/introspy.log"); // "sdcard/introspy.log" 19 | 20 | if (!logFile.exists()) 21 | { 22 | try 23 | { 24 | logFile.createNewFile(); 25 | } 26 | catch (IOException e) 27 | { 28 | Log.w("IntrospyLog", "Cannot create log file: " + e); 29 | } 30 | } 31 | try 32 | { 33 | //BufferedWriter for performance, true to set append to file flag 34 | BufferedWriter buf = new BufferedWriter(new FileWriter(logFile, true)); 35 | buf.append(logEntry); 36 | buf.newLine(); 37 | buf.close(); 38 | } 39 | catch (IOException e) 40 | { 41 | Log.w("IntrospyLog", "Error with file logger: " + e); 42 | } 43 | } catch (Exception e) { 44 | Log.w("IntrospyLog", "Error with file logger: " + e); 45 | } 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/logging/LoggerTraces.java: -------------------------------------------------------------------------------- 1 | package com.introspy.logging; 2 | 3 | import android.util.Log; 4 | 5 | public class LoggerTraces extends LoggerConfig { 6 | 7 | public String getFullTraces() { 8 | StackTraceElement[] ste = Thread.currentThread().getStackTrace(); 9 | if (ste == null) 10 | return ""; 11 | StringBuilder stringBuilder = new StringBuilder(); 12 | for (StackTraceElement element : ste) 13 | stringBuilder.append(element.toString()).append("\n"); 14 | return stringBuilder.toString(); 15 | } 16 | 17 | public String getLightTraces() { 18 | String out = ""; 19 | try { 20 | StackTraceElement[] ste = 21 | Thread.currentThread().getStackTrace(); 22 | if (ste == null) 23 | return ""; 24 | out += "----------- " + ste[10] + "\n"; 25 | out += "----------- " + ste[11] + "\n"; 26 | out += "----------- " + ste[12] + "\n"; 27 | } 28 | catch (Exception e) { 29 | out = "-> Cannot get Stack Traces"; 30 | Log.w(_TAG_ERROR, out); 31 | } 32 | return out; 33 | } 34 | 35 | public void enableTraces() { 36 | _stackTraces = true; 37 | } 38 | public void disableTraces() { 39 | _stackTraces = false; 40 | } 41 | 42 | protected void _addTraces() { 43 | _traces = ""; 44 | if (_stackTraces) { 45 | if (_fullTraces) 46 | _traces = getFullTraces(); 47 | else 48 | _traces = getLightTraces(); 49 | 50 | _out = _traces + _out; 51 | } 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/logging/SQLiteIntrospy.java: -------------------------------------------------------------------------------- 1 | 2 | package com.introspy.logging; 3 | 4 | import java.util.ArrayList; 5 | import java.util.List; 6 | 7 | import com.introspy.core.ApplicationConfig; 8 | 9 | import android.content.ContentValues; 10 | import android.content.Context; 11 | import android.database.Cursor; 12 | import android.database.SQLException; 13 | import android.database.sqlite.SQLiteDatabase; 14 | 15 | public class SQLiteIntrospy { 16 | private static SQLiteIntrospy _instance = null; 17 | // Database fields 18 | private SQLiteDatabase database; 19 | private SQLiteIntrospyHelper dbHelper; 20 | private String[] allColumns = { 21 | SQLiteIntrospyHelper.COLUMN_ID, 22 | SQLiteIntrospyHelper.COLUMN_TYPE, 23 | SQLiteIntrospyHelper.COLUMN_SUBTYPE, 24 | SQLiteIntrospyHelper.COLUMN_CLASS, 25 | SQLiteIntrospyHelper.COLUMN_METHOD, 26 | SQLiteIntrospyHelper.COLUMN_DETAILS, 27 | SQLiteIntrospyHelper.COLUMN_LOG_TYPE, 28 | SQLiteIntrospyHelper.COLUMN_NOTES, 29 | SQLiteIntrospyHelper.COLUMN_ST 30 | }; 31 | 32 | public SQLiteIntrospy(Context context) { 33 | dbHelper = new SQLiteIntrospyHelper(context); 34 | } 35 | 36 | public void open() throws SQLException { 37 | database = dbHelper.getWritableDatabase(); 38 | } 39 | 40 | public void close() { 41 | dbHelper.close(); 42 | } 43 | 44 | public SQLiteIntrospyLog createRow(String type, String subType, 45 | String className, String methodName, 46 | String details, String logType) { 47 | return createRow(type, subType, className, 48 | methodName, details, logType, "", ""); 49 | } 50 | 51 | public SQLiteIntrospyLog createRow(String type, String subType, 52 | String className, String methodName, 53 | String details, String logType, String notes) { 54 | return createRow(type, subType, className, 55 | methodName, details, logType, notes, ""); 56 | } 57 | 58 | public SQLiteIntrospyLog createRow(String type, String subType, 59 | String className, String methodName, String details, 60 | String logType, String notes, String st) { 61 | ContentValues values = new ContentValues(); 62 | values.put(SQLiteIntrospyHelper.COLUMN_TYPE, type); 63 | values.put(SQLiteIntrospyHelper.COLUMN_SUBTYPE, subType); 64 | values.put(SQLiteIntrospyHelper.COLUMN_CLASS, className); 65 | values.put(SQLiteIntrospyHelper.COLUMN_METHOD, methodName); 66 | values.put(SQLiteIntrospyHelper.COLUMN_DETAILS, details); 67 | values.put(SQLiteIntrospyHelper.COLUMN_LOG_TYPE, logType); 68 | values.put(SQLiteIntrospyHelper.COLUMN_NOTES, notes); 69 | values.put(SQLiteIntrospyHelper.COLUMN_ST, st); 70 | 71 | long insertId = database.insert( 72 | SQLiteIntrospyHelper.TABLE_TRACES, 73 | null, values); 74 | 75 | Cursor cursor = database.query( 76 | SQLiteIntrospyHelper.TABLE_TRACES, 77 | allColumns, SQLiteIntrospyHelper.COLUMN_ID + 78 | " = " + insertId, null, 79 | null, null, null); 80 | 81 | cursor.moveToFirst(); 82 | SQLiteIntrospyLog 83 | newRow = cursorToRow(cursor); 84 | cursor.close(); 85 | return newRow; 86 | } 87 | 88 | private SQLiteIntrospyLog cursorToRow(Cursor cursor) { 89 | SQLiteIntrospyLog Row = 90 | new SQLiteIntrospyLog(); 91 | Row.setId(cursor.getLong(0)); 92 | Row.setRow(cursor.getString(1)); 93 | return Row; 94 | } 95 | 96 | public void deleteRow(SQLiteIntrospyLog Row) { 97 | long id = Row.getId(); 98 | System.out.println("Row deleted with id: " + id); 99 | database.delete(SQLiteIntrospyHelper.TABLE_TRACES, 100 | SQLiteIntrospyHelper.COLUMN_ID 101 | + " = " + id, null); 102 | } 103 | 104 | public List getAllRows() { 105 | List Rows = 106 | new ArrayList(); 107 | 108 | Cursor cursor = database.query( 109 | SQLiteIntrospyHelper.TABLE_TRACES, 110 | allColumns, null, null, null, null, null); 111 | 112 | cursor.moveToFirst(); 113 | while (!cursor.isAfterLast()) { 114 | SQLiteIntrospyLog Row = cursorToRow(cursor); 115 | Rows.add(Row); 116 | cursor.moveToNext(); 117 | } 118 | // make sure to close the cursor 119 | cursor.close(); 120 | return Rows; 121 | } 122 | 123 | public static SQLiteIntrospy getInstance() { 124 | if (_instance == null) { 125 | _instance = new 126 | SQLiteIntrospy(ApplicationConfig.getContext()); 127 | } 128 | return _instance; 129 | } 130 | } 131 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/logging/SQLiteIntrospyHelper.java: -------------------------------------------------------------------------------- 1 | package com.introspy.logging; 2 | 3 | import android.content.Context; 4 | import android.database.sqlite.SQLiteDatabase; 5 | import android.database.sqlite.SQLiteOpenHelper; 6 | 7 | public class SQLiteIntrospyHelper extends SQLiteOpenHelper { 8 | 9 | private static final String DATABASE_NAME = "introspy.db"; 10 | // increment this number each time the DB structure changes 11 | private static final int DATABASE_VERSION = 8; 12 | 13 | public static final String TABLE_TRACES = "tracedCalls"; 14 | 15 | public static final String COLUMN_ID = "_id"; 16 | public static final String COLUMN_TYPE = "type"; 17 | public static final String COLUMN_SUBTYPE = "subType"; 18 | public static final String COLUMN_CLASS = "className"; 19 | public static final String COLUMN_METHOD = "methodName"; 20 | public static final String COLUMN_DETAILS = 21 | "argumentsAndReturnValueDict"; 22 | public static final String COLUMN_LOG_TYPE = "logType"; 23 | public static final String COLUMN_NOTES = "notes"; 24 | public static final String COLUMN_ST = "callStack"; 25 | 26 | private static final String DATABASE_CREATE = 27 | "create table " 28 | + TABLE_TRACES + "(" + COLUMN_ID 29 | + " integer primary key autoincrement, " + 30 | COLUMN_TYPE + " text not null, " + 31 | COLUMN_SUBTYPE + " text not null, " + 32 | COLUMN_CLASS + " text not null, " + 33 | COLUMN_METHOD + " text not null, " + 34 | COLUMN_DETAILS + " text not null, " + 35 | COLUMN_LOG_TYPE + " text not null, " + 36 | COLUMN_NOTES + " text not null, " + 37 | COLUMN_ST + " text not null " + 38 | ");"; 39 | 40 | SQLiteIntrospyHelper(Context context) { 41 | super(context, 42 | DATABASE_NAME, null, DATABASE_VERSION); 43 | } 44 | 45 | @Override 46 | public void onCreate(SQLiteDatabase db) { 47 | db.execSQL(DATABASE_CREATE); 48 | } 49 | 50 | @Override 51 | public void onUpgrade(SQLiteDatabase db, int oldVersion, int newVersion) { 52 | db.execSQL("DROP TABLE IF EXISTS " + TABLE_TRACES); 53 | onCreate(db); 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/logging/SQLiteIntrospyLog.java: -------------------------------------------------------------------------------- 1 | package com.introspy.logging; 2 | 3 | public class SQLiteIntrospyLog { 4 | private long id; 5 | private String Row; 6 | 7 | public long getId() { 8 | return id; 9 | } 10 | 11 | public void setId(long id) { 12 | this.id = id; 13 | } 14 | 15 | public String getRow() { 16 | return Row; 17 | } 18 | 19 | public void setRow(String Row) { 20 | this.Row = Row; 21 | } 22 | 23 | @Override 24 | public String toString() { 25 | return Row; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/Introspy-Android Core/src/com/introspy/logging/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Logger package 3 | */ 4 | /** 5 | * @author marc blanchou 6 | * 7 | */ 8 | package com.introspy.logging; -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/TODO.txt: -------------------------------------------------------------------------------- 1 | see TODOs within the code. Additionally: 2 | 3 | Crypto: 4 | Need to hook more crypto calls (not all cases of dofinal() are implemented) 5 | 6 | IPC: 7 | log setComponentEnabledSetting to spot dynamically enabled IPCs (seems to crash when hooking this method right now) 8 | add more details with inspection of specific data for extra of intents 9 | 10 | SSL: 11 | handle more cases of bad cert validations 12 | handle more checks on the use of non-SSL uri 13 | 14 | SQLite: 15 | hook more methods -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/images/GUI.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/images/GUI.png -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/images/Thumbs.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/images/Thumbs.db -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/images/adding_hook_impl.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/images/adding_hook_impl.PNG -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/images/adding_hooks.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/images/adding_hooks.PNG -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/images/cydia_installed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/images/cydia_installed.png -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/images/example_logcat.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/images/example_logcat.png -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/images/html_report_android.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/images/html_report_android.PNG -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/images/impl_handle.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/images/impl_handle.PNG -------------------------------------------------------------------------------- /LiBieGou/JavaHook/Introspy/images/new_object.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/Introspy/images/new_object.PNG -------------------------------------------------------------------------------- /LiBieGou/JavaHook/cydia.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/JavaHook/cydia.apk -------------------------------------------------------------------------------- /LiBieGou/JavaHook/decrypt.py: -------------------------------------------------------------------------------- 1 | from M2Crypto.EVP import Cipher 2 | from base64 import b64encode, b64decode 3 | 4 | key = b64decode('H5jOqyCXcO+odcJFhT7Odh+Yzqsgl3Dv') 5 | iv = b64decode('AAoKCgoCAqo=') 6 | ciphertext = '5458d715704493d8e6b9bd38f8b6be0e'.decode('hex') 7 | decipher = Cipher(alg='des_ede3_cbc', key=key, op=0, iv=iv) 8 | plaintext = decipher.update(ciphertext) 9 | plaintext += decipher.final() 10 | print plaintext 11 | 12 | 13 | -------------------------------------------------------------------------------- /LiBieGou/adbi-master/README.md: -------------------------------------------------------------------------------- 1 | adbi - The Android Dynamic Binary Instrumentation Toolkit 2 | ========================================================= 3 | 4 | Simple binary instrumentation toolkit for Android ARM + Thumb. 5 | 6 | Instrumentation is based on library injection and hooking function entry 7 | points (in-line hooking). 8 | 9 | The toolkit consists of two main components the hijack tool and the base 10 | library. 11 | 12 | **hijack** 13 | 14 | The hijack tool provides the injection functionality. It supports a number of modes for supporting older and newer Android devices. hijack provides help on the command line. 15 | 16 | **libbase** 17 | 18 | The base library provides the hooking and unhooking functionality. The base library is compiled as a static library so it can be directly included in the 19 | actual instrumentation library. This is done so we can keep everything in /data/local/tmp. 20 | 21 | Below we provide and easy to follow step-by-step instructions for howto build and use adbi. The example instrument hijacks epoll_wait() and logs every call 22 | to a file. 23 | 24 | === External Resources === 25 | 26 | more information at: 27 | http://www.mulliner.org/android/ 28 | 29 | slide deck about this toolkit: 30 | http://www.mulliner.org/android/feed/binaryinstrumentationandroid_mulliner_summercon12.pdf 31 | 32 | old code (with more examples): 33 | http://www.mulliner.org/android/feed/collin_android_dbi_v02.zip 34 | 35 | === Prerequisites === 36 | 37 | Android SDK 38 | Android NDK 39 | 40 | === How to Build === 41 | 42 | = build the hijack tool = 43 | ``` 44 | cd hijack 45 | cd jni 46 | ndk-build 47 | cd .. 48 | adb push libs/armeabi/hijack /data/local/tmp/ 49 | cd .. 50 | ``` 51 | 52 | = build the instrumentation base code = 53 | 54 | ``` 55 | cd instruments 56 | cd base 57 | cd jni 58 | ndk-build 59 | cd .. 60 | cd .. 61 | ``` 62 | 63 | = build instrumentation example = 64 | 65 | ``` 66 | cd example 67 | cd jni 68 | ndk-build 69 | cd .. 70 | adb push libs/armeabi/libexample.so /data/local/tmp/ 71 | ``` 72 | 73 | === How to Run === 74 | 75 | ``` 76 | adb shell 77 | su 78 | cd /data/local/tmp 79 | >/data/local/tmp/adbi_example.log 80 | # GET PID from com.android.phone 81 | ./hijack -d -p PID -l /data/local/tmp/libexample.so 82 | cat adbi_example.log 83 | ``` 84 | 85 | output should look similar to: 86 | 87 | ``` 88 | started 89 | hooking: epoll_wait = 0x4004c378 ARM using 0x4a84a588 90 | epoll_wait() called 91 | epoll_wait() called 92 | epoll_wait() called 93 | removing hook for epoll_wait() 94 | ``` 95 | 96 | -------------------------------------------------------------------------------- /LiBieGou/adbi-master/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cd hijack/jni 4 | ndk-build 5 | cd ../.. 6 | 7 | cd instruments 8 | cd base/jni 9 | ndk-build 10 | cd ../.. 11 | 12 | cd example/jni 13 | ndk-build 14 | cd ../.. 15 | 16 | cd .. 17 | 18 | -------------------------------------------------------------------------------- /LiBieGou/adbi-master/clean.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | rm -vrf ./hijack/libs ./hijack/obj ./instruments/base/obj ./instruments/example/libs ./instruments/example/obj 4 | -------------------------------------------------------------------------------- /LiBieGou/adbi-master/hijack/jni/Android.mk: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2009 The Android Open Source Project 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | LOCAL_PATH := $(call my-dir) 16 | 17 | include $(CLEAR_VARS) 18 | 19 | LOCAL_MODULE := hijack 20 | LOCAL_SRC_FILES := ../hijack.c 21 | LOCAL_ARM_MODE := arm 22 | LOCAL_CFLAGS := -g 23 | 24 | include $(BUILD_EXECUTABLE) 25 | -------------------------------------------------------------------------------- /LiBieGou/adbi-master/hijack/libs/armeabi/hijack: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/adbi-master/hijack/libs/armeabi/hijack -------------------------------------------------------------------------------- /LiBieGou/adbi-master/hijack/obj/local/armeabi/hijack: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/adbi-master/hijack/obj/local/armeabi/hijack -------------------------------------------------------------------------------- /LiBieGou/adbi-master/hijack/obj/local/armeabi/objs/hijack/__/hijack.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/adbi-master/hijack/obj/local/armeabi/objs/hijack/__/hijack.o -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/base/base.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Collin's Binary Instrumentation Tool/Framework for Android 3 | * Collin Mulliner 4 | * http://www.mulliner.org/android/ 5 | * 6 | * (c) 2012,2013 7 | * 8 | * License: LGPL v2.1 9 | * 10 | */ 11 | 12 | #define _GNU_SOURCE 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | #include 27 | 28 | #include "util.h" 29 | #include "hook.h" 30 | 31 | 32 | //static void __attribute__ ((constructor)) base_my_init(void); 33 | 34 | static char logfile[] = "/data/local/tmp/adbi.log"; 35 | 36 | static void logmsgtofile(char *msg) 37 | { 38 | int fp = open(logfile, O_WRONLY|O_APPEND); 39 | if (fp != -1) { 40 | write(fp, msg, strlen(msg)); 41 | close(fp); 42 | } 43 | } 44 | 45 | static void logmsgtostdout(char *msg) 46 | { 47 | write(1, msg, strlen(msg)); 48 | } 49 | 50 | void* set_logfunction(void *func) 51 | { 52 | void *old = log_function; 53 | log_function = func; 54 | return old; 55 | } 56 | 57 | static void base_my_init(void) 58 | { 59 | // set the log_function 60 | log_function = logmsgtofile; 61 | } 62 | -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/base/base.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Collin's Binary Instrumentation Tool/Framework for Android 3 | * Collin Mulliner 4 | * http://www.mulliner.org/android/ 5 | * 6 | * (c) 2012,2013 7 | * 8 | * License: LGPL v2.1 9 | * 10 | */ 11 | 12 | void* set_logfunction(void *func); 13 | -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/base/hook.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Collin's Binary Instrumentation Tool/Framework for Android 3 | * Collin Mulliner 4 | * 5 | * (c) 2012,2013 6 | * 7 | * License: LGPL v2.1 8 | * 9 | */ 10 | 11 | void (*log_function)(char *logmsg); 12 | 13 | #define log(...) \ 14 | {char __msg[1024] = {0};\ 15 | snprintf(__msg, sizeof(__msg)-1, __VA_ARGS__);\ 16 | log_function(__msg); } 17 | 18 | struct hook_t { 19 | unsigned int jump[3]; 20 | unsigned int store[3]; 21 | unsigned char jumpt[20]; 22 | unsigned char storet[20]; 23 | unsigned int orig; 24 | unsigned int patch; 25 | unsigned char thumb; 26 | unsigned char name[128]; 27 | void *data; 28 | }; 29 | 30 | int start_coms(int *coms, char *ptsn); 31 | 32 | void hook_cacheflush(unsigned int begin, unsigned int end); 33 | void hook_precall(struct hook_t *h); 34 | void hook_postcall(struct hook_t *h); 35 | int hook(struct hook_t *h, int pid, char *libname, char *funcname, void *hook_arm, void *hook_thumb); 36 | void unhook(struct hook_t *h); 37 | -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/base/jni/Android.mk: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2009 The Android Open Source Project 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | LOCAL_PATH := $(call my-dir) 16 | 17 | include $(CLEAR_VARS) 18 | 19 | LOCAL_MODULE := base 20 | LOCAL_SRC_FILES := ../util.c ../hook.c ../base.c 21 | LOCAL_ARM_MODE := arm 22 | 23 | include $(BUILD_STATIC_LIBRARY) 24 | -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/base/jni/Application.mk: -------------------------------------------------------------------------------- 1 | APP_MODULES := base 2 | -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/base/obj/local/armeabi/libbase.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/adbi-master/instruments/base/obj/local/armeabi/libbase.a -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/base/obj/local/armeabi/objs/base/__/base.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/adbi-master/instruments/base/obj/local/armeabi/objs/base/__/base.o -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/base/obj/local/armeabi/objs/base/__/hook.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/adbi-master/instruments/base/obj/local/armeabi/objs/base/__/hook.o -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/base/obj/local/armeabi/objs/base/__/util.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/adbi-master/instruments/base/obj/local/armeabi/objs/base/__/util.o -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/base/util.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Collin's Binary Instrumentation Tool/Framework for Android 3 | * Collin Mulliner 4 | * http://www.mulliner.org/android/ 5 | * 6 | * (c) 2012,2013 7 | * 8 | * License: LGPL v2.1 9 | * 10 | */ 11 | 12 | #include 13 | 14 | int find_name(pid_t pid, char *name, char *libn, unsigned long *addr); 15 | int find_libbase(pid_t pid, char *libn, unsigned long *addr); 16 | 17 | 18 | -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/example/hookjni.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Collin's Binary Instrumentation Tool/Framework for Android 3 | * Collin Mulliner 4 | * http://www.mulliner.org/android/ 5 | * 6 | * (c) 2012,2013 7 | * 8 | * License: LGPL v2.1 9 | * 10 | */ 11 | 12 | #define _GNU_SOURCE 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | 28 | #include 29 | #include 30 | 31 | #include "../base/hook.h" 32 | #include "../base/base.h" 33 | 34 | #undef log 35 | 36 | #define log(...) \ 37 | {FILE *fp = fopen("/data/local/tmp/adbi_example.log", "a+"); if (fp) {\ 38 | fprintf(fp, __VA_ARGS__);\ 39 | fclose(fp);}} 40 | 41 | 42 | // this file is going to be compiled into a thumb mode binary 43 | 44 | void __attribute__ ((constructor)) my_init(void); 45 | 46 | static struct hook_t eph; 47 | 48 | // for demo code only 49 | static int counter; 50 | 51 | // arm version of hook 52 | extern jstring my_Java_com_mzheng_libiegou_test2_MainActivity_stringFromJNI_arm(JNIEnv* env,jobject thiz,jint a,jint b); 53 | 54 | /* 55 | * log function to pass to the hooking library to implement central loggin 56 | * 57 | * see: set_logfunction() in base.h 58 | */ 59 | static void my_log(char *msg) 60 | { 61 | log("%s", msg) 62 | } 63 | 64 | jstring my_Java_com_mzheng_libiegou_test2_MainActivity_stringFromJNI(JNIEnv* env,jobject thiz,jint a,jint b) 65 | { 66 | jstring (*orig_stringFromJNI)(JNIEnv* env,jobject thiz,jint a,jint b); 67 | orig_stringFromJNI = (void*)eph.orig; 68 | 69 | a = 10; 70 | b = 10; 71 | 72 | hook_precall(&eph); 73 | jstring res = orig_stringFromJNI(env, thiz, a, b); 74 | if (counter) { 75 | hook_postcall(&eph); 76 | log("stringFromJNI() called\n"); 77 | counter--; 78 | if (!counter) 79 | log("removing hook for stringFromJNI()\n"); 80 | } 81 | 82 | return res; 83 | } 84 | 85 | void my_init(void) 86 | { 87 | counter = 3; 88 | 89 | log("%s started\n", __FILE__) 90 | 91 | set_logfunction(my_log); 92 | 93 | hook(&eph, getpid(), "libhello-jni.", "Java_com_mzheng_libiegou_test2_MainActivity_stringFromJNI", my_Java_com_mzheng_libiegou_test2_MainActivity_stringFromJNI_arm, my_Java_com_mzheng_libiegou_test2_MainActivity_stringFromJNI); 94 | } 95 | 96 | -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/example/hookjni_arm.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Collin's Binary Instrumentation Tool/Framework for Android 3 | * Collin Mulliner 4 | * http://www.mulliner.org/android/ 5 | * 6 | * (c) 2012,2013 7 | * 8 | * License: LGPL v2.1 9 | * 10 | */ 11 | 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | 18 | extern jstring my_Java_com_mzheng_libiegou_test2_MainActivity_stringFromJNI(JNIEnv* env,jobject thiz,jint a,jint b); 19 | 20 | jstring my_Java_com_mzheng_libiegou_test2_MainActivity_stringFromJNI_arm(JNIEnv* env,jobject thiz,jint a,jint b) 21 | { 22 | return my_Java_com_mzheng_libiegou_test2_MainActivity_stringFromJNI(env, thiz, a, b); 23 | } 24 | -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/example/jni/Android.mk: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2009 The Android Open Source Project 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | LOCAL_PATH := $(call my-dir) 16 | 17 | include $(CLEAR_VARS) 18 | LOCAL_MODULE := base 19 | LOCAL_SRC_FILES := ../../base/obj/local/armeabi/libbase.a 20 | LOCAL_EXPORT_C_INCLUDES := ../../base 21 | include $(PREBUILT_STATIC_LIBRARY) 22 | 23 | 24 | include $(CLEAR_VARS) 25 | LOCAL_MODULE := libexample 26 | LOCAL_SRC_FILES := ../hookjni.c ../hookjni_arm.c.arm 27 | LOCAL_CFLAGS := -g 28 | LOCAL_SHARED_LIBRARIES := dl 29 | LOCAL_STATIC_LIBRARIES := base 30 | include $(BUILD_SHARED_LIBRARY) 31 | -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/example/libs/armeabi/libexample.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/adbi-master/instruments/example/libs/armeabi/libexample.so -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/example/obj/local/armeabi/libexample.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/adbi-master/instruments/example/obj/local/armeabi/libexample.so -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/example/obj/local/armeabi/objs/example/__/hookjni.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/adbi-master/instruments/example/obj/local/armeabi/objs/example/__/hookjni.o -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/example/obj/local/armeabi/objs/example/__/hookjni_arm.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/adbi-master/instruments/example/obj/local/armeabi/objs/example/__/hookjni_arm.o -------------------------------------------------------------------------------- /LiBieGou/adbi-master/instruments/example/obj/local/armeabi/objs/example/__/hookjni_arm.o.d: -------------------------------------------------------------------------------- 1 | /home/aliray/7weapons/libiegou/adbi-master/instruments/example/obj/local/armeabi/objs/example/__/hookjni_arm.o: \ 2 | /home/aliray/7weapons/libiegou/adbi-master/instruments/example/jni/../hookjni_arm.c \ 3 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/types.h \ 4 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/stdint.h \ 5 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/_types.h \ 6 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/machine/_types.h \ 7 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/_wchar_limits.h \ 8 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/android/api-level.h \ 9 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/cdefs.h \ 10 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/cdefs_elf.h \ 11 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/linux/posix_types.h \ 12 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/linux/stddef.h \ 13 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/linux/compiler.h \ 14 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/asm/posix_types.h \ 15 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/asm/types.h \ 16 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/linux/types.h \ 17 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/machine/kernel.h \ 18 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/sysmacros.h \ 19 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/string.h \ 20 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/malloc.h \ 21 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/stdio.h \ 22 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/stdlib.h \ 23 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/alloca.h \ 24 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/strings.h \ 25 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/memory.h \ 26 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/jni.h 27 | 28 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/types.h: 29 | 30 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/stdint.h: 31 | 32 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/_types.h: 33 | 34 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/machine/_types.h: 35 | 36 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/_wchar_limits.h: 37 | 38 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/android/api-level.h: 39 | 40 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/cdefs.h: 41 | 42 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/cdefs_elf.h: 43 | 44 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/linux/posix_types.h: 45 | 46 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/linux/stddef.h: 47 | 48 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/linux/compiler.h: 49 | 50 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/asm/posix_types.h: 51 | 52 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/asm/types.h: 53 | 54 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/linux/types.h: 55 | 56 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/machine/kernel.h: 57 | 58 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/sysmacros.h: 59 | 60 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/string.h: 61 | 62 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/malloc.h: 63 | 64 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/stdio.h: 65 | 66 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/stdlib.h: 67 | 68 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/alloca.h: 69 | 70 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/strings.h: 71 | 72 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/memory.h: 73 | 74 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/jni.h: 75 | -------------------------------------------------------------------------------- /LiBieGou/reference/ptrace.h: -------------------------------------------------------------------------------- 1 | //./platforms/android-21/arch-arm/usr/include/asm/ptrace.h 2 | 3 | /**************************************************************************** 4 | **************************************************************************** 5 | *** 6 | *** This header was automatically generated from a Linux kernel header 7 | *** of the same name, to make information necessary for userspace to 8 | *** call into the kernel available to libc. It contains only constants, 9 | *** structures, and macros generated from the original header, and thus, 10 | *** contains no copyrightable information. 11 | *** 12 | *** To edit the content of this header, modify the corresponding 13 | *** source file (e.g. under external/kernel-headers/original/) then 14 | *** run bionic/libc/kernel/tools/update_all.py 15 | *** 16 | *** Any manual change here will be lost the next time this script will 17 | *** be run. You've been warned! 18 | *** 19 | **************************************************************************** 20 | ****************************************************************************/ 21 | #ifndef _UAPI__ASM_ARM_PTRACE_H 22 | #define _UAPI__ASM_ARM_PTRACE_H 23 | #include 24 | #define PTRACE_GETREGS 12 25 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 26 | #define PTRACE_SETREGS 13 27 | #define PTRACE_GETFPREGS 14 28 | #define PTRACE_SETFPREGS 15 29 | #define PTRACE_GETWMMXREGS 18 30 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 31 | #define PTRACE_SETWMMXREGS 19 32 | #define PTRACE_OLDSETOPTIONS 21 33 | #define PTRACE_GET_THREAD_AREA 22 34 | #define PTRACE_SET_SYSCALL 23 35 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 36 | #define PTRACE_GETCRUNCHREGS 25 37 | #define PTRACE_SETCRUNCHREGS 26 38 | #define PTRACE_GETVFPREGS 27 39 | #define PTRACE_SETVFPREGS 28 40 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 41 | #define PTRACE_GETHBPREGS 29 42 | #define PTRACE_SETHBPREGS 30 43 | #define USR26_MODE 0x00000000 44 | #define FIQ26_MODE 0x00000001 45 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 46 | #define IRQ26_MODE 0x00000002 47 | #define SVC26_MODE 0x00000003 48 | #define USR_MODE 0x00000010 49 | #define SVC_MODE 0x00000013 50 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 51 | #define FIQ_MODE 0x00000011 52 | #define IRQ_MODE 0x00000012 53 | #define ABT_MODE 0x00000017 54 | #define HYP_MODE 0x0000001a 55 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 56 | #define UND_MODE 0x0000001b 57 | #define SYSTEM_MODE 0x0000001f 58 | #define MODE32_BIT 0x00000010 59 | #define MODE_MASK 0x0000001f 60 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 61 | #define V4_PSR_T_BIT 0x00000020 62 | #define V7M_PSR_T_BIT 0x01000000 63 | #define PSR_T_BIT V4_PSR_T_BIT 64 | #define PSR_F_BIT 0x00000040 65 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 66 | #define PSR_I_BIT 0x00000080 67 | #define PSR_A_BIT 0x00000100 68 | #define PSR_E_BIT 0x00000200 69 | #define PSR_J_BIT 0x01000000 70 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 71 | #define PSR_Q_BIT 0x08000000 72 | #define PSR_V_BIT 0x10000000 73 | #define PSR_C_BIT 0x20000000 74 | #define PSR_Z_BIT 0x40000000 75 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 76 | #define PSR_N_BIT 0x80000000 77 | #define PSR_f 0xff000000 78 | #define PSR_s 0x00ff0000 79 | #define PSR_x 0x0000ff00 80 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 81 | #define PSR_c 0x000000ff 82 | #define APSR_MASK 0xf80f0000 83 | #define PSR_ISET_MASK 0x01000010 84 | #define PSR_IT_MASK 0x0600fc00 85 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 86 | #define PSR_ENDIAN_MASK 0x00000200 87 | #define PSR_ENDSTATE 0 88 | #define PT_TEXT_ADDR 0x10000 89 | #define PT_DATA_ADDR 0x10004 90 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 91 | #define PT_TEXT_END_ADDR 0x10008 92 | #ifndef __ASSEMBLY__ 93 | struct pt_regs { 94 | long uregs[18]; 95 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 96 | }; 97 | #define ARM_cpsr uregs[16] 98 | #define ARM_pc uregs[15] 99 | #define ARM_lr uregs[14] 100 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 101 | #define ARM_sp uregs[13] 102 | #define ARM_ip uregs[12] 103 | #define ARM_fp uregs[11] 104 | #define ARM_r10 uregs[10] 105 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 106 | #define ARM_r9 uregs[9] 107 | #define ARM_r8 uregs[8] 108 | #define ARM_r7 uregs[7] 109 | #define ARM_r6 uregs[6] 110 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 111 | #define ARM_r5 uregs[5] 112 | #define ARM_r4 uregs[4] 113 | #define ARM_r3 uregs[3] 114 | #define ARM_r2 uregs[2] 115 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 116 | #define ARM_r1 uregs[1] 117 | #define ARM_r0 uregs[0] 118 | #define ARM_ORIG_r0 uregs[17] 119 | #define ARM_VFPREGS_SIZE ( 32 * 8 + 4 ) 120 | /* WARNING: DO NOT EDIT, AUTO-GENERATED CODE - SEE TOP FOR INSTRUCTIONS */ 121 | #endif 122 | #endif 123 | -------------------------------------------------------------------------------- /LiBieGou/test1/jni/Android.mk: -------------------------------------------------------------------------------- 1 | LOCAL_PATH := $(call my-dir) 2 | 3 | include $(CLEAR_VARS) 4 | LOCAL_MODULE := target 5 | LOCAL_SRC_FILES := target.c.arm 6 | 7 | include $(BUILD_EXECUTABLE) 8 | 9 | ########################################################### 10 | 11 | include $(CLEAR_VARS) 12 | LOCAL_MODULE := hook1 13 | LOCAL_SRC_FILES := hook1.c 14 | 15 | include $(BUILD_EXECUTABLE) 16 | 17 | ########################################################### 18 | 19 | include $(CLEAR_VARS) 20 | LOCAL_MODULE := hook2 21 | LOCAL_SRC_FILES := hook2.c 22 | 23 | include $(BUILD_EXECUTABLE) 24 | 25 | ########################################################### 26 | 27 | include $(CLEAR_VARS) 28 | LOCAL_MODULE := hook3 29 | LOCAL_SRC_FILES := hook3.c 30 | 31 | include $(BUILD_EXECUTABLE) 32 | 33 | 34 | ########################################################### 35 | 36 | include $(CLEAR_VARS) 37 | LOCAL_MODULE := inject 38 | LOCAL_SRC_FILES := inject.c 39 | LOCAL_LDLIBS := -llog 40 | 41 | include $(BUILD_SHARED_LIBRARY) 42 | 43 | ########################################################### 44 | 45 | include $(CLEAR_VARS) 46 | LOCAL_MODULE := inject2 47 | LOCAL_SRC_FILES := inject2.c.arm 48 | LOCAL_LDLIBS := -llog 49 | 50 | include $(BUILD_SHARED_LIBRARY) 51 | 52 | ########################################################### 53 | 54 | include $(CLEAR_VARS) 55 | LOCAL_MODULE := hook4 56 | LOCAL_SRC_FILES := hook4.c 57 | 58 | include $(BUILD_EXECUTABLE) 59 | 60 | ########################################################### 61 | 62 | include $(CLEAR_VARS) 63 | LOCAL_MODULE := hook5 64 | LOCAL_SRC_FILES := hook5.c 65 | 66 | include $(BUILD_EXECUTABLE) 67 | 68 | 69 | 70 | 71 | -------------------------------------------------------------------------------- /LiBieGou/test1/jni/Application.mk: -------------------------------------------------------------------------------- 1 | APP_ABI := armeabi 2 | 3 | 4 | -------------------------------------------------------------------------------- /LiBieGou/test1/jni/hook1.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | long getSysCallNo(int pid, struct pt_regs *regs) 12 | { 13 | long scno = 0; 14 | scno = ptrace(PTRACE_PEEKTEXT, pid, (void *)(regs->ARM_pc - 4), NULL); 15 | if(scno == 0) 16 | return 0; 17 | 18 | if (scno == 0xef000000) { 19 | scno = regs->ARM_r7; 20 | } else { 21 | if ((scno & 0x0ff00000) != 0x0f900000) { 22 | return -1; 23 | } 24 | scno &= 0x000fffff; 25 | } 26 | return scno; 27 | } 28 | 29 | void hookSysCallBefore(pid_t pid) 30 | { 31 | struct pt_regs regs; 32 | int sysCallNo = 0; 33 | 34 | ptrace(PTRACE_GETREGS, pid, NULL, ®s); 35 | sysCallNo = getSysCallNo(pid, ®s); 36 | printf("Before SysCallNo = %d\n",sysCallNo); 37 | 38 | if(sysCallNo == __NR_write) 39 | { 40 | printf("__NR_write: %ld %p %ld\n",regs.ARM_r0,(void*)regs.ARM_r1,regs.ARM_r2); 41 | } 42 | } 43 | 44 | void hookSysCallAfter(pid_t pid) 45 | { 46 | struct pt_regs regs; 47 | int sysCallNo = 0; 48 | 49 | ptrace(PTRACE_GETREGS, pid, NULL, ®s); 50 | sysCallNo = getSysCallNo(pid, ®s); 51 | 52 | printf("After SysCallNo = %d\n",sysCallNo); 53 | 54 | if(sysCallNo == __NR_write) 55 | { 56 | printf("__NR_write return: %ld\n",regs.ARM_r0); 57 | } 58 | 59 | printf("\n"); 60 | } 61 | 62 | int main(int argc, char *argv[]) 63 | { 64 | if(argc != 2) { 65 | printf("Usage: %s \n", argv[0]); 66 | return 1; 67 | } 68 | 69 | pid_t pid; 70 | int status; 71 | pid = atoi(argv[1]); 72 | 73 | if(0 != ptrace(PTRACE_ATTACH, pid, NULL, NULL)) 74 | { 75 | printf("Trace process failed:%d.\n", errno); 76 | return 1; 77 | } 78 | 79 | ptrace(PTRACE_SYSCALL, pid, NULL, NULL); 80 | 81 | while(1) 82 | { 83 | wait(&status); 84 | hookSysCallBefore(pid); 85 | ptrace(PTRACE_SYSCALL, pid, NULL, NULL); 86 | 87 | wait(&status); 88 | hookSysCallAfter(pid); 89 | ptrace(PTRACE_SYSCALL, pid, NULL, NULL); 90 | } 91 | 92 | ptrace(PTRACE_DETACH, pid, NULL, NULL); 93 | return 0; 94 | } 95 | -------------------------------------------------------------------------------- /LiBieGou/test1/jni/hook2.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | const int long_size = sizeof(long); 12 | 13 | long getSysCallNo(int pid, struct pt_regs *regs) 14 | { 15 | long scno = 0; 16 | scno = ptrace(PTRACE_PEEKTEXT, pid, (void *)(regs->ARM_pc - 4), NULL); 17 | if(scno == 0) 18 | return 0; 19 | 20 | if (scno == 0xef000000) { 21 | scno = regs->ARM_r7; 22 | } else { 23 | if ((scno & 0x0ff00000) != 0x0f900000) { 24 | return -1; 25 | } 26 | scno &= 0x000fffff; 27 | } 28 | return scno; 29 | } 30 | 31 | void reverse(char *str) 32 | { int i, j; 33 | char temp; 34 | for(i = 0, j = strlen(str) - 2; 35 | i <= j; ++i, --j) { 36 | temp = str[i]; 37 | str[i] = str[j]; 38 | str[j] = temp; 39 | } 40 | } 41 | 42 | void getdata(pid_t child, long addr, 43 | char *str, int len) 44 | { char *laddr; 45 | int i, j; 46 | union u { 47 | long val; 48 | char chars[long_size]; 49 | }data; 50 | i = 0; 51 | j = len / long_size; 52 | laddr = str; 53 | while(i < j) { 54 | data.val = ptrace(PTRACE_PEEKDATA, 55 | child, addr + i * 4, 56 | NULL); 57 | memcpy(laddr, data.chars, long_size); 58 | ++i; 59 | laddr += long_size; 60 | } 61 | j = len % long_size; 62 | if(j != 0) { 63 | data.val = ptrace(PTRACE_PEEKDATA, 64 | child, addr + i * 4, 65 | NULL); 66 | memcpy(laddr, data.chars, j); 67 | } 68 | str[len] = '\0'; 69 | } 70 | 71 | void putdata(pid_t child, long addr, 72 | char *str, int len) 73 | { char *laddr; 74 | int i, j; 75 | union u { 76 | long val; 77 | char chars[long_size]; 78 | }data; 79 | i = 0; 80 | j = len / long_size; 81 | laddr = str; 82 | while(i < j) { 83 | memcpy(data.chars, laddr, long_size); 84 | ptrace(PTRACE_POKEDATA, child, 85 | addr + i * 4, data.val); 86 | ++i; 87 | laddr += long_size; 88 | } 89 | j = len % long_size; 90 | if(j != 0) { 91 | memcpy(data.chars, laddr, j); 92 | ptrace(PTRACE_POKEDATA, child, 93 | addr + i * 4, data.val); 94 | } 95 | } 96 | 97 | 98 | void modifyString(pid_t pid, long addr, long strlen) 99 | { 100 | char* str; 101 | str = (char *)calloc((strlen+1) * sizeof(char), 1); 102 | getdata(pid, addr, str, strlen); 103 | reverse(str); 104 | putdata(pid, addr, str, strlen); 105 | } 106 | 107 | void hookSysCallBefore(pid_t pid) 108 | { 109 | struct pt_regs regs; 110 | int sysCallNo = 0; 111 | 112 | ptrace(PTRACE_GETREGS, pid, NULL, ®s); 113 | sysCallNo = getSysCallNo(pid, ®s); 114 | printf("Before SysCallNo = %d\n",sysCallNo); 115 | 116 | if(sysCallNo == __NR_write) 117 | { 118 | printf("__NR_write: %ld %p %ld\n",regs.ARM_r0,(void*)regs.ARM_r1,regs.ARM_r2); 119 | modifyString(pid, regs.ARM_r1, regs.ARM_r2); 120 | } 121 | } 122 | 123 | void hookSysCallAfter(pid_t pid) 124 | { 125 | struct pt_regs regs; 126 | int sysCallNo = 0; 127 | 128 | ptrace(PTRACE_GETREGS, pid, NULL, ®s); 129 | sysCallNo = getSysCallNo(pid, ®s); 130 | 131 | printf("After SysCallNo = %d\n",sysCallNo); 132 | 133 | if(sysCallNo == __NR_write) 134 | { 135 | printf("__NR_write return: %ld\n",regs.ARM_r0); 136 | } 137 | 138 | printf("\n"); 139 | } 140 | 141 | int main(int argc, char *argv[]) 142 | { 143 | if(argc != 2) { 144 | printf("Usage: %s \n", argv[0]); 145 | return 1; 146 | } 147 | 148 | pid_t pid; 149 | int status; 150 | pid = atoi(argv[1]); 151 | 152 | if(0 != ptrace(PTRACE_ATTACH, pid, NULL, NULL)) 153 | { 154 | printf("Trace process failed:%d.\n", errno); 155 | return 1; 156 | } 157 | 158 | ptrace(PTRACE_SYSCALL, pid, NULL, NULL); 159 | 160 | while(1) 161 | { 162 | wait(&status); 163 | hookSysCallBefore(pid); 164 | ptrace(PTRACE_SYSCALL, pid, NULL, NULL); 165 | 166 | wait(&status); 167 | hookSysCallAfter(pid); 168 | ptrace(PTRACE_SYSCALL, pid, NULL, NULL); 169 | } 170 | 171 | ptrace(PTRACE_DETACH, pid, NULL, NULL); 172 | return 0; 173 | } 174 | -------------------------------------------------------------------------------- /LiBieGou/test1/jni/hook3.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | #define CPSR_T_MASK ( 1u << 5 ) 16 | 17 | const char *libc_path = "/system/lib/libc.so"; 18 | const int long_size = sizeof(long); 19 | 20 | int ptrace_setregs(pid_t pid, struct pt_regs * regs) 21 | { 22 | if (ptrace(PTRACE_SETREGS, pid, NULL, regs) < 0) { 23 | perror("ptrace_setregs: Can not set register values"); 24 | return -1; 25 | } 26 | 27 | return 0; 28 | } 29 | 30 | int ptrace_continue(pid_t pid) 31 | { 32 | if (ptrace(PTRACE_CONT, pid, NULL, 0) < 0) { 33 | perror("ptrace_cont"); 34 | return -1; 35 | } 36 | 37 | return 0; 38 | } 39 | 40 | void putdata(pid_t child, long addr, 41 | char *str, int len) 42 | { char *laddr; 43 | int i, j; 44 | union u { 45 | long val; 46 | char chars[long_size]; 47 | }data; 48 | i = 0; 49 | j = len / long_size; 50 | laddr = str; 51 | while(i < j) { 52 | memcpy(data.chars, laddr, long_size); 53 | ptrace(PTRACE_POKEDATA, child, 54 | addr + i * 4, data.val); 55 | ++i; 56 | laddr += long_size; 57 | } 58 | j = len % long_size; 59 | if(j != 0) { 60 | memcpy(data.chars, laddr, j); 61 | ptrace(PTRACE_POKEDATA, child, 62 | addr + i * 4, data.val); 63 | } 64 | } 65 | 66 | 67 | void* get_module_base(pid_t pid, const char* module_name) 68 | { 69 | FILE *fp; 70 | long addr = 0; 71 | char *pch; 72 | char filename[32]; 73 | char line[1024]; 74 | 75 | if (pid == 0) { 76 | snprintf(filename, sizeof(filename), "/proc/self/maps"); 77 | } else { 78 | snprintf(filename, sizeof(filename), "/proc/%d/maps", pid); 79 | } 80 | 81 | fp = fopen(filename, "r"); 82 | 83 | if (fp != NULL) { 84 | while (fgets(line, sizeof(line), fp)) { 85 | if (strstr(line, module_name)) { 86 | pch = strtok( line, "-" ); 87 | addr = strtoul( pch, NULL, 16 ); 88 | 89 | if (addr == 0x8000) 90 | addr = 0; 91 | 92 | break; 93 | } 94 | } 95 | 96 | fclose(fp) ; 97 | } 98 | 99 | return (void *)addr; 100 | } 101 | 102 | 103 | long get_remote_addr(pid_t target_pid, const char* module_name, void* local_addr) 104 | { 105 | void* local_handle, *remote_handle; 106 | 107 | local_handle = get_module_base(0, module_name); 108 | remote_handle = get_module_base(target_pid, module_name); 109 | 110 | printf("module_base: local[%p], remote[%p]\n", local_handle, remote_handle); 111 | 112 | long ret_addr = (long)((uint32_t)local_addr + (uint32_t)remote_handle - (uint32_t)local_handle); 113 | 114 | printf("remote_addr: [%p]\n", (void*) ret_addr); 115 | 116 | return ret_addr; 117 | } 118 | 119 | int ptrace_call(pid_t pid, long addr, long *params, uint32_t num_params, struct pt_regs* regs) 120 | { 121 | uint32_t i; 122 | for (i = 0; i < num_params && i < 4; i ++) { 123 | regs->uregs[i] = params[i]; 124 | } 125 | // 126 | // push remained params onto stack 127 | // 128 | if (i < num_params) { 129 | regs->ARM_sp -= (num_params - i) * sizeof(long) ; 130 | putdata(pid, (long)regs->ARM_sp, (char*)¶ms[i], (num_params - i) * sizeof(long)); 131 | } 132 | 133 | regs->ARM_pc = addr; 134 | if (regs->ARM_pc & 1) { 135 | /* thumb */ 136 | regs->ARM_pc &= (~1u); 137 | regs->ARM_cpsr |= CPSR_T_MASK; 138 | } else { 139 | /* arm */ 140 | regs->ARM_cpsr &= ~CPSR_T_MASK; 141 | } 142 | 143 | regs->ARM_lr = 0; 144 | 145 | if (ptrace_setregs(pid, regs) == -1 146 | || ptrace_continue(pid) == -1) { 147 | printf("error\n"); 148 | return -1; 149 | } 150 | 151 | int stat = 0; 152 | waitpid(pid, &stat, WUNTRACED); 153 | while (stat != 0xb7f) { 154 | if (ptrace_continue(pid) == -1) { 155 | printf("error\n"); 156 | return -1; 157 | } 158 | waitpid(pid, &stat, WUNTRACED); 159 | } 160 | 161 | return 0; 162 | } 163 | 164 | 165 | void inject(pid_t pid) 166 | { 167 | struct pt_regs old_regs,regs; 168 | long sleep_addr; 169 | 170 | //save old regs 171 | ptrace(PTRACE_GETREGS, pid, NULL, &old_regs); 172 | memcpy(®s, &old_regs, sizeof(regs)); 173 | 174 | printf("getting remote sleep_addr:\n"); 175 | sleep_addr = get_remote_addr(pid, libc_path, (void *)sleep); 176 | 177 | long parameters[1]; 178 | parameters[0] = 10; 179 | 180 | ptrace_call(pid, sleep_addr, parameters, 1, ®s); 181 | 182 | //restore old regs 183 | ptrace(PTRACE_SETREGS, pid, NULL, &old_regs); 184 | } 185 | 186 | 187 | int main(int argc, char *argv[]) 188 | { 189 | if(argc != 2) { 190 | printf("Usage: %s \n", argv[0]); 191 | return 1; 192 | } 193 | 194 | pid_t pid; 195 | int status; 196 | pid = atoi(argv[1]); 197 | 198 | if(0 != ptrace(PTRACE_ATTACH, pid, NULL, NULL)) 199 | { 200 | printf("Trace process failed:%d.\n", errno); 201 | return 1; 202 | } 203 | 204 | inject(pid); 205 | 206 | ptrace(PTRACE_DETACH, pid, NULL, 0); 207 | 208 | return 0; 209 | } 210 | -------------------------------------------------------------------------------- /LiBieGou/test1/jni/inject.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | #define LOG_TAG "DEBUG" 9 | #define LOGD(fmt, args...) __android_log_print(ANDROID_LOG_DEBUG, LOG_TAG, fmt, ##args) 10 | 11 | int mzhengHook(char * str){ 12 | printf("mzheng Hook pid = %d\n", getpid()); 13 | printf("Hello %s\n", str); 14 | LOGD("mzheng Hook pid = %d\n", getpid()); 15 | LOGD("Hello %s\n", str); 16 | return 0; 17 | } 18 | 19 | -------------------------------------------------------------------------------- /LiBieGou/test1/jni/inject2.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | 20 | #define LOG_TAG "DEBUG" 21 | #define LOGD(fmt, args...) __android_log_print(ANDROID_LOG_DEBUG, LOG_TAG, fmt, ##args) 22 | 23 | 24 | long hookaddr = 0x84f4; 25 | char* targetPath = "/data/local/tmp/target"; 26 | static struct hook_t eph; 27 | 28 | struct hook_t { 29 | unsigned int jump[3]; 30 | unsigned int store[3]; 31 | unsigned int orig; 32 | unsigned int patch; 33 | }; 34 | 35 | void inline hook_cacheflush(unsigned int begin, unsigned int end) 36 | { 37 | const int syscall = 0xf0002; 38 | 39 | __asm __volatile ( 40 | "mov r0, %0\n" 41 | "mov r1, %1\n" 42 | "mov r7, %2\n" 43 | "mov r2, #0x0\n" 44 | "svc 0x00000000\n" 45 | : 46 | : "r" (begin), "r" (end), "r" (syscall) 47 | : "r0", "r1", "r7" 48 | ); 49 | } 50 | 51 | void hook_precall(struct hook_t *h) 52 | { 53 | int i; 54 | for (i = 0; i < 3; i++) 55 | ((int*)h->orig)[i] = h->store[i]; 56 | 57 | hook_cacheflush((unsigned int)h->orig, (unsigned int)h->orig+sizeof(h->jump)*10); 58 | } 59 | 60 | void hook_postcall(struct hook_t *h) 61 | { 62 | int i; 63 | 64 | for (i = 0; i < 3; i++) 65 | ((int*)h->orig)[i] = h->jump[i]; 66 | 67 | hook_cacheflush((unsigned int)h->orig, (unsigned int)h->orig+sizeof(h->jump)*10); 68 | } 69 | 70 | 71 | int hook_direct(struct hook_t *h, unsigned int addr, void *hookf) 72 | { 73 | int i; 74 | 75 | printf("addr = %x\n", addr); 76 | printf("hookf = %x\n", (unsigned int)hookf); 77 | 78 | //mprotect 79 | mprotect((void*)0x8000, 0xa000-0x8000, PROT_READ|PROT_WRITE|PROT_EXEC); 80 | 81 | //modify function entry 82 | h->patch = (unsigned int)hookf; 83 | h->orig = addr; 84 | h->jump[0] = 0xe59ff000; // LDR pc, [pc, #0] 85 | h->jump[1] = h->patch; 86 | h->jump[2] = h->patch; 87 | for (i = 0; i < 3; i++) 88 | h->store[i] = ((int*)h->orig)[i]; 89 | for (i = 0; i < 3; i++) 90 | ((int*)h->orig)[i] = h->jump[i]; 91 | 92 | //cacheflush 93 | hook_cacheflush((unsigned int)h->orig, (unsigned int)h->orig+sizeof(h->jump)); 94 | return 1; 95 | } 96 | 97 | void __attribute__ ((noinline)) my_sevenWeapons(int number) 98 | { 99 | printf("sevenWeapons() called, number = %d\n", number); 100 | number*=2; 101 | 102 | void (*orig_sevenWeapons)(int number); 103 | orig_sevenWeapons = (void*)eph.orig; 104 | 105 | hook_precall(&eph); 106 | orig_sevenWeapons(number); 107 | hook_postcall(&eph); 108 | 109 | } 110 | 111 | 112 | int mzhengHook(char * str){ 113 | printf("mzheng Hook pid = %d\n", getpid()); 114 | printf("Hello %s\n", str); 115 | hook_direct(&eph,hookaddr,my_sevenWeapons); 116 | 117 | return 0; 118 | } 119 | 120 | -------------------------------------------------------------------------------- /LiBieGou/test1/jni/target.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int count = 0; 5 | 6 | void sevenWeapons(int number) 7 | { 8 | char* str = "Hello,LiBieGou!"; 9 | printf("%s %d\n",str,number); 10 | } 11 | 12 | int main() 13 | { 14 | while(1) 15 | { 16 | sevenWeapons(count); 17 | count++; 18 | sleep(1); 19 | } 20 | return 0; 21 | } 22 | 23 | -------------------------------------------------------------------------------- /LiBieGou/test1/libs/armeabi/hook1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/libs/armeabi/hook1 -------------------------------------------------------------------------------- /LiBieGou/test1/libs/armeabi/hook2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/libs/armeabi/hook2 -------------------------------------------------------------------------------- /LiBieGou/test1/libs/armeabi/hook3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/libs/armeabi/hook3 -------------------------------------------------------------------------------- /LiBieGou/test1/libs/armeabi/hook4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/libs/armeabi/hook4 -------------------------------------------------------------------------------- /LiBieGou/test1/libs/armeabi/hook5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/libs/armeabi/hook5 -------------------------------------------------------------------------------- /LiBieGou/test1/libs/armeabi/libinject.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/libs/armeabi/libinject.so -------------------------------------------------------------------------------- /LiBieGou/test1/libs/armeabi/libinject2.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/libs/armeabi/libinject2.so -------------------------------------------------------------------------------- /LiBieGou/test1/libs/armeabi/target: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/libs/armeabi/target -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/hook1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/obj/local/armeabi/hook1 -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/hook2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/obj/local/armeabi/hook2 -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/hook3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/obj/local/armeabi/hook3 -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/hook4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/obj/local/armeabi/hook4 -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/hook5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/obj/local/armeabi/hook5 -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/libinject.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/obj/local/armeabi/libinject.so -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/libinject2.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/obj/local/armeabi/libinject2.so -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/objs/hook1/hook1.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/obj/local/armeabi/objs/hook1/hook1.o -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/objs/hook2/hook2.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/obj/local/armeabi/objs/hook2/hook2.o -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/objs/hook3/hook3.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/obj/local/armeabi/objs/hook3/hook3.o -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/objs/hook4/hook4.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/obj/local/armeabi/objs/hook4/hook4.o -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/objs/hook5/hook5.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/obj/local/armeabi/objs/hook5/hook5.o -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/objs/inject/inject.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/obj/local/armeabi/objs/inject/inject.o -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/objs/inject2/inject2.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/obj/local/armeabi/objs/inject2/inject2.o -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/objs/target/target.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/obj/local/armeabi/objs/target/target.o -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/objs/target/target.o.d: -------------------------------------------------------------------------------- 1 | /home/aliray/7weapons/libiegou/test1/obj/local/armeabi/objs/target/target.o: \ 2 | /home/aliray/7weapons/libiegou/test1/jni/target.c \ 3 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/stdio.h \ 4 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/cdefs.h \ 5 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/cdefs_elf.h \ 6 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/android/api-level.h \ 7 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/types.h \ 8 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/stdint.h \ 9 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/_types.h \ 10 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/machine/_types.h \ 11 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/_wchar_limits.h \ 12 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/linux/posix_types.h \ 13 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/linux/stddef.h \ 14 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/linux/compiler.h \ 15 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/asm/posix_types.h \ 16 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/asm/types.h \ 17 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/linux/types.h \ 18 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/machine/kernel.h \ 19 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/sysmacros.h \ 20 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/string.h \ 21 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/malloc.h 22 | 23 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/stdio.h: 24 | 25 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/cdefs.h: 26 | 27 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/cdefs_elf.h: 28 | 29 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/android/api-level.h: 30 | 31 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/types.h: 32 | 33 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/stdint.h: 34 | 35 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/_types.h: 36 | 37 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/machine/_types.h: 38 | 39 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/_wchar_limits.h: 40 | 41 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/linux/posix_types.h: 42 | 43 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/linux/stddef.h: 44 | 45 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/linux/compiler.h: 46 | 47 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/asm/posix_types.h: 48 | 49 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/asm/types.h: 50 | 51 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/linux/types.h: 52 | 53 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/machine/kernel.h: 54 | 55 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/sys/sysmacros.h: 56 | 57 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/string.h: 58 | 59 | /home/aliray/tools/android-ndk-r10e/platforms/android-3/arch-arm/usr/include/malloc.h: 60 | -------------------------------------------------------------------------------- /LiBieGou/test1/obj/local/armeabi/target: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test1/obj/local/armeabi/target -------------------------------------------------------------------------------- /LiBieGou/test2/test2.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhengmin1989/TheSevenWeapons/77369c8d64209126c842469fe0291b1b504797ca/LiBieGou/test2/test2.apk -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | 作者微博:蒸米spark 2 | http://www.weibo.com/zhengmin1989 3 | 4 | 文章地址: 5 | http://drops.wooyun.org/author/%E8%92%B8%E7%B1%B3 6 | 7 | 随着移动安全越来越火,各种调试工具也都层出不穷,但因为环境和需求的不同,并没有工具是万能的。另外工具是死的,人是活的,如果能搞懂工具的原理再结合上自身的经验,你也可以创造出属于自己的调试武器。因此,笔者将会在这一系列文章中分享一些自己经常用或原创的调试工具以及手段,希望能对国内移动安全的研究起到一些催化剂的作用。 8 | 9 | 目录如下: 10 | 11 | 安卓动态调试七种武器之长生剑 - Smali Instrumentation 12 | 13 | 安卓动态调试七种武器之孔雀翎 - Ida 14 | 15 | 安卓动态调试七种武器之离别钩 - Hooking 16 | 17 | 安卓动态调试七种武器之碧玉刀 - Customized DVM 18 | 19 | 安卓动态调试七种武器之多情环 - Customized Kernel 20 | 21 | 安卓动态调试七种武器之霸王枪 - Anti Anti-debugging 22 | 23 | 安卓动态调试七种武器之拳头 - Tricks & Summary 24 | 25 | --------------------------------------------------------------------------------