def modify_hook_java(apk_file_path): print("[inject] 修改hook java音频代码 " + apk_file_path) # result = os.system("sed -i '' 's/Landroid\/media\/AudioTrack;/Lcom\/playin\/hook\/HookJava;/g' `grep 'Landroid/media/AudioTrack;' -rl " + apk_file_path + " --include 'FMODAudioDevice.smali'`") result = os.system( "sed -i '' 's/Landroid\/media\/AudioTrack;/Lcom\/playin\/hook\/HookJava;/g' `grep 'Landroid/media/AudioTrack;' -rl " + apk_file_path + " --exclude 'HookJava.smali'`") tool.check_command(result)
def copy_smali_apk(apk_file_path): # print(apk_file_path) # c3 = apk_file_path + "/smali_classes4" # print("------> ", c3, os.path.exists(c3)) temp_path = os.getcwd() + "/../temp" src_smali = temp_path + "/outputSmali/*" # 获取samli路径, python不熟悉又赶时间,这边直接面向过程写死代码,后期有时间在优化 apk_smali = apk_file_path + "/smali" c2 = apk_file_path + "/smali_classes2" c3 = apk_file_path + "/smali_classes3" c4 = apk_file_path + "/smali_classes4" c5 = apk_file_path + "/smali_classes5" if (os.path.exists(c2)): apk_smali = c2 if (os.path.exists(c3)): apk_smali = c3 if (os.path.exists(c4)): apk_smali = c4 if (os.path.exists(c5)): apk_smali = c5 print("[inject] 查找apk里samli路径为: " + apk_smali) result = os.system("cp -r " + src_smali + " " + apk_smali) tool.check_command(result) print("[inject] 拷贝注入的smali到目标apk里面")
def modify_main_activity_class(main_activity_path): print("[inject] main_activity_path准备添加自定义方法调用") injectResult = False file_data = "" # 查找onCreate方法 with open(main_activity_path, "r") as f: flag = False count = 0 for line in f: if ".method protected onCreate(Landroid/os/Bundle;)V" in line: print("[inject] MainActivity 定位到onCreate方法") flag = True injectResult = True if flag: count += 1 if count >= 12: inject_str = " invoke-static {p0}, Lcom/playin/hook/PlayInject;->init(Landroid/content/Context;)V" file_data += "\n" + inject_str + "\n" flag = False count = 0 file_data += line f.close() if (injectResult): with open(main_activity_path, "w") as f: f.write(file_data) f.close() if (injectResult): print("[inject] MainActivity 注入方法成功") else: print("[inject] MainActivity 注入方法失败") tool.check_command(-1)
def ad_mintegra(apk_file_path): #修改Manifest manifest = apk_file_path + "/AndroidManifest.xml" command_str = "sed -i '' 's/MTGRewardVideoActivity/MTGRewardVideoActivity_temp/g' " + manifest result = os.system(command_str) tool.check_command(result) file_name = 'a.smali' find_command_str = ' -path "*/com/mintegral/msdk/system*" -name ' + file_name # 方法1 # init_str = "invoke-virtual {v0, v1, p1}, Lcom\/mintegral\/msdk\/base\/controller\/b;->a(Ljava\/util\/Map;Landroid\/content\/Context;)V" # 方法2 init_str = "invoke-virtual {v0, v1, v2}, Lcom\/mintegral\/msdk\/base\/controller\/b;->a(Ljava\/util\/Map;Landroid\/content\/Context;)V" log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/mintegral\/msdk\/system\/a;->playInLog()V" + "\\\n" insert_result = insert_log(apk_file_path, find_command_str, "Mintegral ----> 广告已被拦截") if (insert_result == True): print("[inject_ad] Mintegral广告拦截" + apk_file_path) command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name) result = os.system(command_str) tool.check_command(result) print("[inject_ad] Mintegral初始化方法替换成打印方法") else: print("[inject_ad] Mintegral初始化方法替换失败, a.smail文件不存在")
def javac_class(): source_path = os.getcwd() + "/../temp/sources.txt" output_class_file = os.getcwd() + "/../temp/outputClass" if (os.path.exists(output_class_file) == False): os.system("mkdir " + output_class_file) result = os.system("javac -classpath jars/android.jar @" + source_path + " -d " + output_class_file) tool.check_command(result) print("[inject] 将sources.txt里面对应的java文件编译成class文件")
def modify_application_class(application_path): print("[inject] Application准备添加自定义方法调用") injectResult = False file_data = "" # 查找onCreate方法 with open(application_path, "r") as f: flag = False count = 0 for line in f: if ".method public onCreate()V" in line: print("[inject] Application 定位到onCreate方法") flag = True injectResult = True if flag: count += 1 if count >= 6: inject_str = " invoke-static {p0}, Lcom/playin/hook/PlayInject;->init(Landroid/content/Context;)V" file_data += "\n" + inject_str + "\n" flag = False count = 0 file_data += line f.close() if (injectResult): with open(application_path, "w") as f: f.write(file_data) f.close() file_data = "" if (injectResult == False): # 查找attachBaseContext方法 with open(application_path, "r") as f: flag = False count = 0 for line in f: if ".method protected attachBaseContext(Landroid/content/Context;)V" in line: print("[inject] Application 定位到attachBaseContext方法") flag = True injectResult = True if flag: count += 1 if count >= 7: inject_str = " invoke-static {p0}, Lcom/playin/hook/PlayInject;->init(Landroid/content/Context;)V" file_data += "\n" + inject_str + "\n" flag = False count = 0 file_data += line f.close() if (injectResult): with open(application_path, "w") as f: f.write(file_data) f.close() if (injectResult): print("[inject] Application 注入方法成功") else: print("[inject] Application 注入方法失败") tool.check_command(-1)
def src_java_path(): src_path = os.getcwd() + "/src" source_path = os.getcwd() + "/../temp/sources.txt" if os.path.exists(src_path): print("[inject] 查找src下所有Java文件,路径保存到 " + source_path) result = os.system("find " + src_path + " -name *.java > " + source_path) tool.check_command(result) else: print("[inject] 查找src文件失败,请在根目录src下放入需要注入的java代码")
def ad_replace(apk_file_path, file_name, find_command_str, init_str, log_str, error_exit=True): insert_result = insert_log(apk_file_path, find_command_str, file_name + " ----> 广告已被拦截") if insert_result: command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name) result = os.system(command_str) if error_exit: tool.check_command(result) print("[inject_ad] " + file_name + " 方法替换成功") else: print("[inject_ad] " + file_name + " 文件不存在")
def ad_ironsource(apk_file_path): file_name = "IronSource.smali" find_command_str = " -name " + file_name init_str = ".method public static varargs init(Landroid\/app\/Activity;Ljava\/lang\/String;\[Lcom\/ironsource\/mediationsdk\/IronSource$AD_UNIT;)V" log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/ironsource\/mediationsdk\/IronSource;->playInLog()V" + "\\\n\\\n\\\treturn-void\\\n" insert_result = insert_log(apk_file_path, find_command_str, "IronSource ----> 广告已被拦截") if (insert_result == True): print("[inject_ad] IronSource广告拦截" + apk_file_path) command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name) result = os.system(command_str) tool.check_command(result) print("[inject_ad] IronSource初始化方法替换成打印方法") else: print("[inject_ad] IronSource.smail文件不存在")
def ad_chartboost(apk_file_path): file_name = "Chartboost.smali" find_command_str = " -name " + file_name init_str = ".method public static startWithAppId(Landroid\/app\/Activity;Ljava\/lang\/String;Ljava\/lang\/String;)V" log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/chartboost\/sdk\/Chartboost;->playInLog()V" + "\\\n\\\n\\\treturn-void\\\n" insert_result = insert_log(apk_file_path, find_command_str, "Chartboost ----> 广告已被拦截") if (insert_result == True): print("[inject_ad] Chartboost广告拦截" + apk_file_path) command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name) result = os.system(command_str) tool.check_command(result) print("[inject_ad] Chartboost初始化方法替换成打印方法") else: print("[inject_ad] Chartboost.smail文件不存在")
def ad_amazon(apk_file_path): file_name = "AdRegistration.smali" find_command_str = " -name " + file_name init_str = ".method public static final setAppKey(Ljava\/lang\/String;)V" log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/amazon\/device\/ads\/AdRegistration;->playInLog()V" + "\\\n\\\n\\\treturn-void\\\n" insert_result = insert_log(apk_file_path,find_command_str , "Amazon ----> 广告已被拦截") if (insert_result == True): print("[inject_ad] Amazon广告拦截" + apk_file_path) command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name) result = os.system(command_str) tool.check_command(result) print("[inject_ad] Amazon初始化方法替换成打印方法") else: print("[inject_ad] AdRegistration.smail文件不存在")
def ad_admob(apk_file_path): file_name = "MobileAds.smali" find_command_str = " -name " + file_name init_str = ".method public static initialize(Landroid\/content\/Context;Ljava\/lang\/String;Lcom\/google\/android\/gms\/ads\/MobileAds$Settings;)V" log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/google\/android\/gms\/ads\/MobileAds;->playInLog()V" + "\\\n\\\n\\\treturn-void\\\n" insert_result = insert_log(apk_file_path, find_command_str, "Admob ----> 广告已被拦截") if (insert_result == True): print("[inject_ad] Admob广告拦截" + apk_file_path) command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name) result = os.system(command_str) tool.check_command(result) print("[inject_ad] Admob初始化方法替换成打印方法") else: print("[inject_ad] MobileAds.smail文件不存在")
def ad_mopub(apk_file_path): file_name = "MoPub.smali" find_command_str = " -name " + file_name init_str = "invoke-virtual {p2, p0, v0, v1, p1}, Lcom\/mopub\/common\/AdapterConfigurationManager;->initialize(Landroid\/content\/Context;Ljava\/util\/Set;Ljava\/util\/Map;Ljava\/util\/Map;)V" log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/mopub\/common\/MoPub;->playInLog()V" insert_result = insert_log(apk_file_path, find_command_str, "MoPub ----> 广告已被拦截") if (insert_result == True): print("[inject_ad] MoPub广告拦截" + apk_file_path) command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name) result = os.system(command_str) tool.check_command(result) print("[inject_ad] MoPub初始化方法替换成打印方法") else: print("[inject_ad] MoPub.smail文件不存在")
def ad_vungle(apk_file_path): file_name = "Vungle.smali" find_command_str = " -name " + file_name init_str = ".method public static init(Ljava\/lang\/String;Landroid\/content\/Context;Lcom\/vungle\/warren\/InitCallback;Lcom\/vungle\/warren\/VungleSettings;)V" # init_str = ".method public static init(Ljava\/lang\/String;Landroid\/content\/Context;Lcom\/vungle\/warren\/InitCallback;Lcom\/vungle\/warren\/PublisherDirectDownload;)V" log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/vungle\/warren\/Vungle;->playInLog()V" + "\\\n\\\n\\\treturn-void\\\n" insert_result = insert_log(apk_file_path, find_command_str, "Vungle ----> 广告已被拦截") if (insert_result == True): print("[inject_ad] Vungle广告拦截" + apk_file_path) command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name) result = os.system(command_str) tool.check_command(result) print("[inject_ad] Vungle初始化方法替换成打印方法") else: print("[inject_ad] Vungle.smail文件不存在")
def ad_facebook(apk_file_path): # file_name = "FacebookSdk.smali" # find_command_str = " -name " + file_name # init_str = ".method public static declared-synchronized sdkInitialize(Landroid\/content\/Context;Lcom\/facebook\/FacebookSdk$InitializeCallback;)V" # log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/facebook\/FacebookSdk;->playInLog()V" + "\\\n\\\n\\\treturn-void\\\n" file_name = "AudienceNetworkAds.smali" find_command_str = " -name " + file_name init_str = ".method public static initialize(Landroid\/content\/Context;)V" log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/facebook\/ads\/AudienceNetworkAds;->playInLog()V" + "\\\n\\\n\\\treturn-void\\\n" insert_result = insert_log(apk_file_path, find_command_str, "FacebookSdk ----> 广告已被拦截") if (insert_result == True): print("[inject_ad] FacebookSdk广告拦截 " + apk_file_path) command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name) result = os.system(command_str) tool.check_command(result) print("[inject_ad] FacebookSdk初始化方法替换成打印方法") else: print("[inject_ad] FacebookSdk.smail文件不存在")
def ad_unity(apk_file_path): file_name = 'UnityAds.smali' find_command_str = " -name " + file_name insert_result = insert_log(apk_file_path, find_command_str, "UnityAds ----> 广告已被拦截") print("[inject_ad] UnityAds广告拦截" + apk_file_path) print_str = "\\\n\\\t" + "invoke-static {}, Lcom\/unity3d\/ads\/UnityAds;->playInLog()V" + "\\\n\\\n\\\treturn-void\\\n" if (insert_result == True): init_str1 = ".method public static initialize(Landroid\/app\/Activity;Ljava\/lang\/String;Lcom\/unity3d\/ads\/IUnityAdsListener;Z)V" log_str1 = init_str1 + print_str command_str1 = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str1, log_str1, init_str1, apk_file_path, file_name) result1 = os.system(command_str1) tool.check_command(result1) init_str2 = ".method public static show(Landroid\/app\/Activity;)V" log_str2 = init_str2 + print_str command_str2 = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str2, log_str2, init_str2, apk_file_path, file_name) result2 = os.system(command_str2) tool.check_command(result2) init_str3 = ".method public static show(Landroid\/app\/Activity;Ljava\/lang\/String;)V" log_str3 = init_str3 + print_str command_str3 = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str3, log_str3, init_str3, apk_file_path, file_name) result3 = os.system(command_str3) tool.check_command(result3) print("[inject_ad] UnityAds初始化方法替换成打印方法") else: print("[inject_ad] UnityAds初始化方法替换失败, UnityAds.smail文件不存在")
def smali_dex(): temp_path = os.getcwd() + "/../temp" result = os.system("java -jar jars/baksmali.jar d " + temp_path + "/apkInject.dex -o " + temp_path + "/outputSmali/") tool.check_command(result) print("[inject] 将apkInject.dex转成smali")
def dex_class(): temp_path = os.getcwd() + "/../temp" result = os.system("dx --dex --output=" + temp_path + "/apkInject.dex " + temp_path + "/outputClass") tool.check_command(result) print("[inject] 将outputClass文件转成apkInject.dex")