def modify_hook_java(apk_file_path):
print("[inject] 修改hook java音频代码 " + apk_file_path)
# result = os.system("sed -i '' 's/Landroid\/media\/AudioTrack;/Lcom\/playin\/hook\/HookJava;/g' `grep 'Landroid/media/AudioTrack;' -rl " + apk_file_path + " --include 'FMODAudioDevice.smali'`")
result = os.system(
"sed -i '' 's/Landroid\/media\/AudioTrack;/Lcom\/playin\/hook\/HookJava;/g' `grep 'Landroid/media/AudioTrack;' -rl "
+ apk_file_path + " --exclude 'HookJava.smali'`")
tool.check_command(result)
def copy_smali_apk(apk_file_path):
# print(apk_file_path)
# c3 = apk_file_path + "/smali_classes4"
# print("------> ", c3, os.path.exists(c3))
temp_path = os.getcwd() + "/../temp"
src_smali = temp_path + "/outputSmali/*"
# 获取samli路径, python不熟悉又赶时间,这边直接面向过程写死代码,后期有时间在优化
apk_smali = apk_file_path + "/smali"
c2 = apk_file_path + "/smali_classes2"
c3 = apk_file_path + "/smali_classes3"
c4 = apk_file_path + "/smali_classes4"
c5 = apk_file_path + "/smali_classes5"
if (os.path.exists(c2)):
apk_smali = c2
if (os.path.exists(c3)):
apk_smali = c3
if (os.path.exists(c4)):
apk_smali = c4
if (os.path.exists(c5)):
apk_smali = c5
print("[inject] 查找apk里samli路径为: " + apk_smali)
result = os.system("cp -r " + src_smali + " " + apk_smali)
tool.check_command(result)
print("[inject] 拷贝注入的smali到目标apk里面")
def modify_main_activity_class(main_activity_path):
print("[inject] main_activity_path准备添加自定义方法调用")
injectResult = False
file_data = ""
# 查找onCreate方法
with open(main_activity_path, "r") as f:
flag = False
count = 0
for line in f:
if ".method protected onCreate(Landroid/os/Bundle;)V" in line:
print("[inject] MainActivity 定位到onCreate方法")
flag = True
injectResult = True
if flag:
count += 1
if count >= 12:
inject_str = " invoke-static {p0}, Lcom/playin/hook/PlayInject;->init(Landroid/content/Context;)V"
file_data += "\n" + inject_str + "\n"
flag = False
count = 0
file_data += line
f.close()
if (injectResult):
with open(main_activity_path, "w") as f:
f.write(file_data)
f.close()
if (injectResult):
print("[inject] MainActivity 注入方法成功")
else:
print("[inject] MainActivity 注入方法失败")
tool.check_command(-1)
def ad_mintegra(apk_file_path):
#修改Manifest
manifest = apk_file_path + "/AndroidManifest.xml"
command_str = "sed -i '' 's/MTGRewardVideoActivity/MTGRewardVideoActivity_temp/g' " + manifest
result = os.system(command_str)
tool.check_command(result)
file_name = 'a.smali'
find_command_str = ' -path "*/com/mintegral/msdk/system*" -name ' + file_name
# 方法1
# init_str = "invoke-virtual {v0, v1, p1}, Lcom\/mintegral\/msdk\/base\/controller\/b;->a(Ljava\/util\/Map;Landroid\/content\/Context;)V"
# 方法2
init_str = "invoke-virtual {v0, v1, v2}, Lcom\/mintegral\/msdk\/base\/controller\/b;->a(Ljava\/util\/Map;Landroid\/content\/Context;)V"
log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/mintegral\/msdk\/system\/a;->playInLog()V" + "\\\n"
insert_result = insert_log(apk_file_path, find_command_str, "Mintegral ----> 广告已被拦截")
if (insert_result == True):
print("[inject_ad] Mintegral广告拦截" + apk_file_path)
command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name)
result = os.system(command_str)
tool.check_command(result)
print("[inject_ad] Mintegral初始化方法替换成打印方法")
else:
print("[inject_ad] Mintegral初始化方法替换失败, a.smail文件不存在")
def javac_class():
source_path = os.getcwd() + "/../temp/sources.txt"
output_class_file = os.getcwd() + "/../temp/outputClass"
if (os.path.exists(output_class_file) == False):
os.system("mkdir " + output_class_file)
result = os.system("javac -classpath jars/android.jar @" + source_path +
" -d " + output_class_file)
tool.check_command(result)
print("[inject] 将sources.txt里面对应的java文件编译成class文件")
def modify_application_class(application_path):
print("[inject] Application准备添加自定义方法调用")
injectResult = False
file_data = ""
# 查找onCreate方法
with open(application_path, "r") as f:
flag = False
count = 0
for line in f:
if ".method public onCreate()V" in line:
print("[inject] Application 定位到onCreate方法")
flag = True
injectResult = True
if flag:
count += 1
if count >= 6:
inject_str = " invoke-static {p0}, Lcom/playin/hook/PlayInject;->init(Landroid/content/Context;)V"
file_data += "\n" + inject_str + "\n"
flag = False
count = 0
file_data += line
f.close()
if (injectResult):
with open(application_path, "w") as f:
f.write(file_data)
f.close()
file_data = ""
if (injectResult == False):
# 查找attachBaseContext方法
with open(application_path, "r") as f:
flag = False
count = 0
for line in f:
if ".method protected attachBaseContext(Landroid/content/Context;)V" in line:
print("[inject] Application 定位到attachBaseContext方法")
flag = True
injectResult = True
if flag:
count += 1
if count >= 7:
inject_str = " invoke-static {p0}, Lcom/playin/hook/PlayInject;->init(Landroid/content/Context;)V"
file_data += "\n" + inject_str + "\n"
flag = False
count = 0
file_data += line
f.close()
if (injectResult):
with open(application_path, "w") as f:
f.write(file_data)
f.close()
if (injectResult):
print("[inject] Application 注入方法成功")
else:
print("[inject] Application 注入方法失败")
tool.check_command(-1)
def src_java_path():
src_path = os.getcwd() + "/src"
source_path = os.getcwd() + "/../temp/sources.txt"
if os.path.exists(src_path):
print("[inject] 查找src下所有Java文件,路径保存到 " + source_path)
result = os.system("find " + src_path + " -name *.java > " +
source_path)
tool.check_command(result)
else:
print("[inject] 查找src文件失败,请在根目录src下放入需要注入的java代码")
def ad_replace(apk_file_path, file_name, find_command_str, init_str, log_str, error_exit=True):
insert_result = insert_log(apk_file_path, find_command_str, file_name + " ----> 广告已被拦截")
if insert_result:
command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str,
apk_file_path, file_name)
result = os.system(command_str)
if error_exit:
tool.check_command(result)
print("[inject_ad] " + file_name + " 方法替换成功")
else:
print("[inject_ad] " + file_name + " 文件不存在")
def ad_ironsource(apk_file_path):
file_name = "IronSource.smali"
find_command_str = " -name " + file_name
init_str = ".method public static varargs init(Landroid\/app\/Activity;Ljava\/lang\/String;\[Lcom\/ironsource\/mediationsdk\/IronSource$AD_UNIT;)V"
log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/ironsource\/mediationsdk\/IronSource;->playInLog()V" + "\\\n\\\n\\\treturn-void\\\n"
insert_result = insert_log(apk_file_path, find_command_str, "IronSource ----> 广告已被拦截")
if (insert_result == True):
print("[inject_ad] IronSource广告拦截" + apk_file_path)
command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name)
result = os.system(command_str)
tool.check_command(result)
print("[inject_ad] IronSource初始化方法替换成打印方法")
else:
print("[inject_ad] IronSource.smail文件不存在")
def ad_chartboost(apk_file_path):
file_name = "Chartboost.smali"
find_command_str = " -name " + file_name
init_str = ".method public static startWithAppId(Landroid\/app\/Activity;Ljava\/lang\/String;Ljava\/lang\/String;)V"
log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/chartboost\/sdk\/Chartboost;->playInLog()V" + "\\\n\\\n\\\treturn-void\\\n"
insert_result = insert_log(apk_file_path, find_command_str, "Chartboost ----> 广告已被拦截")
if (insert_result == True):
print("[inject_ad] Chartboost广告拦截" + apk_file_path)
command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name)
result = os.system(command_str)
tool.check_command(result)
print("[inject_ad] Chartboost初始化方法替换成打印方法")
else:
print("[inject_ad] Chartboost.smail文件不存在")
def ad_amazon(apk_file_path):
file_name = "AdRegistration.smali"
find_command_str = " -name " + file_name
init_str = ".method public static final setAppKey(Ljava\/lang\/String;)V"
log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/amazon\/device\/ads\/AdRegistration;->playInLog()V" + "\\\n\\\n\\\treturn-void\\\n"
insert_result = insert_log(apk_file_path,find_command_str , "Amazon ----> 广告已被拦截")
if (insert_result == True):
print("[inject_ad] Amazon广告拦截" + apk_file_path)
command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name)
result = os.system(command_str)
tool.check_command(result)
print("[inject_ad] Amazon初始化方法替换成打印方法")
else:
print("[inject_ad] AdRegistration.smail文件不存在")
def ad_admob(apk_file_path):
file_name = "MobileAds.smali"
find_command_str = " -name " + file_name
init_str = ".method public static initialize(Landroid\/content\/Context;Ljava\/lang\/String;Lcom\/google\/android\/gms\/ads\/MobileAds$Settings;)V"
log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/google\/android\/gms\/ads\/MobileAds;->playInLog()V" + "\\\n\\\n\\\treturn-void\\\n"
insert_result = insert_log(apk_file_path, find_command_str, "Admob ----> 广告已被拦截")
if (insert_result == True):
print("[inject_ad] Admob广告拦截" + apk_file_path)
command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name)
result = os.system(command_str)
tool.check_command(result)
print("[inject_ad] Admob初始化方法替换成打印方法")
else:
print("[inject_ad] MobileAds.smail文件不存在")
def ad_mopub(apk_file_path):
file_name = "MoPub.smali"
find_command_str = " -name " + file_name
init_str = "invoke-virtual {p2, p0, v0, v1, p1}, Lcom\/mopub\/common\/AdapterConfigurationManager;->initialize(Landroid\/content\/Context;Ljava\/util\/Set;Ljava\/util\/Map;Ljava\/util\/Map;)V"
log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/mopub\/common\/MoPub;->playInLog()V"
insert_result = insert_log(apk_file_path, find_command_str, "MoPub ----> 广告已被拦截")
if (insert_result == True):
print("[inject_ad] MoPub广告拦截" + apk_file_path)
command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name)
result = os.system(command_str)
tool.check_command(result)
print("[inject_ad] MoPub初始化方法替换成打印方法")
else:
print("[inject_ad] MoPub.smail文件不存在")
def ad_vungle(apk_file_path):
file_name = "Vungle.smali"
find_command_str = " -name " + file_name
init_str = ".method public static init(Ljava\/lang\/String;Landroid\/content\/Context;Lcom\/vungle\/warren\/InitCallback;Lcom\/vungle\/warren\/VungleSettings;)V"
# init_str = ".method public static init(Ljava\/lang\/String;Landroid\/content\/Context;Lcom\/vungle\/warren\/InitCallback;Lcom\/vungle\/warren\/PublisherDirectDownload;)V"
log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/vungle\/warren\/Vungle;->playInLog()V" + "\\\n\\\n\\\treturn-void\\\n"
insert_result = insert_log(apk_file_path, find_command_str, "Vungle ----> 广告已被拦截")
if (insert_result == True):
print("[inject_ad] Vungle广告拦截" + apk_file_path)
command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name)
result = os.system(command_str)
tool.check_command(result)
print("[inject_ad] Vungle初始化方法替换成打印方法")
else:
print("[inject_ad] Vungle.smail文件不存在")
def ad_facebook(apk_file_path):
# file_name = "FacebookSdk.smali"
# find_command_str = " -name " + file_name
# init_str = ".method public static declared-synchronized sdkInitialize(Landroid\/content\/Context;Lcom\/facebook\/FacebookSdk$InitializeCallback;)V"
# log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/facebook\/FacebookSdk;->playInLog()V" + "\\\n\\\n\\\treturn-void\\\n"
file_name = "AudienceNetworkAds.smali"
find_command_str = " -name " + file_name
init_str = ".method public static initialize(Landroid\/content\/Context;)V"
log_str = init_str + "\\\n\\\t" + "invoke-static {}, Lcom\/facebook\/ads\/AudienceNetworkAds;->playInLog()V" + "\\\n\\\n\\\treturn-void\\\n"
insert_result = insert_log(apk_file_path, find_command_str, "FacebookSdk ----> 广告已被拦截")
if (insert_result == True):
print("[inject_ad] FacebookSdk广告拦截 " + apk_file_path)
command_str = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str, log_str, init_str, apk_file_path, file_name)
result = os.system(command_str)
tool.check_command(result)
print("[inject_ad] FacebookSdk初始化方法替换成打印方法")
else:
print("[inject_ad] FacebookSdk.smail文件不存在")
def ad_unity(apk_file_path):
file_name = 'UnityAds.smali'
find_command_str = " -name " + file_name
insert_result = insert_log(apk_file_path, find_command_str, "UnityAds ----> 广告已被拦截")
print("[inject_ad] UnityAds广告拦截" + apk_file_path)
print_str = "\\\n\\\t" + "invoke-static {}, Lcom\/unity3d\/ads\/UnityAds;->playInLog()V" + "\\\n\\\n\\\treturn-void\\\n"
if (insert_result == True):
init_str1 = ".method public static initialize(Landroid\/app\/Activity;Ljava\/lang\/String;Lcom\/unity3d\/ads\/IUnityAdsListener;Z)V"
log_str1 = init_str1 + print_str
command_str1 = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str1, log_str1, init_str1, apk_file_path, file_name)
result1 = os.system(command_str1)
tool.check_command(result1)
init_str2 = ".method public static show(Landroid\/app\/Activity;)V"
log_str2 = init_str2 + print_str
command_str2 = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str2, log_str2, init_str2, apk_file_path, file_name)
result2 = os.system(command_str2)
tool.check_command(result2)
init_str3 = ".method public static show(Landroid\/app\/Activity;Ljava\/lang\/String;)V"
log_str3 = init_str3 + print_str
command_str3 = "sed -i '' 's/%s/%s/g' `grep '%s' -rl %s --include '%s'`" % (init_str3, log_str3, init_str3, apk_file_path, file_name)
result3 = os.system(command_str3)
tool.check_command(result3)
print("[inject_ad] UnityAds初始化方法替换成打印方法")
else:
print("[inject_ad] UnityAds初始化方法替换失败, UnityAds.smail文件不存在")
def smali_dex():
temp_path = os.getcwd() + "/../temp"
result = os.system("java -jar jars/baksmali.jar d " + temp_path +
"/apkInject.dex -o " + temp_path + "/outputSmali/")
tool.check_command(result)
print("[inject] 将apkInject.dex转成smali")
def dex_class():
temp_path = os.getcwd() + "/../temp"
result = os.system("dx --dex --output=" + temp_path + "/apkInject.dex " +
temp_path + "/outputClass")
tool.check_command(result)
print("[inject] 将outputClass文件转成apkInject.dex")
