package org.foyou.corepatch.pixelxl712;
import android.content.pm.PackageManager;
import java.lang.reflect.Field;
import java.security.cert.X509Certificate;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.IXposedHookZygoteInit;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class HookEntry implements IXposedHookLoadPackage, IXposedHookZygoteInit {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if ("android".equals(lpparam.packageName) && lpparam.processName.equals("android")) {
final Class<?> cls = XposedHelpers.findClass("com.android.server.pm.PackageManagerService", lpparam.classLoader);
//Hook签名验证的唯一关键点
XposedBridge.hookAllMethods(cls, "compareSignatures", new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
param.setResult(PackageManager.SIGNATURE_MATCH);
}
});
//降版本安装唯一关键点
//PackageParser类的内部类Package
final Class packageClass = XposedHelpers.findClass("android.content.pm.PackageParser.Package", lpparam.classLoader);
XposedBridge.hookAllMethods(cls, "checkDowngrade", new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam methodHookParam) throws Throwable {
super.beforeHookedMethod(methodHookParam);
Object packageInfoLite = methodHookParam.args[0];
Field field = packageClass.getField("mVersionCode");
field.setAccessible(true);
field.set(packageInfoLite, -1);
}
});
}
}
X509Certificate[][] x509;
@Override
public void initZygote(StartupParam startupParam) throws Throwable {
//无签名安装
try {
//2019年12月7日17时19分41秒
//无签名安装唯一关键hook点
XposedBridge.hookAllMethods(XposedHelpers.findClass("android.util.apk.ApkSignatureSchemeV2Verifier", null), "verify", new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
if (param.getThrowable() != null) {
param.setResult(x509);
} else {
Object result = param.getResult();
if (result != null)
x509 = (X509Certificate[][]) result;
}
}
});
} catch (Exception e) {
XposedBridge.log(e);
}
}
}
Android核心破解 for LineageOs 14.1
猜你喜欢
转载自blog.csdn.net/lemisky/article/details/103456940
今日推荐
周排行