Android核心破解 for LineageOs 14.1

package org.foyou.corepatch.pixelxl712;

import android.content.pm.PackageManager;

import java.lang.reflect.Field;
import java.security.cert.X509Certificate;

import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.IXposedHookZygoteInit;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;

public class HookEntry implements IXposedHookLoadPackage, IXposedHookZygoteInit {

    @Override
    public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {

        if ("android".equals(lpparam.packageName) && lpparam.processName.equals("android")) {

            final Class<?> cls = XposedHelpers.findClass("com.android.server.pm.PackageManagerService", lpparam.classLoader);

            //Hook签名验证的唯一关键点
            XposedBridge.hookAllMethods(cls, "compareSignatures", new XC_MethodHook() {

                @Override
                protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                    super.afterHookedMethod(param);

                    param.setResult(PackageManager.SIGNATURE_MATCH);
                }

            });

            //降版本安装唯一关键点
            //PackageParser类的内部类Package
            final Class packageClass = XposedHelpers.findClass("android.content.pm.PackageParser.Package", lpparam.classLoader);

            XposedBridge.hookAllMethods(cls, "checkDowngrade", new XC_MethodHook() {
                @Override
                protected void beforeHookedMethod(MethodHookParam methodHookParam) throws Throwable {
                    super.beforeHookedMethod(methodHookParam);

                    Object packageInfoLite = methodHookParam.args[0];

                    Field field = packageClass.getField("mVersionCode");

                    field.setAccessible(true);

                    field.set(packageInfoLite, -1);
                }
            });

        }
    }

    X509Certificate[][] x509;

    @Override
    public void initZygote(StartupParam startupParam) throws Throwable {
        //无签名安装
        try {
            //2019年12月7日17时19分41秒
            //无签名安装唯一关键hook点
            XposedBridge.hookAllMethods(XposedHelpers.findClass("android.util.apk.ApkSignatureSchemeV2Verifier", null), "verify", new XC_MethodHook() {
                @Override
                protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                    super.afterHookedMethod(param);

                    if (param.getThrowable() != null) {

                        param.setResult(x509);
                    } else {

                        Object result = param.getResult();

                        if (result != null)
                            x509 = (X509Certificate[][]) result;
                    }
                }
            });
        } catch (Exception e) {
            XposedBridge.log(e);
        }
    }
}
乐米sky
发布了77 篇原创文章 · 获赞 44 · 访问量 6万+
私信关注
Android核心破解 for LineageOs 14.1

猜你喜欢
