/*
*
* Apache License
* Version 2.0, January 2004
* http://www.apache.org/licenses/
*
* TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
*
* 1. Definitions.
*
* "License" shall mean the terms and conditions for use, reproduction,
* and distribution as defined by Sections 1 through 9 of this document.
*
* "Licensor" shall mean the copyright owner or entity authorized by
* the copyright owner that is granting the License.
*
* "Legal Entity" shall mean the union of the acting entity and all
* other entities that control, are controlled by, or are under common
* control with that entity. For the purposes of this definition,
* "control" means (i) the power, direct or indirect, to cause the
* direction or management of such entity, whether by contract or
* otherwise, or (ii) ownership of fifty percent (50%) or more of the
* outstanding shares, or (iii) beneficial ownership of such entity.
*
* "You" (or "Your") shall mean an individual or Legal Entity
* exercising permissions granted by this License.
*
* "Source" form shall mean the preferred form for making modifications,
* including but not limited to software source code, documentation
* source, and configuration files.
*
* "Object" form shall mean any form resulting from mechanical
* transformation or translation of a Source form, including but
* not limited to compiled object code, generated documentation,
* and conversions to other media types.
*
* "Work" shall mean the work of authorship, whether in Source or
* Object form, made available under the License, as indicated by a
* copyright notice that is included in or attached to the work
* (an example is provided in the Appendix below).
*
* "Derivative Works" shall mean any work, whether in Source or Object
* form, that is based on (or derived from) the Work and for which the
* editorial revisions, annotations, elaborations, or other modifications
* represent, as a whole, an original work of authorship. For the purposes
* of this License, Derivative Works shall not include works that remain
* separable from, or merely link (or bind by name) to the interfaces of,
* the Work and Derivative Works thereof.
*
* "Contribution" shall mean any work of authorship, including
* the original version of the Work and any modifications or additions
* to that Work or Derivative Works thereof, that is intentionally
* submitted to Licensor for inclusion in the Work by the copyright owner
* or by an individual or Legal Entity authorized to submit on behalf of
* the copyright owner. For the purposes of this definition, "submitted"
* means any form of electronic, verbal, or written communication sent
* to the Licensor or its representatives, including but not limited to
* communication on electronic mailing lists, source code control systems,
* and issue tracking systems that are managed by, or on behalf of, the
* Licensor for the purpose of discussing and improving the Work, but
* excluding communication that is conspicuously marked or otherwise
* designated in writing by the copyright owner as "Not a Contribution."
*
* "Contributor" shall mean Licensor and any individual or Legal Entity
* on behalf of whom a Contribution has been received by Licensor and
* subsequently incorporated within the Work.
*
* 2. Grant of Copyright License. Subject to the terms and conditions of
* this License, each Contributor hereby grants to You a perpetual,
* worldwide, non-exclusive, no-charge, royalty-free, irrevocable
* copyright license to reproduce, prepare Derivative Works of,
* publicly display, publicly perform, sublicense, and distribute the
* Work and such Derivative Works in Source or Object form.
*
* 3. Grant of Patent License. Subject to the terms and conditions of
* this License, each Contributor hereby grants to You a perpetual,
* worldwide, non-exclusive, no-charge, royalty-free, irrevocable
* (except as stated in this section) patent license to make, have made,
* use, offer to sell, sell, import, and otherwise transfer the Work,
* where such license applies only to those patent claims licensable
* by such Contributor that are necessarily infringed by their
* Contribution(s) alone or by combination of their Contribution(s)
* with the Work to which such Contribution(s) was submitted. If You
* institute patent litigation against any entity (including a
* cross-claim or counterclaim in a lawsuit) alleging that the Work
* or a Contribution incorporated within the Work constitutes direct
* or contributory patent infringement, then any patent licenses
* granted to You under this License for that Work shall terminate
* as of the date such litigation is filed.
*
* 4. Redistribution. You may reproduce and distribute copies of the
* Work or Derivative Works thereof in any medium, with or without
* modifications, and in Source or Object form, provided that You
* meet the following conditions:
*
* (a) You must give any other recipients of the Work or
* Derivative Works a copy of this License; and
*
* (b) You must cause any modified files to carry prominent notices
* stating that You changed the files; and
*
* (c) You must retain, in the Source form of any Derivative Works
* that You distribute, all copyright, patent, trademark, and
* attribution notices from the Source form of the Work,
* excluding those notices that do not pertain to any part of
* the Derivative Works; and
*
* (d) If the Work includes a "NOTICE" text file as part of its
* distribution, then any Derivative Works that You distribute must
* include a readable copy of the attribution notices contained
* within such NOTICE file, excluding those notices that do not
* pertain to any part of the Derivative Works, in at least one
* of the following places: within a NOTICE text file distributed
* as part of the Derivative Works; within the Source form or
* documentation, if provided along with the Derivative Works; or,
* within a display generated by the Derivative Works, if and
* wherever such third-party notices normally appear. The contents
* of the NOTICE file are for informational purposes only and
* do not modify the License. You may add Your own attribution
* notices within Derivative Works that You distribute, alongside
* or as an addendum to the NOTICE text from the Work, provided
* that such additional attribution notices cannot be construed
* as modifying the License.
*
* You may add Your own copyright statement to Your modifications and
* may provide additional or different license terms and conditions
* for use, reproduction, or distribution of Your modifications, or
* for any such Derivative Works as a whole, provided Your use,
* reproduction, and distribution of the Work otherwise complies with
* the conditions stated in this License.
*
* 5. Submission of Contributions. Unless You explicitly state otherwise,
* any Contribution intentionally submitted for inclusion in the Work
* by You to the Licensor shall be under the terms and conditions of
* this License, without any additional terms or conditions.
* Notwithstanding the above, nothing herein shall supersede or modify
* the terms of any separate license agreement you may have executed
* with Licensor regarding such Contributions.
*
* 6. Trademarks. This License does not grant permission to use the trade
* names, trademarks, service marks, or product names of the Licensor,
* except as required for reasonable and customary use in describing the
* origin of the Work and reproducing the content of the NOTICE file.
*
* 7. Disclaimer of Warranty. Unless required by applicable law or
* agreed to in writing, Licensor provides the Work (and each
* Contributor provides its Contributions) on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied, including, without limitation, any warranties or conditions
* of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
* PARTICULAR PURPOSE. You are solely responsible for determining the
* appropriateness of using or redistributing the Work and assume any
* risks associated with Your exercise of permissions under this License.
*
* 8. Limitation of Liability. In no event and under no legal theory,
* whether in tort (including negligence), contract, or otherwise,
* unless required by applicable law (such as deliberate and grossly
* negligent acts) or agreed to in writing, shall any Contributor be
* liable to You for damages, including any direct, indirect, special,
* incidental, or consequential damages of any character arising as a
* result of this License or out of the use or inability to use the
* Work (including but not limited to damages for loss of goodwill,
* work stoppage, computer failure or malfunction, or any and all
* other commercial damages or losses), even if such Contributor
* has been advised of the possibility of such damages.
*
* 9. Accepting Warranty or Additional Liability. While redistributing
* the Work or Derivative Works thereof, You may choose to offer,
* and charge a fee for, acceptance of support, warranty, indemnity,
* or other liability obligations and/or rights consistent with this
* License. However, in accepting such obligations, You may act only
* on Your own behalf and on Your sole responsibility, not on behalf
* of any other Contributor, and only if You agree to indemnify,
* defend, and hold each Contributor harmless for any liability
* incurred by, or claims asserted against, such Contributor by reason
* of your accepting any such warranty or additional liability.
*
* END OF TERMS AND CONDITIONS
*
* APPENDIX: How to apply the Apache License to your work.
*
* To apply the Apache License to your work, attach the following
* boilerplate notice, with the fields enclosed by brackets "[]"
* replaced with your own identifying information. (Don't include
* the brackets!) The text should be enclosed in the appropriate
* comment syntax for the file format. We also recommend that a
* file or class name and description of purpose be included on the
* same "printed page" as the copyright notice for easier
* identification within third-party archives.
*
* Copyright 2016 Alibaba Group
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*
*
*/
package android.taobao.atlas.hack;
import android.app.Application;
import android.app.Instrumentation;
import android.content.Context;
import android.content.ContextWrapper;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.content.res.Resources;
import android.os.Build;
import android.os.Handler;
import android.os.IBinder;
import android.os.Looper;
import android.taobao.atlas.framework.Atlas;
import android.taobao.atlas.runtime.ActivityTaskMgr;
import android.taobao.atlas.runtime.ActivityThreadHook;
import android.taobao.atlas.runtime.DelegateClassLoader;
import android.taobao.atlas.runtime.DelegateResources;
import android.taobao.atlas.runtime.RuntimeVariables;
import android.util.ArrayMap;
import android.util.Log;
import java.lang.ref.WeakReference;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.WeakHashMap;
public class AndroidHack {
private static Object _sActivityThread = null;
private static Object _mLoadedApk = null;
public static Object getActivityThread() throws Exception {
if (_sActivityThread == null) {
if (Thread.currentThread().getId() == Looper.getMainLooper().getThread().getId()) {
_sActivityThread = AtlasHacks.ActivityThread_currentActivityThread.invoke(null);
} else {
Handler handler = new Handler(Looper.getMainLooper());
synchronized (AtlasHacks.ActivityThread_currentActivityThread) {
handler.post(new ActvityThreadGetter());
AtlasHacks.ActivityThread_currentActivityThread.wait();
}
}
}
return _sActivityThread;
}
public static Handler hackH() throws Exception {
final Object activityThread = getActivityThread();
if (activityThread == null) {
throw new Exception("Failed to get ActivityThread.sCurrentActivityThread");
}
try {
final Hack.HackedClass<Object> H = Hack.into("android.app.ActivityThread$H");
Hack.HackedField<Object, Object> ActivityThread_mH = AtlasHacks.ActivityThread.field("mH").ofType(H.getmClass());
final Handler handler = (Handler) ActivityThread_mH.get(activityThread);
Field field = Handler.class.getDeclaredField("mCallback");
field.setAccessible(true);
field.set(handler,new ActivityThreadHook(activityThread,handler));
} catch (Hack.HackDeclaration.HackAssertionException e) {
e.printStackTrace();
}
return null;
}
public static Object getLoadedApk(Application application,Object activityThread, String packageName) {
if(_mLoadedApk!=null){
return _mLoadedApk;
}else {
Map<String, Object> mPackages = (Map<String, Object>) AtlasHacks.ActivityThread_mPackages.get(activityThread);
WeakReference<?> rf = (WeakReference<?>) mPackages.get(packageName);
if (rf != null && rf.get() != null) {
_mLoadedApk = rf.get();
return rf.get();
}
}
return null;
}
/**
* 用getPackageInfoNoCheck 创建一个新的LoadedApk
* @param application
* @param activityThread
* @return
*/
public static Object createNewLoadedApk(Application application,Object activityThread){
try {
PackageManager manager = RuntimeVariables.androidApplication.getPackageManager();
ApplicationInfo info = manager.getApplicationInfo(RuntimeVariables.androidApplication.getPackageName(),PackageManager.GET_ACTIVITIES);
String currentSource = info!=null ? info.sourceDir : null;
if(Atlas.sAPKSource == null || currentSource==null || !currentSource.equals(Atlas.sAPKSource)){
Log.e("AndroidHack",Atlas.sAPKSource + " | " + currentSource);
ActivityTaskMgr.getInstance().clearActivityStack();
android.os.Process.killProcess(android.os.Process.myPid());
System.exit(0);
return null;
}
ApplicationInfo ai = application.getPackageManager().getApplicationInfo(application.getPackageName(),
PackageManager.GET_META_DATA | PackageManager.GET_SHARED_LIBRARY_FILES);
PackageManager packageManager = application.getPackageManager();
Resources mResources = application.getResources();
Method getCompatibilityInfo = null;
if(mResources instanceof DelegateResources) {
getCompatibilityInfo = mResources.getClass().getSuperclass().getDeclaredMethod("getCompatibilityInfo");
}else{
getCompatibilityInfo = findMethod(mResources,"getCompatibilityInfo");
}
getCompatibilityInfo.setAccessible(true);
Class ComplatibilityInfoClass = Class.forName("android.content.res.CompatibilityInfo");
Object compatibilityInfo = getCompatibilityInfo.invoke(application.getResources());
Class<?> args[] = {ApplicationInfo.class,ComplatibilityInfoClass};
Method getPackageInfoNoCheck = AtlasHacks.ActivityThread.getmClass().getDeclaredMethod(
"getPackageInfoNoCheck", args);
getPackageInfoNoCheck.setAccessible(true);
Object loadedApk = getPackageInfoNoCheck.invoke(activityThread, ai, compatibilityInfo);
_mLoadedApk = loadedApk;
Field mApplicationField = _mLoadedApk.getClass().getDeclaredField("mApplication");
mApplicationField.setAccessible(true);
mApplicationField.set(_mLoadedApk,RuntimeVariables.androidApplication);
return loadedApk;
}catch(Exception e){
e.printStackTrace();
throw new RuntimeException(e);
}
}
private static Method findMethod(Object instance, String name,Class<?>... params) throws NoSuchFieldException {
for (Class<?> clazz = instance.getClass(); clazz != null; clazz = clazz.getSuperclass()) {
try {
Method method = clazz.getDeclaredMethod(name, params);
if (!method.isAccessible()) {
method.setAccessible(true);
}
return method;
} catch (NoSuchMethodException e) {
// ignore and search next
}
}
throw new NoSuchFieldException("Field " + name + " not found in " + instance.getClass());
}
/**
* Set classLoader to LoadedApk.mClassLoader and set LoadedApk.mApplication to null
*
* @param packageName
* @param classLoader
* @throws Exception
*/
public static void injectClassLoader(String packageName, ClassLoader classLoader) throws Exception {
Object activityThread = getActivityThread();
if (activityThread == null) {
throw new Exception("Failed to get ActivityThread.sCurrentActivityThread");
}
// Try to get loadedAPK from weak reference cache
Object loadedApk = getLoadedApk(RuntimeVariables.androidApplication,activityThread, packageName);
if(loadedApk==null){
loadedApk = createNewLoadedApk(RuntimeVariables.androidApplication,activityThread);
}
if (loadedApk == null) {
throw new Exception("Failed to get ActivityThread.mLoadedApk");
}
//AtlasHacks.LoadedApk_mClassLoader.on(loadedApk).set(classLoader);
AtlasHacks.LoadedApk_mClassLoader.set(loadedApk,classLoader);
//AtlasHacks.LoadedApk_mApplication.on(loadedApk).set(null);
}
// public static void injectApplication(String packageName, Application application) throws Exception {
// Object activityThread = getActivityThread();
// if (activityThread == null) {
// throw new Exception("Failed to get ActivityThread.sCurrentActivityThread");
// }
//
// Object loadedApk = getLoadedApk(application,activityThread, application.getPackageName());
// if (loadedApk == null) {
// throw new Exception("Failed to get ActivityThread.mLoadedApk");
// }
//
//// try{
//// Field field = activityThread.getClass().getDeclaredField("mAllApplications");
//// field.setAccessible(true);
//// ArrayList<Application> mAllApplications = (ArrayList<Application>)field.get(activityThread);
//// mAllApplications.add(RuntimeVariables.androidApplication);
//// }catch(Throwable e){}
// AtlasHacks.LoadedApk_mApplication.set(loadedApk,application);
// AtlasHacks.ActivityThread_mInitialApplication.set(activityThread,application);
// }
public static void injectResources(Application application, Resources resources) throws Exception {
Object activityThread = getActivityThread();
if (activityThread == null) {
throw new Exception("Failed to get ActivityThread.sCurrentActivityThread");
}
Object loadedApk = getLoadedApk(application,activityThread, application.getPackageName());
if(loadedApk==null){
loadedApk = createNewLoadedApk(application,activityThread);
if(loadedApk==null){
throw new RuntimeException(" Failed to get ActivityThread.mLoadedApk");
}
ClassLoader classLoader = AtlasHacks.LoadedApk_mClassLoader.get(loadedApk);
if(!(classLoader instanceof DelegateClassLoader)){
AtlasHacks.LoadedApk_mClassLoader.set(loadedApk, RuntimeVariables.delegateClassLoader);
}
}
//AtlasHacks.LoadedApk_mResources.on(loadedApk).set(resources);
AtlasHacks.LoadedApk_mResources.set(loadedApk,resources);
//AtlasHacks.ContextImpl_mResources.on(application.getBaseContext()).set(resources);
AtlasHacks.ContextImpl_mResources.set(application.getBaseContext(), resources);
//AtlasHacks.ContextImpl_mTheme.on(application.getBaseContext()).set(null);
AtlasHacks.ContextImpl_mTheme.set(application.getBaseContext(), null);
try {
Collection<WeakReference<Resources>> references = null;
if (Build.VERSION.SDK_INT <= 18) {
HashMap<?, WeakReference<Resources>> map = (HashMap<?, WeakReference<Resources>>)sActiveResourcesField.get(activityThread);
references = map.values();
} else if (Build.VERSION.SDK_INT < 24) {
Object sResourcesManager = sgetInstanceMethod.invoke(sResourcesManagerClazz);
ArrayMap<?,WeakReference<Resources>> activeResources = (ArrayMap<?,WeakReference<Resources>>)sActiveResourcesField.get(sResourcesManager);
references = activeResources.values();
}
if(Build.VERSION.SDK_INT<24) {
for (WeakReference<Resources> wr : references) {
Resources res = wr.get();
if (res != null) {
sAssetsField.set(res, resources.getAssets());
res.updateConfiguration(resources.getConfiguration(), resources.getDisplayMetrics());
}
}
}
// if(Build.VERSION.SDK_INT>=24){
// Object sResourcesManager = sgetInstanceMethod.invoke(sResourcesManagerClazz);
// WeakHashMap<IBinder, Object> activityResourceReferences ;
// activityResourceReferences= (WeakHashMap<IBinder, Object> )sActiveResourcesField.get(sResourcesManager);
// Collection<Object> mActivityResourcesReferences = activityResourceReferences.values();
// if(mActivityResourcesReferences!=null){
// for(Object activityResourceReference : mActivityResourcesReferences){
// ArrayList<WeakReference<Resources>> resList= (ArrayList<WeakReference<Resources>>)activityResourceReference.getClass().getDeclaredField("activityResources")
// .get(activityResourceReference);
// if(resList!=null){
// for(WeakReference<Resources> ref : resList){
//
// }
// }
// }
// }
//
//
// }
}catch(Throwable e){
e.printStackTrace();
}
}
static Field sActiveResourcesField =null;
// static Class sResourcesKeyClazz = null;
// static Field sResDirField = null;
static Class sResourcesManagerClazz = null;
// static Field sResourcesManagerField = null;
static Method sgetInstanceMethod = null;
static Field sAssetsField = null;
static{
try {
if (Build.VERSION.SDK_INT <= 18) {
Class ActivityThreadClazz = Class.forName("android.app.ActivityThread");
sActiveResourcesField = ActivityThreadClazz.getDeclaredField("mActiveResources");
sActiveResourcesField.setAccessible(true);
// sResourcesKeyClazz = Class.forName("android.app.ActivityThread$ResourcesKey");
// sResDirField = sResourcesKeyClazz.getDeclaredField("mResDir");
sAssetsField = Resources.class.getDeclaredField("mAssets");
sAssetsField.setAccessible(true);
} else if (Build.VERSION.SDK_INT < 24) {
sResourcesManagerClazz = Class.forName("android.app.ResourcesManager");
// sResourcesManagerField = sResourcesManagerClazz.getDeclaredField("sResourcesManager");
// sResourcesManagerField.setAccessible(true);
sActiveResourcesField = sResourcesManagerClazz.getDeclaredField("mActiveResources");
sActiveResourcesField.setAccessible(true);
// sResourcesKeyClazz = Class.forName("android.content.res.ResourcesKey");
// sResDirField = sResourcesKeyClazz.getDeclaredField("mResDir");
// sResDirField.setAccessible(true);
sgetInstanceMethod = sResourcesManagerClazz.getDeclaredMethod("getInstance");
sgetInstanceMethod.setAccessible(true);
sAssetsField = Resources.class.getDeclaredField("mAssets");
sAssetsField.setAccessible(true);
} else {
sResourcesManagerClazz = Class.forName("android.app.ResourcesManager");
sActiveResourcesField = sResourcesManagerClazz.getDeclaredField("mActivityResourceReferences");
sActiveResourcesField.setAccessible(true);
// sResourcesKeyClazz = Class.forName("android.content.res.ResourcesKey");
// sResDirField = sResourcesKeyClazz.getDeclaredField("mResDir");
sgetInstanceMethod = sResourcesManagerClazz.getDeclaredMethod("getInstance");
sgetInstanceMethod.setAccessible(true);
}
}catch(Throwable e){}
}
private static Field findField(Object instance, String name) throws NoSuchFieldException {
for (Class<?> clazz = instance.getClass(); clazz != null; clazz = clazz.getSuperclass()) {
try {
Field field = clazz.getDeclaredField(name);
if (!field.isAccessible()) {
field.setAccessible(true);
}
return field;
} catch (NoSuchFieldException e) {
// ignore and search next
}
}
throw new NoSuchFieldException("Field " + name + " not found in " + instance.getClass());
}
public static Instrumentation getInstrumentation() throws Exception {
Object activityThread = getActivityThread();
if (activityThread == null) {
throw new Exception("Failed to get ActivityThread.sCurrentActivityThread");
}
//return (Instrumentation)AtlasHacks.ActivityThread_mInstrumentation.on(activityThread).get();
return (Instrumentation)AtlasHacks.ActivityThread_mInstrumentation.get(activityThread);
}
public static void injectInstrumentationHook(Instrumentation instrumentation) throws Exception {
Object activityThread = getActivityThread();
if (activityThread == null) {
throw new Exception("Failed to get ActivityThread.sCurrentActivityThread");
}
//AtlasHacks.ActivityThread_mInstrumentation.on(activityThread).set(instrumentation);
AtlasHacks.ActivityThread_mInstrumentation.set(activityThread,instrumentation);
}
// public static void injectContextHook(ContextWrapper wrapper, ContextWrapper contextHook) {
// //AtlasHacks.ContextWrapper_mBase.on(wrapper).set(contextHook);
// AtlasHacks.ContextWrapper_mBase.set(wrapper,contextHook);
// }
static class ActvityThreadGetter implements Runnable {
@Override
public void run() {
Class<?> activityThreadCls = AtlasHacks.ActivityThread.getmClass();
try {
_sActivityThread = AtlasHacks.ActivityThread_currentActivityThread.invoke(activityThreadCls);
} catch (Exception e) {
e.printStackTrace();
}
synchronized (AtlasHacks.ActivityThread_currentActivityThread) {
AtlasHacks.ActivityThread_currentActivityThread.notify();
}
}
}
}