Merge pull request #1 from ChickenHook/feature/content_provider_api

Feature/content provider api
ChickenHook · May 2, 2020 · 0c9a92c · 0c9a92c
2 parents 81bb2de + 0395892
commit 0c9a92c
Show file tree

Hide file tree

Showing 8 changed files with 119 additions and 62 deletions.
diff --git a/README.md b/README.md
@@ -27,66 +27,13 @@ allprojects {
 2) In your library/build.gradle add:
 ```groovy
    dependencies {
-        implementation 'com.github.ChickenHook:RestrictionBypass:1.0'
+        implementation 'com.github.ChickenHook:RestrictionBypass:2.0'
    }
 ```
-## Examples
+## Usage
 
-#### getDeclaredField(...)
-
-Original reflection call
-
-```kt
-        Class.forName("android.app.ActivityThread").getDeclaredField(
-            "mResourcesManager"
-        )
-```
-
-Call with RestrictionBypass
-
-```kt
-            RestrictionBypass.getDeclaredField(
-                Class.forName("android.app.ActivityThread"),
-                "mResourcesManager"
-
-            )
-```
-
-#### getMethod(...)
-
-Original reflection call
-
-
-```kt
-        Class.forName("android.app.ActivityThread").getMethod(
-            "getPackageInfo", String::class.java, Class.forName("android.content.res.CompatibilityInfo"), Integer.TYPE
-        )
-```
-Call with RestrictionBypass
-
-```kt
-            RestrictionBypass.getMethod(
-                Class.forName("android.app.ActivityThread"),
-                "getPackageInfo", String::class.java, Class.forName("android.content.res.CompatibilityInfo"), Integer.TYPE
-            )
-```
-
-#### getDeclaredMethod(...)
-Original reflection call
-
-```kt
-        Class.forName("android.app.ActivityThread").getDeclaredMethod(
-            "getPackageInfo", String::class.java, Class.forName("android.content.res.CompatibilityInfo"), Integer.TYPE
-        )
-```
-Call with RestrictionBypass
-
-```kt
-            RestrictionBypass.getDeclaredMethod(
-                Class.forName("android.app.ActivityThread"),
-                "getPackageInfo", String::class.java, Class.forName("android.content.res.CompatibilityInfo"), Integer.TYPE
-            )
-```
+Just include the library as explained in the Integration chapter.
+The BypassProvider will automatically unseal your process and allow you to access hidden api.
 
 ## Troubleshooting
 

diff --git a/app/src/androidTest/java/org/chickenhook/restrictionbypass/app/KotlinExamples.kt b/app/src/androidTest/java/org/chickenhook/restrictionbypass/app/KotlinExamples.kt
@@ -2,6 +2,7 @@ package org.chickenhook.restrictionbypass.app
 
 import junit.framework.Assert.assertNotNull
 import org.chickenhook.restrictionbypass.RestrictionBypass
+import org.chickenhook.restrictionbypass.Unseal
 import org.junit.Test
 
 class KotlinExamples {
@@ -40,4 +41,13 @@ class KotlinExamples {
             )
         )
     }
+
+    @Test
+    fun invokeGetPackageInfoWithUnsealApiBypass() {
+        Unseal.unseal()
+        Class.forName("android.app.ActivityThread").getMethod(
+            "getPackageInfo", String::class.java, Class.forName("android.content.res.CompatibilityInfo"), Integer.TYPE
+        )
+    }
+
 }
diff --git a/build.gradle b/build.gradle
@@ -5,12 +5,12 @@ buildscript {
     repositories {
         google()
         jcenter()
-        
+
     }
     dependencies {
         classpath 'com.android.tools.build:gradle:3.6.3'
         classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
-        classpath 'com.github.dcendents:android-maven-gradle-plugin:1.5' // Add this line
+        classpath 'com.github.dcendents:android-maven-gradle-plugin:2.1' // Add this line
 
         // NOTE: Do not place your application dependencies here; they belong
         // in the individual module build.gradle files
@@ -21,7 +21,8 @@ allprojects {
     repositories {
         google()
         jcenter()
-
+        maven { url "https://jitpack.io" }
+
     }
 }
 

diff --git a/prebuild/restrictionbypass.aar b/prebuild/restrictionbypass.aar
diff --git a/restrictionbypass/build.gradle b/restrictionbypass/build.gradle
@@ -1,6 +1,8 @@
 apply plugin: 'com.android.library'
 apply plugin: 'com.github.dcendents.android-maven'
-group='com.github.ChickenHook'
+apply plugin: 'kotlin-android'
+apply plugin: 'kotlin-android-extensions'
+group = 'com.github.ChickenHook'
 android {
     compileSdkVersion 29
     buildToolsVersion "29.0.3"
@@ -44,4 +46,5 @@ dependencies {
     testImplementation 'junit:junit:4.12'
     androidTestImplementation 'androidx.test.ext:junit:1.1.1'
     androidTestImplementation 'androidx.test.espresso:espresso-core:3.2.0'
+    // implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version"
 }
diff --git a/restrictionbypass/src/main/AndroidManifest.xml b/restrictionbypass/src/main/AndroidManifest.xml
@@ -1,2 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
-    package="org.chickenhook.restrictionbypass" />
+    package="org.chickenhook.restrictionbypass">
+
+    <application>
+        <provider
+            android:name=".BypassProvider"
+            android:authorities="org.chickenhook.restrictionbypass"
+            android:enabled="true"
+            android:exported="false"></provider>
+    </application>
+
+</manifest>
diff --git a/restrictionbypass/src/main/java/org/chickenhook/restrictionbypass/BypassProvider.java b/restrictionbypass/src/main/java/org/chickenhook/restrictionbypass/BypassProvider.java
@@ -0,0 +1,56 @@
+package org.chickenhook.restrictionbypass;
+
+import android.content.ContentProvider;
+import android.content.ContentValues;
+import android.content.Context;
+import android.content.pm.ProviderInfo;
+import android.database.Cursor;
+import android.net.Uri;
+import android.util.Log;
+
+public class BypassProvider extends ContentProvider {
+    public BypassProvider() {
+    }
+
+    @Override
+    public int delete(Uri uri, String selection, String[] selectionArgs) {
+        return 0;
+    }
+
+    @Override
+    public String getType(Uri uri) {
+        return null;
+    }
+
+    @Override
+    public Uri insert(Uri uri, ContentValues values) {
+        return null;
+    }
+
+    @Override
+    public boolean onCreate() {
+        return true;
+    }
+
+    @Override
+    public Cursor query(Uri uri, String[] projection, String selection,
+                        String[] selectionArgs, String sortOrder) {
+        return null;
+    }
+
+    @Override
+    public int update(Uri uri, ContentValues values, String selection,
+                      String[] selectionArgs) {
+        return 0;
+    }
+
+    @Override
+    public void attachInfo(Context context, ProviderInfo info) {
+        super.attachInfo(context, info);
+        try {
+            Unseal.unseal();
+        } catch (Exception e) {
+            Log.e("BypassProvider", "Unable to unseal hidden api access", e);
+        }
+    }
+}
diff --git a/restrictionbypass/src/main/java/org/chickenhook/restrictionbypass/Unseal.java b/restrictionbypass/src/main/java/org/chickenhook/restrictionbypass/Unseal.java
@@ -0,0 +1,29 @@
+package org.chickenhook.restrictionbypass;
+
+import java.lang.reflect.Method;
+
+public class Unseal {
+
+    public static void unseal() throws Exception {
+        Method getRuntime = RestrictionBypass.getDeclaredMethod(
+                Class.forName("dalvik.system.VMRuntime"),
+                "getRuntime"
+        );
+        getRuntime.setAccessible(true);
+        Object vmRuntime = getRuntime.invoke(null);
+
+        Method setHiddenApiExemptions = RestrictionBypass.getDeclaredMethod(
+                vmRuntime.getClass(),
+                "setHiddenApiExemptions",
+                String[].class
+        );
+        setHiddenApiExemptions.setAccessible(true);
+
+        String[] list = new String[1];
+        list[0] = "L";
+        Object[] args = new Object[1];
+        args[0] = list;
+        setHiddenApiExemptions.invoke(vmRuntime, args);
+        // setHiddenApiExemptions
+    }
+}