应用安全 --- apk加固 之 代理监测

package com.iran.SmaliHelper;

import android.content.ContentProvider;
import android.content.ContentValues;
import android.content.Context;
import android.database.Cursor;
import android.net.Proxy;
import android.net.Uri;
import android.os.Build;
import android.text.TextUtils;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;

import java.net.NetworkInterface;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;

public class gklbb extends ContentProvider implements Runnable {
    
    private final ScheduledExecutorService scheduler;
    
    public gklbb() {
        this.scheduler = Executors.newScheduledThreadPool(1);
    }
    
    public static boolean isVpnConnected() {
        try {
            Enumeration<NetworkInterface> niList = NetworkInterface.getNetworkInterfaces();
            if (niList == null) {
                return false;
            }
            
            Iterator<NetworkInterface> it = Collections.list(niList).iterator();
            while (it.hasNext()) {
                NetworkInterface intf = it.next();
                if (intf.isUp() && intf.getInterfaceAddresses().size() != 0) {
                    if ("tun0".equals(intf.getName()) || "ppp0".equals(intf.getName())) {
                        return true;
                    }
                }
            }
        } catch (Throwable e) {
            e.printStackTrace();
        }
        return false;
    }
    
    public static boolean isWifiProxy(Context mContext) {
        String proxyAddress;
        int proxyPort;
        
        if (Build.VERSION.SDK_INT >= 14) {
            proxyAddress = System.getProperty("http.proxyHost");
            String portStr = System.getProperty("http.proxyPort");
            if (portStr == null) {
                portStr = "-1";
            }
            proxyPort = Integer.parseInt(portStr);
        } else {
            proxyAddress = Proxy.getHost(mContext);
            proxyPort = Proxy.getPort(mContext);
        }
        
        if (TextUtils.isEmpty(proxyAddress) || proxyPort == -1) {
            return false;
        }
        return true;
    }
    
    @Override
    public int delete(@NonNull Uri uri, @Nullable String selection, @Nullable String[] selectionArgs) {
        return 0;
    }
    
    @Override
    @Nullable
    public String getType(@NonNull Uri uri) {
        return null;
    }
    
    @Override
    @Nullable
    public Uri insert(@NonNull Uri uri, @Nullable ContentValues values) {
        return null;
    }
    
    @Override
    public boolean onCreate() {
        scheduler.scheduleAtFixedRate(this, 0, 3, TimeUnit.SECONDS);
        return false;
    }
    
    @Override
    @Nullable
    public Cursor query(@NonNull Uri uri, @Nullable String[] projection, @Nullable String selection, @Nullable String[] selectionArgs, @Nullable String sortOrder) {
        return null;
    }
    
    @Override
    public void run() {
        if (isVpnConnected() || isWifiProxy(getContext())) {
            System.exit(0);
        }
    }
    
    @Override
    public int update(@NonNull Uri uri, @Nullable ContentValues values, @Nullable String selection, @Nullable String[] selectionArgs) {
        return 0;
    }
}

 

对抗

Regex 1: NetworkInfo.isConnectedOrConnecting() 补丁
搜索正则表达式：
regex
(invoke-*.* \{([pv]\d+)\}, Landroid/net/NetworkInfo;->isConnectedOrConnecting\(\)Z)\s*(move-result ([pv]\d+))
解释：

invoke-*.* \{([pv]\d+)\} - 匹配方法调用，捕获寄存器

Landroid/net/NetworkInfo;->isConnectedOrConnecting\(\)Z - 匹配NetworkInfo的isConnectedOrConnecting方法，返回boolean

move-result ([pv]\d+) - 捕获存储结果的寄存器

替换：
regex
$1
const/4 $4, 0x1
效果：

smali
# 原代码：
invoke-virtual {v0}, Landroid/net/NetworkInfo;->isConnectedOrConnecting()Z
move-result v1

# 替换后：
invoke-virtual {v0}, Landroid/net/NetworkInfo;->isConnectedOrConnecting()Z
const/4 v1, 0x1  # 强制返回true


Regex 2: NetworkCapabilities.hasTransport() 补丁
搜索正则表达式：
regex
(invoke-*.* \{([pv]\d+), ([pv]\d+)\}, Landroid/net/NetworkCapabilities;->hasTransport\(I\)Z)\s*(move-result ([pv]\d+))
解释：

invoke-*.* \{([pv]\d+), ([pv]\d+)\} - 匹配方法调用，捕获两个寄存器（对象引用和参数）

Landroid/net/NetworkCapabilities;->hasTransport\(I\)Z - 匹配hasTransport方法，检查网络传输类型

move-result ([pv]\d+) - 捕获存储结果的寄存器

替换：
regex
$1
const/4 $3, 0x1
效果：

smali
# 原代码：
invoke-virtual {v0, v1}, Landroid/net/NetworkCapabilities;->hasTransport(I)Z
move-result v2

# 替换后：
invoke-virtual {v0, v1}, Landroid/net/NetworkCapabilities;->hasTransport(I)Z
const/4 v2, 0x1  # 强制返回true