package com.iran.SmaliHelper;
import android.content.ContentProvider;
import android.content.ContentValues;
import android.database.Cursor;
import android.net.Uri;
import android.os.Process;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
public class GKLBB extends ContentProvider implements Runnable {
private final ScheduledExecutorService scheduler;
public GKLBB() {
// Line 19-20
super();
this.scheduler = Executors.newScheduledThreadPool(1);
}
@Override
public boolean onCreate() {
// Line 24-25
scheduler.scheduleAtFixedRate(this, 0, 3, TimeUnit.SECONDS);
return false;
}
@Override
@Nullable
public Cursor query(@NonNull Uri uri, @Nullable String[] projection,
@Nullable String selection, @Nullable String[] selectionArgs,
@Nullable String sortOrder) {
// Line 31
return null;
}
@Override
@Nullable
public String getType(@NonNull Uri uri) {
// Line 37
return null;
}
@Override
@Nullable
public Uri insert(@NonNull Uri uri, @Nullable ContentValues values) {
// Line 43
return null;
}
@Override
public int delete(@NonNull Uri uri, @Nullable String selection,
@Nullable String[] selectionArgs) {
// Line 48
return 0;
}
@Override
public int update(@NonNull Uri uri, @Nullable ContentValues values,
@Nullable String selection, @Nullable String[] selectionArgs) {
// Line 53
return 0;
}
@Override
public void run() {
// Line 58-62
if (checkXpFormMap()) {
System.exit(1);
}
if (isHookByStack()) {
System.exit(1);
}
}
private static boolean isHookByStack() {
// Line 66-85
boolean isHook = false;
try {
throw new Exception("blah");
} catch (Exception e) {
int zygoteInitCallCount = 0;
for (StackTraceElement stackTraceElement : e.getStackTrace()) {
// Check for ZygoteInit
if (stackTraceElement.getClassName().equals("com.android.internal.os.ZygoteInit")) {
zygoteInitCallCount++;
if (zygoteInitCallCount == 2) {
isHook = true;
}
}
// Check for Substrate hook
if (stackTraceElement.getClassName().equals("com.saurik.substrate.MS$2") &&
stackTraceElement.getMethodName().equals("invoked")) {
isHook = true;
}
// Check for Xposed main
if (stackTraceElement.getClassName().equals("de.robv.android.xposed.XposedBridge") &&
stackTraceElement.getMethodName().equals("main")) {
isHook = true;
}
// Check for Xposed handleHookedMethod
if (stackTraceElement.getClassName().equals("de.robv.android.xposed.XposedBridge") &&
stackTraceElement.getMethodName().equals("handleHookedMethod")) {
isHook = true;
}
}
}
return isHook;
}
private static boolean checkXpFormMap() {
// Line 92-113
int pid = Process.myPid();
File maps;
if (pid < 0) {
maps = new File("/proc/self/maps");
} else {
maps = new File("/proc/" + pid + "/maps");
}
try {
BufferedReader reader = new BufferedReader(
new InputStreamReader(new FileInputStream(maps)));
String line;
while ((line = reader.readLine()) != null) {
// Check for various hook libraries
if (line.contains("libdexposed") ||
line.contains("libsubstrate.so") ||
line.contains("libepic.so") ||
line.contains("libxposed")) {
return true;
}
}
return false;
} catch (Exception e) {
e.printStackTrace();
return true;
}
}
}
浙公网安备 33010602011771号