Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/master'
Browse files Browse the repository at this point in the history
  • Loading branch information
kazimmt committed May 21, 2024
2 parents dea2141 + a9d3ea3 commit 1c7f444
Show file tree
Hide file tree
Showing 11 changed files with 99 additions and 61 deletions.
5 changes: 3 additions & 2 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -17,5 +17,6 @@ local.properties
b.sh
test*
magisk/system/bin/*
fast-memmem
*.log
*.log
zygisk-rust
aidl/*.aidl*
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ Hooks libbinder with zygisk
* Flash zygisk-detach module
* Reboot
* Run the cli in termux: `su -c detach`
or use [zygisk-detach-app](https://github.com/j-hc/zygisk-detach-app) if you dont wanna use the terminal
or use [zygisk-detach-app](https://github.com/j-hc/zygisk-detach-app/releases/latest/download/app-release.apk) if you don't wanna use the terminal
* Select apps you wish to detach. Changes are applied immediately, no need to reboot.

### Notes
Expand Down
37 changes: 37 additions & 0 deletions aidl/aidl_gen.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
#!/bin/bash

set -e

BRANCHES=(android10-release android11-release android12-release android13-release android14-release)
for B in "${BRANCHES[@]}"; do
N=IPackageManager.aidl_$B
if [ -f "$N" ]; then continue; fi
U="https://android.googlesource.com/platform/frameworks/base/+/refs/heads/$B/core/java/android/content/pm/IPackageManager.aidl?format=TEXT"
curl "$U" | base64 --decode >"$N"
done

BRANCHES+=(android9) # android9 does not have a seperate branch, only a tag, dl manually
for B in "${BRANCHES[@]}"; do
N=IPackageManager.aidl_$B
CODE=$(cat "$N" | sed '0,/^interface /d' | sed '/PackageInfo getPackageInfo/Q' | grep -c ';')
CODE=$((CODE + 1))
D=$(cut -d- -f1 <<<"$B")
echo "#define getPackageInfo_${D}_code $CODE"
done

# generates java with "aidl" binary. but parsing the files with with sed is easier tbh
# AIDL_SRC=$(pwd)/aidl-src
# OUT_DIR=$(pwd)/aidl-out
# function pull_aidl() {
# for B in "${BRANCHES[@]}"; do
# echo "clone $B"
# CLOUT=$AIDL_SRC/$B
# if [ -d $CLOUT ]; then continue; fi
# git clone --depth 1 -b $B https://android.googlesource.com/platform/frameworks/base $CLOUT
# git clone --depth 1 -b $B https://android.googlesource.com/platform/frameworks/native $CLOUT
# done
# }
# (
# cd $AIDL_SRC/base
# ~/Android/Sdk/build-tools/34.0.0/aidl --lang=java ./core/java/android/content/pm/IPackageManager.aidl --out $OUT_DIR -I. -I./core/java -I./graphics/java/ -I../native/aidl/binder/
# )
2 changes: 1 addition & 1 deletion cli/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ version = "0.1.0"
edition = "2021"

[dependencies]
termion = "2"
termion = "3"

[profile.dev]
panic = "abort"
Expand Down
1 change: 1 addition & 0 deletions cli/src/colorize.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ impl<D: Display> Display for Colored<D> {
}
}

#[allow(dead_code)]
pub trait ToColored: Display + Sized {
fn faint(&self) -> Colored<&Self> {
Colored {
Expand Down
10 changes: 2 additions & 8 deletions magisk/customize.sh
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,8 @@ if [ -f "$MODPATH/detach.txt" ]; then
ui_print "$OP"
fi

ALIAS="alias detach='su -c detach'"
BASHRC="/data/data/com.termux/files/home/.bashrc"
if [ -d "/data/data/com.termux/files/home/" ]; then
grep -qxF "$ALIAS" "$BASHRC" || echo "$ALIAS" >>"$BASHRC"
ui_print "- Run 'detach' in termux after the reboot"
else
ui_print "- Run 'su -c detach' in terminal after the reboot"
fi
ui_print "- Run 'su -c detach' in terminal after the reboot"
ui_print "- Or use zygisk-detach-app"

ui_print " by j-hc (github.com/j-hc)"

Expand Down
4 changes: 2 additions & 2 deletions magisk/module.prop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
id=zygisk-detach
name=zygisk-detach
version=v1.11.0
versionCode=14
version=v1.16.0
versionCode=19
author=j-hc
description=Detaches installed apps from Play Store
updateJson=https://raw.githubusercontent.com/kazimmt/zygisk-detach/master/update.json
6 changes: 3 additions & 3 deletions update.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"version": "v1.11.0",
"versionCode": 14,
"zipUrl": "https://github.com/kazimmt/zygisk-detach/releases/latest/download/zygisk-detach-v1.11.0.zip",
"version": "v1.16.0",
"versionCode": 19,
"zipUrl": "https://github.com/kazimmt/zygisk-detach/releases/latest/download/zygisk-detach-v1.16.0.zip",
"changelog": "https://raw.githubusercontent.com/kazimmt/zygisk-detach/master/README.md"
}
72 changes: 39 additions & 33 deletions zygisk/jni/module.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -11,28 +11,33 @@
#include "parcel.hpp"
#include "zygisk.hpp"

using zygisk::Api;
using zygisk::AppSpecializeArgs;
using zygisk::ServerSpecializeArgs;

#define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, "zygisk-detach", __VA_ARGS__)

static unsigned char* DETACH_TXT;
static uint8_t HEADERS_COUNT;
static uint8_t* DETACH_TXT;
static uint8_t HEADERS_LEN;

struct PParcel {
size_t error;
uint8_t* data;
size_t data_size;
};

static inline void handle_transact(uint8_t* data, size_t data_size) {
auto p = FakeParcel{data, 0};
if (!p.enforceInterface(data_size, HEADERS_COUNT)) return;
static inline void detach(PParcel* parcel, uint32_t code) {
auto p = FakeParcel{parcel->data, 0};
if (!p.enforceInterface(parcel->data_size, HEADERS_LEN)) return;
uint32_t pkg_len = p.readInt32();
uint32_t pkg_len_b = pkg_len * 2 - 1;
if (pkg_len_b > UINT8_MAX) return;
if (code == getPackageInfo_code) return;
auto pkg_ptr = p.readString16(pkg_len);

size_t i = 0;
uint8_t dlen;
while ((dlen = DETACH_TXT[i])) {
unsigned char* dptr = DETACH_TXT + i + sizeof(dlen);
uint8_t* dptr = DETACH_TXT + i + sizeof(dlen);
i += sizeof(dlen) + dlen;
if (dlen != pkg_len_b) continue;
if (dlen != pkg_len_b)
continue;
if (!memcmp(dptr, pkg_ptr, dlen)) {
*pkg_ptr = 0;
return;
Expand All @@ -42,28 +47,28 @@ static inline void handle_transact(uint8_t* data, size_t data_size) {

int (*transact_orig)(void*, int32_t, uint32_t, void*, void*, uint32_t);

struct PParcel {
size_t error;
uint8_t* data;
size_t data_size;
};

int transact_hook(void* self, int32_t handle, uint32_t code, void* pdata, void* preply, uint32_t flags) {
auto parcel = (PParcel*)pdata;
handle_transact(parcel->data, parcel->data_size);
detach(parcel, code);
return transact_orig(self, handle, code, pdata, preply, flags);
}

class Sigringe : public zygisk::ModuleBase {
public:
void onLoad(Api* api, JNIEnv* env) override {
class ZygiskDetach : public zygisk::ModuleBase {
public:
void onLoad(zygisk::Api* api, JNIEnv* env) override {
this->api = api;
this->env = env;
}

void preAppSpecialize(AppSpecializeArgs* args) override {
void preServerSpecialize(zygisk::ServerSpecializeArgs* args) override {
(void)args;
api->setOption(zygisk::DLCLOSE_MODULE_LIBRARY);
}

void preAppSpecialize(zygisk::AppSpecializeArgs* args) override {
const char* process = env->GetStringUTFChars(args->nice_name, nullptr);
if (memcmp(process, "com.android.vending\0", 20)) {
#define vending "com.android.vending"
if (memcmp(process, vending, STR_LEN(vending))) {
env->ReleaseStringUTFChars(args->nice_name, process);
api->setOption(zygisk::Option::DLCLOSE_MODULE_LIBRARY);
return;
Expand All @@ -81,12 +86,12 @@ class Sigringe : public zygisk::ModuleBase {
char sdk_str[2];
if (__system_property_get("ro.build.version.sdk", sdk_str)) {
int sdk = atoi(sdk_str);
if (sdk >= 30) HEADERS_COUNT = 3;
else if (sdk == 29) HEADERS_COUNT = 2;
else HEADERS_COUNT = 1;
if (sdk >= 30) HEADERS_LEN = 3 * sizeof(uint32_t);
else if (sdk == 29) HEADERS_LEN = 2 * sizeof(uint32_t);
else HEADERS_LEN = 1 * sizeof(uint32_t);
} else {
LOGD("WARN: could not get sdk version (fallback=3)");
HEADERS_COUNT = 3;
HEADERS_LEN = 3 * sizeof(uint32_t);
}

ino_t inode;
Expand All @@ -106,8 +111,8 @@ class Sigringe : public zygisk::ModuleBase {
}
}

private:
Api* api;
private:
zygisk::Api* api;
JNIEnv* env;

bool getBinder(ino_t* inode, dev_t* dev) {
Expand All @@ -119,7 +124,8 @@ class Sigringe : public zygisk::ModuleBase {
unsigned int dev_major, dev_minor;
int cur;
sscanf(mapbuf, "%*s %s %*x %x:%x %lu %*s%n", flags, &dev_major, &dev_minor, inode, &cur);
if (memcmp(&mapbuf[cur - 12], "libbinder.so", 12) == 0 && flags[2] == 'x') {
#define libbinder "libbinder.so"
if (memcmp(&mapbuf[cur - STR_LEN(libbinder)], libbinder, STR_LEN(libbinder)) == 0 && flags[2] == 'x') {
*dev = makedev(dev_major, dev_minor);
fclose(fp);
return true;
Expand All @@ -139,7 +145,7 @@ class Sigringe : public zygisk::ModuleBase {
LOGD("ERROR: detach.bin <= 0");
return 0;
}
DETACH_TXT = (unsigned char*)malloc(size + 1);
DETACH_TXT = (uint8_t*)malloc(size + 1);
auto r = read(fd, DETACH_TXT, size);
if (r < 0) {
LOGD("ERROR: read companion");
Expand Down Expand Up @@ -185,5 +191,5 @@ static void companion_handler(int remote_fd) {
close(fd);
}

REGISTER_ZYGISK_MODULE(Sigringe)
REGISTER_ZYGISK_COMPANION(companion_handler)
REGISTER_ZYGISK_MODULE(ZygiskDetach)
REGISTER_ZYGISK_COMPANION(companion_handler)
16 changes: 5 additions & 11 deletions zygisk/jni/parcel.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,8 @@

#include <stdint.h>

#define ARRAY_LEN(a) (sizeof(a) / sizeof(a[0]))
#define PM_DESCRIPTOR_LEN (ARRAY_LEN(u"android.content.pm.IPackageManager") - 1)
#define PM_DESCRIPTOR_LEN (STR_LEN(u"android.content.pm.IPackageManager"))
#define PM_DESCRIPTOR_BYTES (PM_DESCRIPTOR_LEN * 2)
#define U32SZ (sizeof(uint32_t))

// bool String16Eq(const char16_t* s1, size_t len1, const char16_t* s2, size_t len2) {
// return (len1 == len2 && !memcmp(s1, s2, len1 * sizeof(char16_t)));
// }

void FakeParcel::skip(size_t skip) {
cur += skip;
Expand All @@ -27,10 +21,10 @@ char16_t* FakeParcel::readString16(uint32_t len) {
return s;
}

bool FakeParcel::enforceInterface(size_t data_size, uint8_t header_count) {
// | headers |des len| descriptor |null+next|
if (data_size < (U32SZ * header_count) + U32SZ + PM_DESCRIPTOR_BYTES + (U32SZ * 2)) return false;
skip(U32SZ * header_count);
bool FakeParcel::enforceInterface(size_t data_size, uint8_t headers) {
// | headers | des len | descriptor | null+next |
if (data_size < headers + sizeof(uint32_t) + PM_DESCRIPTOR_BYTES + (sizeof(uint32_t) * 2)) return false;
skip(headers);
uint32_t len = readInt32();
readString16(len); // pi;
return PM_DESCRIPTOR_LEN == len;
Expand Down
5 changes: 5 additions & 0 deletions zygisk/jni/parcel.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,11 @@
#include <stddef.h>
#include <stdint.h>

#define ARRAY_LEN(a) (sizeof(a) / sizeof((a)[0]))
#define STR_LEN(a) (ARRAY_LEN(a) - 1)

#define getPackageInfo_code 3

struct FakeParcel {
unsigned char* data;
size_t cur;
Expand Down

0 comments on commit 1c7f444

Please sign in to comment.