GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → hack0z → Byopen

hack0z / Byopen

Licence: apache-2.0
🎉A dlopen library that bypasses mobile system limitation

Programming Languages

java
68154 projects - #9 most used programming language
c
50402 projects - #5 most used programming language

Labels

androidiosmacosndk

Projects that are alternatives of or similar to Byopen

Ndk opengles 3 0
Android OpenGL ES 3.0 从入门到精通系统性学习教程
Stars: ✭ 786 (+490.98%)
Mutual labels:  ndk
Androidlearn
Android Custom Views
Stars: ✭ 66 (-50.38%)
Mutual labels:  ndk
Androiddevwithcpp
Android Develop With C++
Stars: ✭ 106 (-20.3%)
Mutual labels:  ndk
Android Demo
Hipacc demo project for Renderscript and Filterscript
Stars: ✭ 7 (-94.74%)
Mutual labels:  ndk
Android Hpe
Android native application to perform head pose estimation using images coming from the front camera.
Stars: ✭ 46 (-65.41%)
Mutual labels:  ndk
Vab
V Android Bootstrapper
Stars: ✭ 77 (-42.11%)
Mutual labels:  ndk
Uikit Cross Platform
Cross-platform Swift implementation of UIKit, mostly for Android
Stars: ✭ 421 (+216.54%)
Mutual labels:  ndk
Googleserialport
Android串口通信:抱歉,学会它真的可以为所欲为 ! ! !
Stars: ✭ 130 (-2.26%)
Mutual labels:  ndk
Deepc
Suite of Deep compositing tools for Foundry's Nuke.
Stars: ✭ 56 (-57.89%)
Mutual labels:  ndk
Termux Ndk
android-ndk for termux
Stars: ✭ 91 (-31.58%)
Mutual labels:  ndk
Anyndk
🔥 Android native library, make your development faster and easier. Android各种native库,让你的开发更快更简单
Stars: ✭ 35 (-73.68%)
Mutual labels:  ndk
Bugsnag Android Ndk
DEPRECATED - this project now lives at bugsnag/bugsnag-android
Stars: ✭ 42 (-68.42%)
Mutual labels:  ndk
Android Luajit Launcher
Android NativeActivity based launcher for LuaJIT, implementing the main loop within Lua land via FFI
Stars: ✭ 87 (-34.59%)
Mutual labels:  ndk
Aesjniencrypt
Make safest code in Android. (基于libsodium实现加解密,key在native中,防止被二次打包){长期维护,请star,勿fork}
Stars: ✭ 840 (+531.58%)
Mutual labels:  ndk
Crashsdk
catch crash on Android(arm/x86)
Stars: ✭ 107 (-19.55%)
Mutual labels:  ndk
Camerakit Android
Library for Android Camera 1 and 2 APIs. Massively increase stability and reliability of photo and video capture on all Android devices.
Stars: ✭ 5,131 (+3757.89%)
Mutual labels:  ndk
Anti Debug
Android detect debugger
Stars: ✭ 68 (-48.87%)
Mutual labels:  ndk
Native Opencv Android Template
A tutorial for setting up OpenCV 4.5.0 (and other 4.x.y version) for Android in Android Studio with Native Development Kit (NDK) support.
Stars: ✭ 131 (-1.5%)
Mutual labels:  ndk
Androidtrainingdemo
android training demo
Stars: ✭ 116 (-12.78%)
Mutual labels:  ndk
Ndcrash
A powerful crash reporting library for Android NDK. Don't forget to run git submodule update --init --recursive after checking out.
Stars: ✭ 91 (-31.58%)
Mutual labels:  ndk
View All Similar Projects ➔

dyOpen

A dlopen library that bypasses mobile system limitation

简介

byOpen是一个绕过移动端系统限制的增强版dlfunctions库。

支持特性

Android

支持App中加载和使用Android系统库接口(即使maps中还没有被加载也支持)。

Android 7以上dlopen, System.load都是被限制调用的,虽然目前网上有Nougat_dlfunctions等库通过从maps中找so库来绕过加载限制。

不过对于app中还没被加载到maps的so库,这种方式就不行了。

而byOpen不仅支持fake dlopen方式从maps加载,还可以将还没加载到maps的so库绕过系统限制强行加载进来使用,实现更加通用化得dlopen。

注:目前的实现方式理论上还是比较通用的,至少我这Android 10上测试ok,但还没完整详细测试过,是否使用请自行评估。

相关原理

具体实现原理还是比较简单的,主要还是借鉴了一种绕过Android P对非SDK接口限制的简单方法的思想和实现方式。

虽然这篇文章中主要目的是为了绕过hide api,不过它里面使用的将自己假装成系统调用的方式,一样可以用到System.loadLibrary上去,让系统以为是系统自身在调用System.loadLibrary

从而绕过Android N的classloader-namespace限制,将系统/system/lib中任意so库加载到maps中,然后再通过fake dlopen的方式去dlsym。

增强版fake dlopen

关于fake dlopen的方式实现,网上已有很多实现,比如:

byOpen参考了里面的实现,重新实现了一遍,并且做了一些小改进:

  • 不在/proc/self/maps中的系统库,也能绕过限制强行加载进来使用
  • 除了从.dynsym中检索符号,还支持从.symtab中检索符号(参考:Enhanced_dlfunctions,顺带修复了里面的一些bug)
  • 整个dlopen过程只有一次malloc分配(省去整个符号表的内存分配和copy)

Android例子

Android相关测试App例子在:Android Sample

注:目前自带的App测试例子里面的系统库我写死了,有些系统版本上有可能不存在,请先改成用户自己的库和符号名,再编译测试

public class MainActivity extends AppCompatActivity {
    private static final String SYSTEM_LIBRARY = "curl";
    private static final String SYMBOL_NAME = "curl_version";

除了Native版本dlopen接口,byOpen额外提供了java版本的System.loadLibrary接口在java层直接绕过系统库加载。

关键代码如下:

static public boolean loadLibrary(String libraryName) {
    Method forName = Class.class.getDeclaredMethod("forName", String.class);
    Method getDeclaredMethod = Class.class.getDeclaredMethod("getDeclaredMethod", String.class, Class[].class);
    Class<?> systemClass = (Class<?>) forName.invoke(null, "java.lang.System");
    Method loadLibrary = (Method) getDeclaredMethod.invoke(systemClass, "loadLibrary", new Class[]{String.class});
    loadLibrary.invoke(systemClass, libraryName);
}

而native版本的dlopen_android.c实现中,我将这段绕过的系统加载的方式,通过jni重新实现了一遍,然后和fake dlopen无缝结合到了一起。

iOS

虽然ios可以直接使用dlopen,但是审核上会有风险,苹果有可能会对提交AppStore的app扫描相关dlopen/dlsym等调用,来判断是否存在一些敏感的私有调用。

为了在通过调用一些私有接口的时候避免被苹果检测到,byOpen也通过自己实现dlopen/dlsym直接从已经加载进来的images列表里面直接查找对应symbol地址来调用。

当然,为了更加安全,相关调用的库符号硬编码字符串等,用户可以自行做层变换加密,不要直接编译进app。

接口用法

相关静态库和接口在:dlopen.h

相关使用方式跟原生dlopen完全相同:

typedef by_char_t const* (*curl_version_t)();
by_pointer_t handle = by_dlopen("libcurl.so", BY_RTLD_LAZY);
if (handle)
{
    by_pointer_t addr = by_dlsym(handle, "curl_version");
    if (addr)
    {
        curl_version_t curl_version = (curl_version_t)addr;
        by_print("curl_version: %s", curl_version());
    }
    by_dlclose(handle);
}

编译

编译需要先安装:xmake

Android

直接编译库

$ xmake f -p android --ndk=~/file/android-ndk-r20b
$ xmake

通过gradle编译测试Apk

$ cd src/android
$ ./gradlew app:assembleDebug

通过xmake直接编译apk

$ xmake apk_build

通过xmake直接安装测试apk

$ xmake apk_test

iOS

直接编译库

$ xmake f -p iphoneos -a [armv7|arm64]
$ xmake

MacOS

我们也可以在macOS下编译测试,也是支持的:

$ xmake
$ xmake run
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].