Improvements

Added support for LDPreload Injection and Improved architecture text.

Author: reveny

app/src/main/AndroidManifest.xml

@@ -3,14 +3,10 @@
     xmlns:tools="http://schemas.android.com/tools"
     package="com.reveny.injector">
 
-    <uses-permission
-        android:name="android.permission.QUERY_ALL_PACKAGES"
-        tools:ignore="QueryAllPackagesPermission" />
+    <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES" tools:ignore="QueryAllPackagesPermission" />
     <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
     <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
-    <uses-permission
-        android:name="android.permission.MANAGE_EXTERNAL_STORAGE"
-        tools:ignore="ScopedStorage" />
+    <uses-permission android:name="android.permission.MANAGE_EXTERNAL_STORAGE" tools:ignore="ScopedStorage" />
 
     <application
         android:allowBackup="true"

app/src/main/cpp/Android.mk

@@ -6,6 +6,6 @@ LOCAL_C_INCLUDES += $(MAIN_LOCAL_PATH)
 
 LOCAL_SRC_FILES := Inject.cpp \
 
-LOCAL_LDLIBS := -llog -landroid -lGLESv2
+LOCAL_LDLIBS := -llog -landroid
 
 include $(BUILD_SHARED_LIBRARY)

app/src/main/cpp/Inject.cpp

@@ -9,9 +9,10 @@ extern "C" {
     Java_com_reveny_injector_Native_Inject(JNIEnv *env, jclass clazz, jstring package_name, jstring library_path, jstring launcherAct, jboolean auto_launch) {
         pkgName = env->GetStringUTFChars(package_name, nullptr);
         libraryPath = env->GetStringUTFChars(library_path, nullptr);
+        appLaunchActivity = env->GetStringUTFChars(launcherAct, nullptr);
         shouldAutoLaunch = auto_launch;
-        appLaunchActivity = env->GetStringUTFChars(launcherAct, nullptr);;
 
-        return initInject();
+        int result = initInject();
+        return result;
     }
 }

app/src/main/cpp/Injector/PtraceUtils.h

@@ -295,52 +295,51 @@ int ptrace_call(pid_t pid, uintptr_t ExecuteAddr, long *parameters, long num_par
         if (ptrace_getregs(pid, regs) == -1) {
             return -1;
         }
-
     #elif defined(__x86_64__)
-        LOGE("Ptrace call x86_64");
-        int num_param_registers = 6;
-        if (num_params > 0)
-            regs->rdi = parameters[0];
-        if (num_params > 1)
-            regs->rsi = parameters[1];
-        if (num_params > 2)
-            regs->rdx = parameters[2];
-        if (num_params > 3)
-            regs->rcx = parameters[3];
-        if (num_params > 4)
-            regs->r8 = parameters[4];
-        if (num_params > 5)
-            regs->r9 = parameters[5];
-
-        if (num_param_registers < num_params){
-            regs->esp -= (num_params - num_param_registers) * sizeof(long); //Allocate stack space, the direction of the stack is from high address to low address
-            if (0 != ptrace_writedata(pid, (uint8_t *)regs->esp, (uint8_t *)&parameters[num_param_registers], (num_params - num_param_registers) * sizeof(long))){
-                return -1;
-            }
-        }
-
-        long tmp_addr = 0x0;
-        regs->esp -= sizeof(long);
-        if (0 != ptrace_writedata(pid, (uint8_t *)regs->esp, (uint8_t *)&tmp_addr, sizeof(tmp_addr))) {
-            return -1;
-        }
-
-        regs->eip = ExecuteAddr;
-
-        if (ptrace_setregs(pid, regs) == -1 || ptrace_continue(pid) == -1) {
-            return -1;
-        }
-
-        int stat = 0;
-        waitpid(pid, &stat, WUNTRACED);
-
-        while (stat != 0xb7f){
-            if (ptrace_continue(pid) == -1){
-                //printf("[-] ptrace call error");
-                return -1;
-            }
-            waitpid(pid, &stat, WUNTRACED);
-        }
+       LOGE("Ptrace call x86_64");
+       int num_param_registers = 6;
+       if (num_params > 0)
+           regs->rdi = parameters[0];
+       if (num_params > 1)
+           regs->rsi = parameters[1];
+       if (num_params > 2)
+           regs->rdx = parameters[2];
+       if (num_params > 3)
+           regs->rcx = parameters[3];
+       if (num_params > 4)
+           regs->r8 = parameters[4];
+       if (num_params > 5)
+           regs->r9 = parameters[5];
+
+       if (num_param_registers < num_params){
+           regs->esp -= (num_params - num_param_registers) * sizeof(long); //Allocate stack space, the direction of the stack is from high address to low address
+           if (0 != ptrace_writedata(pid, (uint8_t *)regs->esp, (uint8_t *)&parameters[num_param_registers], (num_params - num_param_registers) * sizeof(long))){
+               return -1;
+           }
+       }
+
+       long tmp_addr = 0x0;
+       regs->esp -= sizeof(long);
+       if (0 != ptrace_writedata(pid, (uint8_t *)regs->esp, (uint8_t *)&tmp_addr, sizeof(tmp_addr))) {
+           return -1;
+       }
+
+       regs->eip = ExecuteAddr;
+
+       if (ptrace_setregs(pid, regs) == -1 || ptrace_continue(pid) == -1) {
+           return -1;
+       }
+
+       int stat = 0;
+       waitpid(pid, &stat, WUNTRACED);
+
+       while (stat != 0xb7f){
+           if (ptrace_continue(pid) == -1){
+               //printf("[-] ptrace call error");
+               return -1;
+           }
+           waitpid(pid, &stat, WUNTRACED);
+       }
 
     #elif defined(__arm__) || defined(__aarch64__)
     #if defined(__arm__)
@@ -382,6 +381,7 @@ int ptrace_call(pid_t pid, uintptr_t ExecuteAddr, long *parameters, long num_par
             }
             lr_val = start_ptr;
         }
+        LOGE("lr_val: %ld", lr_val);
         regs->ARM_lr = lr_val;
 
         if (ptrace_setregs(pid, regs) == -1 || ptraceContinue(pid) == -1){
@@ -401,9 +401,8 @@ int ptrace_call(pid_t pid, uintptr_t ExecuteAddr, long *parameters, long num_par
         if (ptrace_getregs(pid, regs) == -1){
             return -1;
         }
-
     #else
-        LOGE("Unsupported device")
+        LOGE("Unsupported device");
     #endif
     return 0;
 }

app/src/main/java/com/reveny/injector/MainActivity.java

@@ -45,16 +45,18 @@ public class MainActivity extends AppCompatActivity implements Handler.Callback
     AutoCompleteTextView autoCompleteTextView;
     EditText libPath;
     CheckBox autoLaunchBox;
+    CheckBox ptraceBox;
+    CheckBox ldpreloadBox;
+    TextView archText;
     TextView console;
     Button githubButton;
-    Button tutorialButton;
+    Button uninjectButton;
     Button injectButton;
-    TextView archText;
 
     ArrayAdapter<String> adapterItems;
 
-    public String packageName;
-    public String finalLibPath;
+    public String packageName = "";
+    public String finalLibPath = "";
     public String launchActivity;
     public boolean shouldAutoLaunch = true;
 
@@ -84,11 +86,13 @@ protected void onCreate(Bundle savedInstanceState) {
         autoCompleteTextView = findViewById(R.id.auto_complete_txt);
         libPath = findViewById(R.id.path_to_lib);
         githubButton = findViewById(R.id.github_button);
-        tutorialButton = findViewById(R.id.tutorial_button);
+        uninjectButton = findViewById(R.id.tutorial_button);
         injectButton = findViewById(R.id.inject_button);
         autoLaunchBox = findViewById(R.id.auto_launch_toggle);
+        ptraceBox = findViewById(R.id.mode_ptrace);
+        ldpreloadBox = findViewById(R.id.mode_ldpreload);
+        archText = findViewById(R.id.architecture);
         console = findViewById(R.id.console);
-        archText = findViewById(R.id.arch);
 
         //Set installed packages
         adapterItems = new ArrayAdapter<String>(this, R.layout.list_item, getInstalledApps());
@@ -99,47 +103,77 @@ public void onItemClick(AdapterView<?> parent, View view, int position, long id)
                 String item = parent.getItemAtPosition(position).toString();
                 packageName = item;
                 console.append("Package Name: " + item + "\n");
+                String arch = "Unknown";
+
+                try {
+                    String libraryDir = getPackageManager().getApplicationInfo(packageName, 0).nativeLibraryDir;
+                    arch = libraryDir.substring(libraryDir.lastIndexOf("/") + 1);
+                } catch (PackageManager.NameNotFoundException exception) {
+                    exception.printStackTrace();
+                }
+
+                archText.setText("Architecture: " + arch);
             }
         });
 
         libPath.setText("/data/local/tmp/libnative.so"); //Set default path
-        archText.setText(Build.CPU_ABI.toString());
+        console.append("Device Architecture: " + Build.CPU_ABI.toString() + " \n");
 
         injectButton.setOnClickListener(new View.OnClickListener()  {
             @Override
             public void onClick(View v) {
+                checkLibPath();
                 if (hasRootAccess) {
-                    MSGConnection mSGConnection = messageConnection;
-                    if (mSGConnection == null) {
-                        console.append("Binding root services\n");
-
-                        shouldAutoLaunch = autoLaunchBox.isChecked();
-                        launchActivity = getLaunchActivity(packageName);
-                        checkLibPath();
-
-                        console.append("---------------------------------------\n");
-                        console.append("Trying to Inject with following settings: \n");
-                        console.append("shouldAutoLaunch: " + shouldAutoLaunch + "\n");
-                        console.append("packageName: " + packageName + "\n");
-                        console.append("launchActivity: " + launchActivity + "\n");
-                        console.append("finalLibPath: " + finalLibPath + "\n");
-                        console.append("---------------------------------------\n");
-                        RootService.bind(new Intent(thisInstance, RootService.class), new MSGConnection());
+                    if (packageName.equals("") || finalLibPath.equals("")) {
+                        console.append("Please fill out all the fields\n");
                     } else {
-                        RootService.unbind(mSGConnection);
+                        if (ptraceBox.isChecked()) {
+                            MSGConnection mSGConnection = messageConnection;
+                            if (mSGConnection == null) {
+                                console.append("Binding root services\n");
+
+                                shouldAutoLaunch = autoLaunchBox.isChecked();
+                                launchActivity = getLaunchActivity(packageName);
+
+                                console.append("---------------------------------------\n");
+                                console.append("Trying to Inject with following settings: \n");
+                                console.append("shouldAutoLaunch: " + shouldAutoLaunch + "\n");
+                                console.append("packageName: " + packageName + "\n");
+                                console.append("launchActivity: " + launchActivity + "\n");
+                                console.append("finalLibPath: " + finalLibPath + "\n");
+                                console.append("---------------------------------------\n");
+                                RootService.bind(new Intent(thisInstance, RootService.class), new MSGConnection());
+                            } else {
+                                RootService.unbind(mSGConnection);
+                            }
+                        } else if (ldpreloadBox.isChecked()) {
+                            if (packageName.equals("") || finalLibPath.equals("")) {
+                                console.append("Please fill out all the fields\n");
+                            } else {
+                                String command = "setprop wrap." + packageName + " LD_PRELOAD=" + finalLibPath;
+                                Shell.cmd(command).exec();
+                                Toast.makeText(thisInstance, "Injected! The game might take longer to load", Toast.LENGTH_LONG).show();
+                            }
+                        } else {
+                            console.append("You need to select an Injection mode \n");
+                        }
                     }
                 } else {
                     console.append("Bind root service failed: root access not granted\n");
                 }
             }
         });
 
-        tutorialButton.setOnClickListener(new View.OnClickListener()  {
+        uninjectButton.setOnClickListener(new View.OnClickListener()  {
             @Override
             public void onClick(View v) {
-                Toast.makeText(thisInstance, "No tutorial yet :(", Toast.LENGTH_LONG).show();
-                //Intent browserIntent = new Intent(Intent.ACTION_VIEW, Uri.parse("http://github.com/reveny"));
-                //startActivity(browserIntent);
+                if (packageName.isEmpty()) {
+                    console.append("Cannot uninject without a package name\n");
+                } else {
+                    String command = "resetprop --delete wrap." + packageName;
+                    Shell.cmd(command).exec();
+                    Toast.makeText(thisInstance, "Uninjected!", Toast.LENGTH_LONG).show();
+                }
             }
         });
 

app/src/main/res/layout/activity_main.xml

@@ -24,6 +24,12 @@
             android:inputType="none"
             tools:ignore="LabelFor" />
 
+        <TextView
+            android:layout_width="wrap_content"
+            android:layout_height="wrap_content"
+            android:id="@+id/architecture"
+            android:text="Architecture: " />
+
         <CheckBox
             android:id="@+id/auto_launch_toggle"
             android:layout_width="wrap_content"
@@ -36,17 +42,23 @@
         <TextView
             android:layout_width="wrap_content"
             android:layout_height="wrap_content"
-            android:id="@+id/arch_txt"
-            android:text="@string/architecture" >
+            android:id="@+id/mode_text"
+            android:text="Mode:" >
         </TextView>
 
-        <TextView
-            android:id="@+id/arch"
+        <CheckBox
+            android:id="@+id/mode_ptrace"
+            android:layout_width="96dp"
+            android:layout_height="27dp"
+            android:text="@string/ptrace"
+            tools:ignore="MissingConstraints" />
+
+        <CheckBox
+            android:id="@+id/mode_ldpreload"
             android:layout_width="wrap_content"
-            android:layout_height="wrap_content"
-            android:layout_weight="1"
-            android:text=""
-        />
+            android:layout_height="30dp"
+            android:text="@string/ldpreload"
+            tools:ignore="MissingConstraints" />
     </com.google.android.material.textfield.TextInputLayout>
 
     <TextView
@@ -94,7 +106,7 @@
     <ScrollView
         android:id="@+id/consoleLog"
         android:layout_width="match_parent"
-        android:layout_height="298dp"
+        android:layout_height="241dp"
         android:layout_marginBottom="180dp"
         android:layout_weight="1"
         android:background="@color/grey"
@@ -135,7 +147,7 @@
         android:id="@+id/tutorial_button"
         android:layout_width="match_parent"
         android:layout_height="52dp"
-        android:text="@string/tutorial"
+        android:text="@string/uninject_only_for_ldpreload"
         android:backgroundTint="@color/blue"
         app:layout_constraintBottom_toTopOf="@+id/github_button"
         app:layout_constraintEnd_toEndOf="parent"

app/src/main/res/values/strings.xml

@@ -10,4 +10,7 @@
     <string name="github">Github</string>
     <string name="tutorial">Tutorial</string>
     <string name="architecture">Architecture:</string>
+    <string name="ldpreload">LDPreload</string>
+    <string name="ptrace">PTrace</string>
+    <string name="uninject_only_for_ldpreload">Uninject (only for LDPreload)</string>
 </resources>