diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml index 0f83605..5aaf12d 100644 --- a/app/src/main/AndroidManifest.xml +++ b/app/src/main/AndroidManifest.xml @@ -1,6 +1,6 @@ + package="xfk233.genshinproxy"> cls = findClass("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader); - - TrustManager[] managers = (TrustManager[]) param.getResult(); - if (managers.length > 0 && cls.isInstance(managers[0])) - return; - } - - param.setResult(new TrustManager[]{new ImSureItsLegitTrustManager()}); - } - }); - - /* libcore/luni/src/main/java/javax/net/ssl/HttpsURLConnection.java */ - /* public void setDefaultHostnameVerifier(HostnameVerifier) */ - Log.d(TAG, "Hooking HttpsURLConnection.setDefaultHostnameVerifier for: " + currentPackageName); - findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setDefaultHostnameVerifier", - HostnameVerifier.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) { - return null; - } - }); - - /* libcore/luni/src/main/java/javax/net/ssl/HttpsURLConnection.java */ - /* public void setSSLSocketFactory(SSLSocketFactory) */ - Log.d(TAG, "Hooking HttpsURLConnection.setSSLSocketFactory for: " + currentPackageName); - findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setSSLSocketFactory", javax.net.ssl.SSLSocketFactory.class, - new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) { - return null; - } - }); - - /* libcore/luni/src/main/java/javax/net/ssl/HttpsURLConnection.java */ - /* public void setHostnameVerifier(HostNameVerifier) */ - Log.d(TAG, "Hooking HttpsURLConnection.setHostnameVerifier for: " + currentPackageName); - findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setHostnameVerifier", HostnameVerifier.class, - new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) { - return null; - } - }); - - - /* WebView Hooks */ - /* frameworks/base/core/java/android/webkit/WebViewClient.java */ - /* public void onReceivedSslError(Webview, SslErrorHandler, SslError) */ - Log.d(TAG, "Hooking WebViewClient.onReceivedSslError(WebView, SslErrorHandler, SslError) for: " + currentPackageName); - - findAndHookMethod("android.webkit.WebViewClient", lpparam.classLoader, "onReceivedSslError", - WebView.class, SslErrorHandler.class, SslError.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) { - ((android.webkit.SslErrorHandler) param.args[1]).proceed(); - return null; - } - }); - - /* frameworks/base/core/java/android/webkit/WebViewClient.java */ - /* public void onReceivedError(WebView, int, String, String) */ - Log.d(TAG, "Hooking WebViewClient.onReceivedSslError(WebView, int, string, string) for: " + currentPackageName); - - findAndHookMethod("android.webkit.WebViewClient", lpparam.classLoader, "onReceivedError", - WebView.class, int.class, String.class, String.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) { - return null; - } - }); - - //SSLContext.init >> (null,ImSureItsLegitTrustManager,null) - findAndHookMethod("javax.net.ssl.SSLContext", lpparam.classLoader, "init", KeyManager[].class, TrustManager[].class, SecureRandom.class, new XC_MethodHook() { - - @Override - protected void beforeHookedMethod(MethodHookParam param) { - - param.args[0] = null; - param.args[1] = new TrustManager[]{new ImSureItsLegitTrustManager()}; - param.args[2] = null; - - } - }); - - // Multi-dex support: https://github.com/rovo89/XposedBridge/issues/30#issuecomment-68486449 - findAndHookMethod("android.app.Application", - lpparam.classLoader, - "attach", - Context.class, - new XC_MethodHook() { - @Override - protected void afterHookedMethod(MethodHookParam param) { - // Hook OkHttp or third party libraries. - Context context = (Context) param.args[0]; - processOkHttp(context.getClassLoader()); - processHttpClientAndroidLib(context.getClassLoader()); - processXutils(context.getClassLoader()); - } - } - ); - - /* Only for newer devices should we try to hook TrustManagerImpl */ - if (hasTrustManagerImpl()) { - /* TrustManagerImpl Hooks */ - /* external/conscrypt/src/platform/java/org/conscrypt/TrustManagerImpl.java */ - Log.d(TAG, "Hooking com.android.org.conscrypt.TrustManagerImpl for: " + currentPackageName); - - /* public void checkServerTrusted(X509Certificate[] chain, String authType) */ - findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, - "checkServerTrusted", X509Certificate[].class, String.class, - new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) { - return 0; - } - }); - - /* public List checkServerTrusted(X509Certificate[] chain, - String authType, String host) throws CertificateException */ - findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, - "checkServerTrusted", X509Certificate[].class, String.class, - String.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) { - return new ArrayList(); - } - }); - - - /* public List checkServerTrusted(X509Certificate[] chain, - String authType, SSLSession session) throws CertificateException */ - findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, - "checkServerTrusted", X509Certificate[].class, String.class, - SSLSession.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) { - return new ArrayList(); - } - }); - - findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, "checkTrusted", X509Certificate[].class, String.class, SSLSession.class, SSLParameters.class, boolean.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) { - return new ArrayList(); - } - }); - - - findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, "checkTrusted", X509Certificate[].class, byte[].class, byte[].class, String.class, String.class, boolean.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) { - return new ArrayList(); - } - }); - } - - } // End Hooks - - /* Helpers */ - // Check for TrustManagerImpl class - @SuppressLint("PrivateApi") - public boolean hasTrustManagerImpl() { - try { - Class.forName("com.android.org.conscrypt.TrustManagerImpl"); - } catch (ClassNotFoundException e) { - return false; - } - return true; - } - - private javax.net.ssl.SSLSocketFactory getEmptySSLFactory() { - try { - SSLContext sslContext = SSLContext.getInstance("TLS"); - sslContext.init(null, new TrustManager[]{new ImSureItsLegitTrustManager()}, null); - return sslContext.getSocketFactory(); - } catch (NoSuchAlgorithmException | KeyManagementException e) { - return null; - } - } - - private void processXutils(ClassLoader classLoader) { - Log.d(TAG, "Hooking org.xutils.http.RequestParams.setSslSocketFactory(SSLSocketFactory) (3) for: " + currentPackageName); - try { - classLoader.loadClass("org.xutils.http.RequestParams"); - findAndHookMethod("org.xutils.http.RequestParams", classLoader, "setSslSocketFactory", javax.net.ssl.SSLSocketFactory.class, new XC_MethodHook() { - @Override - protected void beforeHookedMethod(MethodHookParam param) { - param.args[0] = getEmptySSLFactory(); - } - }); - findAndHookMethod("org.xutils.http.RequestParams", classLoader, "setHostnameVerifier", HostnameVerifier.class, new XC_MethodHook() { - @Override - protected void beforeHookedMethod(MethodHookParam param) { - param.args[0] = new ImSureItsLegitHostnameVerifier(); - } - }); - } catch (Exception e) { - Log.d(TAG, "org.xutils.http.RequestParams not found in " + currentPackageName + "-- not hooking"); - } - } - - void processOkHttp(ClassLoader classLoader) { - /* hooking OKHTTP by SQUAREUP */ - /* com/squareup/okhttp/CertificatePinner.java available online @ https://github.com/square/okhttp/blob/master/okhttp/src/main/java/com/squareup/okhttp/CertificatePinner.java */ - /* public void check(String hostname, List peerCertificates) throws SSLPeerUnverifiedException{}*/ - /* Either returns true or a exception so blanket return true */ - /* Tested against version 2.5 */ - Log.d(TAG, "Hooking com.squareup.okhttp.CertificatePinner.check(String,List) (2.5) for: " + currentPackageName); - - try { - classLoader.loadClass("com.squareup.okhttp.CertificatePinner"); - findAndHookMethod("com.squareup.okhttp.CertificatePinner", - classLoader, - "check", - String.class, - List.class, - new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam methodHookParam) { - return true; - } - }); - } catch (ClassNotFoundException e) { - // pass - Log.d(TAG, "OKHTTP 2.5 not found in " + currentPackageName + "-- not hooking"); - } - - //https://github.com/square/okhttp/blob/parent-3.0.1/okhttp/src/main/java/okhttp3/CertificatePinner.java#L144 - Log.d(TAG, "Hooking okhttp3.CertificatePinner.check(String,List) (3.x) for: " + currentPackageName); - - try { - classLoader.loadClass("okhttp3.CertificatePinner"); - findAndHookMethod("okhttp3.CertificatePinner", - classLoader, - "check", - String.class, - List.class, - new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam methodHookParam) { - return null; - } - }); - } catch (ClassNotFoundException e) { - Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking"); - // pass - } - - //https://github.com/square/okhttp/blob/parent-3.0.1/okhttp/src/main/java/okhttp3/internal/tls/OkHostnameVerifier.java - try { - classLoader.loadClass("okhttp3.internal.tls.OkHostnameVerifier"); - findAndHookMethod("okhttp3.internal.tls.OkHostnameVerifier", - classLoader, - "verify", - String.class, - javax.net.ssl.SSLSession.class, - new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam methodHookParam) { - return true; - } - }); - } catch (ClassNotFoundException e) { - Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking OkHostnameVerifier.verify(String, SSLSession)"); - // pass - } - - //https://github.com/square/okhttp/blob/parent-3.0.1/okhttp/src/main/java/okhttp3/internal/tls/OkHostnameVerifier.java - try { - classLoader.loadClass("okhttp3.internal.tls.OkHostnameVerifier"); - findAndHookMethod("okhttp3.internal.tls.OkHostnameVerifier", - classLoader, - "verify", - String.class, - java.security.cert.X509Certificate.class, - new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam methodHookParam) { - return true; - } - }); - } catch (ClassNotFoundException e) { - Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking OkHostnameVerifier.verify(String, X509)("); - // pass - } - - //https://github.com/square/okhttp/blob/okhttp_4.2.x/okhttp/src/main/java/okhttp3/CertificatePinner.kt - Log.d(TAG, "Hooking okhttp3.CertificatePinner.check(String,List) (4.2.0+) for: " + currentPackageName); - - try { - classLoader.loadClass("okhttp3.CertificatePinner"); - findAndHookMethod("okhttp3.CertificatePinner", - classLoader, - "check$okhttp", - String.class, - "kotlin.jvm.functions.Function0", - new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam methodHookParam) { - return null; - } - }); - } catch (ClassNotFoundException e) { - Log.d(TAG, "OKHTTP 4.2.0+ not found in " + currentPackageName + " -- not hooking"); - // pass - } - - } - - void processHttpClientAndroidLib(ClassLoader classLoader) { - /* httpclientandroidlib Hooks */ - /* public final void verify(String host, String[] cns, String[] subjectAlts, boolean strictWithSubDomains) throws SSLException */ - Log.d(TAG, "Hooking AbstractVerifier.verify(String, String[], String[], boolean) for: " + currentPackageName); - - try { - classLoader.loadClass("ch.boye.httpclientandroidlib.conn.ssl.AbstractVerifier"); - findAndHookMethod("ch.boye.httpclientandroidlib.conn.ssl.AbstractVerifier", classLoader, "verify", - String.class, String[].class, String[].class, boolean.class, - new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam methodHookParam) { - return null; - } - }); - } catch (ClassNotFoundException e) { - // pass - Log.d(TAG, "httpclientandroidlib not found in " + currentPackageName + "-- not hooking"); - } - } - - @SuppressLint("CustomX509TrustManager") - private static class ImSureItsLegitTrustManager implements X509TrustManager { - @SuppressLint("TrustAllX509TrustManager") - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType) { - } - - @SuppressLint("TrustAllX509TrustManager") - @Override - public void checkServerTrusted(X509Certificate[] chain, String authType) { - } - - @Override - public X509Certificate[] getAcceptedIssuers() { - return new X509Certificate[0]; - } - } - - private static class ImSureItsLegitHostnameVerifier implements HostnameVerifier { - - @SuppressLint("BadHostnameVerifier") - @Override - public boolean verify(String hostname, SSLSession session) { - return true; - } - } - -} diff --git a/app/src/main/java/xfk233/GenshinProxy/TrustMeAlready.java b/app/src/main/java/xfk233/GenshinProxy/TrustMeAlready.java index 9b97685..b96f3a6 100644 --- a/app/src/main/java/xfk233/GenshinProxy/TrustMeAlready.java +++ b/app/src/main/java/xfk233/GenshinProxy/TrustMeAlready.java @@ -1,4 +1,4 @@ -package xfk233.GenshinProxy; +package xfk233.genshinproxy; import java.lang.reflect.Method; import java.lang.reflect.ParameterizedType; diff --git a/app/src/main/java/xfk233/GenshinProxy/MainHook.kt b/app/src/main/java/xfk233/genshinproxy/MainHook.kt similarity index 89% rename from app/src/main/java/xfk233/GenshinProxy/MainHook.kt rename to app/src/main/java/xfk233/genshinproxy/MainHook.kt index 9286dbc..e44393b 100644 --- a/app/src/main/java/xfk233/GenshinProxy/MainHook.kt +++ b/app/src/main/java/xfk233/genshinproxy/MainHook.kt @@ -1,4 +1,4 @@ -package xfk233.GenshinProxy +package xfk233.genshinproxy import android.annotation.SuppressLint import android.app.Activity @@ -17,6 +17,7 @@ import android.view.Gravity import android.view.MotionEvent import android.view.View import android.view.WindowManager +import android.webkit.SslErrorHandler import android.widget.* import com.github.kyuubiran.ezxhelper.init.EzXHelperInit import com.github.kyuubiran.ezxhelper.utils.* @@ -26,8 +27,8 @@ import de.robv.android.xposed.XC_MethodHook import de.robv.android.xposed.XposedBridge import de.robv.android.xposed.callbacks.XC_LoadPackage import org.json.JSONObject -import xfk233.GenshinProxy.Utils.dp2px -import xfk233.GenshinProxy.Utils.isInit +import xfk233.genshinproxy.Utils.dp2px +import xfk233.genshinproxy.Utils.isInit import java.io.BufferedReader import java.io.ByteArrayOutputStream import java.io.InputStreamReader @@ -47,7 +48,6 @@ class MainHook : IXposedHookLoadPackage, IXposedHookZygoteInit { private lateinit var modulePath: String private lateinit var moduleRes: XModuleResources private lateinit var windowManager: WindowManager - private lateinit var activity: Activity private var proxyList = false private lateinit var sp: SharedPreferences private val proxyListRegex = arrayListOf( @@ -85,16 +85,30 @@ class MainHook : IXposedHookLoadPackage, IXposedHookZygoteInit { "log-upload-os.hoyoverse.com" ) - private var socketFactory: SSLSocketFactory - private var verifier: DefaultHostnameVerifier + private val activityList: ArrayList = arrayListOf() + private var activity: Activity + get() { + for (mActivity in activityList) { + if (mActivity.isFinishing) { + activityList.remove(mActivity) + } else { + return mActivity + } + } + throw Throwable("Activity not found.") + } + set(value) { + activityList.add(value) + } - init { - val ctx = SSLContext.getInstance("TLS") - ctx.init(arrayOf(), arrayOf(DefaultTrustManager()), SecureRandom()) - ctx.clientSessionContext.sessionTimeout = 15 - ctx.clientSessionContext.sessionCacheSize = 1000 - socketFactory = ctx.socketFactory - verifier = DefaultHostnameVerifier() + private fun getDefaultSSLSocketFactory(): SSLSocketFactory { + return SSLContext.getInstance("TLS").apply { + init(arrayOf(), arrayOf(DefaultTrustManager()), SecureRandom()) + }.socketFactory + } + + private fun getDefaultHostnameVerifier(): HostnameVerifier { + return DefaultHostnameVerifier() } class DefaultHostnameVerifier : HostnameVerifier { @@ -334,7 +348,7 @@ class MainHook : IXposedHookLoadPackage, IXposedHookZygoteInit { }) addView(TextView(activity).apply { layoutParams = LinearLayout.LayoutParams(LinearLayout.LayoutParams.WRAP_CONTENT, LinearLayout.LayoutParams.WRAP_CONTENT).also { - it.setMargins(0, 0, 20, 0) + it.setMargins(0, 0, 5, 0) } setTextColor(Color.BLUE) setTextSize(TypedValue.COMPLEX_UNIT_SP, 18f) @@ -362,8 +376,8 @@ class MainHook : IXposedHookLoadPackage, IXposedHookZygoteInit { URL("$server/authentication/type").apply { val conn = if (server.startsWith("https")) { (openConnection() as HttpsURLConnection).apply { - sslSocketFactory = socketFactory - hostnameVerifier = verifier + sslSocketFactory = getDefaultSSLSocketFactory() + hostnameVerifier = getDefaultHostnameVerifier() } } else { openConnection() as HttpURLConnection @@ -452,8 +466,8 @@ class MainHook : IXposedHookLoadPackage, IXposedHookZygoteInit { URL("$server/authentication/type").apply { val conn = if (server.startsWith("https")) { (openConnection() as HttpsURLConnection).apply { - sslSocketFactory = socketFactory - hostnameVerifier = verifier + sslSocketFactory = getDefaultSSLSocketFactory() + hostnameVerifier = getDefaultHostnameVerifier() } } else { openConnection() as HttpURLConnection @@ -509,6 +523,19 @@ class MainHook : IXposedHookLoadPackage, IXposedHookZygoteInit { } }) }) + addView(LinearLayout(activity).apply { + layoutParams = LinearLayout.LayoutParams(LinearLayout.LayoutParams.MATCH_PARENT, LinearLayout.LayoutParams.WRAP_CONTENT) + addView(Button(activity).apply { + text = "Open WebView" + layoutParams = LinearLayout.LayoutParams(LinearLayout.LayoutParams.MATCH_PARENT, LinearLayout.LayoutParams.WRAP_CONTENT) + setOnClickListener { + val webview = loadClass("com.miHoYo.sdk.webview.MiHoYoWebview") + webview.invokeStaticMethod("init", args(activity, "test_webview"), argTypes(Activity::class.java, String::class.java)) + webview.invokeStaticMethod("show", args("test_webview"), argTypes(String::class.java)) + webview.invokeStaticMethod("load", args("test_webview", "https://www.baidu.com"), argTypes(String::class.java, String::class.java)) + } + }) + }) }) }) } @@ -526,6 +553,7 @@ class MainHook : IXposedHookLoadPackage, IXposedHookZygoteInit { y = 0 } imageView = ImageView(activity).apply { + @Suppress("DEPRECATION") background = moduleRes.getDrawable(R.drawable.ic_android_black_24dp).also { it.alpha = 50 } this.layoutParams = layoutParams setOnTouchListener(MoveOnTouchListener()) @@ -538,13 +566,25 @@ class MainHook : IXposedHookLoadPackage, IXposedHookZygoteInit { } private fun sslHook(lpparam: XC_LoadPackage.LoadPackageParam) { - findMethodOrNull("com.combosdk.lib.third.okhttp3.internal.tls.OkHostnameVerifier") { name == "verify" }?.hookBefore { - it.result = true + findMethodOrNull("com.combosdk.lib.third.okhttp3.OkHttpClient\$Builder") { name == "build" }?.hookBefore { + it.thisObject.invokeMethod("sslSocketFactory", args(getDefaultSSLSocketFactory()), argTypes(SSLSocketFactory::class.java)) + it.thisObject.invokeMethod("hostnameVerifier", args(getDefaultHostnameVerifier()), argTypes(HostnameVerifier::class.java)) } - findMethodOrNull("com.combosdk.lib.third.okhttp3.CertificatePinner") { name == "check" && parameterTypes[0] == String::class.java && parameterTypes[1] == List::class.java }?.hookBefore { - it.result = null + findMethodOrNull("okhttp3.OkHttpClient\$Builder") { name == "build" }?.hookBefore { + it.thisObject.invokeMethod("sslSocketFactory", args(getDefaultSSLSocketFactory(), DefaultTrustManager()), argTypes(SSLSocketFactory::class.java, X509TrustManager::class.java)) + it.thisObject.invokeMethod("hostnameVerifier", args(getDefaultHostnameVerifier()), argTypes(HostnameVerifier::class.java)) + } + arrayListOf( + "android.webkit.WebViewClient", + "cn.sharesdk.framework.g", + "com.facebook.internal.WebDialog\$DialogWebViewClient", + "com.geetest.sdk.dialog.views.GtWebView\$c", + "com.miHoYo.sdk.webview.common.view.ContentWebView\$6" + ).forEach { + findMethodOrNull(it) { name == "onReceivedSslError" && parameterTypes[1] == SslErrorHandler::class.java }?.hookBefore { param -> + (param.args[1] as SslErrorHandler).proceed() + } } - JustTrustMe().hook(lpparam) } private fun hook() { diff --git a/app/src/main/java/xfk233/GenshinProxy/Utils.kt b/app/src/main/java/xfk233/genshinproxy/Utils.kt similarity index 89% rename from app/src/main/java/xfk233/GenshinProxy/Utils.kt rename to app/src/main/java/xfk233/genshinproxy/Utils.kt index aceb03d..33d0452 100644 --- a/app/src/main/java/xfk233/GenshinProxy/Utils.kt +++ b/app/src/main/java/xfk233/genshinproxy/Utils.kt @@ -1,4 +1,4 @@ -package xfk233.GenshinProxy +package xfk233.genshinproxy import android.content.Context