Random insns

luoyesiqiu · Jan 1, 2025 · 50eea74 · 50eea74
1 parent 65ba7cf
commit 50eea74
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 24 deletions.
diff --git a/dpt/src/main/java/com/luoye/dpt/util/DexUtils.java b/dpt/src/main/java/com/luoye/dpt/util/DexUtils.java
@@ -12,6 +12,7 @@
 import java.io.File;
 import java.io.IOException;
 import java.io.RandomAccessFile;
+import java.security.SecureRandom;
 import java.util.*;
 
 /**
@@ -60,7 +61,7 @@ public static List<Instruction> extractAllMethods(File dexFile, File outDexFile,
             for (ClassDef classDef : classDefs) {
                 boolean skip = false;
                 //Skip exclude classes name
-                for(String rule : excludeRule){
+                for(String rule : excludeRule) {
                     if(classDef.toString().matches(rule)){
                         skip = true;
                         break;
@@ -155,7 +156,7 @@ private static Instruction extractMethod(Dex dex ,RandomAccessFile outRandomAcce
             return null;
         }
         Instruction instruction = new Instruction();
-        //16 = registers_size + ins_size + outs_size + tries_size + debug_info_off + insns_size
+        // CodeItem size = registers_size + ins_size + outs_size + tries_size + debug_info_off + insns_size = 16
         int insnsOffset = method.getCodeOffset() + 16;
         Code code = dex.readCode(method);
         //Fault-tolerant handling
@@ -186,18 +187,17 @@ private static Instruction extractMethod(Dex dex ,RandomAccessFile outRandomAcce
         //Note: Here is the size of the array
         instruction.setInstructionDataSize(insnsCapacity * 2);
         byte[] byteCode = new byte[insnsCapacity * 2];
-        //Write nop instruction
+        //Write random bytes
+        SecureRandom insRandom = new SecureRandom();
         for (int i = 0; i < insnsCapacity; i++) {
             outRandomAccessFile.seek(insnsOffset + (i * 2));
             byteCode[i * 2] = outRandomAccessFile.readByte();
             byteCode[i * 2 + 1] = outRandomAccessFile.readByte();
             outRandomAccessFile.seek(insnsOffset + (i * 2));
-            outRandomAccessFile.writeShort(0);
+            outRandomAccessFile.writeShort(insRandom.nextInt());
         }
         instruction.setInstructionsData(byteCode);
         outRandomAccessFile.seek(insnsOffset);
-        //Write return instruction
-        outRandomAccessFile.write(returnByteCodes);
 
         return instruction;
     }

diff --git a/shell/src/main/cpp/dpt_hook.cpp b/shell/src/main/cpp/dpt_hook.cpp
@@ -81,18 +81,11 @@ void change_dex_protective(uint8_t * begin,int dexSize,int dexIndex){
     }
 }
 
-DPT_ENCRYPT void patchMethod(uint8_t *begin,__unused const char *location,uint32_t dexSize,int dexIndex,uint32_t methodIdx,uint32_t codeOff){
-    if(codeOff == 0){
-        NLOG("[*] patchMethod dex: %d methodIndex: %d no need patch!",dexIndex,methodIdx);
-        return;
-    }
-    auto *dexCodeItem = (dex::CodeItem *) (begin + codeOff);
-
-    uint16_t firstDvmCode = *((uint16_t*)dexCodeItem->insns_);
-    if(firstDvmCode != 0x0012 && firstDvmCode != 0x0016 && firstDvmCode != 0x000e){
-        NLOG("[*] this method has code no need to patch");
-        return;
-    }
+DPT_ENCRYPT void patchMethod(uint8_t *begin,
+                             __unused const char *location,
+                             uint32_t dexSize,
+                             int dexIndex,
+                             uint32_t methodIdx) {
 
     auto dexIt = dexMap.find(dexIndex);
     if (LIKELY(dexIt != dexMap.end())) {
@@ -106,15 +99,19 @@ DPT_ENCRYPT void patchMethod(uint8_t *begin,__unused const char *location,uint32
 
         if (LIKELY(codeItemIt != codeItemMap->end())) {
             data::CodeItem* codeItem = codeItemIt->second;
-            auto *realCodeItemPtr = (uint8_t *)(dexCodeItem->insns_);
+            if(codeItem->getOffsetDex() == 0) {
+                NLOG("[*] patchMethod dex: %d methodIndex: %d no need patch!",dexIndex,methodIdx);
+                return;
+            }
+            auto *realInsnsPtr = (uint8_t *)(begin + codeItem->getOffsetDex());
 
             NLOG("[*] patchMethod codeItem patch, methodIndex = %d,insnsSize = %d >>> %p(0x%x)",
                  codeItem->getMethodIdx(),
                  codeItem->getInsnsSize(),
-                 realCodeItemPtr,
-                 (unsigned int)(realCodeItemPtr - begin));
+                 realInsnsPtr,
+                 (unsigned int)(realInsnsPtr - begin));
 
-            memcpy(realCodeItemPtr,codeItem->getInsns(),codeItem->getInsnsSize());
+            memcpy(realInsnsPtr,codeItem->getInsns(),codeItem->getInsnsSize());
         }
         else{
             NLOG("[*] patchMethod cannot find  methodId: %d in codeitem map, dex index: %d(%s)",methodIdx,dexIndex,location);
@@ -205,13 +202,13 @@ DPT_ENCRYPT void patchClass(__unused const char* descriptor,
                 for (uint64_t i = 0; i < direct_methods_size; i++) {
                     auto method = directMethods[i];
                     patchMethod(begin, location.c_str(), dexSize, dexIndex,
-                                method.method_idx_delta_, method.code_off_);
+                                method.method_idx_delta_);
                 }
 
                 for (uint64_t i = 0; i < virtual_methods_size; i++) {
                     auto method = virtualMethods[i];
                     patchMethod(begin, location.c_str(), dexSize, dexIndex,
-                                method.method_idx_delta_, method.code_off_);
+                                method.method_idx_delta_);
                 }
             }
             else {