int my_epoll_wait(int epfd,
struct epoll_event *events,
int maxevents,
int timeout)
{
int (*orig_epoll_wait)
(int epfd, struct epoll_event *events, int maxevents, int timeout);
orig_epoll_wait = (void*)eph.orig;
// remove hook for epoll_wait
hook_precall(&eph);
int res = orig_epoll_wait(epfd, events, maxevents, timeout);
if (counter) {
hook_postcall(&eph);
adbi_log_printf("epoll_wait() called\n");
counter--;
// resolve symbols from DVM
dexstuff_resolv_dvm(&d);
// insert hooks
do_patch();
if (!counter)
adbi_log_printf("removing hook for epoll_wait() on next event\n");
}
return res;
}
int my_epoll_wait(int epfd, struct epoll_event *events, int maxevents, int timeout)
{
int (*orig_epoll_wait)(int epfd, struct epoll_event *events, int maxevents, int timeout);
orig_epoll_wait = (void*)eph.orig;
hook_precall(&eph);
int res = orig_epoll_wait(epfd, events, maxevents, timeout);
if (counter) {
hook_postcall(&eph);
LOGI("epoll_wait() called\n");
counter--;
if (!counter)
LOGI("removing hook for epoll_wait()\n");
}
return res;
}
void* coverage(void* a, void* b, void* c, void* d, void* e, void* f, void* g, void* h, void* i, void* j, void* k, void* l, void* m, void* n, void* o, void* p, void* q, void* r) {
void *result;
coverage_ptr = (void *) hook_array[i].orig;
log("[*]\tHit no_proto 0x%x\n", no_proto_ptr)
hook_precall(&hook_array[i]);
result = no_proto_ptr( a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q, r);
hook_postcall(&hook_array[i]);
return result;
}
NFCSTATUS my_phLibNfc_RemoteDev_CheckPresence(phLibNfc_Handle hTargetDev,
pphLibNfc_RspCb_t pPresenceChk_RspCb,
void* pRspCbCtx
)
{
orig_phLibNfc_RemoteDev_CheckPresence = (void*) hook_phLibNfc_RemoteDev_CheckPresence.orig;
log("%s enter\n", __func__)
log("orig_phLibNfc_RemoteDev_CheckPresence = %x\n", orig_phLibNfc_RemoteDev_CheckPresence)
struct special_phLibNfc_RemoteDev_CheckPresence_t *d = (struct special_phLibNfc_RemoteDev_CheckPresence_t*)hook_phLibNfc_RemoteDev_CheckPresence.data;
d->orig_cb = pPresenceChk_RspCb; // FIXME
d->my_cb = my_cb_phLibNfc_RemoteDev_CheckPresence; // FIXME
d->hTargetDev = hTargetDev;
d->pRspCbCtx = pRspCbCtx;
log("cb for presence: %x\n",pPresenceChk_RspCb )
if (fake_card_state > 1) { // && fake_card_state != 9) {
//log("fake_card_state 1->2\n")
//fake_card_state = 2;
// trigger callback in msgrcv(..)
wrapper.msg.eMsgType = 0xffffff03;
ptr_phDal4Nfc_msgsnd = msgsend;
if (ptr_phDal4Nfc_msgsnd != NULL) {
ptr_phDal4Nfc_msgsnd(global_msqid, (struct msgbuf *)&wrapper, sizeof(phLibNfc_Message_t), 0);
}
//pPresenceChk_RspCb(pRspCbCtx, NFCSTATUS_SUCCESS);
return 0xd;
}
hook_precall(&hook_phLibNfc_RemoteDev_CheckPresence);
NFCSTATUS res = orig_phLibNfc_RemoteDev_CheckPresence(hTargetDev,my_cb_phLibNfc_RemoteDev_CheckPresence,pRspCbCtx);
hook_postcall(&hook_phLibNfc_RemoteDev_CheckPresence);
log("%s result = %x\n", __func__, res)
return res;
}
int my_blow(int a ) // FIXME
{
int res;
int i;
orig_blow = (void*) hook_blow.orig;
log("%s enter\n", __func__)
// log("orig_blow = %x\n", orig_blow)
//struct special_blow_t *d = (struct special_blow_t*)hook_blow.data;
hook_precall(&hook_blow);
log("calling hooked function\n")
log("address: %x - param: %d", orig_blow, a )
log("\n");
/* for(i = 0 ; i < 0x42; i++) { */
/* log("%0.2x ", *((char *) (orig_blow + i -1)) ) */
/* if( i!=0 && (i % 4) == 1) */
/* log("\n") */
/* } */
log("\n");
res = orig_blow(a+3);
log("hooked function finished\n")
hook_postcall(&hook_blow);
log("%s result = %x\n", __func__, res)
return res;
}
int my_epoll_wait(int epfd,
struct epoll_event *events,
int maxevents,
int timeout)
{
int (*orig_epoll_wait)
(int epfd, struct epoll_event *events, int maxevents, int timeout);
orig_epoll_wait = (void*)eph.orig;
// remove hook for epoll_wait
hook_precall(&eph);
int res = orig_epoll_wait(epfd, events, maxevents, timeout);
if (counter) {
hook_postcall(&eph);
adbi_log_printf("epoll_wait() called\n");
counter--;
if (!counter)
adbi_log_printf("removing hook for epoll_wait() on next event\n");
}
return res;
}
int my_epoll_wait(int epfd,
struct epoll_event *events,
int maxevents,
int timeout)
{
adbi_log_printf("epoll_wait() called\n");
int (*orig_epoll_wait)
(int epfd, struct epoll_event *events, int maxevents, int timeout);
orig_epoll_wait = (void*)eph.orig;
hook_precall(&eph); // remove hook (see github)
int res = orig_epoll_wait(epfd, events, maxevents, timeout);
if ( hook_counter-- )
{
adbi_log_printf("starting hooked code execution ...");
hook_postcall(&eph);
dexstuff_resolv_dvm(&dexEnv);
JavaVM *gVm = aitk_resolve_local_jvm();
if (gVm)
{
JNIEnv *jniEnv = aitk_resolve_local_jenv(gVm);
if (jniEnv)
{
//FIXME: cookie is 0, but seems to work so far
int cookie = dexstuff_loaddex(&dexEnv, SEND_RAW_PDU_DEXFILE);
ddi_log_printf("send_raw_pdu.dex: %x\n", cookie);
void *dex_SendRawPdu = dexstuff_defineclass(&dexEnv,
SEND_RAW_PDU_CLASS,
cookie);
ddi_log_printf("SendRawPdu (dex): %x\n", dex_SendRawPdu);
void *dex_SubmitPduFactory = dexstuff_defineclass(&dexEnv,
SUBMIT_PDU_FACTORY_CLASS,
cookie);
ddi_log_printf("SubmitPduFactory (dex): %x\n", dex_SubmitPduFactory);
void *dex_AitkSubmitPdu = dexstuff_defineclass(&dexEnv,
AITK_SUBMIT_PDU_CLASS,
cookie);
ddi_log_printf("AitkSubmitPdu (dex): %x\n", dex_AitkSubmitPdu);
void *dex_AitkGsmInboundSmsHandler = dexstuff_defineclass(&dexEnv,
AITK_GSM_SMS_HANDLER_CLASS,
cookie);
ddi_log_printf("AitkGsmInboundSmsHandler (dex): %x\n", dex_AitkGsmInboundSmsHandler);
if (dex_SendRawPdu)
{
jclass jcl_SendRawPdu = (*jniEnv)->FindClass(jniEnv, SEND_RAW_PDU_CLASS);
ddi_log_printf("SendRawPdu (Java): %x\n", jcl_SendRawPdu);
if (jcl_SendRawPdu)
{
jmethodID jinit_SendRawPdu = (*jniEnv)->GetMethodID(jniEnv,
jcl_SendRawPdu,
"<init>",
"()V");
ddi_log_printf("SendRawPdu (<init>): %x\n", jinit_SendRawPdu);
if (jinit_SendRawPdu)
{
jobject jobj_SendRawPdu = (*jniEnv)->NewObject(jniEnv,
jcl_SendRawPdu,
jinit_SendRawPdu);
ddi_log_printf("SendRawPdu instance: %x\n", jobj_SendRawPdu);
}
}
}
}
}
dalvik_hook_setup(&dvkhook_dispatchMessageRadioSpecific,
"Lcom/android/internal/telephony/gsm/GsmInboundSmsHandler;",
"dispatchMessageRadioSpecific",
"(Lcom/android/internal/telephony/SmsMessageBase;)I",
2,
hook_fn_dispatchMessageRadioSpecific);
dalvik_hook(&dexEnv, &dvkhook_dispatchMessageRadioSpecific);
adbi_log_printf("removing hook for epoll_wait() on next event\n");
}
return res;
}
