Skip to content

R
ReyunSecureSdk
Commit 750a90ee by 1256748979@qq.com
Options

Merge remote-tracking branch 'origin/master'

parents e714b640 deefe57d
Showing with 801 additions and 136 deletions
app/build.gradle
......@@ -3,6 +3,14 @@ plugins {
}
android {
signingConfigs {
release {
storeFile file('reyun.keystore')
storePassword 'reyun12345'
keyAlias 'reyun.keystore'
keyPassword 'reyun12345'
}
}
compileSdkVersion 30
buildToolsVersion "30.0.3"
......@@ -24,13 +32,10 @@ android {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.release
}
}
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
}
externalNativeBuild {
cmake {
......
app/src/main/AndroidManifest.xml
......@@ -19,7 +19,6 @@
<activity android:name=".MainActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
......
app/src/main/java/com/reyun/sdktestdemo/MainActivity.java
......@@ -14,14 +14,19 @@ import android.content.IntentFilter;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
import android.content.pm.Signature;
import android.hardware.Camera;
import android.hardware.Sensor;
import android.hardware.SensorManager;
import android.hardware.camera2.CameraAccessException;
import android.hardware.camera2.CameraCharacteristics;
import android.hardware.camera2.CameraManager;
import android.location.Location;
import android.location.LocationListener;
import android.location.LocationManager;
import android.net.ConnectivityManager;
import android.net.LinkProperties;
import android.net.Network;
import android.net.NetworkCapabilities;
import android.net.NetworkInfo;
......@@ -29,6 +34,7 @@ import android.net.wifi.WifiInfo;
import android.net.wifi.WifiManager;
import android.os.Build;
import android.os.Bundle;
import android.os.Looper;
import android.provider.Settings;
import android.provider.Telephony;
import android.telephony.CellInfo;
......@@ -44,18 +50,28 @@ import android.widget.TextView;
import com.reyun.wandun.WdCallback;
import com.reyun.wandun.WdMain;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.net.SocketException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Enumeration;
import java.util.List;
import java.util.Properties;
public class MainActivity extends AppCompatActivity {
private TextView mText;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
mText = findViewById(R.id.data);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
requestPermissions(new String[]{
Manifest.permission.READ_PHONE_STATE,
......@@ -66,68 +82,53 @@ public class MainActivity extends AppCompatActivity {
}, 100);
}
WifiManager wm = (WifiManager) getApplicationContext().getSystemService(Service.WIFI_SERVICE);
WifiInfo wi = wm.getConnectionInfo();
String ssid = wi.getSSID();
String bssid = wi.getBSSID();
int ip = wi.getIpAddress();
PackageManager pm =getPackageManager();
int uid = getApplicationInfo().uid;
Intent intent = new Intent("android.intent.action.MAIN");
intent.addCategory("android.intent.category.HOME");
ResolveInfo ri = pm.resolveActivity(intent, 0);
String ss = ri.activityInfo.packageName;
try {
getFilesDir().getCanonicalPath();
} catch (IOException e) {
e.printStackTrace();
}
try {
PackageInfo pi = pm.getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES);
byte[] b = pi.signatures[0].toByteArray();
CertificateFactory cf = CertificateFactory.getInstance("X509");
Certificate ci = cf.generateCertificate(new ByteArrayInputStream(b));
} catch (PackageManager.NameNotFoundException | CertificateException e) {
e.printStackTrace();
}
// Example of a call to a native method
TextView tv = findViewById(R.id.sample_text);
tv.setText("hello world!");
}
@Override
public void onRequestPermissionsResult(int requestCode, @NonNull String[] permissions, @NonNull int[] grantResults) {
if(requestCode == 100) {
if (ActivityCompat.checkSelfPermission(this, Manifest.permission.ACCESS_FINE_LOCATION) != PackageManager.PERMISSION_GRANTED && ActivityCompat.checkSelfPermission(this, Manifest.permission.ACCESS_COARSE_LOCATION) != PackageManager.PERMISSION_GRANTED) {
// TODO: Consider calling
// ActivityCompat#requestPermissions
// here to request the missing permissions, and then overriding
// public void onRequestPermissionsResult(int requestCode, String[] permissions,
// int[] grantResults)
// to handle the case where the user grants the permission. See the documentation
// for ActivityCompat#requestPermissions for more details.
return;
}
Location bestLocation = null;
LocationManager lm = (LocationManager) getApplicationContext().getSystemService(Service.LOCATION_SERVICE);
Log.d("testdemo-1", "ha ha ha...");
List<String> list = lm.getAllProviders();
for (String provider : list) {
Location l = lm.getLastKnownLocation(provider);
if (l == null) {
continue;
}
if (bestLocation == null || l.getAccuracy() < bestLocation.getAccuracy()) {
// Found best last known location: %s", l);
Log.d("testdemo-1", "provider: " + provider);
bestLocation = l;
}
}
if(bestLocation != null) {
double lat = bestLocation.getLatitude();
double lon = bestLocation.getLongitude();
Log.d("testdemo-1", lat + ", " + lon);
}
TelephonyManager tm = (TelephonyManager) getApplicationContext().getSystemService(Service.TELEPHONY_SERVICE);
List<CellInfo> cellInfos = tm.getAllCellInfo();
CellLocation cl = tm.getCellLocation();
String aa = System.getProperty("http.agent");
//初始化sdk环境
WdMain wm = WdMain.getInstance();
wm.init(getApplicationContext(), "test-a341fsfr3123ddadfs");
//同步获取唯一id
wm.getWdId(new WdCallback() {
@Override
public void onWdId(String wdId) {
public void onWdId(final String wdId) {
Log.d("demo", "onWdId: " + wdId);
mText.postDelayed(new Runnable() {
@Override
public void run() {
mText.setText(wdId);
}
}, 0);
}
/*
@Override
......@@ -136,7 +137,28 @@ public class MainActivity extends AppCompatActivity {
}*/
});
}
}
public String getDns() {
String result = "";
ConnectivityManager cm = (ConnectivityManager)getSystemService(Context.CONNECTIVITY_SERVICE);
NetworkInfo activeNetworkInfo = cm.getActiveNetworkInfo();
for (Network network : cm.getAllNetworks()) {
NetworkInfo networkInfo = cm.getNetworkInfo(network);
if (networkInfo.getType() == activeNetworkInfo.getType()) {
LinkProperties lp = cm.getLinkProperties(network);
for (InetAddress addr : lp.getDnsServers()) {
// Get DNS IP address here:
result += addr.getHostAddress() + ",";
}
}
}
if(result.contains(",")){
result=result.substring(0, result.length() - 1);
}
result="[" + result + "]";
return result;
}
}
app/src/main/res/layout/activity_main.xml
<?xml version="1.0" encoding="utf-8"?>
<androidx.constraintlayout.widget.ConstraintLayout xmlns:android="http://schemas.android.com/apk/res/android"
<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:app="http://schemas.android.com/apk/res-auto"
xmlns:tools="http://schemas.android.com/tools"
android:layout_width="match_parent"
android:layout_height="match_parent"
android:orientation="vertical"
tools:context=".MainActivity">
<ScrollView
android:layout_width="wrap_content"
android:layout_height="wrap_content">
<TextView
android:id="@+id/sample_text"
android:id="@+id/data"
android:layout_margin="7dp"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Hello World!"
app:layout_constraintBottom_toBottomOf="parent"
app:layout_constraintLeft_toLeftOf="parent"
app:layout_constraintRight_toRightOf="parent"
app:layout_constraintTop_toTopOf="parent" />
android:singleLine="false"
android:layout_height="wrap_content" />
</ScrollView>
</androidx.constraintlayout.widget.ConstraintLayout>
\ No newline at end of file
</LinearLayout>
\ No newline at end of file
wandun/build.gradle
......@@ -7,7 +7,7 @@ android {
buildToolsVersion "30.0.3"
defaultConfig {
minSdkVersion 19
minSdkVersion 21
targetSdkVersion 30
versionCode 1
versionName "1.0"
......@@ -26,10 +26,7 @@ android {
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
}
externalNativeBuild {
cmake {
path file('src/main/cpp/CMakeLists.txt')
......
wandun/src/main/cpp/CMakeLists.txt
......@@ -6,11 +6,15 @@ include_directories(${CMAKE_SOURCE_DIR}/include)
if(${CMAKE_ANDROID_ARCH_ABI} STREQUAL "arm64-v8a")
set(ARCH_DEPENDED_SRC
wd_syscall64.s)
wd_syscall_aarch64.s)
elseif (${CMAKE_ANDROID_ARCH_ABI} STREQUAL "armeabi-v7a")
set(ARCH_DEPENDED_SRC
wd_syscall32.s)
wd_syscall_arm.s)
elseif (${CMAKE_ANDROID_ARCH_ABI} STREQUAL "x86")
set(ARCH_DEPENDED_SRC
wd_syscall_x86.s)
endif()
add_library(
......
wandun/src/main/cpp/collect.c
......@@ -9,36 +9,43 @@
#include "wd_result.h"
#include "wdun.h"
#include <fcntl.h>
#include <fake_dlfcn.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
#include <sys/mman.h>
#include <sys/sysinfo.h>
#include <sys/statfs.h>
#include <sys/stat.h>
#include "openssl/md5.h"
#include <arpa/inet.h>
#include <sys/syscall.h>
#include <linux/prctl.h>
#include <errno.h>
#include <sys/ioctl.h>
#include <linux/if.h>
#define WD_COLLECT "wd_collect"
extern jobject g_app_context;
extern struct wd_funcs g_funcs;
IMPORTWDSYSCALL
cJSON *collect_init() {
return cJSON_CreateObject();
}
void do_collect(JNIEnv* env) {
jstring do_collect(JNIEnv* env) {
cJSON* json = collect_init();
struct timespec ts = {0};
double start_time = 0, end_time = 0;
if(WDSYSCALL(SYS_clock_gettime, CLOCK_MONOTONIC, &ts) == 0) {
if(WDSYSCALL(SYS_clock_gettime, CLOCK_REALTIME, &ts) == 0) {
start_time = ts.tv_nsec / 1000000 + ts.tv_sec * 1000ULL;
}
//添加sdk版本号
cJSON_AddStringToObject(json, "sdk_ver", "1.0.0");
collect_app_info(env, json);
int permissions = collect_permissions(env, json);
collect_imei(env, json);
......@@ -64,8 +71,13 @@ void do_collect(JNIEnv* env) {
if((permissions & PERMISSION_READ_PHONE_STATE) && (permissions & PERMISSION_ACCESS_COARSE_LOCATION)) {
collect_cell_info(env, json);
}
collect_system_id(env, json);
collect_time_info(env, json);
collect_common_app(env, json);
collect_risk_info(env, json);
if(WDSYSCALL(SYS_clock_gettime, CLOCK_MONOTONIC, &ts) == 0) {
if(WDSYSCALL(SYS_clock_gettime, CLOCK_REALTIME, &ts) == 0) {
end_time = (double)ts.tv_nsec / 1000000 + (double)ts.tv_sec * 1000ULL;
}
......@@ -75,10 +87,8 @@ void do_collect(JNIEnv* env) {
const char* data = cJSON_Print(json);
size_t len = strlen(data);
int fd = WDSYSCALL(SYS_openat, AT_FDCWD, "/sdcard/wd_data", O_CREAT|O_RDWR|O_TRUNC, S_IRWXU);
WDSYSCALL(SYS_write, fd, data, len);
WDSYSCALL(SYS_close, fd);
jstring data_jstr = (*env)->NewStringUTF(env, data);
return data_jstr;
}
void collect_app_info(JNIEnv* env, cJSON *json) {
......@@ -86,6 +96,7 @@ void collect_app_info(JNIEnv* env, cJSON *json) {
loge(WD_COLLECT, "%s", "collect_app_info func call env->pushLocalFrame failed!");
return;
}
//package_name
jobject pkgName = wdCallObjectMethod(env, g_app_context, "getPackageName", "()Ljava/lang/String;");
addJniStringToJson(env, json, "package_name", pkgName);
......@@ -109,7 +120,7 @@ void collect_app_info(JNIEnv* env, cJSON *json) {
//version name
jobject versionName = wdGetObjectField(env, pkgInfo, "versionName", "Ljava/lang/String;");
addJniStringToJson(env, json, "versionName", versionName);
addJniStringToJson(env, json, "version_name", versionName);
//signature's sha256
jobject signatures = wdGetObjectField(env, pkgInfo, "signatures", "[Landroid/content/pm/Signature;");
......@@ -129,8 +140,58 @@ void collect_app_info(JNIEnv* env, cJSON *json) {
cJSON_AddNumberToObject(json, "app_debug", (flags & (1 << 1)) ? 1 : 0);
cJSON_AddNumberToObject(json, "app_backup", (flags & (1 << 15)) ? 1 : 0);
logd(WD_COLLECT, "%s", "collect app info finished...");
//launcher
jstring action_jstr = (*env)->NewStringUTF(env, "android.intent.action.MAIN");
jstring category_jstr = (*env)->NewStringUTF(env, "android.intent.category.HOME");
jobject intent = wdNewObject(env, "android/content/Intent", "(Ljava/lang/String;)V", action_jstr);
wdCallObjectMethod(env, intent, "addCategory", "(Ljava/lang/String;)Landroid/content/Intent;", category_jstr);
jobject ri = wdCallObjectMethod(env, pkgManager, "resolveActivity",
"(Landroid/content/Intent;I)Landroid/content/pm/ResolveInfo;", intent, 0);
if(ri != NULL) {
jobject ai = wdGetObjectField(env, ri, "activityInfo", "Landroid/content/pm/ActivityInfo;");
jstring launcher_jstr = wdGetObjectField(env, ai, "packageName", "Ljava/lang/String;");
addJniStringToJson(env, json, "launcher", launcher_jstr);
}
//uid
jint uid = wdGetIntField(env, aiInfo, "uid", "I");
cJSON_AddNumberToObject(json, "uid", uid);
//pid
int pid = WDSYSCALL(SYS_getpid);
int ppid = WDSYSCALL(SYS_getppid);
cJSON_AddNumberToObject(json, "pid", pid);
cJSON_AddNumberToObject(json, "ppid", ppid);
FILE* fp = fopen("/proc/self/status", "r");
if(fp) {
char line[128];
while(fgets(line, 127, fp)) {
if(strstr(line, "TracerPid")) {
int tracer_pid = -1;
sscanf(line, "%*s%d", &tracer_pid);
cJSON_AddNumberToObject(json, "tracer_pid", tracer_pid);
break;
}
}
fclose(fp);
}
//apk_path
jstring apk_path_jstr = wdCallObjectMethod(env, g_app_context, "getPackageResourcePath", "()Ljava/lang/String;");
if(apk_path_jstr != NULL) {
const char* path = (*env)->GetStringUTFChars(env, apk_path_jstr, NULL);
cJSON_AddStringToObject(json, "apk_path", path);
//apk_size
struct stat st;
if(WDSYSCALL(WD_SYS_fstatat, AT_FDCWD, path, &st, 0) == 0) {
cJSON_AddNumberToObject(json, "apk_size", st.st_size);
}
(*env)->ReleaseStringUTFChars(env, apk_path_jstr, path);
(*env)->DeleteLocalRef(env, apk_path_jstr);
}
logd(WD_COLLECT, "%s", "collect app info finished...");
(*env)->PopLocalFrame(env, NULL);
}
......@@ -170,8 +231,6 @@ void collect_imei(JNIEnv *env, cJSON *json) {
logd(WD_COLLECT, "%s", "collect imei finished...");
}
void collect_android_id(JNIEnv* env, cJSON* json) {
jstring key_str = (*env)->NewStringUTF(env, "android_id");
jobject cr = wdCallObjectMethod(env, g_app_context, "getContentResolver", "()Landroid/content/ContentResolver;");
......@@ -188,6 +247,9 @@ void collect_mac_addr(JNIEnv *env, cJSON *json) {
// //above android 11.0+ can't get mac by this method
jstring name_str = (*env)->NewStringUTF(env, "wlan0");
jobject ni = wdCallStaticObjectMethod(env, "java/net/NetworkInterface", "getByName", "(Ljava/lang/String;)Ljava/net/NetworkInterface;", name_str);
if(ni == NULL) {
goto return_label2;
}
jbyteArray mac_byteArr = wdCallObjectMethod(env, ni, "getHardwareAddress", "()[B");
if(mac_byteArr == NULL) {
cJSON_AddStringToObject(json, "mac_addr", "");
......@@ -203,16 +265,11 @@ void collect_mac_addr(JNIEnv *env, cJSON *json) {
(*env)->DeleteLocalRef(env, mac_byteArr);
return_label:
(*env)->DeleteLocalRef(env, ni);
return_label2:
(*env)->DeleteLocalRef(env, name_str);
char* mac_addr2 = "";
int fd = WDSYSCALL(SYS_openat, AT_FDCWD, "/sys/class/net/wlan0/address", O_RDONLY, NULL);
if(fd > 0) {
char buf[32] = {0};
if(WDSYSCALL(SYS_read, fd, buf, 32) > 0) {
mac_addr2 = buf;
}
}
char mac_addr2[32] = {0};
read_file("/sys/class/net/wlan0/address", "r", mac_addr2, 31);
cJSON_AddStringToObject(json, "mac_addr2", mac_addr2);
logd(WD_COLLECT, "%s", "collect mac_addr finished...");
......@@ -243,7 +300,8 @@ void collect_prop_info(JNIEnv* env, cJSON* json) {
cJSON* pi_json = cJSON_CreateObject();
const char* prop_key[] = {"wifi.interface", "gsm.sim.state", "gsm.version.baseband", "gsm.version.ril-impl",
"gsm.current.phone-type", "gsm.operator.isroaming", "gsm.network.type", "persist.sys.timezone",
"init.svc.adbd", "ro.build.date.utc", "gsm.operator.alpha", "ro.opengles.version"};
"init.svc.adbd", "ro.build.date.utc", "gsm.operator.alpha", "ro.opengles.version",
"ro.serialno"};
char buf[64];
for(int i = 0; i < sizeof(prop_key)/sizeof(const char*); ++i) {
memset((void*)buf, 0, 64);
......@@ -255,31 +313,40 @@ void collect_prop_info(JNIEnv* env, cJSON* json) {
}
void collect_settings_info(JNIEnv *env, cJSON *json) {
const char* settings_secure_key[] = {"usb_mass_storage_enabled", "development_settings_enabled", "lock_pattern_autolock",
"lock_pattern_visible_pattern"};
const char* settings_secure_key[] = {"usb_mass_storage_enabled", "development_settings_enabled", "accessibility_enabled"};
const char* settings_system_key[] = {"screen_brightness", "accelerometer_rotation", "screen_brightness_mode",
"sound_effects_enabled", "screen_off_timeout"};
// const char* settings_global_key[] = {"lock_pattern_autolock", "lock_pattern_visible_pattern"};
jobject cr = wdCallObjectMethod(env, g_app_context, "getContentResolver", "()Landroid/content/ContentResolver;");
cJSON* si_json = cJSON_CreateObject();
for(int i = 0; i < sizeof(settings_secure_key)/sizeof(const char*); ++i) {
jstring key_str = (*env)->NewStringUTF(env, settings_secure_key[i]);
jobject cr = wdCallObjectMethod(env, g_app_context, "getContentResolver", "()Landroid/content/ContentResolver;");
jobject jstr = wdCallStaticObjectMethod(env, "android/provider/Settings$Secure", "getString",
"(Landroid/content/ContentResolver;Ljava/lang/String;)Ljava/lang/String;", cr, key_str);
addJniStringToJson(env, si_json, settings_secure_key[i], jstr);
(*env)->DeleteLocalRef(env, key_str);
(*env)->DeleteLocalRef(env, cr);
(*env)->DeleteLocalRef(env, jstr);
}
/*
for(int m = 0; m < sizeof(settings_global_key)/sizeof(const char*); ++m) {
jstring key_str = (*env)->NewStringUTF(env, settings_global_key[m]);
jint value = wdCallStaticIntMethod(env, "android/provider/Settings$Global", "getInt",
"(Landroid/content/ContentResolver;Ljava/lang/String;)I", cr, key_str);
cJSON_AddNumberToObject(si_json, settings_global_key[m], value);
(*env)->DeleteLocalRef(env, key_str);
}*/
for(int j = 0; j < sizeof(settings_system_key)/sizeof(const char*); ++j) {
jstring key_str = (*env)->NewStringUTF(env, settings_system_key[j]);
jobject cr = wdCallObjectMethod(env, g_app_context, "getContentResolver", "()Landroid/content/ContentResolver;");
jint value = wdCallStaticIntMethod(env, "android/provider/Settings$System", "getInt",
"(Landroid/content/ContentResolver;Ljava/lang/String;)I", cr, key_str);
cJSON_AddNumberToObject(si_json, settings_system_key[j], value);
(*env)->DeleteLocalRef(env, key_str);
(*env)->DeleteLocalRef(env, cr);
}
(*env)->DeleteLocalRef(env, cr);
cJSON_AddItemToObject(json, "settings", si_json);
logd(WD_COLLECT, "%s", "collect settings_info finished...");
}
......@@ -315,7 +382,164 @@ void collect_proxy_info(JNIEnv *env, cJSON *json) {
}
void collect_camera_info(JNIEnv *env, cJSON *json) {
//todo
cJSON* item_json = cJSON_CreateArray();
//获取CameraManager对象
jobject camera_Str=(*env)->NewStringUTF(env, "camera");
jobject cameraManager_obj=wdCallObjectMethod(env, g_app_context,"getSystemService",
"(Ljava/lang/String;)Ljava/lang/Object;", camera_Str);
jobjectArray cameraIdList_Obj=wdCallObjectMethod(env,cameraManager_obj,"getCameraIdList",
"()[Ljava/lang/String;");
int count=(*env)->GetArrayLength(env,cameraIdList_Obj);
logd(WD_COLLECT, "%d", count);
//cJSON_AddNumberToObject(item_json,"count",count);
//
jobject SCALER_AVAILABLE_MAX_DIGITAL_ZOOM=wdGetStaticObjectField(env,"android/hardware/camera2/CameraCharacteristics"
,"SCALER_AVAILABLE_MAX_DIGITAL_ZOOM","Landroid/hardware/camera2/CameraCharacteristics$Key;");
jobject SCALER_STREAM_CONFIGURATION_MAP =wdGetStaticObjectField(env,"android/hardware/camera2/CameraCharacteristics"
,"SCALER_STREAM_CONFIGURATION_MAP","Landroid/hardware/camera2/CameraCharacteristics$Key;"
);
jobject SENSOR_ORIENTATION =wdGetStaticObjectField(env,"android/hardware/camera2/CameraCharacteristics"
,"SENSOR_ORIENTATION","Landroid/hardware/camera2/CameraCharacteristics$Key;"
);
jobject CONTROL_AE_COMPENSATION_RANGE =wdGetStaticObjectField(env,"android/hardware/camera2/CameraCharacteristics"
,"CONTROL_AE_COMPENSATION_RANGE","Landroid/hardware/camera2/CameraCharacteristics$Key;"
);
jobject CONTROL_MAX_REGIONS_AE =wdGetStaticObjectField(env,"android/hardware/camera2/CameraCharacteristics"
,"CONTROL_MAX_REGIONS_AE","Landroid/hardware/camera2/CameraCharacteristics$Key;"
);
jobject CONTROL_MAX_REGIONS_AF =wdGetStaticObjectField(env,"android/hardware/camera2/CameraCharacteristics"
,"CONTROL_MAX_REGIONS_AF","Landroid/hardware/camera2/CameraCharacteristics$Key;"
);
jobject SENSOR_INFO_PHYSICAL_SIZE =wdGetStaticObjectField(env,"android/hardware/camera2/CameraCharacteristics"
,"SENSOR_INFO_PHYSICAL_SIZE","Landroid/hardware/camera2/CameraCharacteristics$Key;"
);
jobject SENSOR_INFO_PIXEL_ARRAY_SIZE =wdGetStaticObjectField(env,"android/hardware/camera2/CameraCharacteristics"
,"SENSOR_INFO_PIXEL_ARRAY_SIZE","Landroid/hardware/camera2/CameraCharacteristics$Key;"
);
//循环获取每个摄像头对应的信息
for (int i = 0; i < count ; ++i) {
cJSON* item_json_item = cJSON_CreateObject();
//获取摄像头的序号
jstring cameraId=(*env)->GetObjectArrayElement(env,cameraIdList_Obj,i);
char* camera_str=(*env)->GetStringUTFChars(env,cameraId,0);
// cJSON_AddStringToObject(item_json,"cameraId",camera_str);
logd(WD_COLLECT, "cameraId = %s",camera_str);
cJSON_AddStringToObject(item_json_item,"cameraId",camera_str);
jobject cameraCharacteristics=wdCallObjectMethod(env,cameraManager_obj,
"getCameraCharacteristics",
"(Ljava/lang/String;)Landroid/hardware/camera2/CameraCharacteristics;",cameraId);
//获取最大的Zoom
jobject maxZoom=wdCallObjectMethod(env,cameraCharacteristics,"get"
,"(Landroid/hardware/camera2/CameraCharacteristics$Key;)Ljava/lang/Object;",SCALER_AVAILABLE_MAX_DIGITAL_ZOOM);
if(maxZoom!=NULL){
float zoom=wdCallFloatMethod(env,maxZoom,"floatValue","()F");
cJSON_AddNumberToObject(item_json_item,"maxZoom",zoom);
logd(WD_COLLECT,"maxZoom= %lf",zoom);
}
//获取
jobject maxPixel=wdCallObjectMethod(env,cameraCharacteristics,"get"
,"(Landroid/hardware/camera2/CameraCharacteristics$Key;)Ljava/lang/Object;",SCALER_STREAM_CONFIGURATION_MAP);
if(maxPixel!=NULL){
int format=256;
jobjectArray outputSizes=wdCallObjectMethod(env,maxPixel,"getOutputSizes"
,"(I)[Landroid/util/Size;",format);
int len=(*env)->GetArrayLength(env,outputSizes);
if(len>0){
jobject obj=(*env)->GetObjectArrayElement(env,outputSizes,0);
int maxPixel_Int=wdCallIntMethod(env,obj,"getWidth","()I")
*wdCallIntMethod(env,obj,"getHeight","()I");
cJSON_AddNumberToObject(item_json_item,"maxPixel",maxPixel_Int);
logd(WD_COLLECT,"maxPixel= %d",maxPixel_Int);
(*env)->DeleteLocalRef(env, obj);
}
(*env)->DeleteLocalRef(env, outputSizes);
}
//获取传感器方向
jobject ori=wdCallObjectMethod(env,cameraCharacteristics,"get"
,"(Landroid/hardware/camera2/CameraCharacteristics$Key;)Ljava/lang/Object;",SENSOR_ORIENTATION);
if(ori!=NULL){
int ori_num=wdCallIntMethod(env,ori,"intValue","()I");
cJSON_AddNumberToObject(item_json_item,"ori",ori_num);
logd(WD_COLLECT,"ori= %d",ori_num);
}
//获取补偿范围
jobject aeRange=wdCallObjectMethod(env,cameraCharacteristics,"get"
,"(Landroid/hardware/camera2/CameraCharacteristics$Key;)Ljava/lang/Object;",CONTROL_AE_COMPENSATION_RANGE);
if(aeRange!=NULL){
jobject lower=wdCallObjectMethod(env,aeRange,"getLower","()Ljava/lang/Comparable;");
jobject upper=wdCallObjectMethod(env,aeRange,"getUpper","()Ljava/lang/Comparable;");
char temp[0x100]={0};
snprintf(temp,0x100,"%dx%d",wdCallIntMethod(env,lower,"intValue","()I"),
wdCallIntMethod(env,upper,"intValue","()I"));
cJSON_AddStringToObject(item_json_item,"aeRange",temp);
logd(WD_COLLECT,"aeRange= %s",temp);
(*env)->DeleteLocalRef(env, lower);
(*env)->DeleteLocalRef(env, upper);
}
//获取maxAe
jobject maxAe=wdCallObjectMethod(env,cameraCharacteristics,"get"
,"(Landroid/hardware/camera2/CameraCharacteristics$Key;)Ljava/lang/Object;",CONTROL_MAX_REGIONS_AE);
if(maxAe!=NULL){
int num=wdCallIntMethod(env,maxAe,"intValue","()I");
cJSON_AddNumberToObject(item_json_item,"maxAe",num);
logd(WD_COLLECT,"maxAe= %d",num);
}
//获取maxAf
jobject maxAf=wdCallObjectMethod(env,cameraCharacteristics,"get"
,"(Landroid/hardware/camera2/CameraCharacteristics$Key;)Ljava/lang/Object;",CONTROL_MAX_REGIONS_AF);
if(maxAf!=NULL){
int num=wdCallIntMethod(env,maxAf,"intValue","()I");
cJSON_AddNumberToObject(item_json_item,"maxAf",num);
logd(WD_COLLECT,"maxAf= %d",num);
}
//获取物理尺寸
jobject phy=wdCallObjectMethod(env,cameraCharacteristics,"get"
,"(Landroid/hardware/camera2/CameraCharacteristics$Key;)Ljava/lang/Object;",SENSOR_INFO_PHYSICAL_SIZE);
if (phy != NULL) {
jstring str_jstring = wdCallObjectMethod(env,phy,"toString","()Ljava/lang/String;");
const char *str =(*env)->GetStringUTFChars(env,str_jstring,0);
cJSON_AddStringToObject(item_json_item,"phy",str);
logd(WD_COLLECT,"phy= %s",str);
(*env)->ReleaseStringUTFChars(env,str_jstring, str);
(*env)->DeleteLocalRef(env, str_jstring);
}
//获取最大的像素阵列
jobject pixel=wdCallObjectMethod(env,cameraCharacteristics,"get"
,"(Landroid/hardware/camera2/CameraCharacteristics$Key;)Ljava/lang/Object;",SENSOR_INFO_PIXEL_ARRAY_SIZE);
if (pixel != NULL) {
jstring str_jstring =wdCallObjectMethod(env,pixel,"toString","()Ljava/lang/String;");
const char *str =(*env)->GetStringUTFChars(env,str_jstring,0);
cJSON_AddStringToObject(item_json_item,"pixel",str);
logd(WD_COLLECT,"pixel= %s",str);
(*env)->ReleaseStringUTFChars(env,str_jstring, str);
(*env)->DeleteLocalRef(env, str_jstring);
}
cJSON_AddItemToArray(item_json, item_json_item);
(*env)->ReleaseStringUTFChars(env,cameraId, camera_str);
(*env)->DeleteLocalRef(env, cameraId);
(*env)->DeleteLocalRef(env, cameraCharacteristics);
(*env)->DeleteLocalRef(env, maxZoom);
(*env)->DeleteLocalRef(env, pixel);
(*env)->DeleteLocalRef(env, phy);
(*env)->DeleteLocalRef(env, maxAf);
(*env)->DeleteLocalRef(env, maxAe);
(*env)->DeleteLocalRef(env, aeRange);
(*env)->DeleteLocalRef(env, ori);
(*env)->DeleteLocalRef(env, maxPixel);
}
(*env)->DeleteLocalRef(env, camera_Str);
(*env)->DeleteLocalRef(env, cameraManager_obj);
(*env)->DeleteLocalRef(env, cameraIdList_Obj);
cJSON_AddItemToObject(json, "camera", item_json);
logd(WD_COLLECT, "%s", "collect camera info finished...");
}
void collect_battery_info(JNIEnv *env, cJSON *json) {
......@@ -350,18 +574,25 @@ void collect_battery_info(JNIEnv *env, cJSON *json) {
}
void collect_env(JNIEnv *env, cJSON *json) {
//todo
cJSON* env_item = cJSON_CreateObject();
char* path = getenv("PATH");
cJSON_AddStringToObject(env_item, "PATH", path);
cJSON_AddItemToObject(json, "env", env_item);
logd(WD_COLLECT, "%s", "collect env finished...");
}
void collect_libs_info(JNIEnv *env, cJSON *json) {
cJSON* item = cJSON_CreateObject();
const char* lib_names[] = {"libwdun.so", "libc.so"};
int pid = WDSYSCALL(SYS_getpid);
logd(WD_COLLECT, "my pid: %d", pid);
const char* lib_names[] = {"libwdun.so", "libc.so"};
for(int j = 0; j < sizeof(lib_names)/sizeof(const char*); ++j) {
char cmd[64] = {0};
char line[1024] = {0};
snprintf(cmd, 63, "cat /proc/%d/maps | grep %s", pid, lib_names[j]);
FILE *fp = g_funcs.wd_popen(cmd, "r");
if(fp){
if(fgets(line, 1024, fp)) {
int pos = 0;
sscanf(line, "%*lx-%*lx %*4s %*lx %*lx:%*lx %*d%n", &pos);
......@@ -373,7 +604,7 @@ void collect_libs_info(JNIEnv *env, cJSON *json) {
int mmap_call_num = 222;
uint8_t* base = (uint8_t*) WDSYSCALL(WD_SYS_mmap, 0, size, PROT_READ, MAP_SHARED, fd, 0);
uint8_t out[16] = {0};
char md5_str[33] = {0};
char md5_str[32 + 1] = {0};
MD5(base, size, out);
bytes2Hex(out, md5_str, 16, 0);
cJSON_AddStringToObject(item, lib_names[j], md5_str);
......@@ -384,12 +615,32 @@ void collect_libs_info(JNIEnv *env, cJSON *json) {
}
g_funcs.wd_pclose(fp);
}
}
cJSON_AddItemToObject(json, "libs", item);
logd(WD_COLLECT, "%s", "collect libs_md5 finished...");
}
void collect_cpu_info(JNIEnv *env, cJSON *json) {
//todo
cJSON* item = cJSON_CreateObject();
//cpu count
char count[10] = {0}, minfreq[20] = {0}, maxfreq[20] = {0}, features[100] = {0};
int res = read_file("/sys/devices/system/cpu/present", "r", count, 9);
cJSON_AddStringToObject(item, "count", count);
res = read_file("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq", "r", minfreq, 19);
cJSON_AddStringToObject(item, "minfreq", minfreq);
res = read_file("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq", "r", maxfreq, 19);
cJSON_AddStringToObject(item, "maxfreq", maxfreq);
res = read_cmd("cat /proc/cpuinfo | grep Features", "r", features, 99);
char* ft = strchr(features, ' ') + 1;
cJSON_AddStringToObject(item, "features", ft);
cJSON_AddItemToObject(json, "cpu", item);
logd(WD_COLLECT, "%s", "collect cpu info finished...");
}
void collect_sensor_info(JNIEnv *env, cJSON *json) {
......@@ -426,38 +677,40 @@ void collect_mem_info(JNIEnv *env, cJSON *json) {
//get ram
struct sysinfo si;
if(WDSYSCALL(SYS_sysinfo, &si) == 0) {
double ram_total = ((double)(si.totalram * si.mem_unit)) / 1024 / 1024 / 1024;
double ram_free = ((double)(si.freeram * si.mem_unit)) / 1024 / 1024 / 1024;
u_long ram_total = si.totalram * si.mem_unit;
u_long ram_free = si.freeram * si.mem_unit;
char ram_buf[32] = {0};
snprintf(ram_buf, 31, "%.3lf, %.3lf", ram_total, ram_free);
snprintf(ram_buf, 31, "%lu, %lu", ram_total, ram_free);
cJSON_AddStringToObject(item, "ram", ram_buf);
}
//get rom
struct statfs sf;
if(WDSYSCALL(SYS_statfs, "/data", &sf) == 0) {
double rom_total = ((double)(sf.f_blocks * sf.f_bsize)) / 1024 / 1024 / 1024;
double rom_free = ((double)(sf.f_bfree * sf.f_bsize)) / 1024 / 1024 / 1024;
char rom_buf[32] = {0};
snprintf(rom_buf, 31, "%.3lf, %.3lf", rom_total, rom_free);
cJSON_AddStringToObject(item, "rom", rom_buf);
u_long data_total = sf.f_blocks * sf.f_bsize;
u_long data_free = sf.f_bfree * sf.f_bsize;
char sdcard_buf[32] = {0};
snprintf(sdcard_buf, 31, "%lu, %lu", data_total, data_free);
cJSON_AddStringToObject(item, "rom", sdcard_buf);
}
//get sdcard
/*
struct statfs sf2;
if(WDSYSCALL(SYS_statfs, "/sdcard", &sf2) == 0) {
double sdcard_total = ((double)(sf2.f_blocks * sf2.f_bsize)) / 1024 / 1024 / 1024;
double sdcard_free = ((double)(sf2.f_bfree * sf2.f_bsize)) / 1024 / 1024 / 1024;
u_long sdcard_total = sf2.f_blocks * sf2.f_bsize;
u_long sdcard_free = sf2.f_bfree * sf2.f_bsize;
char sdcard_buf[32] = {0};
snprintf(sdcard_buf, 31, "%.3lf, %.3lf", sdcard_total, sdcard_free);
snprintf(sdcard_buf, 31, "%lu, %lu", sdcard_total, sdcard_free);
cJSON_AddStringToObject(item, "sdcard", sdcard_buf);
}
}*/
cJSON_AddItemToObject(json, "mem", item);
logd(WD_COLLECT, "%s", "collect mem_info finished...");
}
void collect_network_info(JNIEnv *env, cJSON *json) {
cJSON* network = cJSON_CreateObject();
jstring ci_jstr = (*env)->NewStringUTF(env, "connectivity");
jobject ci = wdCallObjectMethod(env, g_app_context, "getSystemService",
"(Ljava/lang/String;)Ljava/lang/Object;", ci_jstr);
......@@ -501,37 +754,64 @@ void collect_network_info(JNIEnv *env, cJSON *json) {
default:
break;
}
cJSON_AddStringToObject(json, "network_type", network_type);
cJSON_AddStringToObject(network, "network_type", network_type);
}
//wifi
else if (conn_type == 1) {
cJSON_AddStringToObject(json, "network_type", "wifi");
cJSON_AddStringToObject(network, "network_type", "wifi");
//get wifi ssid bssid ip, need ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION permission on Android high version
jstring wm_jstr = (*env)->NewStringUTF(env, "wifi");
jobject wm = wdCallObjectMethod(env, g_app_context, "getSystemService",
"(Ljava/lang/String;)Ljava/lang/Object;", wm_jstr);
jobject wi = wdCallObjectMethod(env, wm, "getConnectionInfo", "()Landroid/net/wifi/WifiInfo;");
jobject ssid = wdCallObjectMethod(env, wi, "getSSID", "()Ljava/lang/String;");
addJniStringToJson(env, json, "ssid", ssid);
addJniStringToJson(env, network, "ssid", ssid);
(*env)->DeleteLocalRef(env, ssid);
jobject bssid = wdCallObjectMethod(env, wi, "getBSSID", "()Ljava/lang/String;");
addJniStringToJson(env, json, "bssid", bssid);
addJniStringToJson(env, network, "bssid", bssid);
(*env)->DeleteLocalRef(env, bssid);
jint wifi_ip_int = wdCallIntMethod(env, wi, "getIpAddress", "()I");
char wifi_ip[32] = {0};
inet_ntop(AF_INET, &wifi_ip_int, wifi_ip, 31);
cJSON_AddStringToObject(json, "wifi_ip", wifi_ip);
cJSON_AddStringToObject(network, "wifi_ip", wifi_ip);
(*env)->DeleteLocalRef(env, wi);
(*env)->DeleteLocalRef(env, wm);
(*env)->DeleteLocalRef(env, wm_jstr);
}
//dns
cJSON* dns = cJSON_CreateArray();
jobject nw = wdCallObjectMethod(env, ci, "getActiveNetwork", "()Landroid/net/Network;");
if(nw != NULL) {
jobject lp = wdCallObjectMethod(env, ci, "getLinkProperties", "(Landroid/net/Network;)Landroid/net/LinkProperties;", nw);
if(lp != NULL) {
jobject dns_list = wdCallObjectMethod(env, lp, "getDnsServers", "()Ljava/util/List;");
if(dns_list != NULL) {
jint size = wdCallIntMethod(env, dns_list, "size", "()I");
for(int i = 0; i < size; ++i) {
jobject ia = wdCallObjectMethod(env, dns_list, "get", "(I)Ljava/lang/Object;", i);
jstring address_jstr = wdCallObjectMethod(env, ia, "getHostAddress", "()Ljava/lang/String;");
addJniStringToArray(env, dns, address_jstr);
(*env)->DeleteLocalRef(env, address_jstr);
}
(*env)->DeleteLocalRef(env, dns_list);
}
(*env)->DeleteLocalRef(env, lp);
}
(*env)->DeleteLocalRef(env, nw);
}
cJSON_AddItemToObject(network, "dns", dns);
(*env)->DeleteLocalRef(env, ni);
return_label:
(*env)->DeleteLocalRef(env, ci);
(*env)->DeleteLocalRef(env, ci_jstr);
cJSON_AddItemToObject(json, "network", network);
logd(WD_COLLECT, "%s", "collect network info finished...");
}
......@@ -541,6 +821,14 @@ void collect_user_agent(JNIEnv *env, cJSON *json) {
addJniStringToJson(env, json, "user-agent", ua_jstr);
(*env)->DeleteLocalRef(env, ua_jstr);
jstring key_jstr = (*env)->NewStringUTF(env, "http.agent");
jobject ua2_jstr = wdCallStaticObjectMethod(env, "java/lang/System", "getProperty",
"(Ljava/lang/String;)Ljava/lang/String;", key_jstr);
addJniStringToJson(env, json, "user-agent2", ua2_jstr);
(*env)->DeleteLocalRef(env, key_jstr);
(*env)->DeleteLocalRef(env, ua2_jstr);
logd(WD_COLLECT, "%s", "collect user agent finished...");
}
......@@ -609,3 +897,226 @@ void collect_cell_info(JNIEnv *env, cJSON *json) {
logd(WD_COLLECT, "%s", "collect cell info finished...");
}
void collect_system_id(JNIEnv *env, cJSON *json) {
char buf1[40] = {0}, buf2[40] = {0};
int res = read_file("/proc/sys/kernel/random/boot_id", "r", buf1, 39);
cJSON_AddStringToObject(json, "sys_boot_id", buf1);
res = read_file("/proc/sys/kernel/random/uuid", "r", buf2, 39);
cJSON_AddStringToObject(json, "sys_uuid", buf2);
logd(WD_COLLECT, "%s", "collect system id finished...");
}
void collect_time_info(JNIEnv *env, cJSON *json) {
// current_time
struct timespec ts = {0};
time_t cur;
if(WDSYSCALL(SYS_clock_gettime, CLOCK_REALTIME, &ts) == 0) {
cur = ts.tv_sec;
cJSON_AddNumberToObject(json, "cur_time", cur);
}
if(WDSYSCALL(SYS_clock_gettime, CLOCK_BOOTTIME, &ts) == 0) {
cJSON_AddNumberToObject(json, "boot_time", cur - ts.tv_sec);
}
logd(WD_COLLECT, "%s", "collect time info finished...");
}
// 收集风控信息
void collect_risk_info(JNIEnv *env, cJSON *json) {
cJSON * risk_item = cJSON_CreateObject();
//root
//su
char su[64] = {0};
int res = read_cmd("which su", "r", su, 63);
cJSON_AddStringToObject(risk_item, "su", su);
//magisk
char magisk[64] = {0};
res = read_cmd("which magisk", "r", magisk, 63);
cJSON_AddStringToObject(risk_item, "magisk", magisk);
//ifconfig
cJSON* ifconfig = cJSON_CreateArray();
int sock = WDSYSCALL(SYS_socket, AF_INET, SOCK_DGRAM, 0);
struct ifconf ifc = {0, 0};
if(WDSYSCALL(SYS_ioctl, sock, SIOCGIFCONF, &ifc) == 0) {
struct ifreq *ifr = malloc(ifc.ifc_len);
ifc.ifc_ifcu.ifcu_req = ifr;
if (WDSYSCALL(SYS_ioctl, sock, SIOCGIFCONF, &ifc) == 0) {
int if_num = ifc.ifc_len / sizeof(struct ifreq);
for(int i = 0; i < if_num; ++i) {
cJSON_AddItemToArray(ifconfig, cJSON_CreateString(ifr[i].ifr_ifrn.ifrn_name));
}
}
free(ifr);
}
cJSON_AddItemToObject(risk_item, "ifconfig", ifconfig);
//emulator
const char *emulator_files[] = {
"/dev/socket/qemud",
"/dev/qemu_pipe",
"/goldfish",
"/system/lib/libc_malloc_debug_qemu.so",
"/sys/qemu_trace",
"/system/bin/microvirt-prop",
"/system/lib/libdroid4x.so",
"/system/bin/windroyed",
"/system/bin/microvirtd",
"/system/bin/nox-prop",
"/system/bin/ttVM-prop",
"/system/bin/droid4x-prop",
"/data/.bluestacks.prop",
"/data/data/com.bluestacks.setup",
"/dev/vboxuser",
"/fstab.vbox86",
"/init.vbox86.rc",
"/init.svc.vbox86-setup",
"/sys/bus/pci/drivers/vboxguest/module",
"/sys/bus/pci/drivers/vboxguest/new_id",
"/sys/bus/pci/drivers/vboxguest/remove_id",
"/sys/bus/pci/drivers/vboxguest/uevent",
"/sys/bus/platform/drivers/qemu_pipe",
"/sys/bus/platform/drivers/qemu_trace",
"/init.svc.droid4x",
"/init.svc.noxd",
"/init.svc.microvirtd",
"/ro.kernel.android.qemud",
"/androVM.vbox_dpi",
"/androVM.vbox_graph_mode",
"/system/bin/qemu_props",
"/system/bin/androVM-prop",
"/system/lib/libaligl2.so",
"/system/lib/libalitag.so",
"/system/lib/libcloudletevent.so",
"/system/lib/libcloudletos.so",
"/system/lib/nemuguest.ko",
"/system/lib/nemusf.ko",
"/system/lib/nemuvideo.ko",
"/system/lib/vpipe.ko",
"/system/lib/vpipe_novt.ko",
"/system/lib/vboxguest.ko",
"/system/lib/vboxsf.ko",
// "/system/lib/libhoudini.so", //x86转arm架构
"/sys/bus/virtio",
"/sys/module/virtio_net",
"/sys/module/virtio_pci",
"/sys/class/virtio_pt/virtiopt",
"/sys/devices/virtual/virtio_pt/virtiopt",
"/sys/class/virtio_pt",
"/dev/virtiopt",
"/sys/bus/pci/drivers/virtio-pci",
"/proc/sys/fs/binfmt_misc/arm"
};
cJSON *emulator = cJSON_CreateArray();
for (int i = 0; i < sizeof(emulator_files) / sizeof(const char *); ++i) {
if (is_file_exists(emulator_files[i])) {
cJSON_AddItemToArray(emulator, cJSON_CreateString(emulator_files[i]));
}
}
cJSON_AddItemToObject(risk_item, "emulator", emulator);
//hook
//inject
cJSON *inject = cJSON_CreateArray();
const char* xposed_strs[] = {
"libriru.so", "libriru_edxp.so", "libsandhook.edxp.so", "liblspd.so", "XposedBridge.jar",
"frida-agent-32.so", "frida-agent-64.so", "libsubstrate.so", "libxposed_art.so"
};
int pid = WDSYSCALL(SYS_getpid);
for(int i = 0; i < sizeof(xposed_strs)/sizeof(const char*); ++i) {
char cmd[64] = {0};
snprintf(cmd, 63, "cat /proc/%d/maps | grep %s", pid, xposed_strs[i]);
FILE* fp = popen(cmd, "r");
char line[1024] = {0};
if(fgets(line, 1023, fp)){
int pos = 0;
sscanf(line, "%*lx-%*lx %*4s %*lx %*lx:%*lx %*d%n", &pos);
char* path = wd_util_trim(line + pos);
if(path) {
cJSON_AddItemToArray(inject, cJSON_CreateString(path));
}
}
pclose(fp);
}
cJSON_AddItemToObject(risk_item, "inject", inject);
//system_lib_funcs
cJSON* sys_funcs = cJSON_CreateObject();
struct so_info* si = fake_dlopen("libc.so", 0);
if(si) {
const char* symbols[] = {
"syscall", "open", "read", "fopen", "fread", "popen", "__system_property_get", "__system_property_set"
};
for(int i = 0; i < sizeof(symbols)/sizeof(const char*); ++i) {
void* addr = fake_dlsym(si, symbols[i]);
char data[32 + 1] = {0};
if(addr) {
char val[16] = {0};
memcpy(val, addr, 16);
bytes2Hex(val, data, 16, 0);
}
cJSON_AddStringToObject(sys_funcs, symbols[i], data);
}
fake_dlclose(si);
}
cJSON_AddItemToObject(risk_item, "sys_funcs", sys_funcs);
//sdk_funcs
cJSON* sdk_funcs = cJSON_CreateObject();
//todo
cJSON_AddItemToObject(risk_item, "sdk_funcs", sdk_funcs);
//multirun
cJSON* multirun = cJSON_CreateObject();
jobject files_dir = wdCallObjectMethod(env, g_app_context, "getFilesDir", "()Ljava/io/File;");
jstring files_path_jstr = wdCallObjectMethod(env, files_dir, "getCanonicalPath", "()Ljava/lang/String;");
addJniStringToJson(env, multirun, "files_path", files_path_jstr);
cJSON_AddItemToObject(risk_item, "multirun", multirun);
(*env)->DeleteLocalRef(env, files_path_jstr);
(*env)->DeleteLocalRef(env, files_dir);
cJSON_AddItemToObject(json, "risk", risk_item);
}
void collect_common_app(JNIEnv *env, cJSON *json) {
cJSON* item = cJSON_CreateArray();
const char* apps[] = {
"com.tencent.mm",
"com.tencent.mobileqq",
"com.sina.weibo",
"com.immomo.momo",
"com.immomo.momo",
"cn.kuwo.player",
"com.tencent.qqmusic",
"com.netease.cloudmusic",
"com.sohu.inputmethod.sogou",
"com.baidu.input",
"com.iflytek.inputmethod",
"com.tencent.qqpinyin",
"com.eg.android.AlipayGphone",
"com.taobao.taobao",
"com.xunmeng.pinduoduo",
"com.jingdong.app.mall",
"com.baidu.searchbox",
"com.tencent.mtt",
"com.ss.android.article.news",
"com.tencent.news"
};
for(int i = 0; i < sizeof(apps)/sizeof(const char*); ++i) {
char path[128] = {0};
snprintf(path, 127, "/data/data/%s", apps[i]);
if(is_file_exists(path)) {
cJSON_AddItemToArray(item, cJSON_CreateString(apps[i]));
}
}
cJSON_AddItemToObject(json, "common_used_apps", item);
}
wandun/src/main/cpp/core.c
......@@ -24,8 +24,7 @@ jobject g_app_context = NULL;
struct wd_funcs g_funcs;
JNIEXPORT jstring jni_get_wdid(JNIEnv* env, jobject thiz) {
do_collect(env);
return NULL;
return do_collect(env);
}
JNIEXPORT void jni_init(JNIEnv* env, jobject thiz, jobject context) {
......@@ -35,7 +34,7 @@ JNIEXPORT void jni_init(JNIEnv* env, jobject thiz, jobject context) {
}
JNIEXPORT jint JNI_OnLoad(JavaVM* vm, void* reserved) {
int pid = WDSYSCALL(SYS_getpid);
logd("wdun_core", "%s", "enter jni_onload...");
JNIEnv* env = NULL;
if((*vm)->GetEnv(vm, (void**)&env, JNI_VERSION_1_6) == JNI_OK) {
jclass cls = (*env)->FindClass(env, WDMAIN_CLASS_NAME);
......@@ -45,12 +44,20 @@ JNIEXPORT jint JNI_OnLoad(JavaVM* vm, void* reserved) {
(*env)->DeleteLocalRef(env, cls);
}
//find lic needed symbol
logd("wdun_core", "%s", "find libc symbol...");
//find libc needed symbol
struct so_info* si = fake_dlopen("libc.so", 0);
if(si != NULL) {
g_funcs.wd_popen = fake_dlsym(si, "popen");
g_funcs.wd_pclose = fake_dlsym(si, "pclose");
g_funcs.wd_system_property_get = fake_dlsym(si, "__system_property_get");
fake_dlclose(si);
}
if(!g_funcs.wd_popen) g_funcs.wd_popen = popen;
if(!g_funcs.wd_pclose) g_funcs.wd_pclose = pclose;
if(!g_funcs.wd_system_property_get) g_funcs.wd_system_property_get = __system_property_get;
logd("wdun_core", "%s", "leave jni_onload...");
return JNI_VERSION_1_6;
}
wandun/src/main/cpp/include/collect.h
......@@ -8,7 +8,7 @@
#include <jni.h>
#include "cJSON.h"
void do_collect(JNIEnv* env);
jstring do_collect(JNIEnv* env);
cJSON* collect_init();
void collect_app_info(JNIEnv* env, cJSON* json);
int collect_permissions(JNIEnv* env, cJSON* json);
......@@ -31,6 +31,10 @@ void collect_network_info(JNIEnv* env, cJSON* json);
void collect_user_agent(JNIEnv* env, cJSON* json);
void collect_location_info(JNIEnv* env, cJSON* json);
void collect_cell_info(JNIEnv* env, cJSON* json);
void collect_system_id(JNIEnv* env, cJSON* json);
void collect_time_info(JNIEnv* env, cJSON* json);
void collect_common_app(JNIEnv* env, cJSON* json);
void collect_risk_info(JNIEnv* env, cJSON* json);
/** Network type is unknown */
#define NETWORK_TYPE_UNKNOWN 0
......
wandun/src/main/cpp/include/utils.h
......@@ -9,10 +9,14 @@
#include <jni.h>
void addJniStringToJson(JNIEnv* env, cJSON* json, const char* key, jobject jstr);
void addJniStringToArray(JNIEnv* env, cJSON* json, jobject jstr);
void getJniStringSha256(JNIEnv* env, jobject jstr, char* sha256);
void bytes2Hex(const unsigned char* source, char* dest, int sourceLen, int mac_format);
void hex2Bytes(const char* source, unsigned char* dest, int sourceLen);
int readCmd(const char* cmd, const char* mode, char* r_buf, size_t r_len);
int read_cmd(const char* cmd, const char* mode, char* r_buf, size_t r_len);
int read_file(const char* file_path, const char* mode, char* r_buf, size_t r_len);
int is_file_exists(const char* file_path);
void delete_enter(char* buf, int len);
char *wd_util_trim(char *start);
#endif //REYUNSDK_UTILS_H
wandun/src/main/cpp/include/wd_syscall.h
......@@ -10,18 +10,32 @@
#ifdef __arm__
#define WDSYSCALL(cmd, args...) wd_syscall32(WDNUM(cmd), ##args)
#define WDSYSCALL(cmd, args...) wd_syscall_arm(WDNUM(cmd), ##args)
#define WD_SYS_mmap SYS_mmap2
#define WD_SYS_fstatat SYS_fstatat64
#endif
#ifdef __aarch64__
#define WDSYSCALL(cmd, args...) wd_syscall64(WDNUM(cmd), ##args)
#define WDSYSCALL(cmd, args...) wd_syscall_aarch64(WDNUM(cmd), ##args)
#define WD_SYS_mmap SYS_mmap
#define WD_SYS_fstatat SYS_newfstatat
#endif
#ifdef x86
#define WDSYSCALL(cmd, args...) wd_syscall_x86(WDNUM(cmd), ##args)
#define WD_SYS_mmap SYS_mmap
#endif
#ifdef x86_64
#define WDSYSCALL(cmd, args...) wd_syscall_x64(WDNUM(cmd), ##args)
#define WD_SYS_mmap SYS_mmap
#endif
#define IMPORTWDSYSCALL \
__attribute__((visibility("hidden"))) extern long wd_syscall32(int cmd, ...);\
__attribute__((visibility("hidden"))) extern long wd_syscall64(int cmd, ...);
__attribute__((visibility("hidden"))) extern long wd_syscall_arm(int cmd, ...);\
__attribute__((visibility("hidden"))) extern long wd_syscall_aarch64(int cmd, ...);\
__attribute__((visibility("hidden"))) extern long wd_syscall_x86(int cmd, ...);\
__attribute__((visibility("hidden"))) extern long wd_syscall_x64(int cmd, ...);
long wd_set_errno(int n);
......
wandun/src/main/cpp/utils.c
......@@ -10,6 +10,13 @@
#include <string.h>
#include <ctype.h>
#include "wd_result.h"
#include "wd_syscall.h"
#include "syscall.h"
#include "fcntl.h"
#include "errno.h"
#include "unistd.h"
IMPORTWDSYSCALL
//字节流转换为十六进制字符串
void bytes2Hex(const unsigned char *source, char *dest, int sourceLen, int mac_format) {
......@@ -69,13 +76,19 @@ void hex2Bytes(const char* source, unsigned char* dest, int sourceLen)
return;
}
void addJniStringToArray(JNIEnv* env, cJSON* json, jobject jstr) {
addJniStringToJson(env, json, NULL, jstr);
}
void addJniStringToJson(JNIEnv *env, cJSON *json, const char *key, jobject jstr) {
if(jstr == NULL) {
cJSON_AddStringToObject(json, key, "");
if(key) cJSON_AddStringToObject(json, key, "");
else cJSON_AddItemToArray(json, cJSON_CreateString(""));
}else{
jboolean bl = 0;
const char* value= (*env)->GetStringUTFChars(env, jstr, &bl);
cJSON_AddStringToObject(json, key, value);
if(key) cJSON_AddStringToObject(json, key, value);
else cJSON_AddItemToArray(json, cJSON_CreateString(value));
(*env)->ReleaseStringUTFChars(env, jstr, value);
}
}
......@@ -90,11 +103,12 @@ void getJniStringSha256(JNIEnv* env, jobject jstr, char* sha256) {
sha256[64] = 0;
}
int readCmd(const char *cmd, const char *mode, char *r_buf, size_t r_len) {
int read_cmd(const char *cmd, const char *mode, char *r_buf, size_t r_len) {
FILE* fp = popen(cmd, mode);
int res;
if(!fp) res = WD_ERROR;
int read_size = fread(r_buf, r_len, 1, fp);
if(!fp) return WD_ERROR;
int read_size = fread(r_buf, 1, r_len, fp);
if(read_size > 0) delete_enter(r_buf, read_size);
if(read_size == -1) res = WD_ERROR;
else res = WD_OK;
pclose(fp);
......@@ -118,3 +132,33 @@ char *wd_util_trim(char *start)
*end = '\0';
return start;
}
void delete_enter(char* buf, int len) {
int i = 0;
while(i < len) {
if (buf[i] == '\n') {
buf[i] = 0;
return;
}
++i;
}
}
int read_file(const char *file_path, const char *mode, char *r_buf, size_t r_len) {
FILE* fp = fopen(file_path, mode);
int res;
if(!fp) return WD_ERROR;
int read_size = fread(r_buf, 1, r_len, fp);
if(read_size > 0) delete_enter(r_buf, read_size);
if(read_size == -1) res = WD_ERROR;
else res = WD_OK;
fclose(fp);
return res;
}
int is_file_exists(const char *file_path) {
int res = WDSYSCALL(SYS_faccessat, AT_FDCWD, file_path, F_OK, 0);
int err = errno;
if(res == -1) return 0;
return 1;
}
wandun/src/main/cpp/wd_jni.c
......@@ -240,6 +240,7 @@ jvalue wdCallStaticMethod(JNIEnv* env, const char* clsName, const char* methodNa
break;
default: break;
}
wdCheckException(env);
return_label:
......@@ -250,6 +251,10 @@ jvalue wdCallStaticMethod(JNIEnv* env, const char* clsName, const char* methodNa
jvalue wdCallMethod(JNIEnv* env, jobject obj, const char* methodName, const char* methodSig, va_list args) {
jclass cls = (*env)->GetObjectClass(env, obj);
jmethodID methodId = (*env)->GetMethodID(env, cls, methodName, methodSig);
if(methodId == NULL) {
logd(WD_JNI, "not find method %s%s", methodName, methodSig);
goto return_label;
}
jvalue value = {0};
switch(wdGetMethodRetType(methodSig)) {
case 'V':
......@@ -286,6 +291,7 @@ jvalue wdCallMethod(JNIEnv* env, jobject obj, const char* methodName, const char
default: break;
}
wdCheckException(env);
return_label:
(*env)->DeleteLocalRef(env, cls);
return value;
}
......
wandun/src/main/cpp/wd_syscall64.s wandun/src/main/cpp/wd_syscall_aarch64.s
......@@ -2,12 +2,12 @@
// Created by Fear1ess on 2021/3/31.
//
.global wd_syscall64
.global wd_syscall_aarch64
.extern wd_set_errno
.type wd_syscall64, %function
.type wd_syscall_aarch64, %function
wd_syscall64:
wd_syscall_aarch64:
/* Move syscall No. from x0 to x8 */
sub x0, x0, #0xcd
mov x8, x0
......
wandun/src/main/cpp/wd_syscall32.s wandun/src/main/cpp/wd_syscall_arm.s
......@@ -2,12 +2,12 @@
// Created by Fear1ess on 2021/3/31.
//
.global wd_syscall32
.global wd_syscall_arm
.extern wd_set_errno
.type wd_syscall32, %function
.type wd_syscall_arm, %function
wd_syscall32:
wd_syscall_arm:
mov ip, sp
stmfd sp!, {r4, r5, r6, r7}
sub r0, r0, #0xcd
......
wandun/src/main/cpp/wd_syscall_x86.s 0 → 100644
.global wd_syscall_x86
.extern wd_set_errno
.type wd_syscall_x86, %function
wd_syscall_x86:
# Push the callee save registers.
push %ebx
push %esi
push %edi
push %ebp
# Get and save the system call entry address.
int $80
push %eax
# Load all the arguments from the calling frame.
# (Not all will be valid, depending on the syscall.)
mov 24(%esp),%eax
mov 28(%esp),%ebx
mov 32(%esp),%ecx
mov 36(%esp),%edx
mov 40(%esp),%esi
mov 44(%esp),%edi
mov 48(%esp),%ebp
# Make the system call.
call *(%esp)
addl $4, %esp
# Error?
cmpl $-4096, %eax
jb 1f
# Yes, so set errno.
negl %eax
pushl %eax
call wd_set_errno
addl $4, %esp
1:
# Restore the callee save registers.
pop %ebp
pop %edi
pop %esi
pop %ebx
ret
\ No newline at end of file
wandun/src/main/java/com/reyun/wandun/WdMain.java
......@@ -41,7 +41,7 @@ public class WdMain {
}
//获取wdId
public void getWdId(WdCallback cb) {
public void getWdId(final WdCallback cb) {
ExecutorService es = Executors.newSingleThreadExecutor();
es.execute(new Runnable() {
@Override
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment