基于Xpsoed 修改CPU型号 全网唯一
来源:互联网 发布:驱动精灵知乎 编辑:程序博客网 时间:2024/06/06 11:35
逆向思维
这个问题困扰了我半个月才解决 很冷门 目前只有008实现了修改CPU型号 但他是为了赚钱不能开源出来供大家学习 看雪有几个帖子在讨论这个问题 但没人解决了
首先CPU 相关信息都存放在 cpuinfo文件里 频率 型号 等等 都放在里面
但xpsoed本身不能hook文件 只能根据包名 函数名 进行HOOK 这下子直接卡死 无法实现修改CPU型号
怎么办 而且cpuinfo是从内核映射上来的 就算改了也没用 但逆向思维想一下 三方应用进行读取cpuinfo文件
是用流的形式进行读取 那面我们直接把流HOOK 掉 当检测到File 读取系统cpuinfo文件的时候 在SD卡创建一个自定义的cpuinfo文件 强制流读取自己定义的cpuinfo文件 有了思路就可以开始写代码了 但真的很麻烦 直接贴代码
// 核心代码 强制流读取自定义的文件public class Cpuinfo { public Cpuinfo(LoadPackageParam sharePkgParam) { FakeCPUFile(sharePkgParam); } public static boolean CreatDataCpu(Context context) { String str = "/data/data/" + context.getPackageName() + "/cpuinfo"; // String str2 = "/data/data/" + context.getPackageName() + "/version"; try { AssetManager assets = context.getAssets(); InputStream open = assets.open("cpuinfo"); OutputStream fileOutputStream = new FileOutputStream(str); writeValue(open, fileOutputStream); open.close(); fileOutputStream.flush(); fileOutputStream.close(); // InputStream open2 = assets.open("version"); // OutputStream fileOutputStream2 = new FileOutputStream(str2); // writeValue(open2, fileOutputStream2); // open2.close(); // fileOutputStream2.flush(); // fileOutputStream2.close(); Sendfile(str); return true; } catch (Exception e) { return false; } } private static void writeValue(InputStream inputStream, OutputStream outputStream) { try { byte[] bArr = new byte[AccessibilityNodeInfoCompat.ACTION_NEXT_HTML_ELEMENT]; while (true) { int read = inputStream.read(bArr); if (read != -1) { outputStream.write(bArr, 0, read); } else { return; } } } catch (Exception e) { } } private static void Sendfile(String str) { IOException e; try { DataOutputStream dataOutputStream = new DataOutputStream(Runtime .getRuntime().exec("su").getOutputStream()); try { dataOutputStream.writeBytes("mkdir /sdcard/Test/\n"); dataOutputStream.flush(); dataOutputStream.writeBytes("chmod 777 /sdcard/Test/\n"); dataOutputStream.flush(); dataOutputStream.writeBytes("cp " + str + " /sdcard/Test/\n"); dataOutputStream.flush(); dataOutputStream .writeBytes("chmod 444 /sdcard/Test/cpuinfo\n"); dataOutputStream.flush(); dataOutputStream.writeBytes("rm " + str + "\n"); dataOutputStream.flush(); // dataOutputStream.writeBytes("cp " + str2 + // " /data/misc/sys\n"); // dataOutputStream.flush(); // dataOutputStream.writeBytes("chmod 444 /data/misc/sys/version\n"); // dataOutputStream.flush(); // dataOutputStream.writeBytes("rm " + str2 + "\n"); // dataOutputStream.flush(); dataOutputStream.close(); if (new File("/sdcard/Test/cpuinfo").exists()) { return; } throw new IOException(); } catch (IOException e2) { e = e2; DataOutputStream dataOutputStream2 = dataOutputStream; e.printStackTrace(); } } catch (IOException e3) { e = e3; e.printStackTrace(); } } public void FakeCPUFile(LoadPackageParam loadPkgParam) { try { XposedBridge.hookAllConstructors(File.class, new XC_MethodHook() { @Override protected void beforeHookedMethod(MethodHookParam param) throws Throwable { // TODO Auto-generated method stub super.beforeHookedMethod(param); if (param.args.length == 1) { if (param.args[0].equals("/proc/cpuinfo")) { // 自定义文件的路径 param.args[0] = "/sdcard/Test/cpuinfo"; } } else if (param.args.length == 2 && !File.class.isInstance(param.args[0])) { int i = 0; String str = ""; while (i < 2) { String stringBuilder; if (param.args[i] != null) { if (param.args[i].equals("/proc/cpuinfo")) { param.args[i] = "/sdcard/Test/cpuinfo"; } stringBuilder = new StringBuilder(String .valueOf(str)).append(param.args[i]) .append(":").toString(); } else { stringBuilder = str; } i++; str = stringBuilder; } } } }); XposedHelpers.findAndHookMethod("java.lang.Runtime", loadPkgParam.classLoader, "exec", String[].class, String[].class, File.class, new XC_MethodHook() { @Override protected void beforeHookedMethod(MethodHookParam param) throws Throwable { // TODO Auto-generated method stub super.beforeHookedMethod(param); if (param.args.length == 1) { if (param.args[0].equals("/proc/cpuinfo")) { // 自定义文件的路径 param.args[0] = "/sdcard/Test/cpuinfo"; } } else if (param.args.length == 2 && !File.class.isInstance(param.args[0])) { int i = 0; String str = ""; while (i < 2) { String stringBuilder; if (param.args[i] != null) { if (param.args[i] .equals("/proc/cpuinfo")) { param.args[i] = "/sdcard/Test/cpuinfo"; } stringBuilder = new StringBuilder( String.valueOf(str)) .append(param.args[i]) .append(":").toString(); } else { stringBuilder = str; } i++; str = stringBuilder; } } } }); } catch (Exception e) { XposedBridge.log("Fake CPUFile - 1 ERROR: " + e.getMessage()); } try { XposedBridge.hookMethod(XposedHelpers.findConstructorExact( ProcessBuilder.class, new Class[] { String[].class }), new XC_MethodHook() { protected void beforeHookedMethod(MethodHookParam param) throws Throwable { // TODO Auto-generated method stub super.beforeHookedMethod(param); if (param.args[0] != null) { String[] strArr = (String[]) param.args[0]; String str = ""; for (String str2 : strArr) { str = new StringBuilder(String.valueOf(str)) .append(str2).append(":") .toString(); if (str2 == "/proc/cpuinfo") { strArr[1] = "/sdcard/Test/cpuinfo"; } } param.args[0] = strArr; } } }); } catch (Exception e) { XposedBridge.log("Fake CPUFile - 2 ERROR: " + e.getMessage()); } // Pattern.compile("").matcher(""); try { XposedHelpers.findAndHookMethod("java.util.regex.Pattern", loadPkgParam.classLoader, "matcher", CharSequence.class, new XC_MethodHook() { @Override protected void beforeHookedMethod(MethodHookParam param) throws Throwable { // TODO Auto-generated method stub super.beforeHookedMethod(param); if (param.args.length == 1) { if (param.args[0].equals("/proc/cpuinfo")) { param.args[0] = "/sdcard/Test/cpuinfo"; } } } }); } catch (Exception e) { // TODO: handle exception } } }-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------接下来就是自定义文件了 String filePath = "/sdcard/Test/"; String fileName = "cpuinfo"; //生成文件夹之后,再生成文件,不然会出错 Mnt.makeFilePath(filePath, fileName); String strFilePath = filePath+fileName; // 每次写入时,都换行写 String strContent = "Processor : ARMv7 Processor rev 0 (v7l)" + "\r\n"; String strContent2 = "processor : 0" + "\r\n"; String strContent3 = "BogoMIPS : 38.40"; String strContent4 = "" + "\r\n"; String strContent5 = "" + "\r\n"; String strContent6 = "processor : 1"+ "\r\n"; String strContent7 = "BogoMIPS : 38.40"+ "\r\n"; String strContent8 = ""+ "\r\n"; String strContent9 = "Features : swp half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt"+ "\r\n"; String strContent10 = "CPU implementer : 0x51"+ "\r\n"; String strContent11 = "CPU architecture: 7"+ "\r\n"; String strContent12 = "CPU variant : 0x2"+ "\r\n"; String strContent13 = "CPU part : 0x06f"+ "\r\n"; String strContent14 = "CPU revision : 0"+ "\r\n"; String strContent15 = ""+ "\r\n"; String strContent16 = "Hardware :MT123 \n"; // 这型号自己随便定义 String strContent17 = "Revision : 000d"+ "\r\n"; String strContent18 = "Serial : 0000088900004e4b"+ "\r\n"; try { File file = new File(strFilePath); if (!file.exists()) { file.getParentFile().mkdirs(); file.createNewFile(); } //要先将已有文件删除、避免干扰。 if(file.exists()){ file.delete(); } RandomAccessFile raf = new RandomAccessFile(file, "rwd"); raf.seek(file.length()); raf.write(strContent.getBytes()); raf.write(strContent2.getBytes()); raf.write(strContent3.getBytes()); raf.write(strContent4.getBytes()); raf.write(strContent5.getBytes()); raf.write(strContent6.getBytes()); raf.write(strContent7.getBytes()); raf.write(strContent8.getBytes()); raf.write(strContent9.getBytes()); raf.write(strContent10.getBytes()); raf.write(strContent11.getBytes()); raf.write(strContent12.getBytes()); raf.write(strContent13.getBytes()); raf.write(strContent14.getBytes()); raf.write(strContent15.getBytes()); raf.write(strContent16.getBytes()); raf.write(strContent17.getBytes()); raf.write(strContent18.getBytes()); raf.close(); } catch (Exception e) { Log.e("TestFile", "Error on write File:" + e); } // 生成文件 public static File makeFilePath(String filePath, String fileName) { File file = null; makeRootDirectory(filePath); try { file = new File(filePath + fileName); if (!file.exists()) { file.createNewFile(); } } catch (Exception e) { e.printStackTrace(); } return file; } // 生成文件夹 public static void makeRootDirectory(String filePath) { File file = null; try { file = new File(filePath); if (!file.exists()) { file.mkdir(); } } catch (Exception e) { Log.i("error:", e+""); } } 就怕被人问怎么用 直接NEW 就行
public void handleLoadPackage(LoadPackageParam sharePkgParam) throws Throwable {new Cpuinfo(sharePkgParam);}就是这样CPU相关信息随便改 所有的坑的都踩过了只要能帮助到需要的朋友就够了 这个真的太冷门了 都得自己想 如果说我有这个需求的时候 能看到这样一篇文件 那怕只有一些参考也是好的
8 0
- 基于Xpsoed 修改CPU型号 全网唯一
- 修改CPU型号(重启依然有效)
- C#获取电脑的唯一标示UUID 非CPU型号 mac
- 型号修改
- amd cpu 型号大全
- Intel笔记本CPU型号
- 笔记本CPU型号汇总
- CPU型号大全
- intel cpu型号大全
- AMD CPU 型号
- Intel CPU 型号介绍
- Intel CPU型号发展史
- Intel CPU型号发展史
- 检测cpu型号
- 查看虚拟机cpu型号
- Linux-查看cpu型号
- 奸商如何修改电脑属性里显示的CPU型号和内存容量
- Intel 笔记本CPU型号 透析
- FragmentTabHost+ViewPager+Fragment实现底部Tab导航
- 怎么将JPannel里面Jtable的数据设为不可编辑
- GIS开源解决方案的探讨
- Python 抓取新浪财经股票数据
- Problem H-8 Martian Addition
- 基于Xpsoed 修改CPU型号 全网唯一
- MySQL索引类型总结和使用技巧以及注意事项
- bzoj3091: 城市旅行
- spoj-D-query(主席树)
- 23种设计模式(彩图)
- AWS亚马逊服务器搭建VPN
- HDU1863 畅通工程
- Python实例:网络爬虫抓取豆瓣3万本书(7)
- 观察者模式 和 工厂模式
