diff --git a/app/src/main/java/just/trust/me/Main.java b/app/src/main/java/just/trust/me/Main.java index 4972a64..7df7951 100644 --- a/app/src/main/java/just/trust/me/Main.java +++ b/app/src/main/java/just/trust/me/Main.java @@ -1,5 +1,6 @@ package just.trust.me; +import android.content.Context; import android.net.http.SslError; import android.util.Log; import android.webkit.SslErrorHandler; @@ -54,25 +55,27 @@ import static de.robv.android.xposed.XposedHelpers.findClass; public class Main implements IXposedHookLoadPackage { private static final String TAG = "JustTrustMe"; + String currentPackageName = ""; public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable { + currentPackageName = lpparam.packageName; /* Apache Hooks */ /* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */ /* public DefaultHttpClient() */ - Log.d(TAG, "Hooking DefaultHTTPClient for: " + lpparam.packageName); - findAndHookConstructor(DefaultHttpClient.class, new XC_MethodHook() { - @Override - protected void afterHookedMethod(MethodHookParam param) throws Throwable { + Log.d(TAG, "Hooking DefaultHTTPClient for: " + currentPackageName); + findAndHookConstructor(DefaultHttpClient.class, new XC_MethodHook() { + @Override + protected void afterHookedMethod(MethodHookParam param) throws Throwable { - setObjectField(param.thisObject, "defaultParams", null); - setObjectField(param.thisObject, "connManager", getSCCM()); - } - }); + setObjectField(param.thisObject, "defaultParams", null); + setObjectField(param.thisObject, "connManager", getSCCM()); + } + }); /* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */ /* public DefaultHttpClient(HttpParams params) */ - Log.d(TAG, "Hooking DefaultHTTPClient(HttpParams) for: " + lpparam.packageName); + Log.d(TAG, "Hooking DefaultHTTPClient(HttpParams) for: " + currentPackageName); findAndHookConstructor(DefaultHttpClient.class, HttpParams.class, new XC_MethodHook() { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { @@ -84,7 +87,7 @@ public class Main implements IXposedHookLoadPackage { /* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */ /* public DefaultHttpClient(ClientConnectionManager conman, HttpParams params) */ - Log.d(TAG, "Hooking DefaultHTTPClient(ClientConnectionManager, HttpParams) for: " + lpparam.packageName); + Log.d(TAG, "Hooking DefaultHTTPClient(ClientConnectionManager, HttpParams) for: " + currentPackageName); findAndHookConstructor(DefaultHttpClient.class, ClientConnectionManager.class, HttpParams.class, new XC_MethodHook() { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { @@ -98,7 +101,7 @@ public class Main implements IXposedHookLoadPackage { /* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */ /* public SSLSocketFactory( ... ) */ - Log.d(TAG, "Hooking SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + lpparam.packageName); + Log.d(TAG, "Hooking SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + currentPackageName); findAndHookConstructor(SSLSocketFactory.class, String.class, KeyStore.class, String.class, KeyStore.class, SecureRandom.class, HostNameResolver.class, new XC_MethodHook() { @Override @@ -129,7 +132,7 @@ public class Main implements IXposedHookLoadPackage { /* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */ /* public static SSLSocketFactory getSocketFactory() */ - Log.d(TAG, "Hooking static SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + lpparam.packageName); + Log.d(TAG, "Hooking static SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + currentPackageName); findAndHookMethod("org.apache.http.conn.ssl.SSLSocketFactory", lpparam.classLoader, "getSocketFactory", new XC_MethodReplacement() { @Override protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { @@ -139,7 +142,7 @@ public class Main implements IXposedHookLoadPackage { /* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */ /* public boolean isSecure(Socket) */ - Log.d(TAG, "Hooking SSLSocketFactory(Socket) for: " + lpparam.packageName); + Log.d(TAG, "Hooking SSLSocketFactory(Socket) for: " + currentPackageName); findAndHookMethod("org.apache.http.conn.ssl.SSLSocketFactory", lpparam.classLoader, "isSecure", Socket.class, new XC_MethodReplacement() { @Override protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { @@ -150,7 +153,7 @@ public class Main implements IXposedHookLoadPackage { /* JSSE Hooks */ /* libcore/luni/src/main/java/javax/net/ssl/TrustManagerFactory.java */ /* public final TrustManager[] getTrustManager() */ - Log.d(TAG, "Hooking TrustManagerFactory.getTrustManagers() for: " + lpparam.packageName); + Log.d(TAG, "Hooking TrustManagerFactory.getTrustManagers() for: " + currentPackageName); findAndHookMethod("javax.net.ssl.TrustManagerFactory", lpparam.classLoader, "getTrustManagers", new XC_MethodHook() { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { @@ -169,7 +172,7 @@ public class Main implements IXposedHookLoadPackage { /* libcore/luni/src/main/java/javax/net/ssl/HttpsURLConnection.java */ /* public void setDefaultHostnameVerifier(HostnameVerifier) */ - Log.d(TAG, "Hooking HttpsURLConnection.setDefaultHostnameVerifier for: " + lpparam.packageName); + Log.d(TAG, "Hooking HttpsURLConnection.setDefaultHostnameVerifier for: " + currentPackageName); findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setDefaultHostnameVerifier", HostnameVerifier.class, new XC_MethodReplacement() { @Override @@ -180,7 +183,7 @@ public class Main implements IXposedHookLoadPackage { /* libcore/luni/src/main/java/javax/net/ssl/HttpsURLConnection.java */ /* public void setSSLSocketFactory(SSLSocketFactory) */ - Log.d(TAG, "Hooking HttpsURLConnection.setSSLSocketFactory for: " + lpparam.packageName); + Log.d(TAG, "Hooking HttpsURLConnection.setSSLSocketFactory for: " + currentPackageName); findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setSSLSocketFactory", javax.net.ssl.SSLSocketFactory.class, new XC_MethodReplacement() { @Override @@ -191,7 +194,7 @@ public class Main implements IXposedHookLoadPackage { /* libcore/luni/src/main/java/javax/net/ssl/HttpsURLConnection.java */ /* public void setHostnameVerifier(HostNameVerifier) */ - Log.d(TAG, "Hooking HttpsURLConnection.setHostnameVerifier for: " + lpparam.packageName); + Log.d(TAG, "Hooking HttpsURLConnection.setHostnameVerifier for: " + currentPackageName); findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setHostnameVerifier", HostnameVerifier.class, new XC_MethodReplacement() { @Override @@ -204,7 +207,7 @@ public class Main implements IXposedHookLoadPackage { /* WebView Hooks */ /* frameworks/base/core/java/android/webkit/WebViewClient.java */ /* public void onReceivedSslError(Webview, SslErrorHandler, SslError) */ - Log.d(TAG, "Hooking WebViewClient.onReceivedSslError(WebView, SslErrorHandler, SslError) for: " + lpparam.packageName); + Log.d(TAG, "Hooking WebViewClient.onReceivedSslError(WebView, SslErrorHandler, SslError) for: " + currentPackageName); findAndHookMethod("android.webkit.WebViewClient", lpparam.classLoader, "onReceivedSslError", WebView.class, SslErrorHandler.class, SslError.class, new XC_MethodReplacement() { @@ -217,7 +220,7 @@ public class Main implements IXposedHookLoadPackage { /* frameworks/base/core/java/android/webkit/WebViewClient.java */ /* public void onReceivedError(WebView, int, String, String) */ - Log.d(TAG, "Hooking WebViewClient.onReceivedSslError(WebView, int, string, string) for: " + lpparam.packageName); + Log.d(TAG, "Hooking WebViewClient.onReceivedSslError(WebView, int, string, string) for: " + currentPackageName); findAndHookMethod("android.webkit.WebViewClient", lpparam.classLoader, "onReceivedError", WebView.class, int.class, String.class, String.class, new XC_MethodReplacement() { @@ -226,73 +229,21 @@ public class Main implements IXposedHookLoadPackage { return null; } }); - - /* hooking OKHTTP by SQUAREUP */ - /* com/squareup/okhttp/CertificatePinner.java available online @ https://github.com/square/okhttp/blob/master/okhttp/src/main/java/com/squareup/okhttp/CertificatePinner.java */ - /*public void check(String hostname, List peerCertificates) - throws SSLPeerUnverifiedException{}*/ - /* Either returns true or a exception so blanket return true */ - /* Tested against version 2.5 */ - Log.d(TAG, "Hooking com.squareup.okhttp.CertificatePinner.check(String,List) (2.5) for: " + lpparam.packageName); - try { - lpparam.classLoader.loadClass("com.squareup.okhttp.CertificatePinner"); - findAndHookMethod("com.squareup.okhttp.CertificatePinner", lpparam.classLoader, "check", String.class, List.class, new XC_MethodReplacement() { + // Multi-dex support: https://github.com/rovo89/XposedBridge/issues/30#issuecomment-68486449 + findAndHookMethod("android.app.Application", + lpparam.classLoader, + "attach", + Context.class, + new XC_MethodHook() { @Override - protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { - return true; + protected void afterHookedMethod(MethodHookParam param) throws Throwable { + // Hook OkHttp or third party libraries. + Context context = (Context) param.args[0]; + processOkHttp(context.getClassLoader()); } - }); - } catch(ClassNotFoundException e) { - // pass - Log.d(TAG, "OKHTTP 2.5 not found in " + lpparam.packageName + "-- not hooking"); - } - - //https://github.com/square/okhttp/blob/parent-3.0.1/okhttp/src/main/java/okhttp3/CertificatePinner.java#L144 - Log.d(TAG, "Hooking okhttp3.CertificatePinner.check(String,List) (3.x) for: " + lpparam.packageName); - - try { - lpparam.classLoader.loadClass("okhttp3.CertificatePinner"); - findAndHookMethod("okhttp3.CertificatePinner", lpparam.classLoader, "check", String.class, List.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { - return null; - } - }); - } catch(ClassNotFoundException e) { - Log.d(TAG, "OKHTTP 3.x not found in " + lpparam.packageName + " -- not hooking"); - // pass - } - - //https://github.com/square/okhttp/blob/parent-3.0.1/okhttp/src/main/java/okhttp3/internal/tls/OkHostnameVerifier.java - try { - lpparam.classLoader.loadClass("okhttp3.internal.tls.OkHostnameVerifier"); - findAndHookMethod("okhttp3.internal.tls.OkHostnameVerifier", lpparam.classLoader, "verify", String.class, javax.net.ssl.SSLSession.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { - return true; - } - }); - } catch(ClassNotFoundException e) { - Log.d(TAG, "OKHTTP 3.x not found in " + lpparam.packageName + " -- not hooking OkHostnameVerifier.verify(String, SSLSession)"); - // pass - } - - //https://github.com/square/okhttp/blob/parent-3.0.1/okhttp/src/main/java/okhttp3/internal/tls/OkHostnameVerifier.java - try { - lpparam.classLoader.loadClass("okhttp3.internal.tls.OkHostnameVerifier"); - findAndHookMethod("okhttp3.internal.tls.OkHostnameVerifier", lpparam.classLoader, "verify", String.class, java.security.cert.X509Certificate.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { - return true; - } - }); - } catch(ClassNotFoundException e) { - Log.d(TAG, "OKHTTP 3.x not found in " + lpparam.packageName + " -- not hooking OkHostnameVerifier.verify(String, X509)("); - // pass - } - - + } + ); /* Only for newer devices should we try to hook TrustManagerImpl */ if (hasTrustManagerImpl()) { @@ -300,7 +251,7 @@ public class Main implements IXposedHookLoadPackage { /* external/conscrypt/src/platform/java/org/conscrypt/TrustManagerImpl.java#217 */ /* public List checkServerTrusted(X509Certificate[] chain, String authType, String host) throws CertificateException */ - Log.d(TAG, "Hooking com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(X509Certificate[]) for: " + lpparam.packageName); + Log.d(TAG, "Hooking com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(X509Certificate[]) for: " + currentPackageName); findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, "checkServerTrusted", X509Certificate[].class, String.class, String.class, new XC_MethodReplacement() { @@ -390,6 +341,92 @@ public class Main implements IXposedHookLoadPackage { return null; } + void processOkHttp(ClassLoader classLoader) { + /* hooking OKHTTP by SQUAREUP */ + /* com/squareup/okhttp/CertificatePinner.java available online @ https://github.com/square/okhttp/blob/master/okhttp/src/main/java/com/squareup/okhttp/CertificatePinner.java */ + /* public void check(String hostname, List peerCertificates) throws SSLPeerUnverifiedException{}*/ + /* Either returns true or a exception so blanket return true */ + /* Tested against version 2.5 */ + Log.d(TAG, "Hooking com.squareup.okhttp.CertificatePinner.check(String,List) (2.5) for: " + currentPackageName); + + try { + classLoader.loadClass("com.squareup.okhttp.CertificatePinner"); + findAndHookMethod("com.squareup.okhttp.CertificatePinner", + classLoader, + "check", + String.class, + List.class, + new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { + return true; + } + }); + } catch(ClassNotFoundException e) { + // pass + Log.d(TAG, "OKHTTP 2.5 not found in " + currentPackageName + "-- not hooking"); + } + + //https://github.com/square/okhttp/blob/parent-3.0.1/okhttp/src/main/java/okhttp3/CertificatePinner.java#L144 + Log.d(TAG, "Hooking okhttp3.CertificatePinner.check(String,List) (3.x) for: " + currentPackageName); + + try { + classLoader.loadClass("okhttp3.CertificatePinner"); + findAndHookMethod("okhttp3.CertificatePinner", + classLoader, + "check", + String.class, + List.class, + new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { + return null; + } + }); + } catch(ClassNotFoundException e) { + Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking"); + // pass + } + + //https://github.com/square/okhttp/blob/parent-3.0.1/okhttp/src/main/java/okhttp3/internal/tls/OkHostnameVerifier.java + try { + classLoader.loadClass("okhttp3.internal.tls.OkHostnameVerifier"); + findAndHookMethod("okhttp3.internal.tls.OkHostnameVerifier", + classLoader, + "verify", + String.class, + javax.net.ssl.SSLSession.class, + new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { + return true; + } + }); + } catch(ClassNotFoundException e) { + Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking OkHostnameVerifier.verify(String, SSLSession)"); + // pass + } + + //https://github.com/square/okhttp/blob/parent-3.0.1/okhttp/src/main/java/okhttp3/internal/tls/OkHostnameVerifier.java + try { + classLoader.loadClass("okhttp3.internal.tls.OkHostnameVerifier"); + findAndHookMethod("okhttp3.internal.tls.OkHostnameVerifier", + classLoader, + "verify", + String.class, + java.security.cert.X509Certificate.class, + new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { + return true; + } + }); + } catch(ClassNotFoundException e) { + Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking OkHostnameVerifier.verify(String, X509)("); + // pass + } + } + class ImSureItsLegitTrustManager implements X509TrustManager { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { }