残页

icon indicating a website link https://blog.canyie.top/

icon location China icon location 20 y.o. Android (framework) developer & security researcher. Vulnerable. "Know me as a real person, not a symbol". QAQ

Results 20 issues of 残页

PendingHookHandler depends on default handler's internal behavior

https://github.com/canyie/pine/blob/0e072b519a7ff8c1ec552ede3eeae74955e63d58/enhances/src/main/java/top/canyie/pine/enhances/PendingHookHandler.java#L136-L138 https://github.com/canyie/pine/blob/0e072b519a7ff8c1ec552ede3eeae74955e63d58/enhances/src/main/java/top/canyie/pine/enhances/PendingHookHandler.java#L157-L159

regression

Hook Toast crash when calling backup on Huawei Honor DUK-AL20 device

``` Rooted: 'Yes' API level: '24' OS version: '7.0' Kernel version: 'Linux version 4.1.18-gebc47dc #1 SMP PREEMPT Wed Nov 15 05:49:58 CST 2017 (aarch64)' ABI list: 'arm64-v8a,armeabi-v7a,armeabi' Manufacturer: 'HUAWEI' Brand:...

bug
help wanted
not enough info

Art threads suspension causes deadlock

3 comment

(This problem is also described in the README.) Background: 1. In the bridge_jump_trampoline, we modified some registers to save our own values, so we have to save the original values...

bug
help wanted

[BUG] A random crash

3 comment

~~~ 04-18 17:37:26.367 31016 31016 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 04-18 17:37:26.368 31016 31016 F DEBUG...

bug
help wanted
not enough info

[Feature] Enhanced Hide Support

目前梦境已经支持riru v22及她自带的隐藏功能,现在/proc/self/maps已经没有libriru_dreamland.so了;但是目前还有很多特征没有隐藏: 1. ~~现在还没有隐藏dreamland.jar,直接读maps就能找到,可以做一个名称随机化之类的;或者改到一个普通应用读不到的位置,然后InMemoryDexClassLoader加载(只要内存中存在被magisk替换过的文件就一定会被发现,哭唧唧)~~ 已实现在 80888f6 2. ~~libriru_dreamland.so的后半部分也可以考虑随机化(前面固定了改不了),以在riru hide未启用的情况下阻止应用检测到梦境~~ 不搞了,反正有现成的 riru hide 3. ~~对于Resources Hooking目前是在/data/dalvik_cache/下面生成dex然后加载,名称也是固定的,可以考虑不缓存直接InMemoryDexClassLoader加载~~ 已实现在 d2dd84640aa6a064ae23dde9bb187e2a1cf690e2 4. 打开Pine自带的反检测开关,maps里的[anon: pine cores]太显眼了 5. 管理器也可以搞一个随机包名

enhancement
TODO

[TODO] Hooking into isolated process and app zygote

2 comment

对于isolated process(隔离进程,或者叫孤立进程),不被允许访问现在替换的clipboard service,所以无法与在system server运行的管理服务进行交互,可能需要改替换目标;而且它每次运行的uid都是随机的,很难判断它属于哪个app; 至于app zygote,它是一个child zygote,根本不被允许进行binder transaction,需要想办法绕开;而且就算进去了,现有的Xposed回调也不适用于app zygote,需要开新的api(IXposedHookAppZygoteInit)。

enhancement
TODO

[Feature] Add new API for query the features supported by the framework

自rovo89停更后(Xposed API 89+),Xposed API Version十分混乱,很多features在这个框架有,那个框架没有;不如添加新的查询API,初步设计有 getAvailableFeatures(),isFeatureAvailable(feature),meta-data里也可以require feature,如果没有拒绝激活。

enhancement
TODO

[Feature] Add command line tool for managing configurations

Now we can only apply configurations via Dreamland Manager or edit the configurations files directly. If the user disabled framework (e.g. stop bootloop caused by modules), manager will not able...

enhancement
TODO

Update documents

Add "-Z" option to show property context

The "-Z" option does exist in system's getprop but requires Android 7.0+ so I want to add this to magisk resetprop.