Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

shadowhook_hook_sym_name of __system_property_read_callback broken on Android 14 QPR2 Betas #53

Closed
osm0sis opened this issue Dec 14, 2023 · 4 comments
Closed

shadowhook_hook_sym_name of __system_property_read_callback broken on Android 14 QPR2 Betas #53

osm0sis opened this issue Dec 14, 2023 · 4 comments
Labels
bug Something isn't working

Comments

@osm0sis
Copy link

osm0sis commented Dec 14, 2023
edited
Loading

ShadowHook Version

1.0.8

Android OS Version

14.0 QPR2

Android ABIs

armeabi-v7a, arm64-v8a

Device Manufacturers and Models

Google Pixel Fold, and others

Describe the Bug

The following code is working well on Android 14, but it fails to find the handle (handle == nullptr) starting on the Android 14 QPR2 Betas. My tester is currently on QPR2 Beta 1.1.

typedef void (*T_Callback)(void *, const char *, const char *, uint32_t);

static std::map<void *, T_Callback> callbacks;

static void (*o_system_property_read_callback)(const prop_info *, T_Callback, void *);

static void my_system_property_read_callback(const prop_info *pi, T_Callback callback, void *cookie) {
    if (pi == nullptr || callback == nullptr || cookie == nullptr) {
        return o_system_property_read_callback(pi, callback, cookie);
    }
    callbacks[cookie] = callback;
    return o_system_property_read_callback(pi, modify_callback, cookie);
}

static void doHook() {
    shadowhook_init(SHADOWHOOK_MODE_UNIQUE, false);
    void *handle = shadowhook_hook_sym_name(
            "libc.so",
            "__system_property_read_callback",
            reinterpret_cast<void *>(my_system_property_read_callback),
            reinterpret_cast<void **>(&o_system_property_read_callback)
    );
    if (handle == nullptr) {
        LOGD("Couldn't find '__system_property_read_callback' handle");
        return;
    }
    LOGD("Found '__system_property_read_callback' handle at %p", handle);
}

To be honest I've inherited this part of the code so I'm still learning about hooking and such, but it does seem to be a new issue from QPR2, and I'm told Dobby remains working for the same hook on a different fork, so hopefully that might give you some ideas! 🙂

My project's full ShadowHook use code is here:
https://github.com/osm0sis/PlayIntegrityFork/blob/802c0a7617a623ac1f028f1a41368536629bce65/app/src/main/cpp/main.cpp
@osm0sis osm0sis added the bug Something isn't working label Dec 14, 2023
@osm0sis
Copy link
Author

osm0sis commented Jan 11, 2024
edited
Loading

A user just confirmed the issue is still present with QPR2 Beta 3. @caikelun, is this project still being maintained? 🫤

@caikelun
Copy link
Member

@osm0sis Thanks for the feedback. A new version 1.0.9 has just been released, which may solve your problem: https://github.com/bytedance/android-inline-hook/releases/tag/v1.0.9

@osm0sis
Copy link
Author

osm0sis commented Jan 19, 2024
edited
Loading

Thanks for getting back to me! I'll run a test build and have my user (hopefully) confirm all is well again! 🙂🤞

@osm0sis
Copy link
Author

osm0sis commented Jan 19, 2024

And confirmed! All good on Android 14 QPR2. Cheers!

@osm0sis osm0sis closed this as completed Jan 19, 2024
osm0sis referenced this issue in osm0sis/PlayIntegrityFork Jan 24, 2024
@osm0sis @TheFreeman193 @chiteroman
Switch hooking method to Dobby
475185c 
- Android 14 QPR2 (currently in Beta and due for Stable in March) breaks ShadowHook libc hooking needed for property spoofing
- there are currently no signs of life over at ShadowHook to resolve this despite my reporting it to them over a month ago

Co-authored-by: Nicholas Bissell <thefreeman193@hotmail.com>
Co-authored-by: chiteroman <98092901+chiteroman@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@caikelun @osm0sis