@TargetApi
(
28
)
/
*
renamed
from
: s.h.e.l.l.A
*
/
注意这里的shellA
public final
class
AppComponentFactoryC0080A extends AppComponentFactory {
private AppComponentFactory acf
=
null;
/
*
监控类
*
/
private AppComponentFactory orignACF
=
null;
private String orignAppName
=
"com.tangzhanglao.TangzhanglaoApplication"
;
private String orignName
=
"androidx.core.app.CoreComponentFactory"
;
/
*
为了本地AppComponentFactoryC0080A类实现必须应用原始类
*
/
private String packageName
=
"vip.mytangzhanglao"
;
private boolean supportInstantiateClassLoader
=
false;
/
*
监控开关
*
/
/
*
renamed
from
: al 这个类是写在native层的,具体功能没有分析
*
/
public static native ClassLoader m203al(ClassLoader classLoader, ApplicationInfo applicationInfo, String
str
, String str2);
/
函数getACF()
*
工厂类的典型方法,加载自身类,并实例化类,从此系统中有了两个类;获取本地实现类的指针,通过指针调用监控行为
*
/
public synchronized AppComponentFactory getACF(ClassLoader classLoader) {
if
(this.acf
=
=
null && this.orignName !
=
null && !this.orignName.equals("")) {
try
{
this.acf
=
(AppComponentFactory) classLoader.loadClass(this.orignName).newInstance();
} catch (Exception e) {
}
}
return
this.acf;
}
/
*
注意,因为重写了Activity,所以整个壳的行为过程都被拦截了
*
/
@Override
/
/
android.app.AppComponentFactory
public Activity instantiateActivity(ClassLoader classLoader, String
str
, Intent intent) throws ClassNotFoundException, IllegalAccessException, InstantiationException {
if
(ApplicationC0083S.f170l) {
AppComponentFactory acf2
=
getACF(classLoader);
this.acf
=
acf2;
if
(acf2 !
=
null) {
return
this.acf.instantiateActivity(classLoader,
str
, intent);
/
*
if
体内,如果是壳程序,就拦截
*
/
}
}
return
super
.instantiateActivity(classLoader,
str
, intent);
}
/
*
如果不是壳程序,就放行
*
/
/
*
Application的加载被监控
*
/
@Override
/
/
android.app.AppComponentFactory
public Application instantiateApplication(ClassLoader classLoader, String
str
) throws ClassNotFoundException, IllegalAccessException, InstantiationException {
if
(this.supportInstantiateClassLoader &&
str
.equals(
"s.h.e.l.l.S"
)) {
str
=
this.orignAppName;
}
else
if
(ApplicationC0083S.f170l) {
AppComponentFactory acf2
=
getACF(classLoader);
this.acf
=
acf2;
if
(acf2 !
=
null) {
return
this.acf.instantiateApplication(classLoader,
str
);
}
}
return
super
.instantiateApplication(classLoader,
str
);
}
/
*
这里ClassLoader类重置,才是实现动态保护的核心;一般App的加载是没有hook行为的;整个动态壳的保护,就是通过这里实现hook,进行解密、或者加密等功能的
*
/
@TargetApi
(
29
)
public ClassLoader instantiateClassLoader(ClassLoader classLoader, ApplicationInfo applicationInfo) {
if
(!this.supportInstantiateClassLoader) {
File
file
=
new
File
(applicationInfo.dataDir,
"files"
);
if
(!
file
.exists()) {
file
.mkdirs();
/
*
创建文件
*
/
}
ApplicationC0083S.f173p
=
file
.getAbsolutePath();
/
*
获取路径
*
/
ApplicationC0083S.f169f
=
applicationInfo.sourceDir;
/
*
重置需要解密文件
*
/
ApplicationC0083S.m216l(null);
/
*
这个函数就不具体贴代码了,就是设置系统信息的,获取解密需要的系统参数,为解密做准备
*
/
classLoader
=
C0082N.m205al(classLoader, applicationInfo, this.packageName, this.orignAppName);
/
*
native层解密
*
/
applicationInfo.className
=
this.orignAppName;
this.supportInstantiateClassLoader
=
true;
/
*
设置可以加载
*
/
}
if
(ApplicationC0083S.f170l) {
this.acf
=
getACF(classLoader);
if
(this.acf !
=
null) {
return
this.acf.instantiateClassLoader(classLoader, applicationInfo);
/
*
返回解密后的程序包
*
/
}
}
return
super
.instantiateClassLoader(classLoader, applicationInfo);
/
*
不是壳程序,就放行
*
/
}
/
*
ContentProvider组件监控
*
/
@Override
/
/
android.app.AppComponentFactory
public ContentProvider instantiateProvider(ClassLoader classLoader, String
str
) throws ClassNotFoundException, IllegalAccessException, InstantiationException {
if
(ApplicationC0083S.f170l) {
AppComponentFactory acf2
=
getACF(classLoader);
this.acf
=
acf2;
if
(acf2 !
=
null) {
return
this.acf.instantiateProvider(classLoader,
str
);
}
}
return
super
.instantiateProvider(classLoader,
str
);
}
/
*
BroadcastReceiver 组件监控
*
/
@Override
/
/
android.app.AppComponentFactory
public BroadcastReceiver instantiateReceiver(ClassLoader classLoader, String
str
, Intent intent) throws ClassNotFoundException, IllegalAccessException, InstantiationException {
if
(ApplicationC0083S.f170l) {
AppComponentFactory acf2
=
getACF(classLoader);
this.acf
=
acf2;
if
(acf2 !
=
null) {
return
this.acf.instantiateReceiver(classLoader,
str
, intent);
}
}
return
super
.instantiateReceiver(classLoader,
str
, intent);
}
/
*
Service组件监控
*
/
@Override
/
/
android.app.AppComponentFactory
public Service instantiateService(ClassLoader classLoader, String
str
, Intent intent) throws ClassNotFoundException, IllegalAccessException, InstantiationException {
if
(ApplicationC0083S.f170l) {
AppComponentFactory acf2
=
getACF(classLoader);
this.acf
=
acf2;
if
(acf2 !
=
null) {
return
this.acf.instantiateService(classLoader,
str
, intent);
}
}
return
super
.instantiateService(classLoader,
str
, intent);
}
}