revert integrity fix

j-hc · Mar 26, 2024 · 27a7ff2 · 27a7ff2
1 parent ec0e464
commit 27a7ff2
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 22 deletions.
diff --git a/zygisk/jni/module.cpp b/zygisk/jni/module.cpp
@@ -22,9 +22,9 @@ struct PParcel {
     size_t data_size;
 };
 
-static inline bool is_detached(PParcel* __restrict__ parcel) {
+static inline void detach(PParcel* parcel) {
     auto p = FakeParcel{parcel->data, 0};
-    if (!p.enforceInterface(parcel->data_size, HEADERS_COUNT)) return false;
+    if (!p.enforceInterface(parcel->data_size, HEADERS_COUNT)) return;
     uint32_t pkg_len = p.readInt32();
     uint32_t pkg_len_b = pkg_len * 2 - 1;
     auto pkg_ptr = p.readString16(pkg_len);
@@ -36,24 +36,19 @@ static inline bool is_detached(PParcel* __restrict__ parcel) {
         i += sizeof(dlen) + dlen;
         if (dlen != pkg_len_b)
             continue;
-        if (!memcmp(dptr, pkg_ptr, dlen))
-            return true;
+        if (!memcmp(dptr, pkg_ptr, dlen)) {
+            *pkg_ptr = 0;
+            return;
+        }
     }
-    return false;
 }
 
 int (*transact_orig)(void*, int32_t, uint32_t, void*, void*, uint32_t);
 
 int transact_hook(void* self, int32_t handle, uint32_t code, void* pdata, void* preply, uint32_t flags) {
-    static uint8_t REPLY_BUF[8] = {0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00};
-    int ret = transact_orig(self, handle, code, pdata, preply, flags);
     auto parcel = (PParcel*)pdata;
-    if (is_detached(parcel)) {
-        auto reply = (PParcel*)preply;
-        reply->data_size = 8;
-        reply->data = REPLY_BUF;
-    }
-    return ret;
+    detach(parcel);
+    return transact_orig(self, handle, code, pdata, preply, flags);
 }
 
 class Sigringe : public zygisk::ModuleBase {
@@ -88,12 +83,12 @@ class Sigringe : public zygisk::ModuleBase {
         char sdk_str[2];
         if (__system_property_get("ro.build.version.sdk", sdk_str)) {
             int sdk = atoi(sdk_str);
-            if (sdk >= 30) HEADERS_COUNT = 3;
-            else if (sdk == 29) HEADERS_COUNT = 2;
-            else HEADERS_COUNT = 1;
+            if (sdk >= 30) HEADERS_COUNT = 3 * sizeof(uint32_t);
+            else if (sdk == 29) HEADERS_COUNT = 2 * sizeof(uint32_t);
+            else HEADERS_COUNT = 1 * sizeof(uint32_t);
         } else {
             LOGD("WARN: could not get sdk version (fallback=3)");
-            HEADERS_COUNT = 3;
+            HEADERS_COUNT = 3 * sizeof(uint32_t);
         }
 
         ino_t inode;

diff --git a/zygisk/jni/parcel.cpp b/zygisk/jni/parcel.cpp
@@ -5,7 +5,6 @@
 #define ARRAY_LEN(a) (sizeof(a) / sizeof(a[0]))
 #define PM_DESCRIPTOR_LEN (ARRAY_LEN(u"android.content.pm.IPackageManager") - 1)
 #define PM_DESCRIPTOR_BYTES (PM_DESCRIPTOR_LEN * 2)
-#define U32SZ (sizeof(uint32_t))
 
 // bool String16Eq(const char16_t* s1, size_t len1, const char16_t* s2, size_t len2) {
 //     return (len1 == len2 && !memcmp(s1, s2, len1 * sizeof(char16_t)));
@@ -27,10 +26,10 @@ char16_t* FakeParcel::readString16(uint32_t len) {
     return s;
 }
 
-bool FakeParcel::enforceInterface(size_t data_size, uint8_t header_count) {
-    //              |        headers       |des len|      descriptor       |null+next|
-    if (data_size < (U32SZ * header_count) + U32SZ + PM_DESCRIPTOR_BYTES + (U32SZ * 2)) return false;
-    skip(U32SZ * header_count);
+bool FakeParcel::enforceInterface(size_t data_size, uint8_t headers) {
+    //            | headers |     des len      |      descriptor       |    null+next       |
+    if (data_size < headers + sizeof(uint32_t) + PM_DESCRIPTOR_BYTES + (sizeof(uint32_t) * 2)) return false;
+    skip(headers);
     uint32_t len = readInt32();
     readString16(len);  // pi;
     return PM_DESCRIPTOR_LEN == len;