MCPcopy Index your code
hub / github.com/APKLab/APKLab / patchSmaliWithGadgetLoad

Function patchSmaliWithGadgetLoad

src/tools/frida.ts:485–562  ·  view source on GitHub ↗

* Patch a smali file to load a native library in onCreate. * Uses a safe register (bumps .locals/.registers count and uses the new slot). * Adds a marker comment for idempotent detection.

(
    smaliPath: string,
    libBaseName: string,
)

Source from the content-addressed store, hash-verified

483 * Adds a marker comment for idempotent detection.
484 */
485function patchSmaliWithGadgetLoad(
486 smaliPath: string,
487 libBaseName: string,
488): boolean {
489 const content = fs.readFileSync(smaliPath, "utf-8");
490
491 // Check if already patched
492 if (content.includes(GADGET_INJECT_MARKER)) return false;
493
494 const lines = content.split("\n");
495 const result: string[] = [];
496 let patched = false;
497
498 for (let i = 0; i < lines.length; i++) {
499 result.push(lines[i]);
500
501 // Find onCreate method and insert after .locals/.registers directive
502 if (
503 !patched &&
504 lines[i]
505 .trim()
506 .match(/\.method\s+.*onCreate\(Landroid\/os\/Bundle;\)V/)
507 ) {
508 // Find the .locals or .registers line
509 for (i++; i < lines.length; i++) {
510 result.push(lines[i]);
511 const trimmed = lines[i].trim();
512 if (
513 trimmed.startsWith(".locals") ||
514 trimmed.startsWith(".registers")
515 ) {
516 const localsMatch = trimmed.match(
517 /\.(locals|registers)\s+(\d+)/,
518 );
519 if (!localsMatch) break;
520
521 const directive = localsMatch[1];
522 const count = parseInt(localsMatch[2]);
523 let safeReg: string;
524
525 if (directive === "locals") {
526 // .locals N -> .locals N+1, new register is vN
527 safeReg = `v${count}`;
528 } else {
529 // .registers M with onCreate(Bundle): 2 params (this + Bundle)
530 // locals = M - 2, new local = v(M-2) after bumping to M+1
531 safeReg = `v${count - 2}`;
532 }
533
534 // Bump the count
535 result[result.length - 1] = lines[i].replace(
536 /\d+/,
537 String(count + 1),
538 );
539
540 // Insert gadget load code with marker
541 result.push("");
542 result.push(` ${GADGET_INJECT_MARKER}`);

Callers 2

injectGadgetFunction · 0.85
frida.test.tsFile · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected