* Patch a smali file to load a native library in onCreate. * Uses a safe register (bumps .locals/.registers count and uses the new slot). * Adds a marker comment for idempotent detection.
(
smaliPath: string,
libBaseName: string,
)
| 483 | * Adds a marker comment for idempotent detection. |
| 484 | */ |
| 485 | function patchSmaliWithGadgetLoad( |
| 486 | smaliPath: string, |
| 487 | libBaseName: string, |
| 488 | ): boolean { |
| 489 | const content = fs.readFileSync(smaliPath, "utf-8"); |
| 490 | |
| 491 | // Check if already patched |
| 492 | if (content.includes(GADGET_INJECT_MARKER)) return false; |
| 493 | |
| 494 | const lines = content.split("\n"); |
| 495 | const result: string[] = []; |
| 496 | let patched = false; |
| 497 | |
| 498 | for (let i = 0; i < lines.length; i++) { |
| 499 | result.push(lines[i]); |
| 500 | |
| 501 | // Find onCreate method and insert after .locals/.registers directive |
| 502 | if ( |
| 503 | !patched && |
| 504 | lines[i] |
| 505 | .trim() |
| 506 | .match(/\.method\s+.*onCreate\(Landroid\/os\/Bundle;\)V/) |
| 507 | ) { |
| 508 | // Find the .locals or .registers line |
| 509 | for (i++; i < lines.length; i++) { |
| 510 | result.push(lines[i]); |
| 511 | const trimmed = lines[i].trim(); |
| 512 | if ( |
| 513 | trimmed.startsWith(".locals") || |
| 514 | trimmed.startsWith(".registers") |
| 515 | ) { |
| 516 | const localsMatch = trimmed.match( |
| 517 | /\.(locals|registers)\s+(\d+)/, |
| 518 | ); |
| 519 | if (!localsMatch) break; |
| 520 | |
| 521 | const directive = localsMatch[1]; |
| 522 | const count = parseInt(localsMatch[2]); |
| 523 | let safeReg: string; |
| 524 | |
| 525 | if (directive === "locals") { |
| 526 | // .locals N -> .locals N+1, new register is vN |
| 527 | safeReg = `v${count}`; |
| 528 | } else { |
| 529 | // .registers M with onCreate(Bundle): 2 params (this + Bundle) |
| 530 | // locals = M - 2, new local = v(M-2) after bumping to M+1 |
| 531 | safeReg = `v${count - 2}`; |
| 532 | } |
| 533 | |
| 534 | // Bump the count |
| 535 | result[result.length - 1] = lines[i].replace( |
| 536 | /\d+/, |
| 537 | String(count + 1), |
| 538 | ); |
| 539 | |
| 540 | // Insert gadget load code with marker |
| 541 | result.push(""); |
| 542 | result.push(` ${GADGET_INJECT_MARKER}`); |
no outgoing calls
no test coverage detected