replace mach_inject with frida-core

xiaozhuai · Dec 30, 2020 · 6559402 · 6559402
1 parent 6f091c7
commit 6559402
Show file tree

Hide file tree

Showing 1,512 changed files with 45 additions and 334,834 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 .DS_Store
 build/
 cmake-build-*/
-.idea/
+.idea/
+vendor
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -27,8 +27,6 @@ add_subdirectory(src/inject-lib)
 add_subdirectory(src/daemon)
 add_subdirectory(src/ctl)
 add_subdirectory(src/gui)
-add_subdirectory(vendor/mach_inject)
-add_subdirectory(vendor/osxinj)
 
 install(CODE "execute_process(COMMAND \"${CMAKE_SOURCE_DIR}/build-zip.sh\"
         \"${CMAKE_SOURCE_DIR}\"

diff --git a/README.md b/README.md
@@ -6,9 +6,7 @@
 
 Odourless is a tool for preventing .DS_Store creation.
 
-Supported from 10.12 to 10.15.7.
-
-Currently not working on Big Sur, will fix soon.
+Supported from 10.12 to Big Sur.
 
 **Alpha version! Use it at your own risk!**
 
@@ -17,7 +15,7 @@ Currently not working on Big Sur, will fix soon.
 
 # How it works
 
-It use `mach_inject` to inject `Finder.app` and `frida-gum` to replace some syscall including `open`, `openx_np`, `getattrlist`, `setattrlist`.
+It use `frida-core` to inject `Finder.app` and `frida-gum` to replace some syscall including `open`, `openx_np`, `getattrlist`, `setattrlist`.
 
 Whenever `Finder` try call these function with `.DS_Store` file, it will replace the path to a fake one under the odourless cage directory `/usr/local/var/.odourless_cage`.
 
@@ -66,6 +64,8 @@ Type `brew install cmake` to install `cmake`.
 ```bash
 git clone https://github.com/xiaozhuai/odourless
 cd odourless
+rm -rf vendor
+unzip vendor.zip
 mkdir build
 cd build
 cmake -DCMAKE_BUILD_TYPE=Release ..

diff --git a/README_CN.md b/README_CN.md
@@ -6,9 +6,7 @@
 
 Odourless是一个禁止MacOS系统生成.DS_Store的工具. 
 
-支持10.12到10.15.7
-
-暂时不支持Big Sur，将很快修复。
+支持 10.12 到 Big Sur
 
 **当前是非稳定版, 使用需自行承担风险.**
 
@@ -17,7 +15,7 @@ Odourless是一个禁止MacOS系统生成.DS_Store的工具.
 
 # 如何工作
 
-使用 `mach_inject` 注入 `Finder.app` 进程, 通过 `frida-gum` 来替换部分系统调用, 包括 `open`, `openx_np`, `getattrlist`, `setattrlist`.
+使用 `frida-core` 注入 `Finder.app` 进程, 通过 `frida-gum` 来替换部分系统调用, 包括 `open`, `openx_np`, `getattrlist`, `setattrlist`.
 
 每当 `Finder` 尝试调用这些方法且传入的路径是一个 `.DS_Store` 文件, 它将会将其替换为一个假的路径, 位于 `/usr/local/var/.odourless_cage`.
 
@@ -64,6 +62,8 @@ Odourless是一个禁止MacOS系统生成.DS_Store的工具.
 ```bash
 git clone https://github.com/xiaozhuai/odourless
 cd odourless
+rm -rf vendor
+unzip vendor.zip
 mkdir build
 cd build
 cmake -DCMAKE_BUILD_TYPE=Release ..

diff --git a/src/daemon/CMakeLists.txt b/src/daemon/CMakeLists.txt
@@ -5,7 +5,10 @@ set(CMAKE_CXX_STANDARD 17)
 
 file(GLOB_RECURSE ODOURLESS_DAEMON_SOURCE_FILES "./*.cpp" "./*.h")
 
+set(CMAKE_EXE_LINKER_FLAGS "-s -Wl,-dead_strip ${CMAKE_EXE_LINKER_FLAGS}")
+
 add_executable(odourless-daemon ${ODOURLESS_DAEMON_SOURCE_FILES})
 target_include_directories(odourless-daemon PRIVATE ../common)
-target_include_directories(odourless-daemon PRIVATE ../../vendor/mach_inject)
-target_link_libraries(odourless-daemon odourless-common mach_inject)
+target_include_directories(odourless-daemon PRIVATE ../../vendor/frida-core)
+target_link_directories(odourless-daemon PRIVATE ../../vendor/frida-core)
+target_link_libraries(odourless-daemon odourless-common frida-core resolv bsm "-framework Foundation" "-framework AppKit")
diff --git a/src/daemon/Injector.cpp b/src/daemon/Injector.cpp
@@ -1,39 +1,27 @@
 #include "Injector.h"
-#include "mach_inject.h"
 #include "Log.h"
-
 #include <dlfcn.h>
 #include <csignal>
 
-Injector::Injector(const std::string &bootstrapLib) {
-    module = dlopen(bootstrapLib.c_str(), RTLD_NOW | RTLD_LOCAL);
-    LOG("module: %p", module);
-
-    if (!module) {
-        LOGE("dlopen error: %s", dlerror());
-        return;
-    }
-
-    bootstrapFunc = dlsym(module, "bootstrap");
-    LOG("bootstrapFunc: %p", bootstrapFunc);
-
-    if (!bootstrapFunc) {
-        LOGE("could not locate bootstrapFunc");
-        return;
-    }
+Injector::Injector() {
+    frida_init();
+    m_injector = frida_injector_new_inprocess();
 }
 
 Injector::~Injector() {
-    if (module) {
-        dlclose(module);
-        module = nullptr;
-    }
+    frida_injector_close_sync(m_injector, nullptr, nullptr);
+    g_object_unref(m_injector);
+    frida_deinit();
 }
 
-int Injector::inject(pid_t pid, const std::string &lib) {
-    if (!module || !bootstrapFunc) {
-        LOGE("inject failed, module: %p, bootstrapFunc: %p", module, bootstrapFunc);
-        return 1000;
+bool Injector::inject(pid_t pid, const std::string &lib) {
+    GError *error = nullptr;
+    auto id = frida_injector_inject_library_file_sync(m_injector, pid, lib.c_str(), "agent_main", "", nullptr, &error);
+    if (error != nullptr) {
+        LOGE("inject failed, %s", error->message);
+        g_error_free(error);
+        return false;
     }
-    return mach_inject((mach_inject_entry) bootstrapFunc, lib.c_str(), lib.size() + 1, pid, 0);
+    LOGE("inject suc");
+    return true;
 }
diff --git a/src/daemon/Injector.h b/src/daemon/Injector.h
@@ -1,20 +1,20 @@
 #ifndef _INJECTOR_H_
 #define _INJECTOR_H_
 
+#include "frida-core.h"
 #include <string>
 #include <sys/types.h>
 
 class Injector {
 public:
-    explicit Injector(const std::string &bootstrapLib);
+    Injector();
 
     ~Injector();
 
-    int inject(pid_t pid, const std::string &lib);
+    bool inject(pid_t pid, const std::string &lib);
 
 private:
-    void *module = nullptr;
-    void *bootstrapFunc = nullptr;
+    FridaInjector *m_injector = nullptr;
 };
 
 #endif
diff --git a/src/daemon/odourless-daemon.cpp b/src/daemon/odourless-daemon.cpp
@@ -42,10 +42,9 @@ int main(int argc, char **argv) {
 
     const std::string finderProcessPath = "/System/Library/CoreServices/Finder.app/Contents/MacOS/Finder";
     const std::string executableDirectory = ProcessHelper::getCurrentExecutableDirectory();
-    const std::string bootstrapLib = FileSystemHelper::realpath(executableDirectory + "/../lib/libbootstrap.dylib");
     const std::string injectLib = FileSystemHelper::realpath(executableDirectory + "/../lib/libodourless-inject.dylib");
 
-    Injector inj(bootstrapLib);
+    Injector inj;
 
     signal(SIGINT, sigHandler);
 
@@ -63,12 +62,7 @@ int main(int argc, char **argv) {
                 }
                 finderPid = pid;
                 sleep(3);
-                int err;
-                if ((err = inj.inject(finderPid, injectLib)) != 0) {
-                    LOGE("inject failed, error: %d", err);
-                } else {
-                    LOG("inject suc");
-                }
+                inj.inject(finderPid, injectLib);
             } else {
                 sleep(3);
                 // OK

diff --git a/src/inject-lib/odourless-inject.cpp b/src/inject-lib/odourless-inject.cpp
@@ -8,11 +8,11 @@
 #include "strategy/asepsis_strategy.h"
 
 extern "C" {
-__attribute__ ((constructor)) static void init();
-__attribute__ ((destructor)) static void deinit();
+void agent_main(const gchar *data, gboolean *stay_resident);
 }
 
-void init() {
+void agent_main(const gchar *data, gboolean *stay_resident) {
+    *stay_resident = true;
     Log::init(OdourlessUtils::getInjectLogPath());
     LOG("odourless-inject init");
     Hook::init();
@@ -21,9 +21,9 @@ void init() {
     }
 }
 
-void deinit() {
-    LOG("odourless-inject deinit");
-    cancel_asepsis_strategy();
-    Hook::destroy();
-    Log::destroy();
-}
+//void deinit() {
+//    LOG("odourless-inject deinit");
+//    cancel_asepsis_strategy();
+//    Hook::destroy();
+//    Log::destroy();
+//}
diff --git a/vendor.zip b/vendor.zip