A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffolding when apk is a unity il2cpp game. Write code on a apk file elegantly.

Related tags

Security & Decompiler hook apk il2cpp smali dex apktool androidstudio
Overview

FakerAndroid (FakerAndroid.jar or FakerAndroid-AS)

A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffolding when apk is a unity il2cpp game.

Summary

  • Write code on a apk file elegantly.
  • The Apk file can be directly converted into Android project for secondary development, supporting so hook. For the game of il2cpp, APK directly generates il2cpp C++ scaffolding
  • What's more to say about transforming the painful reverse environment into a comfortable development environment, saying goodbye to assembly and binary~

Feature

  • Stantard AndroidStudio android project generated
  • Original java class usage or cover it by compileable java code
  • Hook Api offered for hooking .so method
  • When apk is a il2cpp game il2cpp c++ scaffoding generated
  • Back compilation voluntary when there is a modification of smali files(AndroidStudio project file tree model)
  • Unlimited possibilities and expansibility. You has the final say

Environment

Usage

  • Download FakerAndroid.jar(2020/11/15/16:52:00)
  • cmd cd <FakerAndroid.jar base dir>
  • cmd java -jar FakerAndroid.jar fk <apkpath> (project will be generated in the same dir of the orininal apk) or java -jar FakerAndroid.jar fk <apkpath> -o <outdir>
  • Demojava -jar FakerAndroid.jar fk D:\apk\test.apk or java -jar FakerAndroid.jar fk D:\apk\test.apk -o D:\test

Or Usage

  • Download FakerAndroid-AS.zip(2020/11/15/16:52:00)
  • AS->File-Settings->Plugin->SettingIcon->InstallPlugin Plugin From Disk->Restart As
  • AS->File->FakerAndroid->Choose your apk file

Secondary development course

1、Open the project
  • By Android studio File->open-><generated project root>
  • Keep the root dir build.gradle file depends com.android.tools.build:gradle:3.4.0,don't upgrate or modify it
  • Set project ndk base version 21 best
  • A little modification will be needed by yourself when the res or AndroidManifest.xml can't pass the compiler
2、Debug or run the project
  • With a testing machine conected
  • Run
3、Advanced
  • Original java class call
    With the help of javaScaffoding write your java code to call original class in app moudle(app/src/main/java)
  • Original java class replacement
    Write java code in moudle app(app/src/main/java),keep the class name and package name corresponding same as the original class
  • Smali increament building
    When there is a smali files mod,there is a least files builing
  • So Hook
    With the help of fakeCpp api use jni hook the so method
  • Il2cpp unity script development
    With the help of il2cpp Scaffolding and fakeCpp api,use jni have a modification of il2cpp game script
4、Issues
5、Demo
Comments
  • coverChar2Il2cppString 后面几个字符乱码。显示为【完美敒瑣】

    coverChar2Il2cppString 后面几个字符乱码。显示为【完美敒瑣】

    初步判断应该是没有字符串结束符【\0】但是加上结束符。问题依旧 请问下作者你有什么解决办法吗?
    if(strcmp(t,"不法世界")==0){//这个不法世界感觉是个敏感词,发布渠道的话过审有问题,所以修改一下 Text_set_text(__this, value,method); MonoString *ms = coverChar2Il2cppString("完美世界"); Text_set_text(__this, reinterpret_cast<String *>(ms), method); return; }

    opened by 644368912 5
  • aab packaging method so library address search failed, baseImageAddr is 0

    aab packaging method so library address search failed, baseImageAddr is 0

    When I use aab to package and install, the address of the so library will fail to locate, and the hook will not work. Have you encountered this problem? Is there a corresponding solution?

    I guess: because of the way aab is packaged, the lib and base code are loaded into two apks, resulting in not being in the same apk. The baseImageAddr provided by fake is not compatible with this problem.

    long base = baseImageAddr("libil2cpp.so"); LOGE("baseImageAddr : %ld",base);

    the log is: E/xNative: baseImageAddr : 0

    opened by DogLoveEatFish 1
  • so hook:32位so在64位手机上崩溃

    so hook:32位so在64位手机上崩溃

    在64位手机上: 如果单独使用arm64-v8下的so,可通过偏移地址正常hook函数。 如果单独使用armeabi-v7a下的so,则通过偏移地址hook函数时会崩溃(基址和偏移地址确定无误)。 崩溃日志:A/libc: Fatal signal 4 (SIGILL), code 1, fault addr 0xd44c4548 in tid 21723

    测试了多个手机都是同样问题

    opened by trackway 1
  • mergeProjectDexDebug

    mergeProjectDexDebug

    有的应用 编译不能正常回编,smail 2 dex 失败。 要怎么解决。看不懂你的 com.fakerandroid.tools.build:gradle:1.0.32 里面的源码。 应用包名 :com.ss.android.jumanji 应用名 :抖音盒子 应用版本 :抖音盒子 1.3.0 正常新版。 AGPBI: {"kind":"error","text":"java.lang.NullPointerException","sources":[{}],"tool":"D8"} com.android.builder.dexing.DexArchiveMergerException: Error while merging dex archives: at com.android.builder.dexing.D8DexArchiveMerger.getExceptionToRethrow(D8DexArchiveMerger.java:132) at com.android.builder.dexing.D8DexArchiveMerger.mergeDexArchives(D8DexArchiveMerger.java:119) at com.android.build.gradle.internal.transforms.DexMergerTransformCallable.call(DexMergerTransformCallable.java:102) at com.android.build.gradle.internal.tasks.DexMergingTaskRunnable.run(DexMergingTask.kt:436) at com.android.build.gradle.internal.tasks.Workers$ActionFacade.run(Workers.kt:242) at org.gradle.workers.internal.AdapterWorkAction.execute(AdapterWorkAction.java:57) at org.gradle.workers.internal.DefaultWorkerServer.execute(DefaultWorkerServer.java:63) at org.gradle.workers.internal.NoIsolationWorkerFactory$1$1.create(NoIsolationWorkerFactory.java:67) at org.gradle.workers.internal.NoIsolationWorkerFactory$1$1.create(NoIsolationWorkerFactory.java:63) at org.gradle.internal.classloader.ClassLoaderUtils.executeInClassloader(ClassLoaderUtils.java:97) at org.gradle.workers.internal.NoIsolationWorkerFactory$1.lambda$execute$0(NoIsolationWorkerFactory.java:63) at org.gradle.workers.internal.AbstractWorker$1.call(AbstractWorker.java:44) at org.gradle.workers.internal.AbstractWorker$1.call(AbstractWorker.java:41) at org.gradle.internal.operations.DefaultBuildOperationExecutor$CallableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:409) at org.gradle.internal.operations.DefaultBuildOperationExecutor$CallableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:399) at org.gradle.internal.operations.DefaultBuildOperationExecutor$1.execute(DefaultBuildOperationExecutor.java:157) at org.gradle.internal.operations.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:242) at org.gradle.internal.operations.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:150) at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:94) at org.gradle.internal.operations.DelegatingBuildOperationExecutor.call(DelegatingBuildOperationExecutor.java:36) at org.gradle.workers.internal.AbstractWorker.executeWrappedInBuildOperation(AbstractWorker.java:41) at org.gradle.workers.internal.NoIsolationWorkerFactory$1.execute(NoIsolationWorkerFactory.java:60) at org.gradle.workers.internal.DefaultWorkerExecutor.lambda$submitWork$2(DefaultWorkerExecutor.java:200) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at org.gradle.internal.work.DefaultConditionalExecutionQueue$ExecutionRunner.runExecution(DefaultConditionalExecutionQueue.java:215) at org.gradle.internal.work.DefaultConditionalExecutionQueue$ExecutionRunner.runBatch(DefaultConditionalExecutionQueue.java:164) at org.gradle.internal.work.DefaultConditionalExecutionQueue$ExecutionRunner.run(DefaultConditionalExecutionQueue.java:131) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64) at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:48) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at org.gradle.internal.concurrent.ThreadFactoryImpl$ManagedThreadRunnable.run(ThreadFactoryImpl.java:56) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: com.android.tools.r8.CompilationFailedException: Compilation failed to complete at Version.fakeStackEntry(Version_2.1.62.java:0) at com.android.tools.r8.utils.Y.a(SourceFile:78) at com.android.tools.r8.D8.run(D8.java:11) at com.android.builder.dexing.D8DexArchiveMerger.mergeDexArchives(D8DexArchiveMerger.java:117) ... 33 more Caused by: java.lang.NullPointerException at com.android.tools.r8.dex.A.a(SourceFile:398) at com.android.tools.r8.graph.W.a(SourceFile:543) at com.android.tools.r8.dex.b.a(SourceFile:330) at com.android.tools.r8.graph.V0.b(SourceFile:4) at com.android.tools.r8.graph.W0.a(SourceFile:3) at com.android.tools.r8.graph.U0.d(SourceFile:3) at com.android.tools.r8.graph.W0.a(SourceFile:1) at com.android.tools.r8.graph.V0.b(SourceFile:2) at com.android.tools.r8.graph.C.b(SourceFile:8) at com.android.tools.r8.dex.b.a(SourceFile:327) at com.android.tools.r8.dex.b.a(SourceFile:50) at java.base/java.util.concurrent.ForkJoinTask$AdaptedCallable.exec(ForkJoinTask.java:1448) at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290) at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020) at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656) at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1594) at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183) Suppressed: java.lang.RuntimeException: java.util.concurrent.ExecutionException: java.lang.NullPointerException at com.android.tools.r8.D8.d(D8.java:143) at com.android.tools.r8.D8.b(D8.java:1) at com.android.tools.r8.utils.Y.a(SourceFile:36) java.lang.NullPointerException image

    opened by luocaca 0
  • metadata file is not of a supported version (29). 这个是版本太高不支持吗?

    metadata file is not of a supported version (29). 这个是版本太高不支持吗?

    H:\Giant Rush!_1.7.0_Apkpure.apk I: Loading resource table... I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: C:\Users\tianhou\AppData\Local\apktool\framework\1.apk I: Regular manifest package... I: Decoding file-resources... I: Decoding values / XMLs... I: Copying raw classes.dex file... I: Copying raw classes2.dex file... I: Copying raw classes3.dex file... I: Copying raw classes4.dex file... I: Copying raw classes5.dex file... I: Copying raw classes6.dex file... I: Copying raw classes7.dex file... I: Copying raw assets/audience_network.dex file... I: Copying assets and libs... I: Copying unknown files... I: Copying original files... I: Copying META-INF/services directory I: Translating dexes to smali files.... I: Translating dexes to java scaffodding jar.... I: Checking or generating il2cppscafoding... I: il2cpp I: Version 2021.1 I: I: I: Extracting metadata from (archive)\assets/bin/Data/Managed/Metadata/global-metadata.dat W: The supplied metadata file is not of a supported version (29). W: File global-metadata.dat does not exist I: Analyze IL2CPP data: 1.00 sec I: Rumtime base mereging... I: Android studio project fomarting.... I: You have faked a android studio project from apk! I: Generated project path:h:\GiantRush_FA.

    opened by tianhou2000 0
  • il2cpp-functions.h 等文件 没有生成!

    il2cpp-functions.h 等文件 没有生成!

    I: No matches in symbol table I: Required structures acquired from code heuristics. Initialization function: 0x00000000007D90AC I: CodeRegistration struct found at 0x000000000206BB80 (file offset 0x0205BB80) I: MetadataRegistration struct found at 0x000000000206C0E8 (file offset 0x0205C0E8) W: The detected Il2CppCodeRegistration / Il2CppMetadataRegistration structs do not pass validation. This may mean that their fields have been re-ordered as a form of obfuscation and Il2CppInspector has not been able to restore the original order automatically. Consider re-ordering the fields in Il2CppBinaryClasses.cs and try again.

    导出时候的日志

    opened by gengshaoyu 0
  • 可以支持一下metadata version 24.4报错吗?

    可以支持一下metadata version 24.4报错吗?

    如图,24.4的报错应该是一个bug,在我测试过程中,有些24.4的是可以解的,有些则不可以。 Il2CppInspector已经有支持24.4的修复的分支了,能同步到fakerandroid吗?

    已修复24.4的分支:https://github.com/Kneesnap/Il2CppInspector 1231231238

    opened by xu897002 1
Releases(1.0.38)
Owner
null
GitHub
BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

null 4.3k Jan 2, 2023
A android app for encrypting apk

A android app for encrypting apk

FlyingYu 124 Jan 5, 2023
Black Obfuscator is an obfuscator for Android APK DexFile

Black Obfuscator is an obfuscator for Android APK DexFile, it can help developer to protect source code by control flow flattening, and make it difficult to analyze the actual program control flow.

null 581 Jan 3, 2023
A program analysis tool to find cryptographic misuse in Java and Android.

A program analysis tool to find cryptographic misuse in Java and Android.

null 92 Dec 15, 2022
enjarify 8.6 0.0 L5 Python Enjarify is a tool for translating Dalvik bytecode to equivalent Java bytecode. This allows Java analysis tools to analyze Android applications.

Note: This repository may be out of date. Future development will occur at https://github.com/Storyyeller/enjarify. Introduction Enjarify is a tool fo

Google 2.7k Jan 8, 2023
CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!

Easy-as-pie Android Decompiler Why One stop shop I got pretty tired of decompiling Android apps with a bunch of steps that I had to remember all the t

Alex Davis 619 Dec 27, 2022
A simple text encryption/decryption password based GUI+CLI tool

ZeText: Zero disk exposition texts This is a simple text encryption/decryption password based GUI+CLI tool, allowing to enter, edit and decrypt files

sergeych 0 Dec 21, 2021
A program to flip every private, protected and package-private access flag to public in an Android dex file!

DexExposed A program to flip every private, protected and package-private access flag to public in an Android dex file! Building Simply run gradle mak

John Doe 2 Aug 29, 2021
Analyze any Android/Java based app or game

ClassyShark Introduction ClassyShark is a standalone binary inspection tool for Android developers. It can reliably browse any Android executable and

Google 7.2k Jan 3, 2023
Wordle is an interesting game. Let's solve it!

wordle Wordle is an interesting game. Let's solve it! Algorithm The algorithm is simple: On the first attempt, guess the highest ranked word in the di

Jonathan 1 Jan 14, 2022
Appdbg - make it possible to run android dex file in original Java Virtual Machine

Appdbg - make it possible to run android dex file in original Java Virtual Machine

null 137 Dec 20, 2022
Extract SHA-256 Certificate Fingerprint from hostname or certificate (.crt, .der or .pem) file

Certificate Fingerprint Extractor This tool extract SHA-256 Certificate Fingerprint from hostname or certificate (.crt, .der or .pem) file. In order t

Reign 1 Nov 8, 2022
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Luca Falsina 418 Dec 29, 2022
Simple API to perform AES encryption on Android. This is the Android counterpart to the AESCrypt library Ruby and Obj-C (with the same weak security defaults :( ) created by Gurpartap Singh. https://github.com/Gurpartap/aescrypt

AESCrypt-Android Simple API to perform AES encryption on Android with no dependancies. This is the Android counterpart to the AESCrypt library Ruby an

Scott Alexander-Bown 636 Dec 18, 2022
Android Reverse-Engineering Workbench for VS Code

APKLab The ultimate Android RE experience right inside your VS Code. APKLab seamlessly integrates the best open-source tools: Quark-Engine, Apktool, J

APKLab 1.5k Dec 29, 2022
Android Reverse-Engineering Workbench for VS Code

APKLab The ultimate Android RE experience right inside your VS Code. APKLab seamlessly integrates the best open-source tools: Quark-Engine, Apktool, J

APKLab 1.5k Dec 23, 2022
This project is an Android Studio plugin version of BlackObfuscator

This project is an Android Studio plugin version of BlackObfuscator, it supports obfuscating code automatically. More information about this project are in BlackObfuscator.

null 229 Dec 31, 2022
MiHawk 🦅👁️ is simple and secure 🔒 Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack DataStore Preferences 💽 to store data.

MiHawk MiHawk ?? ??️ is simple and secure ?? Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack

Nedal Hasan Ibrahem 5 Sep 3, 2022
Android virtual machine and deobfuscator

Simplify Generic Android Deobfuscator Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it beh

Caleb Fenton 4.1k Dec 25, 2022