ApkCrack GUI方式hook证书一些bug

.gitignore

@@ -2,4 +2,5 @@
 build
 config/*.apk
 out/
-*.iml
+*.iml
+config/tmpBuild/

ApkCrack.config.properties

@@ -0,0 +1,7 @@
+#
+#Wed Jul 22 08:36:46 CST 2020
+storeFile=/Users/yanxx/Desktop/apk/v0.0.3/config/test.jks
+keyAlias=test
+keyPassword=qqqqqq
+certFile=/Users/yanxx/Desktop/apk/v0.0.3/config/charles.cer
+storePassword=qqqqqq

config/config.properties

@@ -12,5 +12,5 @@ keyAlias=test
 keyPassword=qqqqqq
 
 # apk path
-apkFile=/Users/yanxx/Desktop/apk/kuaishou.apk
-outFile=kuaishou-out.apk
+apkFile=config/tnews.apk
+outFile=tnews-out.apk

src/ApkCrack.java

@@ -30,10 +30,7 @@ public class ApkCrack {
 
     private String buildPath;
 
-    private static final String BUILD_PATH = "build";
-    private static final String RAW_PATH = "build/res/raw/";
-    private static final String XML_PATH = "build/res/xml/";
-    private static final String ANDROID_MANIFEST_PATH = "build/AndroidManifest.xml";
+    private static final String ANDROID_MANIFEST_PATH = "AndroidManifest.xml";
     private static final String ATTR_NETCONFIG = "android:networkSecurityConfig";
     private static final String ATTR_DEBUG = "android:debuggable";
     private static final String ATTR_CERT = "certificates";
@@ -69,6 +66,10 @@ public String getOutFile() {
         return outFile;
     }
 
+    public void setDebuggable(boolean debuggable) {
+        this.debuggable = debuggable;
+    }
+
     public void start() {
         s = System.currentTimeMillis();
         if (storeFile != null) {
@@ -139,34 +140,25 @@ private void generateApk() {
     private void hook() throws Exception {
         LOG.info("start hook apk...");
         LOG.info(">>>>>parsing AndroidManifest.xml.....");
-        File file = new File(ANDROID_MANIFEST_PATH);
+        File file = new File(buildPath, ANDROID_MANIFEST_PATH);
         DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
         DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
         Document document = documentBuilder.parse(file);
         Node application = document.getElementsByTagName("application").item(0);
 
         NamedNodeMap namedNodeMap = application.getAttributes();
-        Node node = namedNodeMap.getNamedItem(ATTR_NETCONFIG);
         if (networkSecurityConfig) {
             addCertFile();
-            if (node != null) {
-                String path = "build/res/xml" + node.getNodeValue().substring(4) + ".xml";
-                LOG.info(">>>>>find networkSecurityConfig:" + path);
-
-                addNetConfig("config/network_security_config.xml", path);
-
-            } else {//新增文件：network_security_config.xml
-                LOG.info(">>>>>adding networkSecurityConfig attribute...");
-                Attr attr = document.createAttribute(ATTR_NETCONFIG);
-                attr.setValue("@xml/network_security_config");
-                namedNodeMap.setNamedItem(attr);
-                File xmlPath = new File("build/res/xml/");
-                if (!xmlPath.exists()) {
-                    LOG.info(">>>>> mkdirs xml path...");
-                    xmlPath.mkdirs();
-                }
-                addNetConfig("config/network_security_config.xml", "build/res/xml/network_security_config.xml");
+            LOG.info(">>>>>adding networkSecurityConfig attribute...");
+            Attr attr = document.createAttribute(ATTR_NETCONFIG);
+            attr.setValue("@xml/network_security_config");
+            namedNodeMap.setNamedItem(attr);
+            File xmlPath = new File("build/res/xml/");
+            if (!xmlPath.exists()) {
+                LOG.info(">>>>> mkdirs xml path...");
+                xmlPath.mkdirs();
             }
+            addNetConfig(buildPath + "/res/xml/network_security_config.xml");
         }
 
         if (debuggable) {
@@ -181,28 +173,27 @@ private void hook() throws Exception {
             DOMSource domSource = new DOMSource(document);
             StreamResult reStreamResult = new StreamResult(file);
             transformer.transform(domSource, reStreamResult);
-            File tmp = new File(ANDROID_MANIFEST_PATH + ".tmp");
+            File tmp = new File(buildPath, ANDROID_MANIFEST_PATH + ".tmp");
             StreamResult consoleResult = new StreamResult(tmp);
             transformer.transform(domSource, consoleResult);
             if (file.exists()) file.delete();
             tmp.renameTo(file);
         }
     }
 
-    private void addNetConfig(String netConfigXml, String outFile) throws Exception {
+    private void addNetConfig(String outFile) throws Exception {
         LOG.info(">>>adding certificate to " + outFile);
-        File file = new File(netConfigXml);
         DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
         DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
-        Document document = documentBuilder.parse(file);
+        Document document = documentBuilder.parse(StringUtil.netConfigStream());
         Node node = document.getElementsByTagName(ATTR_TRUST).item(0);
         Element element = document.createElement(ATTR_CERT);
         element.setAttribute("src", "@raw/" + certName);
         node.appendChild(element);
         TransformerFactory transformerFactory = TransformerFactory.newInstance();
         Transformer transformer = transformerFactory.newTransformer();
         DOMSource domSource = new DOMSource(document);
-        File tmp = new File(netConfigXml + ".tmp");
+        File tmp = new File(buildPath + "netConfig.tmp");
         StreamResult consoleResult = new StreamResult(tmp);
         transformer.transform(domSource, consoleResult);
         File out = new File(outFile);
@@ -212,7 +203,7 @@ private void addNetConfig(String netConfigXml, String outFile) throws Exception
 
     private void addCertFile() {
         try {
-            FileUtils.copyFile(new File(certFile), new File(RAW_PATH, certFileName));
+            FileUtils.copyFile(new File(certFile), new File(buildPath + "/res/raw/", certFileName));
         } catch (IOException e) {
             throw new RuntimeException(e);
         }

src/ApkProcessDialog.java

@@ -64,6 +64,7 @@ public void start() {
         apkCrack.setStorePassword(config.storePassword);
         apkCrack.setKeyAlias(config.keyAlias);
         apkCrack.setKeyPassword(config.keyPassword);
+        apkCrack.setDebuggable(true);
         setVisible(true);
         processThread = new Thread(() -> {
             apkCrack.start();
@@ -88,12 +89,14 @@ public void run() {
                         if (progress > 0) {
                             progressBar.setValue((int) (progress * 100));
                         }
+                        if ("done...".equals(msg1)) {
+                            showDoneDialog();
+                        }
 
                     }
+
                 });
-                if ("done...".equals(msg1)) {
-                    showDoneDialog();
-                }
+
             }
         });
     }

src/StringUtil.java

@@ -0,0 +1,19 @@
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+public class StringUtil {
+    private static final String NET_CONFIG_XML =
+            "<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"no\"?>\n" +
+                    "<network-security-config>\n" +
+                    "    <base-config cleartextTrafficPermitted=\"true\">\n" +
+                    "        <trust-anchors>\n" +
+                    "            <certificates src=\"system\"/>\n" +
+                    "            <certificates src=\"user\"/>\n" +
+                    "        </trust-anchors>\n" +
+                    "    </base-config>\n" +
+                    "</network-security-config>";
+
+    public static InputStream netConfigStream() {
+        return new ByteArrayInputStream(NET_CONFIG_XML.getBytes());
+    }
+}