Initial commit

Author: johnno1962

LICENSE

@@ -0,0 +1,17 @@
+MIT License
+
+Copyright (c) 2017, John Holdsworth
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this
+software and associated documentation files (the "Software"), to deal in the Software
+without restriction, including without limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
+to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
+FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Package.swift

@@ -0,0 +1,8 @@
+import PackageDescription
+
+let package = Package(
+    name: "AndroidInjection",
+    dependencies: [
+        .Package(url: "https://github.com/SwiftJava/swift-android-zlib.git", majorVersion: 1),
+    ]
+)

Sources/AndroidInjection.swift

@@ -0,0 +1,243 @@
+//
+//  AndroidInjection.swift
+//  swift-android-injection
+//
+//  Created by John Holdsworth on 15/09/2017.
+//  Copyright © 2017 John Holdsworth. All rights reserved.
+//
+
+import Foundation
+import zlib
+
+private var pointerSize = MemoryLayout<uintptr_t>.size
+private let INJECTION_PORT: UInt16 = 31441
+
+func htons(_ port: UInt16) -> UInt16 {
+    return (port << 8) + (port >> 8)
+}
+let ntohs = htons
+
+func sockaddr_cast(_ p: UnsafeMutableRawPointer) -> UnsafeMutablePointer<sockaddr> {
+    return p.assumingMemoryBound(to: sockaddr.self)
+}
+
+protocol Kinded {
+    var offset: Int32 { get }
+    var kind: Int32 { get }
+}
+
+open class AndroidInjection {
+
+    open class func connectAndRun(forMainThread: @escaping (@escaping () -> ()) -> ()) {
+        DispatchQueue.global(qos: .background).async {
+            let serverSocket = connectTo(ipAddress: androidInjectionHost, INJECTION_APPNAME: "Injection")
+            if serverSocket < 0 {
+                return
+            }
+            let serverWrite = fdopen(serverSocket, "w")
+            NSLog("Injection: Connected to \(androidInjectionHost)")
+
+            var value: Int32 = Int32(INJECTION_PORT)
+            let valueLength = MemoryLayout.size(ofValue: value)
+            if serverWrite == nil || fwrite(&value, 1, valueLength, serverWrite) != valueLength {
+                NSLog("Injection: Could not write magic to %d %p: %s", serverSocket, serverWrite!, strerror(errno))
+                return
+            }
+
+            if !#file.withCString( {
+                filepath in
+                value = Int32(strlen(filepath))
+                return fwrite(&value, 1, valueLength, serverWrite) == valueLength &&
+                    fwrite(filepath, 1, Int(value), serverWrite) == value
+            } ) {
+                NSLog("Injection: Could not write filepath to %d %p: %s", serverSocket, serverWrite!, strerror(errno))
+                return
+            }
+            fflush(serverWrite)
+
+            var injectionNumber = 0
+            let serverRead = fdopen(serverSocket, "r")
+            var compressedLength: Int32 = 0, uncompressedLength: Int32 = 0
+
+            while fread(&compressedLength, 1, valueLength, serverRead) == valueLength &&
+                fread(&uncompressedLength, 1, valueLength, serverRead) == valueLength,
+                var compressedBuffer = malloc(Int(compressedLength)),
+                var uncompressedBuffer = malloc(Int(uncompressedLength)),
+                fread(compressedBuffer, 1, Int(compressedLength), serverRead) == compressedLength {
+                    defer {
+                        free(uncompressedBuffer)
+                        free(compressedBuffer)
+                    }
+                    if compressedLength == valueLength && uncompressedLength == valueLength {
+                        continue
+                    }
+
+                    NSLog("Injection: received %d/%d bytes", compressedLength, uncompressedLength)
+
+                    var destLen = uLongf(uncompressedLength)
+                    if uncompress(uncompressedBuffer.assumingMemoryBound(to: Bytef.self), &destLen,
+                                  compressedBuffer.assumingMemoryBound(to: Bytef.self),
+                                  uLong(compressedLength)) != Z_OK || destLen != uLongf(uncompressedLength) {
+                        NSLog("Injection: uncompression failure")
+                        break
+                    }
+
+                    injectionNumber += 1
+                    let libraryPath = NSTemporaryDirectory()+"injection\(injectionNumber).so"
+                    let libraryFILE = fopen(libraryPath, "w")
+                    if libraryFILE == nil || fwrite(uncompressedBuffer, 1, Int(uncompressedLength), libraryFILE) != uncompressedLength {
+                        NSLog("Injection: Could not write library file")
+                        break
+                    }
+                    fclose(libraryFILE)
+
+                    forMainThread( {
+                        NSLog("Injection: Wrote to \(libraryPath), injecting...")
+                        let error = loadAndInject(library: libraryPath)
+                        var status = Int32(error == nil ? 0 : strlen(error))
+                        if fwrite(&status, 1, valueLength, serverWrite) != valueLength {
+                            NSLog("Injection: Could not write status")
+                        }
+                        if error != nil && fwrite(error, 1, Int(status), serverWrite) != status {
+                            NSLog("Injection: Could not write error string")
+                        }
+                        fflush(serverWrite)
+                        NSLog("Injection complete.")
+                    } )
+            }
+
+            NSLog("Injection loop exits")
+            fclose(serverWrite)
+            fclose(serverRead)
+        }
+    }
+
+    open class func connectTo(ipAddress: UnsafePointer<Int8>, INJECTION_APPNAME: UnsafePointer<Int8>) -> Int32 {
+        var loaderAddr = sockaddr_in()
+
+        loaderAddr.sin_family = sa_family_t(AF_INET)
+        inet_aton(ipAddress, &loaderAddr.sin_addr)
+        loaderAddr.sin_port = htons(INJECTION_PORT)
+
+        NSLog("%s attempting connection to: %s:%d", INJECTION_APPNAME, ipAddress, INJECTION_PORT)
+
+        var loaderSocket: Int32 = 0, optval: Int32 = 1
+        loaderSocket = socket(Int32(loaderAddr.sin_family), SOCK_STREAM, 0)
+        if loaderSocket < 0 {
+            NSLog("%s: Could not open socket for injection: %s", INJECTION_APPNAME, strerror(errno))
+        }
+        else if setsockopt(loaderSocket, Int32(IPPROTO_TCP), TCP_NODELAY, &optval, socklen_t(MemoryLayout.size(ofValue: optval))) < 0 {
+            NSLog("%s: Could not set TCP_NODELAY: %s", INJECTION_APPNAME, strerror(errno))
+        }
+        else if connect(loaderSocket, sockaddr_cast(&loaderAddr), socklen_t(MemoryLayout.size(ofValue: loaderAddr))) < 0 {
+            NSLog("%s could not connect: %s", INJECTION_APPNAME, strerror(errno))
+        }
+        else {
+            return loaderSocket
+        }
+        close(loaderSocket)
+        return -1
+    }
+
+    open class func loadAndInject(library: String) -> UnsafePointer<Int8>? {
+        guard let libHandle = dlopen(library, Int32(RTLD_LAZY)) else {
+            let error = dlerror()
+            NSLog("Load of \(library) failed - \(String(cString: error!))")
+            return error
+        }
+
+        var info = Dl_info()
+        guard dladdr(&pointerSize, &info) != 0 else {
+            NSLog("Locating app library failed")
+            return nil
+        }
+
+        guard let mainHandle = dlopen(info.dli_fname, Int32(RTLD_LAZY | RTLD_NOLOAD)) else {
+            NSLog("Load of \(String(cString: info.dli_fname)) failed")
+            return nil
+        }
+
+        var processed = [UnsafeMutablePointer<UInt8>: Bool]()
+
+        struct TypeEntry: Kinded {
+            let offset: Int32
+            let kind: Int32
+        }
+
+        process(libHandle: libHandle, mainHandle: mainHandle,
+                entrySymbol: ".swift2_type_metadata_start",
+                entryType: TypeEntry.self, processed: &processed)
+
+        struct Conformance: Kinded {
+            let skip1: Int32
+            let offset: Int32
+            let skip2: Int32
+            let kind: Int32
+        }
+
+        process(libHandle: libHandle, mainHandle: mainHandle,
+                entrySymbol: ".swift2_protocol_conformances_start",
+                entryType: Conformance.self, pointerOffset: pointerSize, processed: &processed)
+
+        return nil
+    }
+
+    class func process<T: Kinded>(libHandle: UnsafeMutableRawPointer, mainHandle: UnsafeMutableRawPointer,
+                                  entrySymbol: String, entryType: T.Type, pointerOffset: Int = 0,
+                                  processed: inout [UnsafeMutablePointer<UInt8>: Bool] ) {
+        guard let conformance = dlsym(libHandle, entrySymbol) else {
+            NSLog("Could not locate \(entrySymbol) entries")
+            return
+        }
+
+        let ptr = conformance.assumingMemoryBound(to: UInt64.self)
+        let len = Int(ptr.pointee)
+
+        let entrySize = MemoryLayout<T>.size
+        let entries = len / entrySize
+        NSLog("\(entrySymbol) entries: \(entries)")
+
+        let table = (ptr+1).withMemoryRebound(to: UInt8.self, capacity: len) { $0 }
+        let start = (ptr+1).withMemoryRebound(to: T.self, capacity: entries) { $0 }
+
+        for i in 0 ..< entries {
+            if start[i].kind == 15 {
+                let metadata = UnsafeMutablePointer(table + Int(start[i].offset) + i * entrySize + pointerOffset)
+                if processed[metadata] == true {
+                    continue
+                }
+                metadata.withMemoryRebound(to: ClassMetadataSwift.self, capacity: 1) {
+                    swizzleClass(classMetadata: $0, mainHandle: mainHandle)
+                }
+                processed[metadata] = true
+            }
+        }
+    }
+
+    static var originals = [String: UnsafeMutablePointer<ClassMetadataSwift>]()
+
+    open class func swizzleClass(classMetadata: UnsafeMutablePointer<ClassMetadataSwift>, mainHandle: UnsafeMutableRawPointer) {
+        var info = Dl_info()
+        guard dladdr(classMetadata, &info) != 0, let classSymbol = info.dli_sname else {
+            NSLog("Could not locate class")
+            return
+        }
+
+        let classKey = String(cString: classSymbol)
+        guard let existingClass = originals[classKey] ?? dlsym(mainHandle, classSymbol)?
+            .assumingMemoryBound(to: ClassMetadataSwift.self) else {
+                NSLog("Could not locate original class for \(String(cString: classSymbol))")
+                return
+        }
+        originals[classKey] = existingClass
+
+        func byteAddr<T>(_ location: UnsafeMutablePointer<T>) -> UnsafeMutablePointer<UInt8> {
+            return location.withMemoryRebound(to: UInt8.self, capacity: 1) { $0 }
+        }
+
+        let vtableOffset = byteAddr(&existingClass.pointee.IVarDestroyer) - byteAddr(existingClass)
+        let vtableLength = Int(existingClass.pointee.ClassSize) - pointerSize * 2 - vtableOffset
+        NSLog("\(unsafeBitCast(classMetadata, to: AnyClass.self)), vtable length: \(vtableLength)")
+        memcpy(byteAddr(existingClass) + vtableOffset, byteAddr(classMetadata) + vtableOffset, vtableLength)
+    }
+}

Sources/AndroidInjectionHost.swift

@@ -0,0 +1 @@
+let androidInjectionHost = "192.168.1.14"

Sources/SwiftInternals.swift

@@ -0,0 +1,99 @@
+//
+//  Internals.swift
+//  XprobeSwift
+//
+//  Created by John Holdsworth on 22/12/2016.
+//  Copyright © 2016 John Holdsworth. All rights reserved.
+//
+
+import Foundation
+
+/** pointer to a function implementing a Swift method */
+public typealias SIMP = @convention(c) (_: AnyObject) -> Void
+
+/**
+ Layout of a class instance. Needs to be kept in sync with ~swift/include/swift/Runtime/Metadata.h
+ */
+public struct ClassMetadataSwift {
+
+    public let MetaClass: uintptr_t = 0, SuperClass: uintptr_t = 0
+    public let CacheData1: uintptr_t = 0, CacheData2: uintptr_t = 0
+
+    public let Data: uintptr_t = 0
+
+    /// Swift-specific class flags.
+    public let Flags: UInt32 = 0
+
+    /// The address point of instances of this type.
+    public let InstanceAddressPoint: UInt32 = 0
+
+    /// The required size of instances of this type.
+    /// 'InstanceAddressPoint' bytes go before the address point;
+    /// 'InstanceSize - InstanceAddressPoint' bytes go after it.
+    public let InstanceSize: UInt32 = 0
+
+    /// The alignment mask of the address point of instances of this type.
+    public let InstanceAlignMask: UInt16 = 0
+
+    /// Reserved for runtime use.
+    public let Reserved: UInt16 = 0
+
+    /// The total size of the class object, including prefix and suffix
+    /// extents.
+    public let ClassSize: UInt32 = 0
+
+    /// The offset of the address point within the class object.
+    public let ClassAddressPoint: UInt32 = 0
+
+    /// An out-of-line Swift-specific description of the type, or null
+    /// if this is an artificial subclass.  We currently provide no
+    /// supported mechanism for making a non-artificial subclass
+    /// dynamically.
+    public let Description: uintptr_t = 0
+
+    /// A function for destroying instance variables, used to clean up
+    /// after an early return from a constructor.
+    public var IVarDestroyer: SIMP? = nil
+
+    // After this come the class members, laid out as follows:
+    //   - class members for the superclass (recursively)
+    //   - metadata reference for the parent, if applicable
+    //   - generic parameters for this class
+    //   - class variables (if we choose to support these)
+    //   - "tabulated" virtual methods
+
+}
+
+//#if swift(>=3.0)
+//    // not public in Swift3
+//    @_silgen_name("swift_demangle")
+//    private
+//    func _stdlib_demangleImpl(
+//        mangledName: UnsafePointer<CChar>?,
+//        mangledNameLength: UInt,
+//        outputBuffer: UnsafeMutablePointer<UInt8>?,
+//        outputBufferSize: UnsafeMutablePointer<UInt>?,
+//        flags: UInt32
+//        ) -> UnsafeMutablePointer<CChar>?
+//
+//    public func _stdlib_demangleName(_ mangledName: String) -> String {
+//        return mangledName.utf8CString.withUnsafeBufferPointer {
+//            (mangledNameUTF8) in
+//
+//            let demangledNamePtr = _stdlib_demangleImpl(
+//                mangledName: mangledNameUTF8.baseAddress,
+//                mangledNameLength: UInt(mangledNameUTF8.count - 1),
+//                outputBuffer: nil,
+//                outputBufferSize: nil,
+//                flags: 0)
+//
+//            if let demangledNamePtr = demangledNamePtr {
+//                let demangledName = String(cString: demangledNamePtr)
+//                free(demangledNamePtr)
+//                return demangledName
+//            }
+//            return mangledName
+//        }
+//    }
+//#endif
+