tiann / leoric Goto Github PK

View Code? Open in Web Editor NEW

1.8K 40.0 520.0 202 KB

PoC of fighting against force-stop kill process on Android

Java 77.48% Makefile 0.75% C 21.77%

android daemon alive

leoric's Introduction

Leoric

Leoric 是一个 Android 上的黑科技保活方法的 PoC，它可以对抗在任意 Android 版本上的 force-stop 杀进程。

Leoric 是 Dota 中的英雄"骷髅王"，本项目名取自骷髅王的大招「重生」。

编译环境

JDK 11 + NDK 19.2.5345600

重现方法

虽然理论上这个方法可以支持任意的 Android 版本，但本 PoC 在 Android 9.0 及 Android 10 上测试过。具体使用方式参见 demo 项目。

实现原理

应对方法

下面是一种简单的方法杀死 Leoric:

ps -A | grep `ps -A | grep me.weishu.leoric | awk '{print $1}' | head -1` | awk '{print $2}' | xargs kill -19 && am force-stop me.weishu.leoric

对于系统有两种思路可以选择：

加入在 force-stop 期间不允许启动新的进程的逻辑
修改 force-stop 的杀进程逻辑为：预先收集好所有进程再进行 kill（如有必要还可以先发送 SIGSTOP）

在 Android 14 中，系统加入了在强行停止前冻结应用全部 cgroup 的逻辑，本方案失效。

Contact me

Email: [email protected]

郑重声明

本项目仅做学习研究使用，出现任何问题概不负责。另外，本 PoC 离实际投入使用还有很长的路要走，请不要妄想直接接入代码就能得到永生。

之所以公开代码，是为了推动厂商对系统做出改进，提供应对之法；请不要滥用！！

License

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Credits

MarsDaemon

leoric's People

Contributors

Stargazers

Watchers

Forkers

tianma8023 yangqingyuan thomasking2014 jokermonn sheepyang1993 dstmath narakai crackercat loulei forbe kasumar dannyit wufeng0927 supertaohaili soucrecodestudy tmaczhang ydmmocoo howardpang dou23 masterrun thiasap stbhan ivalimmb skyun1314 apollonbar xuhuawei131 yxmcute brevent jinhuizxc chile-zhong xiangzhidan apterking spianmo glen9527 xdcs100 xiangyutian jiesmart adeveloperh mudelong rikkaw frankfancode haizhiyun mjjde gnemyg7221 haiwwh muxi166 sanchahua zjw-swun flyxl jltxseo crosswall 2017398956 musktime liangtian123 htyxz8802 xulong20130712 maoqis gdhyxhgdhyxh djun100 tiantiantian-dev yuye1124956 lamster2018 teffy ytjd926 lihe18d 52im skyjing kingpro runnerwhisky supperguy vincentlao woodyguo jackieliu-52 yiminglv mny459 lizzy115115 ok266 chenchongji yanqiw yygutn jacobllee bcsl abbi752 crazysniper donald99 goldencolor mubingdan tracyly lcodecorex yangboyd zhaozhu365 kissfu paozhuanyinyu trenail bigmonk initliu jichinx hasiy g4time holyshot

leoric's Issues

oneplus 6 Android10 上没法保活

如何保活主进程

我希望业务是在主进程完成的，如何保活主进程。
目前我的做法是在application的oncreate内直接启动主进程的服务。这样force-stop后子进程启动时，同时也会把主进程拉起来。但是我单独kill主进程，就会有问题！

目前最大得问题不是杀后台，而是程序到后台内部线程被冻结

父进程死了孤儿进程会死吗？

这个日志信息，是被杀掉了吗？

020-01-16 17:35:23.421 4085-4337/? W/JavaExceptionHandler: Too noisy! skip duplicate java exception report:me.weishu.leoric:resident now=1579167323421 mLastReportTime=1579167300444 interval=60000
2020-01-16 17:35:23.425 1208-5579/? I/ActivityManager: Process me.weishu.leoric:resident (pid 11304) has died: fore SVC
2020-01-16 17:35:23.426 1208-5579/? I/AutoStartManagerService: MIUILOG- Reject RestartService packageName :me.weishu.leoric uid : 10588
2020-01-16 17:35:23.808 1208-2150/? D/MiuiGesture: add Window{a8e0470 u0 me.weishu.leoric/me.weishu.leoric.demo.MainActivity}, type=1
2020-01-16 17:35:23.815 1208-2150/? D/MiuiGesture: try to get iconInfo of me.weishu.leoric/.demo.MainActivity
2020-01-16 17:35:23.977 2186-2186/? D/RecentsImpl: startRecentsActivity runningTask: ComponentInfo{me.weishu.leoric/me.weishu.leoric.demo.MainActivity}
2020-01-16 17:35:24.025 1208-2150/? D/MiuiGesture: set AppWindowToken{b3f84c2 token=Token{7971d0d ActivityRecord{967eb36 u0 me.weishu.leoric/.demo.MainActivity t37639}}}, ignoreInput = true
2020-01-16 17:35:24.074 779-779/? I/GameEngine: last packageName: me.weishu.leoric
2020-01-16 17:35:24.635 1208-2150/? D/MiuiGesture: set AppWindowToken{b3f84c2 token=Token{7971d0d ActivityRecord{967eb36 u0 me.weishu.leoric/.demo.MainActivity t37639}}}, ignoreInput = false
2020-01-16 17:35:25.376 2772-2993/? D/Launcher: getLastLaunchApp, pkg=me.weishu.leoric
2020-01-16 17:35:31.059 11263-11297/me.weishu.leoric I/e.weishu.leori: ProcessProfilingInfo new_methods=24 is saved saved_to_disk=1 resolve_classes_delay=8000
2020-01-16 17:35:39.091 2186-2186/? D/RecentsActivity: removeTask: [id=37639 stackId=247 windowingMode=1 user=0 lastActiveTime=65188609] Leoric
2020-01-16 17:35:39.095 1208-10379/? D/WindowProcessUtils: remove task: TaskRecord{f513937 #37639 A=me.weishu.leoric U=0 StackId=247 sz=1}
2020-01-16 17:35:39.096 1208-10379/? I/ProcessManager: SwipeUpClean: force-stop me.weishu.leoric Adj=900 State=17
2020-01-16 17:35:39.133 1208-10379/? I/ActivityManager: Force stopping me.weishu.leoric appid=10588 user=0: SwipeUpClean
2020-01-16 17:35:39.134 1208-10379/? I/ActivityManager: Killing 11263:me.weishu.leoric/u0a588 (adj 905): stop me.weishu.leoric: SwipeUpClean

Android 8.1 一键清理后台后服务终止了 oppo r11

成功过几次，后面一键清理都杀掉了，不知道是不是手机产生了抗体，望大神解决

经验证，几乎都被杀死

经验证，dubug包几乎都被杀死，release包的情况下无一幸免，博主有办法？？

Leoric.java 引入的Reflection.java在哪里？

...
import me.weishu.reflection.Reflection;

public class Leoric {
...

想编译一下，结果找不到这个类文件。库里和app里都找不到，也没有看到有第三方库有这个类。

这个工程太老了

Android 11上监听进程死亡问题

机型: OPPO、RealMe
Android版本: 11
TargetSdkVersion:30

在监听到进程死亡后
public void onDaemonDead() { Log.e("log",""+Process.myPid()); // ILeoricProcess.Fetcher.fetchStrategy().onDaemonDead(); }
调用Process.myPid()直接崩溃...

force-stop多次就无效了吧

clone 下来运行就闪退

Crash on samsung note 9 android 10.

2020-04-27 05:06:29.079 5265-5265/me.weishu.leoric E/AndroidRuntime: FATAL EXCEPTION: main Process: me.weishu.leoric, PID: 5265 android.app.RemoteServiceException: Context.startForegroundService() did not then call Service.startForeground(): ServiceRecord{ccd4247 u0 me.weishu.leoric/.demo.Service1} at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2068) at android.os.Handler.dispatchMessage(Handler.java:107) at android.os.Looper.loop(Looper.java:237) at android.app.ActivityThread.main(ActivityThread.java:7811) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1076)