The code provided underneath is just a bare bone example which causes an intentional crash if the application is tampered with.
This should not be used for public projects as it can be easily bypassed by practically anyone who has some experience with android reverse engineering.
Credit: Boban - Polar v2
This should not be used for public projects as it can be easily bypassed by practically anyone who has some experience with android reverse engineering.
Credit: Boban - Polar v2
C++:
// Created by Boban on 2/6/2023.
// Bonk.cpp
#include "Bonk.h"
char *Bonk::getPackageName() {
const size_t BUFFER_SIZE = 256;
char buffer[BUFFER_SIZE] = "";
int fd = open("/proc/self/cmdline", O_RDONLY);
if (fd > 0) {
ssize_t r = read(fd, buffer, BUFFER_SIZE - 1);
close(fd);
if (r > 0) {
return strdup(buffer);
}
}
return nullptr;
}
const char *Bonk::getFilenameExt(const char *filename) {
const char *dot = strrchr(filename, '.');
if (!dot || dot == filename) return "";
return dot + 1;
}
char *Bonk::pathHelperGetPath() {
char *package = getPackageName();
if (nullptr == package) {
return nullptr;
}
FILE *fp = fopen("/proc/self/maps", "r");
if (nullptr == fp) {
free(package);
return nullptr;
}
const size_t BUFFER_SIZE = 256;
char buffer[BUFFER_SIZE] = "";
char path[BUFFER_SIZE] = "";
bool find = false;
while (fgets(buffer, BUFFER_SIZE, fp)) {
if (sscanf(buffer, "%*llx-%*llx %*s %*s %*s %*s %s", path) == 1) {
if (strstr(path, package)) {
char *bname = basename(path);
if (strcasecmp(getFilenameExt(bname), "apk") == 0) {
find = true;
break;
}
}
}
}
fclose(fp);
free(package);
if (find) {
return strdup(path);
}
return nullptr;
}
size_t Bonk::write_callback(char *ptr, size_t size, size_t nmemb, std::string *data) {
data->append(ptr, size * nmemb);
return size * nmemb;
}
void Bonk::initialize() {
curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_URL, "https://www.example.com/crc32");
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
curl_easy_perform(curl);
curl_easy_cleanup(curl);
std::ifstream file(pathHelperGetPath(), std::ios::binary);
uLong crc = crc32(0L, Z_NULL, 0);
for (int c = file.get(); file.good(); c = file.get()) {
crc = crc32(crc, (const Bytef *) &c, 1);
}
std::string hash = std::to_string(crc);
unsigned char digest[MD5_DIGEST_LENGTH];
MD5((unsigned char *) hash.c_str(), hash.length(), (unsigned char *) &digest);
char mdString[33];
for(int i = 0; i < 16; i++) {
sprintf(&mdString[i * 2], "%02x", (unsigned int) digest[i]);
}
if(!(mdString == response)) {
int *p = 0;
*p = 1;
}
}
Bonk::Bonk() = default;
C++:
// Created by Boban on 2/6/2023.
// Bonk.h
#ifndef BONK_H
#define BONK_H
#include <thread>
#include <chrono>
#include <vector>
#include <fstream>
#include <zlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <malloc.h>
#include <libgen.h>
#include <curl/curl.h>
#include <openssl/md5.h>
class Bonk {
private:
std::string response;
CURL *curl{};
static char *getPackageName();
static const char *getFilenameExt(const char *filename);
static char *pathHelperGetPath();
static size_t write_callback(char *ptr, size_t size, size_t nmemb, std::string *data);
public:
Bonk();
void initialize();
};
#endif
Code:
cmake_minimum_required(VERSION 3.22.1)
project("bonk")
add_library(
bonk
SHARED
native-lib.cpp
Bonk.cpp
)
set(OpenSSL Q:/OpenSSL/${CMAKE_ANDROID_ARCH_ABI})
set(ssl ${OpenSSL}/lib/libssl.a)
set(crypto ${OpenSSL}/lib/libcrypto.a)
set(cURL Q:/cURL/${CMAKE_ANDROID_ARCH_ABI}/lib/libcurl.a)
target_link_libraries(
bonk
log
z
${ssl}
${crypto}
${cURL}
)
include_directories(${OpenSSL}/include Q:/cURL/${CMAKE_ANDROID_ARCH_ABI}/include)
Last edited:
