search

BlackBoxing / BlackBox

BlackBox is a virtual engine, it can clone and run virtual application on Android, users don't have to install APK file to run the application on devices. BlackBox control all virtual applications, so you can do anything you want by using BlackBox.
Apache License 2.0
90 stars 49 forks source link

[BUG] b站 blackbox64闪退 #5

Open ljlVink opened 1 year ago

ljlVink commented 1 year ago

Describe the bug / 描述一下这个错误 A clear and concise description of what the bug is. b站打开3秒后闪退 To Reproduce / 复现步骤 Steps to reproduce the behavior: 1.点击+ 2.添加哔哩哔哩 3.打开 4.闪退

Expected behavior / 预期的行为 正常打开

Screenshots / 截图 null Mobile Phone Info / 手机信息 Huawei / HarmonyOS (API 29)

Logcat / 日志 08-13 07:55:45.439 27846 27879 E AndroidRuntime: Process: tv.danmaku.bili, PID: 27846 08-13 07:55:45.439 27846 27879 E AndroidRuntime: java.lang.NullPointerException: Attempt to invoke virtual method 'java.lang.ClassLoader android.app.Application.getClassLoader()' on a null object reference 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at top.niunaijun.blackbox.fake.service.IActivityManagerProxy$BroadcastIntent.hook(IActivityManagerProxy.java:426) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at top.niunaijun.blackbox.fake.hook.ClassInvocationStub.invoke(ClassInvocationStub.java:130) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at java.lang.reflect.Proxy.invoke(Proxy.java:1006) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at $Proxy68.broadcastIntent(Unknown Source) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at android.app.ContextImpl.sendBroadcast(ContextImpl.java:1172) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at android.content.ContextWrapper.sendBroadcast(ContextWrapper.java:448) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at com.bilibili.bus.c.g(BL:1) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at com.bilibili.bus.c.c(BL:8) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at com.bilibili.gripper.umb.a.a(BL:2) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at gripper.generated.nc.N9(BL:5) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at gripper.generated.nc.D4(Unknown Source:0) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at gripper.generated.y6.invoke(Unknown Source:4) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at com.bilibili.lib.gripper.internal.task.t.e(BL:1) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at com.bilibili.lib.gripper.internal.task.e.b(BL:7) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at com.bilibili.lib.gripper.internal.task.k$a.run(BL:5) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) 08-13 07:55:45.439 27846 27879 E AndroidRuntime: at java.lang.Thread.run(Thread.java:929) Additional context / 额外内容 Add any other context about the problem here. null APK If applicable, add the apk file for me to test. 如果有,请添加APK文件给我测试。 https://dl.hdslb.com/mobile/latest/android64/iBiliPlayer-bili.apk?t=20220813

ljlVink commented 1 year ago

关闭xposed仍然闪退

08-13 08:03:15.856 31042 31074 E AndroidRuntime: java.lang.NullPointerException: Attempt to invoke virtual method 'java.lang.ClassLoader android.app.Application.getClassLoader()' on a null object reference
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at top.niunaijun.blackbox.fake.service.IActivityManagerProxy$BroadcastIntent.hook(IActivityManagerProxy.java:426)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at top.niunaijun.blackbox.fake.hook.ClassInvocationStub.invoke(ClassInvocationStub.java:130)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at java.lang.reflect.Proxy.invoke(Proxy.java:1006)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at $Proxy68.broadcastIntent(Unknown Source)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at android.app.ContextImpl.sendBroadcast(ContextImpl.java:1172)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at android.content.ContextWrapper.sendBroadcast(ContextWrapper.java:448)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at com.bilibili.bus.c.g(BL:1)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at com.bilibili.bus.c.c(BL:8)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at com.bilibili.gripper.umb.a.a(BL:2)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at gripper.generated.nc.N9(BL:5)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at gripper.generated.nc.D4(Unknown Source:0)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at gripper.generated.y6.invoke(Unknown Source:4)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at com.bilibili.lib.gripper.internal.task.t.e(BL:1)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at com.bilibili.lib.gripper.internal.task.e.b(BL:7)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at com.bilibili.lib.gripper.internal.task.k$a.run(BL:5)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
08-13 08:03:15.856 31042 31074 E AndroidRuntime:        at java.lang.Thread.run(Thread.java:929)
08-13 08:03:15.857 31042 31068 D DelayTaskController: shouldBlock = true
08-13 08:03:15.857 31042 31074 D OsStub  : redirectPath: /data/local/su  => /data/local/su-fake
08-13 08:03:15.858 31042 31074 D OsStub  : redirectPath: /data/local/bin/su  => /data/local/bin/su-fake
08-13 08:03:15.858 31042 31074 D OsStub  : redirectPath: /data/local/xbin/su  => /data/local/xbin/su-fake
08-13 08:03:15.858 31042 31074 D OsStub  : redirectPath: /system/xbin/su  => /system/xbin/su-fake
08-13 08:03:15.858  1533 31077 I QarthDisFileCreator: pattern not match
08-13 08:03:15.858 31042 31074 D OsStub  : redirectPath: /system/bin/su  => /system/bin/su-fake
08-13 08:03:15.858 31042 31074 D OsStub  : redirectPath: /system/bin/failsafe/su  => /system/bin/failsafe/su-fake
08-13 08:03:15.858 31042 31074 D OsStub  : redirectPath: /system/sd/xbin/su  => /system/sd/xbin/su-fake
08-13 08:03:15.858 31042 31074 D OsStub  : redirectPath: /sbin/su  => /sbin/su-fake
08-13 08:03:15.858 31042 31074 D OsStub  : redirectPath: /su/bin/su  => /su/bin/su-fake
08-13 08:03:15.859 31042 31066 W Binder  : Caught a RuntimeException from the binder stub implementation.
08-13 08:03:15.859 31042 31066 W Binder  : java.lang.NullPointerException: Attempt to invoke virtual method 'java.lang.ClassLoader android.app.Application.getClassLoader()' on a null object reference
08-13 08:03:15.859 31042 31066 W Binder  :      at top.niunaijun.blackbox.fake.delegate.InnerReceiverDelegate.performReceive(InnerReceiverDelegate.java:65)
08-13 08:03:15.859 31042 31066 W Binder  :      at android.app.ActivityThread$ApplicationThread.scheduleRegisteredReceiver(ActivityThread.java:1404)
08-13 08:03:15.859 31042 31066 W Binder  :      at android.app.IApplicationThread$Stub.onTransact(IApplicationThread.java:852)
08-13 08:03:15.859 31042 31066 W Binder  :      at android.os.Binder.execTransactInternal(Binder.java:1028)
08-13 08:03:15.859 31042 31066 W Binder  :      at android.os.Binder.execTransact(Binder.java:1001)
08-13 08:03:15.860  1533 31078 I DropBoxManagerService: add tag=data_app_crash isTagEnabled=true flags=0x2
08-13 08:03:15.860 31042 31079 D SoLoader: init start
08-13 08:03:15.860 31042 31079 D SoLoader: adding system library source: /vendor/lib
08-13 08:03:15.860 31042 31079 D SoLoader: adding system library source: /system/lib
08-13 08:03:15.860 31042 31079 D SoLoader: adding application source: com.facebook.soloader.c[root = /data/app/tv.danmaku.bili-mJdVVdub2K6KveHOfT1MlA==/lib/arm64 flags = 0]
08-13 08:03:15.860 31042 31079 D SoLoader: adding backup source from : com.facebook.soloader.a[root = /data/data/top.niunaijun.blackboxa64/blackbox/data/user/0/tv.danmaku.bili/lib-main flags = 1]
08-13 08:03:15.860 31042 31079 D SoLoader: Preparing SO source: com.facebook.soloader.c[root = /system/lib flags = 2]
08-13 08:03:15.861 31042 31079 D SoLoader: Preparing SO source: com.facebook.soloader.c[root = /vendor/lib flags = 2]
08-13 08:03:15.861 31042 31079 D SoLoader: Preparing SO source: com.facebook.soloader.c[root = /data/app/tv.danmaku.bili-mJdVVdub2K6KveHOfT1MlA==/lib/arm64 flags = 0]
08-13 08:03:15.861 31042 31071 I BLCrashHelper: anrInitAfterBugly = false
08-13 08:03:15.861 31042 31079 D SoLoader: Preparing SO source: com.facebook.soloader.a[root = /data/data/top.niunaijun.blackboxa64/blackbox/data/user/0/tv.danmaku.bili/lib-main flags = 1]
08-13 08:03:15.861 31042 31071 D NativeCore: nativeLoad: /data/app/tv.danmaku.bili-mJdVVdub2K6KveHOfT1MlA==/lib/arm64/libbili_core.so
08-13 08:03:15.864 31042 31071 D blcrash-trace: bl_trace_init
08-13 08:03:15.865 31042 31084 D blcrash-trace: bl_trace_dumper
08-13 08:03:15.867  9870  9870 I CAWARENESS_30414_AbilityContext: [1660348995868] deliver {dataId=100000247, mode=0} to 1 receivers
08-13 08:03:15.869  1533  1731 W BroadcastQueue: Permission Denial: receiving Intent { act=android.intent.action.DROPBOX_ENTRY_ADDED flg=0x10 (has extras) } to ProcessRecord{a4b8cb1 12727:top.niunaijun.blackboxa64:black/u0a284} (pid=12727, uid=10284) requires android.permission.READ_LOGS due to sender android (uid 1000)
08-13 08:03:15.870  9870 31088 I CAWARENESS_30414_AbilityContext: [1660348995868] publishing {dataId=400000007, mode=0}
08-13 08:03:15.870  9870 31088 I CAWARENESS_30414_AbilityContext: [1660348995868] deliver {dataId=400000007, mode=0} to 2 receivers
08-13 08:03:15.871 31042 31042 D OsStub  : redirectPath: /storage/emulated/0/Android/data/tv.danmaku.bili/files  => /storage/emulated/0/Android/data/top.niunaijun.blackboxa64/files/blackbox/storage/emulated/0/Android/data/tv.danmaku.bili/files
08-13 08:03:15.876 31042 31042 I chatty  : uid=10284(top.niunaijun.blackboxa64) tv.danmaku.bili identical 4 lines
08-13 08:03:15.877 31042 31042 D OsStub  : redirectPath: /storage/emulated/0/Android/data/tv.danmaku.bili/files  => /storage/emulated/0/Android/data/top.niunaijun.blackboxa64/files/blackbox/storage/emulated/0/Android/data/tv.danmaku.bili/files
08-13 08:03:15.877 31042 31042 D BActivityThread: providerInfo.authority: tv.danmaku.bili.fileprovider
08-13 08:03:15.877 31042 31042 D BActivityThread: providerInfo.authority: tv.danmaku.bili.providers.BiliDataProvider
08-13 08:03:15.878 31042 31042 D BActivityThread: providerInfo.authority: tv.danmaku.bili.provider.resolver
08-13 08:03:15.878 31042 31042 D BActivityThread: providerInfo.authority: tv.danmaku.bili.provider.resolverv2
08-13 08:03:15.882  1533  4479 D PGGoogleServicePolicy: prevent gms/gsf hold partial wakelock
08-13 08:03:15.883 31042 31042 D BActivityThread: providerInfo.authority: tv.danmaku.bili.provider.modresource
08-13 08:03:15.883 31042 31042 D BActivityThread: providerInfo.authority: tv.danmaku.bili.provider.ColumnMainProcessProvider
08-13 08:03:15.884 31042 31042 D BActivityThread: providerInfo.authority: tv.danmaku.bili.live.provider.SearchSuggestionsProvider
08-13 08:03:15.885 31042 31042 D BActivityThread: providerInfo.authority: tv.danmaku.bili.music.provider.MusicSearchSuggestionProvider
08-13 08:03:15.885 31042 31042 D BActivityThread: providerInfo.authority: tv.danmaku.bili.ad.provider.HistoryContentProvider
08-13 08:03:15.888 31042 31042 D BActivityThread: providerInfo.authority: tv.danmaku.bili.com.bilibili.upper.comm.provider
08-13 08:03:15.888 31042 31042 D BActivityThread: providerInfo.authority: tv.danmaku.bili.provider.ChannelSearchSuggestionProvider
08-13 08:03:15.889 31042 31042 D BActivityThread: providerInfo.authority: tv.danmaku.bili.provider.BiliSearchSuggestionProvider
08-13 08:03:15.890 31042 31042 D OsStub  : redirectPath: /storage/emulated/0  => /storage/emulated/0/Android/data/top.niunaijun.blackboxa64/files/blackbox/storage/emulated/0
08-13 08:03:15.890 31042 31042 D IActivityManagerProxy: innovate getContentProvider: tv.danmaku.bili.provider.xpref
08-13 08:03:15.890 31042 31042 D IActivityManagerProxy: hook getContentProvider: tv.danmaku.bili.provider.xpref
08-13 08:03:15.892 31042 31042 D IActivityManagerProxy: hook app: tv.danmaku.bili.provider.xpref
08-13 08:03:15.869  1533  1731 W BroadcastQueue: Permission Denial: receiving Intent { act=android.intent.action.DROPBOX_ENTRY_ADDED flg=0x10 (has extras) } to ProcessRecord{a4b8cb1 12727:top.niunaijun.blackboxa64:black/u0a284} (pid=12727, uid=10284) requires android.permission.READ_LOGS due to sender android (uid 1000)
08-13 08:03:15.893 31042 31042 E ActivityThread: Failed to find provider info for tv.danmaku.bili.provider.xpref
08-13 08:03:15.893 31042 31042 W Silhouette:
08-13 08:03:15.893 31042 31042 W Silhouette: java.lang.IllegalArgumentException: Unknown authority tv.danmaku.bili.provider.xpref
08-13 08:03:15.893 31042 31042 W Silhouette:    at android.content.ContentResolver.call(ContentResolver.java:2096)
08-13 08:03:15.893 31042 31042 W Silhouette:    at android.content.ContentResolver.call(ContentResolver.java:2079)
08-13 08:03:15.893 31042 31042 W Silhouette:    at com.bilibili.xpref.d.b(BL:2)
08-13 08:03:15.893 31042 31042 W Silhouette:    at com.bilibili.xpref.d.getInt(BL:1)
08-13 08:03:15.893 31042 31042 W Silhouette:    at com.bilibili.biligame.cache.db.DBProvider.c(BL:3)
08-13 08:03:15.893 31042 31042 W Silhouette:    at com.bilibili.biligame.cache.db.DBProvider.onCreate(BL:3)
08-13 08:03:15.893 31042 31042 W Silhouette:    at android.content.ContentProvider.attachInfo(ContentProvider.java:2097)
08-13 08:03:15.893 31042 31042 W Silhouette:    at android.content.ContentProvider.attachInfo(ContentProvider.java:2070)
08-13 08:03:15.893 31042 31042 W Silhouette:    at android.app.ActivityThread.installProvider(ActivityThread.java:8168)
08-13 08:03:15.893 31042 31042 W Silhouette:    at java.lang.reflect.Method.invoke(Native Method)
08-13 08:03:15.893 31042 31042 W Silhouette:    at org.lsposed.hiddenapibypass.HiddenApiBypass.invoke(Unknown Source:103)
08-13 08:03:15.893 31042 31042 W Silhouette:    at top.niunaijun.blackbox.utils.Reflector.invoke(Reflector.java:224)
08-13 08:03:15.893 31042 31042 W Silhouette:    at top.niunaijun.blackbox.app.BActivityThread.installProvider(BActivityThread.java:426)
08-13 08:03:15.893 31042 31042 W Silhouette:    at top.niunaijun.blackbox.app.BActivityThread.installProviders(BActivityThread.java:409)
08-13 08:03:15.893 31042 31042 W Silhouette:    at top.niunaijun.blackbox.app.BActivityThread.handleBindApplication(BActivityThread.java:377)
08-13 08:03:15.893 31042 31042 W Silhouette:    at top.niunaijun.blackbox.app.BActivityThread.bindApplication(BActivityThread.java:296)
08-13 08:03:15.893 31042 31042 W Silhouette:    at top.niunaijun.blackbox.fake.service.HCallbackProxy.handleLaunchActivity(HCallbackProxy.java:171)
08-13 08:03:15.893 31042 31042 W Silhouette:    at top.niunaijun.blackbox.fake.service.HCallbackProxy.handleMessage(HCallbackProxy.java:85)
08-13 08:03:15.893 31042 31042 W Silhouette:    at android.os.Handler.dispatchMessage(Handler.java:106)
08-13 08:03:15.893 31042 31042 W Silhouette:    at android.os.Looper.loop(Looper.java:219)
08-13 08:03:15.893 31042 31042 W Silhouette:    at android.app.ActivityThread.main(ActivityThread.java:8668)
08-13 08:03:15.893 31042 31042 W Silhouette:    at java.lang.reflect.Method.invoke(Native Method)
08-13 08:03:15.893 31042 31042 W Silhouette:    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:513)
08-13 08:03:15.893 31042 31042 W Silhouette:    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1109)
Arc157 commented 1 year ago

Adding null checks to IActivityManagerProxy.java, BroadcastIntent

    @ProxyMethod("broadcastIntent")
    public static class BroadcastIntent extends MethodHook {
        @Override
        protected Object hook(Object who, Method method, Object[] args) throws Throwable {
            int intentIndex = getIntentIndex(args);
            Intent intent = (Intent) args[intentIndex];
            String resolvedType = (String) args[intentIndex + 1];
            Intent proxyIntent = BlackBoxCore.getBActivityManager().sendBroadcast(intent, resolvedType, BActivityThread.getUserId());
            if (proxyIntent != null && BActivityThread.getApplication() != null) {
                proxyIntent.setExtrasClassLoader(BActivityThread.getApplication().getClassLoader());
                ProxyBroadcastRecord.saveStub(proxyIntent, intent, BActivityThread.getUserId());
                args[intentIndex] = proxyIntent;
            }
            // ignore permission
            for (int i = 0; i < args.length; i++) {
                Object o = args[i];
                if (o instanceof String[]) {
                    args[i] = null;
                }
            }
            return method.invoke(who, args);
        }

        int getIntentIndex(Object[] args) {
            for (int i = 0; i < args.length; i++) {
                Object arg = args[i];
                if (arg instanceof Intent) {
                    return i;
                }
            }
            return 1;
        }
    }

And HCallbackProxy.java handleMessage

@Override
    public boolean handleMessage(@NonNull Message msg) {
        if (!mBeing.getAndSet(true)) {
            try {
                if (BRActivityThreadH.get() != null) {
                    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
                        //Log.d(TAG, "BuildCompat.isPie()");
                        if (msg.what == BRActivityThreadH.get().EXECUTE_TRANSACTION()) {
                            if (handleLaunchActivity(msg.obj)) {
                                getH().sendMessageAtFrontOfQueue(Message.obtain(msg));
                                return true;
                            }
                        }
                    } else {
                        if (msg.what == BRActivityThreadH.get().LAUNCH_ACTIVITY()) {
                            if (handleLaunchActivity(msg.obj)) {
                                getH().sendMessageAtFrontOfQueue(Message.obtain(msg));
                                return true;
                            }
                        }
                    }
                    if (msg.what == BRActivityThreadH.get().CREATE_SERVICE()) {
                        return handleCreateService(msg.obj);
                    }
                    if (mOtherCallback != null) {
                        return mOtherCallback.handleMessage(msg);
                    }
                }
                return false;
            } finally {
                mBeing.set(false);
            }
        }
        return false;
    }

This seems to fix the problem. Ill commit these the next update.