Android Studio Xposed模块编写(一)
1、环境说明
本文主要参考https://my.oschina.net/wisedream/blog/471292?fromerr=rNPFQidG的内容,自己实现了一遍,侵权请告知
已经安装xposed Installer的nexus5一台,Xposed Installer版本2.7 experimental1, Android 版本4.4.4
开发环境Android Studio 2.2.3
2、开发流程
1、拷贝XposedBridgeApi-54.jar到新建工程的libs目录
2、修改app目录下的build.gradle文件,在AndroidManifest.xml中增加Xposed相关内容
3、新建hook类,编写hook代码
4、在app上右键新建assets folder,然后在assets目录下新建文件xposed_init,在里面写上hook类的完整路径
3、Hook模块编写
1、新建Android studio工程,选择无activity,并将XposedBridgeApi-54.jar拷贝到libs目录下,然后双击app目录下的build.gradle文件,将
compile fileTree(include: ['*.jar'], dir: 'libs') 替换为 provided fileTree(include: ['*.jar'], dir: 'libs')
2、修改AndroidManifest.xml文件,在Application标签下增加内容如下
<meta-data android:name="xposedmodule" android:value="true" /> <meta-data android:name="xposeddescription" android:value="模块描述" /> <meta-data android:name="xposedminversion" android:value="54" />
3、新建hook类,命名为XMdodule,内容如下
public class XModule implements IXposedHookLoadPackage{ @Override public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable { if(loadPackageParam.packageName.equals("com.example.test")){ XposedBridge.log("XLZH " + loadPackageParam.packageName); XposedHelpers.findAndHookMethod(TelephonyManager.class, "getDeviceId", new XC_MethodReplacement() { @Override protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { return "this is imei"; } }); XposedHelpers.findAndHookMethod(TelephonyManager.class, "getSubscriberId", new XC_MethodReplacement() { @Override protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { return "this is imsi"; } }); } } }
代码功能是hook 系统TelephonyManager类的getDeviceId()和getSubscriberId()方法,返回字符串,而且只hook com.example.test应用。
4、新建assets目录,在其中新建文本xposed_init,里面内容为
com.zcgames.xposedtest.XModule
最后的目录结构如下图所示
4、Hook目标应用编写
Android Studio新建com.example.test应用,MainActivity.java内容如下
public class MainActivity extends AppCompatActivity { @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); Button button = (Button)findViewById(R.id.getImei); button.setOnClickListener(new View.OnClickListener(){ @Override public void onClick(View v) { TelephonyManager tm = (TelephonyManager)getSystemService(Context.TELEPHONY_SERVICE); try { Log.d("XLZH", "get imei " + tm.getDeviceId()); Log.d("XLZH", "get imsi " + tm.getSubscriberId()); }catch (Exception e) { Log.d("XLZH", e.getMessage()); e.printStackTrace(); } } }); } }
5、实施Hook
1、XposedTest工程编写完成后,点击Build-Build Apk(因为没有Activity,所以无法点击运行自动安装),build成功后,在app/build/output/apk目录下生成app-debug.apk,点击as下发的Terminal,进入该目录使用adb install安装即可
2、com.example.test工程完成后,点击run运行,点击按钮,使用logcat | grep XLZH,查看结果如下
3,打开xposed Installer应用,选择模块,可以看到XposedTest模块,选中,然后重启手机,再次打开目标应用,点击按钮,结果如下所示,hook成功
6、几个小坑
1、xposed加载模块失败,在xposed installer的log中看到提示如下
java.lang.IllegalAccessError: Class ref in pre-verified class resolved to unexpected implementation
原因:因为没有修改build.gradle文件,默认libs目录下的内容会被包仅apk中,导致和手机上原有的发生了冲突,在build.gradle中把compile修改成provided即可。
2、xposed_init中区分大小写,例如com.zcgames.xposedtest.XModule修改成com.zcgames.XposedTest.XModule,也会导致模块加载失败
3、模块安装后再次使用adb install安装时,提供程序已经安装,需要到设置->应用中找到安装的模块进行卸载(没有activity,无法在桌面卸载)
