安卓逆向HOOK 3.系类HOOK
package xphok; import java.lang.reflect.Method; import java.security.MessageDigest; import java.text.DateFormat.Field; import android.R.string; import android.view.View; import android.widget.EditText; import de.robv.android.xposed.IXposedHookLoadPackage; import de.robv.android.xposed.XC_MethodHook; import de.robv.android.xposed.XposedBridge; import de.robv.android.xposed.XposedHelpers; import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam; public class xp implements IXposedHookLoadPackage{ ///XP框架入口点 @Override public void handleLoadPackage(LoadPackageParam pparam) throws Throwable { // TODO Auto-generated method stub if(pparam.packageName.equals("com.qianyu.zhuceji")) { XposedHelpers.findAndHookMethod( "com.qianyu.zhuceji.MainActivity", pparam.classLoader, "checkSN", String.class, String.class, new XC_MethodHook() { @Override protected void beforeHookedMethod(MethodHookParam param) throws Throwable { super.beforeHookedMethod(param); //XposedBridge.log("userName:"+param.args[0]); //XposedBridge.log("修改器前激活码:"+param.args[1]); ///反射机制 ///1.获取类 Class<?> clazz=param.thisObject.getClass(); ///获取字段 java.lang.reflect.Field sn=clazz.getDeclaredField("edit_sn"); //设置可见 sn.setAccessible(true); EditText et_sn=(EditText)sn.get(param.thisObject); String uesename=(String)param.args[0]; MessageDigest digest = MessageDigest.getInstance("MD5"); digest.reset(); digest.update(uesename.getBytes()); //反射主动调用 ///获取方法 Method method= clazz.getDeclaredMethod("toHexString", new Class[]{byte[].class,String.class}); ///私有设置可见 method.setAccessible(true); String hexstr=(String)method.invoke(param.thisObject, new Object[]{digest.digest(), ""}); ///主动调用方法 // String hexstr=(String)XposedHelpers.callStaticMethod( // param.thisObject.getClass(),///返回类 // "toHexString", // new Object[]{digest.digest(),""}); XposedBridge.log("hexstr的属性::"+hexstr); StringBuilder sb = new StringBuilder(); for (int i = 0; i < hexstr.length(); i += 2) { sb.append(hexstr.charAt(i)); } //param.args[0]="111111"; param.args[1]=sb.toString(); et_sn.setText(sb.toString()); ///XposedBridge.log("参数1"+param.args[0]); XposedBridge.log("正确激活码:"+param.args[1]); } @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { super.afterHookedMethod(param); XposedBridge.log("返回值"+param.getResult()); ///param.setResult(true); } } ); ///匿名类 XposedHelpers.findAndHookMethod( "com.qianyu.zhuceji.MainActivity$1", pparam.classLoader, "onClick", View.class, new XC_MethodHook() { @Override protected void beforeHookedMethod(MethodHookParam param) throws Throwable { super.beforeHookedMethod(param); View view=(View)param.args[0]; XposedBridge.log("参数1view"+view.getId()); } }); } if(pparam.packageName.equals("com.wolong.resource")) { ///hook所有类 XposedHelpers.findAndHookConstructor( "com.yaotong.crackme.MainActivity", pparam.classLoader, int.class, String.class, new XC_MethodHook(){} ); } } }
笔记细节
https://www.52pojie.cn/thread-1719456-1-1.html
本文来自博客园,作者:逆向狗,转载请注明原文链接:https://www.cnblogs.com/Agtw/p/16926428.html
浙公网安备 33010602011771号