安卓逆向之路 hook
Xposed hook框架安装
打开 http://repo.xposed.info/module/de.robv.android.xposed.installer 下载 de.robv.android.xposed.installer_v33_36570c.apk (770.28 KB) 打开 https://jcenter.bintray.com/de/robv/android/xposed/api/ 下载 api-82.jar 帮助 https://github.com/rovo89/XposedBridge/wiki/Development-tutorial eclipse创建安卓工程 --> 新增lib目录 --> api-82.jar拖入后构建路径(实际上就是使用第三方jar包) --> 修改AndroidManifest.xml Project -- > properties --> Resource --> Other --> UTF-8 <application android:allowBackup="true" android:icon="@drawable/ic_launcher" android:label="@string/app_name" > <meta-data android:name="xposedmodule" android:value="true" /> <meta-data android:name="xposeddescription" android:value="my name is xiaojianbang" /> <meta-data android:name="xposedminversion" android:value="53" /> </application> src --> 新建一个包com.xposed --> 新建一个类 package com.xposed; import android.util.Log; import de.robv.android.xposed.IXposedHookLoadPackage; import de.robv.android.xposed.XposedBridge; import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam; public class Hook implements IXposedHookLoadPackage { public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable { Log.d("xiaojianbang", "hook..."); if (!lpparam.packageName.equals("com.xingin.xhs")) return; Log.d("xiaojianbang", "hooking..."); } } assets --> xposed_init --> com.xposed.Hook 安装xposed框架 --> 给予root权限 模拟器软重启 真机重启 安装自写的模块 --> 勾选 --> 框架 模拟器软重启 真机重启
IDE
模拟器
输出日志
Xposed hook初探
hook代码
https://github.com/rovo89/XposedBridge/wiki/Development-tutorial
package de.robv.android.xposed.mods.tutorial;
import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
public class Tutorial implements IXposedHookLoadPackage {
public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable {
if (!lpparam.packageName.equals("com.android.systemui"))
return;
findAndHookMethod("com.android.systemui.statusbar.policy.Clock", lpparam.classLoader, "updateClock", new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
// this will be called before the clock was updated by the original method
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
// this will be called after the clock was updated by the original method
}
});
}
}
x小薪
package com.xposed; import static de.robv.android.xposed.XposedHelpers.findAndHookMethod; import android.R.string; import android.util.Log; import de.robv.android.xposed.IXposedHookLoadPackage; import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam; import de.robv.android.xposed.XC_MethodHook; public class Hook implements IXposedHookLoadPackage { public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable { Log.d("xiaojianbang", "hook..."); if (!lpparam.packageName.equals("com.cflc.hp")) return; Log.d("xiaojianbang", "hooking..."); findAndHookMethod("com.cflc.hp.service.a", lpparam.classLoader, "a", string.class, string.class, string.class, string.class, string.class, new XC_MethodHook() { @Override protected void beforeHookedMethod(MethodHookParam param) throws Throwable { } @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { String args0 =(String) param.args[0]; String args1 =(String) param.args[1]; String args2 =(String) param.args[2]; String args3 =(String) param.args[3]; String args4 =(String) param.args[4]; Log.d("xiaojianbang", args0); Log.d("xiaojianbang", args1); Log.d("xiaojianbang", args2); Log.d("xiaojianbang", args3); Log.d("xiaojianbang", args4); } }); } }
运行hook项目 ->模拟器Xposed软重启
编写Xposed模块
谢谢
浙公网安备 33010602011771号