承《叉叉助手框架–用XPOSED实现》,这次用模拟器来使用XPOSED框架,目前比较优秀的模拟器当属bluestacks,而靠谱助手又是集成得较好的一个。
截止目前为止,最新版本的靠谱助手(2.5.1143)在最新的引擎中就默认集成了2.6.1的XPOSED框架,而且默认是激活状态。这就少了许多麻烦的操作,在早期的靠谱助手版本中安装XPOSED,要么无法激活,要么激活后模块并不能有效工作。
开发模块时请使用XposedBridgeApi-42.jar。
注:靠谱助手升级到V3.0以上版本后,任何一个版本的引擎中xposed均失效,虽然0.8的引擎默认是安装有xposed,但是无法激活。
V2.5.1143版本靠谱助手下载地址:http://pan.baidu.com/s/1qWNopXy
V3.0以上版本界面和操作上有很大改观:
把ga.apk安装进去并运行,因为插件当初是写在ga里面,并由ga自动释放出来的。安装xposedemo.apk,并在XPOSEDInstaller中激活xposedemo,重启后运行helloapplication:
优化完善:
直接对GA进行修改,除了加载叉叉助手的插件外,拦截获取MAC的函数:
package com.netease.ga;
import android.app.Activity;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.os.Bundle;
import android.util.Log;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.lang.reflect.Method;
import com.netease.ga.view.MainActivity;
import dalvik.system.DexClassLoader;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;
import static de.robv.android.xposed.XposedHelpers.findClass;
/**
* Created by sing on 14-9-17.
* desc:
*/
public class XposedXXHook implements IXposedHookLoadPackage {
private static final String TAG = "XposedXXHook";
//private static final String TARGET_PACKAGE = "com.example.helloapplication";
//private static final String TARGET_CLASS = "com.example.helloapplication.MainActivity";
private static final String TARGET_FUNCTION = "onCreate";
//private SharedPreferences sp;
/**
*
* @param param
* @throws Throwable
*/
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam param) throws Throwable {
Log.d(TAG, "handleLoadPackage: " + param.packageName);
final String packageName = getHookPackage();
Log.d(TAG, "handleLoadPackage-getHookPackage: " + packageName);
if (packageName.equals(param.packageName) == false) {
return;
}
String hookmainclass = getHookActivity();
Log.d(TAG, "handleLoadPackage-hookmainclass: " + hookmainclass);
Log.d(TAG, "handleLoadPackage: star hook");
findAndHookMethod("android.net.wifi.WifiInfo", param.classLoader, "getMacAddress", new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
Log.d(TAG, "[getMacAddress]beforeHookedMethod");
}
});
XC_MethodHook.Unhook unhook = findAndHookMethod(hookmainclass, param.classLoader, TARGET_FUNCTION, Bundle.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
Log.d(TAG, "[handleLoadPackage]beforeHookedMethod");
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
Log.d(TAG, "[handleLoadPackage]afterHookedMethod: " + param.thisObject.toString());
String plugApkPath = "/data/data/com.netease.ga/app_plugin/lianmengplug.apk";
String plugSoPath = "/data/data/com.netease.ga/app_plugin/libxxlianmeng_mm.so";
String dexOutputDir = "/data/data/" + packageName + "/cache";
ClassLoader localClassLoader = ClassLoader.getSystemClassLoader();
DexClassLoader localDexClassLoader = new DexClassLoader(plugApkPath, dexOutputDir, null, localClassLoader);
java.lang.Class<?> plugClass = localDexClassLoader.loadClass("com.xxAssistant.UI.UniversalUI");
Method mInit = plugClass.getDeclaredMethod("init", Activity.class, String.class);
mInit.invoke(null, param.thisObject, plugSoPath);
}
});
if (unhook!=null) {
Log.d(TAG, "handleLoadPackage: hook ok");
}else{
Log.d(TAG, "handleLoadPackage: hook failed");
}
}
public static String getHookPackage() {
boolean bok = false;
String strContent = "";
try {
FileReader reader = new FileReader("/data/data/com.netease.ga/app_plugin/config.cfg");
BufferedReader br = new BufferedReader(reader);
strContent = br.readLine();
} catch(FileNotFoundException e) {
e.printStackTrace();
} catch(IOException e) {
e.printStackTrace();
}
return strContent;
}
public static String getHookActivity() {
boolean bok = false;
String strContent = "";
try {
FileReader reader = new FileReader("/data/data/com.netease.ga/app_plugin/config.cfg");
BufferedReader br = new BufferedReader(reader);
strContent = br.readLine();
strContent = br.readLine();
} catch(FileNotFoundException e) {
e.printStackTrace();
} catch(IOException e) {
e.printStackTrace();
}
return strContent.replace('/', '.');
}
}
重启模拟器,在GA里面选择:
然后运行目标程序:
显示插件已经装载成功,再点击“显示当前信息”log输出:
10-28 13:58:19.170: D/XposedXXHook(1536): [getMacAddress]beforeHookedMethod
也可以在initZygote中就设置好HOOK,需要再实现一个接口:IXposedHookZygoteInit,如下:
public class XposedXXHook implements IXposedHookZygoteInit, IXposedHookLoadPackage
具体HOOK代码和上面的不太一样:
/**
*
* @param startupParam
* @throws Throwable
*/
@Override
public void initZygote(StartupParam startupParam) throws Throwable {
Log.d(TAG, "initZygote: " + startupParam.toString());
try {
Class<?> cSystemServer = Class.forName("android.net.wifi.WifiInfo");
Method getMacAddress = cSystemServer.getDeclaredMethod("getMacAddress");
XposedBridge.hookMethod(getMacAddress, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
Log.d(TAG, "initZygote-getMacAddress-beforeHookedMethod: " + param.toString());
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
Log.d(TAG, "initZygote-getMacAddress-afterHookedMethod: " + param.toString());
super.afterHookedMethod(param);
}
});
} catch (Throwable ex) {
}
}
存在的问题:
测试到含有so文件的APK时,会有一些打不log,如hellojni,anep,易信等。追踪logcat显示如下错误信息:
10-28 10:51:55.240: I/ActivityManager(571): ARM Package com.example.hellojni doesn't have services
10-28 10:51:55.370: D/dalvikvm(3719): Trying to load lib /data/data/com.example.hellojni/lib/libhello-jni.so 0x31956f10
10-28 10:51:55.370: D/dalvikvm(3719): Added shared lib /data/data/com.example.hellojni/lib/libhello-jni.so 0x31956f10
10-28 10:51:55.370: D/dalvikvm(3719): No JNI_OnLoad found in /data/data/com.example.hellojni/lib/libhello-jni.so 0x31956f10, skipping init
10-28 10:57:07.710: I/ActivityManager(571): package `com.netease.anep` whitelisting status = false
10-28 10:57:07.710: I/ActivityManager(571): Attempting to launch an arm app com.netease.anep
10-28 10:57:07.710: I/ActivityManager(571): ARM Package com.netease.anep doesn't have services
更多错误:
也并不是所有的包含so文件的APK都不可以拦截,某些还是可以的,例如网易邮箱:
文档信息
- 本文作者:zhupite
- 本文链接:https://zhupite.com/android/xxzhushou-7.html
- 版权声明:自由转载-非商用-非衍生-保持署名(创意共享3.0许可证)