Android笔记-Xposed的使用(Hook登录函数获取用户名密码)
Posted IT1995
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Android笔记-Xposed的使用(Hook登录函数获取用户名密码)相关的知识,希望对你有一定的参考价值。
如这个APP例子:
点击登录,Xposed打印:
对应的Java代码:
这里可以看到其包名为hfdcxy.com.myapplication
函数为check。
Xposed关键函数如下:
public class HookUtils implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
if(loadPackageParam.packageName.equals("hfdcxy.com.myapplication")){
XposedBridge.log("here");
XposedHelpers.findAndHookMethod(loadPackageParam.classLoader.loadClass("hfdcxy.com.myapplication.MainActivity"),
"check",
String.class,
String.class,
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
super.beforeHookedMethod(param);
XposedBridge.log("------------beforeHookedMethod start------------");
String userName = (String)param.args[0];
String password = (String)param.args[1];
XposedBridge.log("userName:" + userName + ",password:" + password);
XposedBridge.log("------------beforeHookedMethod end------------");
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
XposedBridge.log("------------afterHookedMethod start------------");
String userName = (String)param.args[0];
String password = (String)param.args[1];
XposedBridge.log("userName:" + userName + ",password:" + password);
XposedBridge.log("------------afterHookedMethod end------------");
}
});
}
}
}
编写Xposed模块的逻辑是这样的。
1. 添加对应Xposed API jar包,修改build.gradle;
2. 继承IXposedHookLoadPackage,设置需要Hook的类名,函数名;
3. 新增资源文件,新建xposed_init,内容为继承IXposedHookLoadPackage的Hook类;
4. androidManifest.xml添加xposed相关模块数据。
如下:
其中xpose_init内容为:
com.example.myapplication.HookUtilsHookUtils.java:
package com.example.myapplication;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class HookUtils implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
if(loadPackageParam.packageName.equals("hfdcxy.com.myapplication")){
XposedBridge.log("here");
XposedHelpers.findAndHookMethod(loadPackageParam.classLoader.loadClass("hfdcxy.com.myapplication.MainActivity"),
"check",
String.class,
String.class,
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
super.beforeHookedMethod(param);
XposedBridge.log("------------beforeHookedMethod start------------");
String userName = (String)param.args[0];
String password = (String)param.args[1];
XposedBridge.log("userName:" + userName + ",password:" + password);
XposedBridge.log("------------beforeHookedMethod end------------");
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
XposedBridge.log("------------afterHookedMethod start------------");
String userName = (String)param.args[0];
String password = (String)param.args[1];
XposedBridge.log("userName:" + userName + ",password:" + password);
XposedBridge.log("------------afterHookedMethod end------------");
}
});
}
}
}AndroidManifest.xml:
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.myapplication">
<application
android:allowBackup="true"
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:roundIcon="@mipmap/ic_launcher_round"
android:supportsRtl="true"
android:theme="@style/AppTheme">
<activity android:name=".MainActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<meta-data android:name="xposedmodule" android:value="true"/>
<meta-data android:name="xposeddescription" android:value="Xposed Demo"/>
<meta-data android:name="xposedminversion" android:value="89"/>
</application>
</manifest>build.gradle
apply plugin: 'com.android.application'
android {
compileSdkVersion 30
buildToolsVersion "30.0.3"
defaultConfig {
applicationId "com.example.myapplication"
minSdkVersion 22
targetSdkVersion 30
versionCode 1
versionName "1.0"
testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
sourceSets {
main{
assets.srcDirs = ['src/assets']
}
}
}
dependencies {
implementation fileTree(include: ['*.jar'], dir: 'libs')
implementation 'androidx.appcompat:appcompat:1.0.2'
implementation 'androidx.constraintlayout:constraintlayout:1.1.3'
testImplementation 'junit:junit:4.12'
androidTestImplementation 'androidx.test.ext:junit:1.1.0'
androidTestImplementation 'androidx.test.espresso:espresso-core:3.1.1'
compileOnly files('lib/XposedBridgeAPI-89.jar')
}以上是关于Android笔记-Xposed的使用(Hook登录函数获取用户名密码)的主要内容,如果未能解决你的问题,请参考以下文章
Android基础项目 Xposed HOOK MAC地址与详细的hook入门
Android逆向之旅---Hook神器家族的Frida工具使用详解
Android数据库加密与破解(Xposed hook SQLCipher 密码)