Android Hook tool Cydia substrate use

Source: Internet
Author: User
Tags root access

Hook Introduction:

Hook is the hook, in Android, is to intercept and monitor the transmission of the event before the event is delivered to the end, like a hook on an event, and be able to handle some of their own specific events when the event is ticked.


Cydia Substrate's official website defines: The powerful code modification platform behind Cydia.

Cydia substrate is a code modification platform that can modify the code of any master process, whether it is written in Java or C/s (native code).

Note: Cydia substrate framework for the operation of the inline hook there are still some bugs, the use of the possibility of a crash phenomenon, some use of domestic custom ROM device in use Cydia The substrate frame will cause the device to fail to restart or be unable to hook.


Steps to use Cydia substrate:

The first step:

Install Cydia substrate Framework Android Local Service

The first is to install the Cydia substrate Framework's Local Service application on Android devices substrate.apk

Then, "link substrate files" (connection to the local substrate service file) is required, and this step requires root access, which requires a reboot before the connection can take effect.

Step Two:

Download using Cydia substrate library (directly to the official website to download). Once the download is complete, all the files (many jar packages and so libraries) will be copied to the Libs folder under the Android project and can be used directly. The substrate.h header file and the so file under the Lib folder are provided in the function support library in the development of native hook programs using the NDK (Native development Kit, native development tools).

So cydia substrate How to use it?

In fact it is very simple, Cydia substrate provides three static method tool class, we just need to learn to use it just fine.

1, Ms.hookclassload get the specified class loading notification

2. Ms.hookmethod use a Java method to replace another Java method

3. Ms.moveunderclassloader using different ClassLoader overloaded objects

Specify the following:

/**

* Hook a specified class

*

* @param name class's package name + class name, such as Android.content.res.Resources

* @param Hook successfully hooks a class callback

*/

void Hookclassload (String name, MS. Classloadhook hook);

/**

* Hook a specified method and replace the code in the method

*

* @param _class Hook's CALSS

* Method parameters for @param member Hook class

* Callback after the successful hook method @param hook

* @param old hook method, similar to method pointers in C

*/

void Hookmethod (Class _class, Member Member, MS. Methodhook Hook, MS. Methodpointer old);

/**

* Hook a specified method and replace the code in the method

*

* @param _class Hook's CALSS

* Method parameters for @param member Hook class

* @param alteration

*/

void Hookmethod (Class _class, Member Member, MS. Methodalteration alteration);

/**

* Overloading an object with one ClassLoader

*

* Loader used by the @param classloader

* @param object with overloaded objects

* @return Overloaded objects

*/

<T> T Moveunderclassloader (ClassLoader loader, t object);


How to hook an application?

Case: Our browser app for Android OS, hook its homepage activity's OnCreate method, and inject our advertisement in it.

Ideas:

1, we according to the provisions of an advertising platform, in our Androidmanifest.xml file to fill in some ads related to the ID.

2, in the Androidmanifest.xml file to fill in some use Cydia substrate related configuration and permissions.

3. Declare an activity for an ad, and set the activity as a transparent activity for the background.

Actual operation:

Some of the contents of its Androidmanifest.xml file are as follows:

<!--ad-related permissions--

<uses-permission android:name= "Android.permission.INTERNET"/>

<uses-permission android:name= "Android.permission.ACCESS_NETWORK_STATE"/>

<uses-permission android:name= "Android.permission.ACCESS_WIFI_STATE"/>

<uses-permission android:name= "Android.permission.READ_PHONE_STATE"/>

<uses-permission android:name= "Android.permission.WRITE_EXTERNAL_STORAGE"/>

<uses-permission android:name= "Android.permission.GET_TASKS"/>

<!--join substrate permissions--

<uses-permission android:name= "Cydia.permission.SUBSTRATE"/>

<!--ADS-related parameters--

<meta-data

Android:name= "app_id"

Android:value= "C62bd976138fa4f2ec853bb408bb38af"/>

<meta-data

Android:name= "App_pid"

Android:value= "DEFAULT"/>

<!--declaration substrate injection main class--

<meta-data

Android:name= "Com.saurik.substrate.main"

Android:value= "Com.example.hookad.Main"/>

<!--Transparent, non-animated ads activity--

<activity

Android:name= "Com.example.hookad.MainActivity"

Android:theme= "@android: Style/theme.translucent.notitlebar" >

<intent-filter>

<action android:name= "Android.intent.action.VIEW"/>

<category android:name= "Android.intent.category.DEFAULT"/>

<!--AD action--

<action android:name= "Com.example.hook.AD"/>

</intent-filter>

</activity>


For the main entry of Cydia substrate, create a new main class with the Initialize method according to the previous procedure.

Here we use the Dumpsys Activity command under the ADB shell to find the activity name of the browser home page called Com.android.browser.BrowserActivity.

Use the Ms.hookclassload method to get the browseractivity and then hook its OnCreate method, in which an activity containing ads is launched. The code for the main class is as follows:

Public class main {    /**     * substrate   Portal      */    static void initialize ()  {after initialization         //Hook  main activity,browseractivity    of the browser      ms.hookclassload ("Com.android.browser.BrowserActivity",  new ms. Classloadhook ()  {            public void  classloaded (class<?> resources)  {          &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;LOG.E ("Test",  "com.android.browser.BrowserActivity");                 //  Get the OnCreate method of Browseractivity                  method oncreate;                try {                      oncreate = resources.getmethod ("OnCreate",  bundle.class);                 } catch  (nosuchmethodexception  e)  {                     onCreate = null;                 }                 if  (oncreate != null)  {                     final ms. Methodpointer old = new&nBsp;ms. Methodpointer ();                     // hook oncreate Methods                      ms.hookmethod (resources, onCreate ,  new ms. Methodhook ()  {                         public object invoked (Object object,  object...args)  throws Throwable {                             &NBSP;LOG.E ("Test",  "Show ad");                             //  Executive HooK before the OnCreate method, to ensure the normal browser start                              object result =   old.invoke (Object, args);                             //  No context                .             //  execute a shell  to launch our ad activity                              cmd.run ("am start -a  Com.example.hook.AD ");                             return result;                         }                     },  old);                 }             }         });     }}


Android Hook tool Cydia substrate use

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.