Hook Introduction:
Hook is the hook, in Android, is to intercept and monitor the transmission of the event before the event is delivered to the end, like a hook on an event, and be able to handle some of their own specific events when the event is ticked.
Cydia Substrate's official website defines: The powerful code modification platform behind Cydia.
Cydia substrate is a code modification platform that can modify the code of any master process, whether it is written in Java or C/s (native code).
Note: Cydia substrate framework for the operation of the inline hook there are still some bugs, the use of the possibility of a crash phenomenon, some use of domestic custom ROM device in use Cydia The substrate frame will cause the device to fail to restart or be unable to hook.
Steps to use Cydia substrate:
The first step:
Install Cydia substrate Framework Android Local Service
The first is to install the Cydia substrate Framework's Local Service application on Android devices substrate.apk
Then, "link substrate files" (connection to the local substrate service file) is required, and this step requires root access, which requires a reboot before the connection can take effect.
Step Two:
Download using Cydia substrate library (directly to the official website to download). Once the download is complete, all the files (many jar packages and so libraries) will be copied to the Libs folder under the Android project and can be used directly. The substrate.h header file and the so file under the Lib folder are provided in the function support library in the development of native hook programs using the NDK (Native development Kit, native development tools).
So cydia substrate How to use it?
In fact it is very simple, Cydia substrate provides three static method tool class, we just need to learn to use it just fine.
1, Ms.hookclassload get the specified class loading notification
2. Ms.hookmethod use a Java method to replace another Java method
3. Ms.moveunderclassloader using different ClassLoader overloaded objects
Specify the following:
/**
* Hook a specified class
*
* @param name class's package name + class name, such as Android.content.res.Resources
* @param Hook successfully hooks a class callback
*/
void Hookclassload (String name, MS. Classloadhook hook);
/**
* Hook a specified method and replace the code in the method
*
* @param _class Hook's CALSS
* Method parameters for @param member Hook class
* Callback after the successful hook method @param hook
* @param old hook method, similar to method pointers in C
*/
void Hookmethod (Class _class, Member Member, MS. Methodhook Hook, MS. Methodpointer old);
/**
* Hook a specified method and replace the code in the method
*
* @param _class Hook's CALSS
* Method parameters for @param member Hook class
* @param alteration
*/
void Hookmethod (Class _class, Member Member, MS. Methodalteration alteration);
/**
* Overloading an object with one ClassLoader
*
* Loader used by the @param classloader
* @param object with overloaded objects
* @return Overloaded objects
*/
<T> T Moveunderclassloader (ClassLoader loader, t object);
How to hook an application?
Case: Our browser app for Android OS, hook its homepage activity's OnCreate method, and inject our advertisement in it.
Ideas:
1, we according to the provisions of an advertising platform, in our Androidmanifest.xml file to fill in some ads related to the ID.
2, in the Androidmanifest.xml file to fill in some use Cydia substrate related configuration and permissions.
3. Declare an activity for an ad, and set the activity as a transparent activity for the background.
Actual operation:
Some of the contents of its Androidmanifest.xml file are as follows:
<!--ad-related permissions--
<uses-permission android:name= "Android.permission.INTERNET"/>
<uses-permission android:name= "Android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name= "Android.permission.ACCESS_WIFI_STATE"/>
<uses-permission android:name= "Android.permission.READ_PHONE_STATE"/>
<uses-permission android:name= "Android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name= "Android.permission.GET_TASKS"/>
<!--join substrate permissions--
<uses-permission android:name= "Cydia.permission.SUBSTRATE"/>
<!--ADS-related parameters--
<meta-data
Android:name= "app_id"
Android:value= "C62bd976138fa4f2ec853bb408bb38af"/>
<meta-data
Android:name= "App_pid"
Android:value= "DEFAULT"/>
<!--declaration substrate injection main class--
<meta-data
Android:name= "Com.saurik.substrate.main"
Android:value= "Com.example.hookad.Main"/>
<!--Transparent, non-animated ads activity--
<activity
Android:name= "Com.example.hookad.MainActivity"
Android:theme= "@android: Style/theme.translucent.notitlebar" >
<intent-filter>
<action android:name= "Android.intent.action.VIEW"/>
<category android:name= "Android.intent.category.DEFAULT"/>
<!--AD action--
<action android:name= "Com.example.hook.AD"/>
</intent-filter>
</activity>
For the main entry of Cydia substrate, create a new main class with the Initialize method according to the previous procedure.
Here we use the Dumpsys Activity command under the ADB shell to find the activity name of the browser home page called Com.android.browser.BrowserActivity.
Use the Ms.hookclassload method to get the browseractivity and then hook its OnCreate method, in which an activity containing ads is launched. The code for the main class is as follows:
Public class main { /** * substrate Portal */ static void initialize () {after initialization //Hook main activity,browseractivity of the browser ms.hookclassload ("Com.android.browser.BrowserActivity", new ms. Classloadhook () { public void classloaded (class<?> resources) { &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;LOG.E ("Test", "com.android.browser.BrowserActivity"); // Get the OnCreate method of Browseractivity method oncreate; try { oncreate = resources.getmethod ("OnCreate", bundle.class); } catch (nosuchmethodexception e) { onCreate = null; } if (oncreate != null) { final ms. Methodpointer old = new&nBsp;ms. Methodpointer (); // hook oncreate Methods ms.hookmethod (resources, onCreate , new ms. Methodhook () { public object invoked (Object object, object...args) throws Throwable { &NBSP;LOG.E ("Test", "Show ad"); // Executive HooK before the OnCreate method, to ensure the normal browser start object result = old.invoke (Object, args); // No context . // execute a shell to launch our ad activity cmd.run ("am start -a Com.example.hook.AD "); return result; } }, old); } } }); }}
Android Hook tool Cydia substrate use