Play Hook on Android?

Source: Internet
Author: User
Tags android sdk manager

In the jungle of Chinese Internet, the seal of plagiarism is the pass of Monopoly giants, and innovation is the epitaph of the weak entrepreneurs.

Understanding Hooks

Have not touched the hook technology readers will certainly feel a special sense of the word hook, Hook English translation is the meaning of "hook", then when we use this "hook" it?

We know that the system maintains its own set of event distribution mechanisms in the Android operating system. Applications, including application-triggered events and background logic processing, are also executed down-to-back according to the event flow. The "hook" means intercepting and monitoring the transmission of the event before the event is delivered to the end, like a hook-and-eye event. And be able to handle some of their own specific events when the event is ticked. As shown in the following:

The hook's ability to "fit" its code into the process of a hooked program becomes a part of the target process. We also know that in the Android system using the sandbox mechanism, the ordinary user program process space is independent, the program runs between each other undisturbed.

This allows us to hope that the idea of changing certain behaviors of other programs through a program cannot be achieved directly, but the advent of hooks opens the way to solving such problems. Of course, according to the Hook object and hook after the processing of different events, hooks are divided into different types, such as message hooks, API hooks.

Cydiasubstrate Frame


If a user who has used an Apple phone should not be unfamiliar with the cydiasubstrate framework, the CYDIASUBSTRATE framework provides the user with a jailbreak-related service framework for Apple users.

Cydiasubstrate formerly known as MobileSubstrate (the class library is the beginning of MS), the author is the famous Jay Freeman (Saurik).

Of course Cydiasubstrate also launched the Android version. Cydia substrate is a code modification platform. It can modify the code of any master process, whether it is written in Java or C/s (native code).

Official address: http://www.cydiasubstrate.com/.

Install Cydiastrate Framework Android Local Service

The first is to install the Cydiasubstrate Framework's local Service application substrate.apk on the Android device, which we can download to the website.

The official: http://www.cydiasubstrate.com/download/com.saurik.substrate.apk

Of course, after we install substrate, we need "link substrate files" (connect to the local substrate service file), this step is required root permission, after the connection will need to restart the device to be effective.

download using Cydiasubstrate library
Cydiasubstrate official recommends adding their plugin addresses in the Android SDK manager for updates to download.

For example, add http://asdk.cydiasubstrate.com/addon.xml to user-defined URLs.

After downloading the cydiasubstrate framework using the ANDROID SDK Manager tool, it is stored under directory ${android_home}\sdk\extras\saurikit\cydia_substrate.

However, because the Android SDK manager in the domestic use of a lot of restrictions, the download time is not very stable, so it is recommended that you go directly to the official website to download the development library.
The official: Http://asdk.cydiasubstrate.com/zips/cydia_substrate-r2.zip.

After the download is complete, you will get all the files (many jar packages and so libraries) that are copied to the Libs folder under the Android project and can be used directly.

The substrate.h header file and the so file under the Lib folder are provided as a function support library in the development of native hook programs using the NDK.

TIPS:CydiaSubstrate框架对于inline Hook的操作目前还是存在一些bug,使用的时候可能会出现崩溃的现象,部分使用了国内定制的ROM的设备在使用CydiaSubstrate框架时会造成设备无法重新启动或无法Hook的现象。
How to use Cydiasubstrate?

How to use Cydiasubstrate? In fact, Cydiasubstrate provides three static method tool classes, and we just need to learn to use it just fine.

MS.hookClassLoad    拿到指定Class载入时的通知MS.hookMethod   使用一个Java方法去替换另一个Java方法MS.moveUnderClassLoader 使用不同的ClassLoder重载对象

Specify the following:

/** * Hook a specified class * * @param name class's package name + class name, such as Android.content.res.Resources * @param Hook successful hoo K A class-after callback * /voidHookclassload (String name, MS. Classloadhook hook);/** * Hook a specified method and replace the code in the method * * @param _class Hook's CALSS * @param The method parameters of the member Hook class * @par the callback after the AM hook successful hook method * @param old hook method, similar to the method pointer in C */voidHookmethod (Class _class, Member Member, MS. Methodhook Hook, MS. Methodpointer old);/** * Hook a specified method and replace the code in the method * * @param _class Hook's CALSS * @param The method parameters of the member Hook class * @par Am alteration * /voidHookmethod (Class _class, Member Member, MS. Methodalteration alteration);/** * Use a ClassLoader to reload an object * * @param loader used by ClassLoader * @param object with overloaded objects * @return 
       the Overloaded object * /<T> T Moveunderclassloader (ClassLoader loader, t object);
Start combat (AD injection)

Hearing this topic, I think a lot of packing the party also can't wait, a little too impatient. Rely on advertising is not earn money, the author is also a packaging party. Programmers still grow and develop, a quick money belt will let you in the programming road farther and further.

Back to the point, using the cydiasubstrate framework we can arbitrarily hook the Java API in the system, of course, it also uses a lot of reflection mechanism, so in addition to the system to provide developers with the API, we can also hook some methods in the application? The answer is yes. Let's look at a practical example of how to hook an application.

Below we apply for the Android operating system browser, hook its homepage activity OnCreate method (other methods do not necessarily exist, but the OnCreate method will certainly have), and inject our ads. Based on the introduction of Cydiasubstrate, we have a simple idea.

First, we fill in our Androidmanifest.xml file with some ad-related IDs based on the rules of an advertising platform. and fill in the Androidmanifest.xml file with some configuration and permissions that are related to cydiasubstrate. Of course, we will also declare an activity for an ad and set the activity as a transparent background activity, why set up activity with a transparent background, such as:

OK, let's do it now.

Some of the contents of its Androidmanifest.xml file are as follows:

<!--ad-related permissions--<uses-permission android:name="Android.permission.INTERNET" /><uses-permission android:name="Android.permission.ACCESS_NETWORK_STATE" /> <uses-permission android:name="Android.permission.ACCESS_WIFI_STATE" /> <uses-permission android:name="Android.permission.READ_PHONE_STATE" /> <uses-permission android:name="Android.permission.WRITE_EXTERNAL_STORAGE" /><uses-permission android:name="Android.permission.GET_TASKS" /><!--join substrate permissions --<uses-permission android:name="Cydia.permission.SUBSTRATE" /><applicationandroid:allowbackup="true"android:icon="@ Drawable/ic_launcher "android:label=" @string/app_name "android:theme= "@style/apptheme" >                    <!--ADS-related parameters --    <meta-dataandroid:name= "app_id"android:value=" C62bd976138fa4f2ec853bb408bb38af " />                    <meta-dataandroid:name="App_pid"android:value="DEFAULT" />                    <!--statement substrate injection Flavor main class--    <meta-dataandroid:name="Com.saurik.substrate.main"android:value= "Com.example.hookad.Main" />                    <!--Transparent, non-animated ads activity--    <activityandroid:name="com.example.hookad.MainActivity"android:theme ="@android: Style/theme.translucent.notitlebar" >                        <intent-filter>            <action android:name="Android.intent.action.VIEW" />            <category android:name="Android.intent.category.DEFAULT" />            <!--ad action--            <action android:name="Com.example.hook.AD" />        </intent-filter>    </activity></Application>

For the main entry of Cydiasubstrate, create a new main class that contains the Initialize method according to the previous steps.

This time we want to use the Ms.hookclassload method to find the activity name of the browser homepage.

Here we use the Dumpsys Activity command under the ADB shell to find the activity name of the browser home page called Com.android.browser.BrowserActivity.

Use the Ms.hookclassload method to get the browseractivity and then hook its OnCreate method, which initiates an activity that contains ads. The code for the main class is as follows:

 Public classMain {/** * Substrate the Portal after initialization * *    Static voidInitialize () {//hook Browser's main activity,browseractivityMs.hookclassload ("Com.android.browser.BrowserActivity",NewMs. Classloadhook () { Public voidClassloaded (Class<?> resources) {LOG.E ("Test","Com.android.browser.BrowserActivity");//Get the OnCreate method of BrowseractivityMethod onCreate;Try{onCreate = Resources.getmethod ("OnCreate", Bundle.class); }Catch(Nosuchmethodexception e) {onCreate =NULL; }if(OnCreate! =NULL) {final MS. Methodpointer old =NewMs. Methodpointer ();//Hook OnCreate methodMs.hookmethod (Resources, OnCreate,NewMs. Methodhook () { PublicObjectinvoked(ObjectObject, Object...args) throws Throwable {LOG.E ("Test","Show ad");//Implement hook OnCreate method to ensure the browser starts normallyObject result = Old.invoke (Object, args);//No context                            //execute a Shell to launch our ad activityCmd.run ("AM start-a Com.example.hook.AD");returnResult                }}, old);    }            }        }); }}

For the launch of the ad mainactivity, in which is a pop-up interstitial ad. Of course, but also other forms of advertising or floating layer, the content is relatively simple here does not do a demonstration. Compile and run the entire project. This time when we restarted Android's own browser, we found that the browser will pop up an ad box.

From the above picture we can see that, before we set interstitial ads mainactivity for untitled Transparent (Theme.Translucent.NoTitleBar) is to make the pop out of the ads and browser integration, so that users feel that the browser pop-up ads. is also a malicious advertising program in order to prevent itself from being uninstalled some of the common hidden means.

The injected ad shown here is a OnCreate method in the activity specified by the hook to initiate an ad activity. Of course, the activity we're demonstrating here is just a simple bounce out of an ad. If the activity initiated is malicious, such as fishing activity that does the same activity as the original activity, then it is very deceptive for mobile device users.

After the writing

In fact, I do not want to send this article, I have done advertising packaging party, know that this also for the various underground Nuggets packaging party provides ideas.

However, cydiasubstrate not only for the injection of advertising, I hope that we dig a lot of ideas, to learn to improve the main.

Finally, interested in the discussion of add me a bit, we make friends.

/*
* @author Zhoushengtao (Zhou San)
* @since August 6, 2015 16:52:22
* @weixin stchou_zst
* @blog http://blog.csdn.net/yzzst
* @ Exchange Learning QQ Group: 341989536
* @ Private qq:445914891
/

Copyright NOTICE: Reprint please mark: Http://blog.csdn.net/yzzst. This article for Bo Master original article, without Bo Master permission not reproduced.

Play Hook on Android?

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.