Using xposed framework to implement intercepting system method in Android _android

First, the preface

About the xposed framework believe that everyone should be familiar with, he is a well-known framework of the Android Hook technology, there is a framework is cydiasubstrate, but this framework is charged, and personally feel not good, And the xposed framework is free and open source, there are many articles on the Internet also introduced the principle of xposed framework, do not understand the students can be consulted, this article mainly describes how to use this framework for the interception of system methods, such as our development process, for some test environment is difficult to simulate , especially the test students sometimes like random change device IMEI,MCC and other information used to simulate different test scenarios, at this point, if you can modify this value of the system is very convenient for testing, in fact, these have many similar gadgets on the Internet, the following is a detailed explanation of how to use this framework.

Second, the prerequisite problem to be solved

Before we introduce how to use this framework, we have to solve these problems first:

first question : First we know that the core of this framework is System process injection technology, so if you want to inject the system process, you must have root permissions, so if you want to use this framework, you must have a root device.

The second question : There is another problem is that the adaptation of the framework, not all the devices all systems support the use of this framework, I was in the process of the experiment encountered Millet 3+miui7 on the operation failed, As a result, the original Android 4.4 system was repainted to be successful.

Third question : The final issue is the version of the xposed framework itself, and he publishes multiple versions for different systems, so you have to install the correct xposed version for your own device system.

Solve these three problems we can successfully install the xposed framework, and in this process we will find that the two problems are the most:

The first problem is an incompatibility issue:

The second issue is to prompt for installation framework issues:

These two problems are more common and egg pain, because the installation button at the bottom can not click, followed by no way to operate, so very helpless, I also encountered these two problems, and finally did not find the right answer, so an excited to brush a native Android4.4 system,

Third, the environment constructs

The above mentioned at this stage of the use of the framework will encounter some problems, the following is a look at the specific environment to build, if the above problems are resolved, we open the application click installation Framework:

Here or the prompt is not activated, click Enter:

At this time see the normal, you can click to install, directly click on the installation can:

Here is the root authorization, click Allow, installation success will also prompt you to restart the effective, because to inject system process, must restart to have effect.

Here we have successfully installed the Xposed framework, in the process of certain students will encounter problems, and the most of the problem is mentioned above the two issues, about the solution I did not find. I solved the most fundamental way is to brush the machine, so this article I operate the environment is:

Millet 3 Mobile Version +android native 4.4 system +XPOSED_V33 version

Four, the writing module function

The environment is set up, the following is the operation, the tool installed above is actually a module manager, if we want to do some hook operations have to write their own module is the application, and then the module installed in the device, the tool can be detected, will prompt you to load the module and then restart the device, The function of the module will be effective. So here's a look at how to write a xposed module?

Step one: Create a new Android project and import the Xposed toolkit

Here must note that you cannot use the Libs folder but the Lib folder, if you use the Libs folder, after the installation of the successful module reboot will find the hook is failed, by printing the tag for xposed log information will find such an error:

Java.lang.IllegalAccessError:Class ref in Pre-verified Class resolved to unexpected implementation

This error we have encountered in the previous development of Plug-ins, mainly because the interface is included in the plug-in project, so here we can guess that the error problem is also the xposed tool caused. Then we just need to change the Libs folder to Lib, and then add BuildPath.

Note: In eclipse, if you put the toolkit in the Libs file, the default is to add to the compilation path, and all the classes in the toolkit are included in the compiled program, and for other Libs folders, we add the toolkit in the add BuildPath only after the project to refer to the function of the toolkit, and ultimately does not include this toolkit in the program.

Step two: Write the module code

Module code writing is relatively simple, we just create a new class to implement the Ixposedhookloadpackage interface, and then in the Handleloadpackage callback method to intercept the operation, and the specific interception operation is achieved by means of Xposedhelpers.findandhookmethod method and Xposedbridge.hookmethod method, these two methods are relatively simple, from the parameter meaning can be seen, mainly the hook of the class name and method name, and then there is a stop A truncated callback method, typically a Beforehookedmethod method for what to do before and a Afterhookedmethod method for what to do after blocking.

For Ixposedhookloadpackage This interface and callback method, we can know that it should be to intercept all applications in the system running information, where the return of a Loadpackageparam parameter type is to include the hook application specific information, We can print the application package name to see the effect.

Attention:

If you want to hook a specific method of a class, then you must have a clear understanding of the trust information of this method, such as parameter type and number, return type and so on. Because this method must be analyzed in the process of interception, for example, to get method parameters for specific parameter modification, return value information for the return value modification, here see the method to get the IMEI value is a parameter-free return string type method, then if you want to intercept his return value, You need to modify his return value using the Setresult method. So you can see from here, whether it's the way you hook the system, or in the future to hook the third party application of the specific class method, the first step is to understand the specific information you hook object, about system methods can be viewed from the source to get information, and for third-party applications then only with the aid of Reverse compilation technology, For example, to modify the game coin function, you must first decompile the game know how to modify the gold coins and specific methods to be feasible.

Here I not only hook the system's IMEI information, but also simple hook the system's geographical information, in Android to obtain latitude and longitude information There are three ways, here in order to demonstrate a simple, with a GPS positioning function, General access to latitude and longitude of the code is mainly two: one is initialized when the call getlastknowlocation method to get the last system of geographical information

Another is the onlocationchanged callback method in the callback interface that listens for geographic changes:

So if you want to hook the system's location information to intercept, then you need to operate the two code, and they have a difference is that the first is by return to be worthwhile, the second is through the parameters of the callback method. Here's a look at the specific hook code: Hook first code is relatively simple, directly construct a fake location object and then set the return value can be.

Hook the second code is a bit complicated, you need to find a way to add the location of the listener requestlocationupdates, and then through reflection to get the callback object, find a specific callback method, and then in the operation, Because the callback method passes the location object back through the parameter, the parameter value needs to be modified here.

OK, here we have prepared the hook system's IMEI value and location information module.

Step Three: Add Module entry

This step is very important, but also the most easy to forget is to tell the xposed framework of a module in the entrance of the hook, you can see that the module entrance is the main class, so you need to assets in the module to add a xposed_init file:

The content here is very simple, that is, the full name of the module entry class:

Step Fourth: Add additional information for the module

The final step is to add additional information to the module's Androidmanifest.xml file, including the module's description information, version number, and so on:

Xposedmodule: Represents the Android program as a module in the xposed, so the value is true;xposeddescription: The description of the function of this module, you can simply describe the Xposedminversion: Represents the minimum version number of the Xposed jar package used in the development of this module, here is 30, and the Xposed jar package version I used is 54;

After four steps, we have finished the definition of the module, finally, in order to verify the results of our hook, in the new activity class, in the internal call the system to obtain the IMEI method and location information method, and displayed in the screen:

Six, the Operation module

Here we go. To run the module program, after installation to the device, Xposed will prompt the module is not activated:

This Xposedinstaller program should be installed by broadcasting, and then get the application information to analyze whether he contains the special attributes of the Xposed module to judge. We click on to activate:

At this point, after the activation is successful, you will be prompted to restart the device in order to take effect, so here you can see each time if there is a new module or module code has been updated, such as:

It is necessary to reboot the device, the module can be effective, which is still a little bit of pain and trouble. Then we reboot the device after we run our module code to see the effect:

The results from this show that the hook was successful, and the effect before the hook was:

At this point we are looking at the printed log information:

See, Baidu Map in the acquisition of the IMEI and location of our equipment information, of course, this is in line with the normal situation, from here we can see that we can also use this technology to observe what the device in the acquisition of some of the device's privacy data.

Project Download Address: http://download.csdn.net/detail/jiangwei0910410003/9654604

Vii. Practical Use

This article mainly introduces the basic use of the xposed framework and a simple role, but in the actual process, this framework is very useful, for example, at the beginning of the article, we can modify some information to help test simulation complex test environment, But this framework is now the most widely used when it is cracked, this is the focus of our follow-up, with this framework can be used for the shelling, games, such as plug-in.

Viii. Summary

This article is to introduce the xposed of the basic article, mainly introduced the specific use of xposed, xposedinstaller.apk is actually a module carrier and manager, if you want to implement the specific hook operation, you must write the module program, and then in the activation of the loading can be effective. Follow-up will continue to introduce the framework of how to do some of the other operations, such as the application of the shell, the game plug-in writing, system information tampering and other knowledge, look forward to everyone a lot of hope and point of Praise!!