Write a plug-in and security guard for intercepting accounts and passwords based on the xposed framework

If there is a need for the source code and what do not understand the contact me QQ2485171968 play games are generally used by the plug, plug-in looks very magical. In fact, his principle is hook, is injected into the target process to obtain data segment data, and then modify to achieve the goal, such as when we started to develop the game, the definition of a variable int sore=0; record the current score of the game, the general program variables are compiled into the data section, The runtime also maps to the corresponding data segment of memory, and the plug-in is to find the address of the variable in memory and modify his value. But the whole process is complex and difficult, so only the people who are technically very high can do it.

Fortunately, rovo98 in Android provides us with a related development framework and the operation of a bad environment, is a well-known xposed framework, about the xposed framework installation and introduction can refer to here Http://www.25pp.com/news/news_ 69599.html, you can also Baidu. About his plug-in development process can refer to the official article https://github.com/rovo89/XposedBridge/wiki/Development-tutorial

, and the official also provided a demo called Redclock,

Now, use the official demo to explain it.

The first step is to build an Android project,

The second step is to import the official Development Kit xposedbradge-version number. jar, can be downloaded to the official GitHub address

Https://github.com/rovo89/XposedBridge/wiki/Development-tutorial

The third step, as shown in Figure configuration Androidmanifest.xml, is added in the Application tab

<meta-data
Android:name= "Xposedmodule"
Android:value= "true"/>
<meta-data
Android:name= "Xposeddescription"
Android:value= "Easy example which makes the status bar clock red and adds a smiley"/>
<meta-data
Android:name= "Xposedminversion"
Android:value= "/>"

property, where <meta-data
Android:name= "Xposedmodule"
Android:value= "true"/>

Is fixed and is used to identify the xposed plug-in so that xposed installer will be recognized and loaded after installation,

<meta-data
Android:name= "Xposeddescription"
Android:value= "Easy example which makes the status bar clock red and adds a smiley"/>
<meta-data

is the amount of caption and description information displayed in the Xposed installer plugin list, which can be customized,

<meta-data
Android:name= "Xposedminversion"
Android:value= "/>"

The version number of this identity jar package is the version number of the SDK development package that was imported.

There's nothing else to be special about,

Fourth step, create a new file named Xposed-init in the assets folder of the project, which is the full path class name (package name + class name) of the entry class.

As the figure, the class name is De.robv.android.xposed.examples.redclock.RedClock, which identifies the plug-in's entry class.

Fifth step, write the entry class, where the entry class to implement the Ixposedhookloadpackage interface, and override the Handleloadpackage method, it means that whenever an app is loaded callback this interface, here we can

Processing our interest in the app, is the package name for the logo, such as the demo is listening to the "Com.android.systemui" package, the corresponding API is the system application systenui.apk specifically display the system UI, such as the status bar,

This is the demo code.

Package de.robv.android.xposed.examples.redclock;


Import static De.robv.android.xposed.XposedHelpers.findAndHookMethod;
Import Android.graphics.Color;
Import Android.util.Log;
Import Android.widget.TextView;
Import De.robv.android.xposed.IXposedHookLoadPackage;
Import De.robv.android.xposed.XC_MethodHook;
Import De.robv.android.xposed.XposedHelpers;
Import De.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;


public class Redclock implements Ixposedhookloadpackage {
public void Handleloadpackage (Loadpackageparam lpparam) throws Throwable {

LOG.V ("PackageName", lpparam.packagename);
if (!lpparam.packagename.equals ("Com.android.systemui"))
Return

Findandhookmethod ("Com.android.systemui.statusbar.policy.Clock", Lpparam.classloader, "Updateclock", New xc_ Methodhook () {
@Override
protected void Afterhookedmethod (Methodhookparam param) throws Throwable {
TextView TV = (TextView) param.thisobject;
String text = Tv.gettext (). toString ();
Tv.settext (text + ":)");
Tv.settextcolor (color.red);
LOG.V ("Redcolock", "Redcolock");
}
});

Xposedhelpers.getobjectfield (obj, "a");
}
}

The effect of the official demo (below) is that the time to modify the status bar is red and added:).



Now we have to write their own plug-in hook qq password, because here is related to QQ security so here is not directly to take QQ to explain, so do a demo imitation QQ landing, code and interface effect as shown below





App's package name is Com.example.test
interface corresponding to the activity of the full path class named Fager.qq.QQActivity
where public button bt_qqlogin; the member variable that corresponds to the login button

Public EditText Et_count; member variables of the corresponding account input box

Public EditText Et_password; member variable for password input box
public void OnClick (View v) The callback function that corresponds to the login button click Time
 
  Then write the plug-in hook QQ password, engineering as shown in Figure
  here is the onclick (View V) function, that is, click the login button, the plugin hooks him, and then get the password control edittext  et_password , then get his content, and then modify the

effect as follows

 

In fact, QQ login code architecture is the same, with the same principle can easily hook to the QQ password, the effect of the picture






  In fact 360 these anti-virus software dynamic defense function is to use such a principle, such as the Rights management function, if we set the appropriate permission for an app to "remind" of the
such as texting, when the app text message will be the box to remind users, such as the picture





also such as app acquisition device information (IMEI) is via code
 telephonymanager TM = (Telephonymanager) This.getsystemservice (Telephony_service);   

String imei= Tm.getdeviceid (), obtained, 360 first hooks the method of Telephonymanager class Getdeviceid (), if the user rejects,
360 returns the result of Getdeviceid () is "00000000000000" so invalid IMEI
As shown in figure






If allowed, return the true IMEI, as shown in figure


Is the hook technology, the principle of Alipay, net Silver app and other to enter the password are easy to hook the password, so security can not be ignored. For the case,
To the pit such a technology to improve user security, the method is very good, the most important is root, if not root can not install the xposed framework, naturally there is no context,
No root, even 360 of the features are greatly discounted, want to dynamic defense function is not possible to achieve, alcohol flow firewall can not be used, so the official Google mobile phone manufacturers are recommended that users do not root is because of this reason.
Second, for passwords such important data input, the corresponding control is best implemented in C language, not the User SDK API.