0x00 Preface
Xposed Framework is a software to modify the system framework services, through its many powerful modules to achieve, and do not conflict at the same time, since the xposed framework released, Android mobile phone has become more and more playable, recently very busy egg pain, research under the interception of Android phone QQ password, Casually review the use of xposed.
0x01 locating key Core Login code
A. Anti-compilation QQ search key characters: "Please enter password", to locate the place shown in 1:
Figure 1
Figure 1 shows the ID of the key string that we want to match
Please enter your account 0x7f0a11f6 decimal 2131366390
Please enter the password 0x7f0a11f9 decimal 2131366393
B. Continue searching for the ID value "0X7F0A11F9" and navigate to the place shown in 2:
Figure 2
Let's take a look at Smali\com\tencent\mobileqq\activity\loginactivity.smali and convert it to Java code 3:
Figure 3
As you can see from Figure 3, it will eventually call the GetText function, so I think this control is not inherited from the edittext, so we just need to hook android.widget.EditText gettext function and determine whether it is a password box.
0X02 Code Specific implementation
0X03 test Results
Install the module and activate it.
began to intercept input QQ password, I entered 88888888 was intercepted, as shown:
To test the intercepted log:
PDF document and sample download:
Http://yunpan.cn/cdDt5eZuKdzrZ (Extract code: 2429)
Xposed intercept Android phone QQ password