This article I spring and autumn writer--hai_
0x00 Preface
hai_ Reverse User manual (want to try a new writing)
Other android reverse Advanced Series Courses <<<<<<<
Character description
Small white: Has mastered some basic reverse skills of the rookie.
Little Red: Little white girlfriend.
White: The Master of the Little Bai.
Zhushan (Da Baiju)
Master Shifu, I came down today to hear someone say that there is a river in the river to hook the martial arts cheats. It is said to be very powerful and can intercept system. Interceptor Ape developed out of the app.
Little white, do you know what a hook is?
I've heard of it, but I don't understand what a hook is.
Hook this cheats ah, plainly is to rewrite the function . We rewrite this function, we can achieve the purpose we want, intercept, and other content.
Master, I want to learn this hook cheats.
Okay, let's take it slow.
Let's talk about the hook skills we learned today.
Skills (content)
1. Use of a new weapon (xposed framework)
2. Practice using the first heavy internal strength of the hook (Android Studio 3.0 +xposed)
3. Stake in combat practice
4. Wooden Stake F Advanced (small white self-improvement)
0x01 the use of a new weapon (xposed framework)
Xiao Bai, study hard Oh, let's try our new weapon first. Xposed, the future of the river also has a defensive skills.
Xiao Bai you wait, I'll find the weapon where I put it. The so-called 工欲善其事 its prerequisite.
All right, master, you have to go, don't nag.
1. Weapon get
If you want to use this weapon, you need to get through the meridians first.
1.1 meridians (Environment)
1.Root, mobile root, no root and restless. We can do this after we get through the root channel.
2.Xposed frame installation, want to use xposed this weapon, it is necessary to get up first to talk about use.
1.2 Weapons
Xposedbridgeapi-82.jar.jar.
This is our weapon, little white, come on, I'll show you the basics of how to use this weapon.
2. Weapon Demo
We use the xposed weapon to intercept the PackageName and then output it.
In fact, this weapon can be combined with internal strength to play the greatest ability.
With the internal strength, master, this how to engage.
Don't worry, we'll take it one step at a pace.
0x02 practice using the first heavy internal strength of the hook (Android Studio 3.0 +xposed)
Xiao Bai, I first teach you the first heavy internal operating points. Listen well.
Android Studio 3.0 Basic Configuration
Let's start by providing an environment for the content to run.
(1) First build a project that does not require activity
(2) Then import the jar package. And right-click Add as Library.
(3) Fill in the Androidmanifest.xml file.
<meta-data Android:name= "xposedmodule" android: Value= "true"/> <meta- data Android:name= "xposeddescription" Android:value= "Hook log test"/> <meta-data android: Name= "xposedminversion" android:value = "/>";
(4) Modify the dependency mode
The contents of the jar package are already in the xposed, and packing again will conflict.
(5) Basic xposed model creation
Use Alt+enter to implement a method.
Xiao Bai, listen to my wordy two sentences.
Handleloadpackage, this method is used to perform user actions when loading the application's package.
Loadpackageparam Loadpackageparam: This parameter contains some basic information about the loaded application.
Internal strength Realization
Here's a word that can be achieved.
XposedBridge.log ("Hai_app:" + loadpackageparam.packagename);
Here we have to think, what is XposedBridge.log.
The PosedBridge.log print is exported to the Xposed framework's startup program's log function. This is also more convenient for our view.
Let's do the final step of the configuration. Set the starting place.
In the new assets directory, create a new file. The file name is called Xposed_init.
Write the package name + class.
Test results
Build APK
Installation for testing.
The phone is installed and then restarted.
Thinking
The so-called Master led the door, practice to see individuals. So, uh.
I know the master, we can not through this simple to filter ah. For example, write a simple analysis system. Or something else, we can filter on that. I'll try it on my own first.
Xiao Bai's self-cultivation
Through this running path, the registration is analyzed and filtered.
Make a simple attempt.
Use the substring of the Java string you learned yesterday to filter the string.
Then test.
Of course, this can also be described in more detail.
0X03 Stakes Practical Practice
Little white, come, master here to find you a stake, I call you to see. This hook is how the FA, how to fight. To learn well.
Know the master.
Stake information collection 1. Basic information
Little white, use a weapon we've used before to collect this basic information.
Master, what information do we generally collect?
Well, we generally have to collect
1. The package name of the stake
2. Simple logic of a stake
....
Little white, this is your own collection.
Operation of Small white
The first is the package name. Use weapons, Apkhelper.
Gets the package name information. Com.example.login
Then there's the simple logic phone.
2. Anti-compilation information collection
Little white Ah, collect play it?
Finished collecting master.
OK, we'll collect the anti-compilation information next. The enemy can Baizhanbudai.
Master's Operation
First, let's take a look at what we're going to collect.
1. The key class name.
2. The key function location.
To reverse-compile the stakes with Android killer weapons.
Positioning.
View the class name for logging.
Small white, see Clearly, is the way to record.
It turns out that. com/example/login/mainactivity;
But we're going to change that. Com.example.login.MainActivity
Now you need to navigate to the key function.
This login is the function we are going to hook.
ljava/lang/string; Ljava/lang/string; From here we can see that there are two inputs. And the type is string. All we have to do now is to hook this output and then output it.
The construction of the wooden stake practice environment
OK, little white, the early data collection is almost. I am going to do a good work now, to see clearly my use OH.
First, adjust the environment well.
Then do a simple filter first.
This time, the collection of package names will come in handy.
Because the hook is the method, so we use a method here.
The first parameter, the package name of the hook and the name of the method, this is also our collection of good.
The second parameter does not move
A third parameter method name
Parameter entered by the fourth parameter
We have two arguments of type string, so write this
The last parameter is to do a listener. This method can be monitored before and after use.
F for Stakes
Little white, all ready you must, see for the teacher to give you f this stake.
Little white, look at the first trick.
Xposedbridge. Log ("ZHUZHU520: LoginName:" +param. Args[0]);
This trick made it the first input.
And then we'll see this one.
Xposedbridge. Log ("ZHUZHU520 assward:" +param. Args[1]);
This trick is to engage its second input.
And then the last trick.
Xposedbridge. Log ("ZHUZHU520: End??? : "+param. GetResult ());
The trick is to intercept the return value.
Little White Ah, there is a need to think about the content.
What is the meaning or function of this hook?
The thought of Little white
Master, I think first of all, this can intercept the input parameters, as well as the return value. If you have a skill to forward information in a hook. It is not possible to successfully access accounts and passwords for those who log into the account.
It's not like fishing.
I think this is a big loophole, if the login vendor did not do the corresponding treatment, then here I can take this to kill him.
OK, little white, you're right, let's test this out now.
F Stake Test
Little white Ah, you see here we have successfully intercepted content. Small gives you a task, with Hook F drop this stake, I hope he can log in successfully, even if I entered the right.
0x04 Stake F Advanced (small white self-improvement)
Xposedbridge. Log ("ZHUZHU520: End??? : "+param. GetResult ());
Think of a
The master used a param.getresult () to get the return value, then I can use the same set method to re-assign the value AH.
According to various ways, we know that the return value here is Z, which is the Boolean type.
Do what you say, fight for F to drop the stakes.
To test.
Successful hooks.
Thinking two
In addition to the hook return value, you can also hook input values.
But it's a little superfluous feeling.
0x05 Concluding remarks
Little white, Hook learn to come here. There is time for us to continue to learn hook skills. Go back and practice more.
Android Reverse Step (7)--uncover the mystery of hooks