Android Reverse Step (7)--uncover the mystery of hooks

This article I spring and autumn writer--hai_

0x00 Preface

hai_ Reverse User manual (want to try a new writing)

Other android reverse Advanced Series Courses <<<<<<<

Character description

Small white: Has mastered some basic reverse skills of the rookie.
Little Red: Little white girlfriend.
White: The Master of the Little Bai.

Zhushan (Da Baiju)

Master Shifu, I came down today to hear someone say that there is a river in the river to hook the martial arts cheats. It is said to be very powerful and can intercept system. Interceptor Ape developed out of the app.

Little white, do you know what a hook is?

I've heard of it, but I don't understand what a hook is.

Hook this cheats ah, plainly is to rewrite the function . We rewrite this function, we can achieve the purpose we want, intercept, and other content.

Master, I want to learn this hook cheats.

Okay, let's take it slow.

Let's talk about the hook skills we learned today.

Skills (content)

1. Use of a new weapon (xposed framework)
2. Practice using the first heavy internal strength of the hook (Android Studio 3.0 +xposed)
3. Stake in combat practice
4. Wooden Stake F Advanced (small white self-improvement)

0x01 the use of a new weapon (xposed framework)

Xiao Bai, study hard Oh, let's try our new weapon first. Xposed, the future of the river also has a defensive skills.

Xiao Bai you wait, I'll find the weapon where I put it. The so-called 工欲善其事 its prerequisite.

All right, master, you have to go, don't nag.

1. Weapon get

If you want to use this weapon, you need to get through the meridians first.

1.1 meridians (Environment)

1.Root, mobile root, no root and restless. We can do this after we get through the root channel.

2.Xposed frame installation, want to use xposed this weapon, it is necessary to get up first to talk about use.

1.2 Weapons

Xposedbridgeapi-82.jar.jar.

This is our weapon, little white, come on, I'll show you the basics of how to use this weapon.

2. Weapon Demo

We use the xposed weapon to intercept the PackageName and then output it.

In fact, this weapon can be combined with internal strength to play the greatest ability.

With the internal strength, master, this how to engage.

Don't worry, we'll take it one step at a pace.

0x02 practice using the first heavy internal strength of the hook (Android Studio 3.0 +xposed)

Xiao Bai, I first teach you the first heavy internal operating points. Listen well.

Android Studio 3.0 Basic Configuration

Let's start by providing an environment for the content to run.

(1) First build a project that does not require activity

(2) Then import the jar package. And right-click Add as Library.

(3) Fill in the Androidmanifest.xml file.

<meta-data             Android:name= "xposedmodule"             android: Value= "true"/>        <meta- data             Android:name= "xposeddescription"              Android:value= "Hook log test"/>        <meta-data            android: Name= "xposedminversion"             android:value = "/>";           

(4) Modify the dependency mode

The contents of the jar package are already in the xposed, and packing again will conflict.

(5) Basic xposed model creation

Use Alt+enter to implement a method.

Xiao Bai, listen to my wordy two sentences.

Handleloadpackage, this method is used to perform user actions when loading the application's package.

Loadpackageparam Loadpackageparam: This parameter contains some basic information about the loaded application.

Internal strength Realization

Here's a word that can be achieved.

XposedBridge.log ("Hai_app:" + loadpackageparam.packagename);

Here we have to think, what is XposedBridge.log.

The PosedBridge.log print is exported to the Xposed framework's startup program's log function. This is also more convenient for our view.

Let's do the final step of the configuration. Set the starting place.

In the new assets directory, create a new file. The file name is called Xposed_init.

Write the package name + class.

Test results

Build APK

Installation for testing.

The phone is installed and then restarted.

Thinking

The so-called Master led the door, practice to see individuals. So, uh.

I know the master, we can not through this simple to filter ah. For example, write a simple analysis system. Or something else, we can filter on that. I'll try it on my own first.

Xiao Bai's self-cultivation

Through this running path, the registration is analyzed and filtered.

Make a simple attempt.

Use the substring of the Java string you learned yesterday to filter the string.

Then test.

Of course, this can also be described in more detail.

0X03 Stakes Practical Practice

Little white, come, master here to find you a stake, I call you to see. This hook is how the FA, how to fight. To learn well.

Know the master.

Stake information collection 1. Basic information

Little white, use a weapon we've used before to collect this basic information.

Master, what information do we generally collect?

Well, we generally have to collect

1. The package name of the stake
2. Simple logic of a stake
....

Little white, this is your own collection.

Operation of Small white

The first is the package name. Use weapons, Apkhelper.

Gets the package name information. Com.example.login

Then there's the simple logic phone.

2. Anti-compilation information collection

Little white Ah, collect play it?

Finished collecting master.

OK, we'll collect the anti-compilation information next. The enemy can Baizhanbudai.

Master's Operation

First, let's take a look at what we're going to collect.

1. The key class name.
2. The key function location.

To reverse-compile the stakes with Android killer weapons.

Positioning.

View the class name for logging.

Small white, see Clearly, is the way to record.

It turns out that. com/example/login/mainactivity;
But we're going to change that. Com.example.login.MainActivity

Now you need to navigate to the key function.

This login is the function we are going to hook.

ljava/lang/string; Ljava/lang/string; From here we can see that there are two inputs. And the type is string. All we have to do now is to hook this output and then output it.

The construction of the wooden stake practice environment

OK, little white, the early data collection is almost. I am going to do a good work now, to see clearly my use OH.

First, adjust the environment well.

Then do a simple filter first.

This time, the collection of package names will come in handy.

Because the hook is the method, so we use a method here.

The first parameter, the package name of the hook and the name of the method, this is also our collection of good.

The second parameter does not move

A third parameter method name

Parameter entered by the fourth parameter

We have two arguments of type string, so write this

The last parameter is to do a listener. This method can be monitored before and after use.

F for Stakes

Little white, all ready you must, see for the teacher to give you f this stake.

Little white, look at the first trick.

Xposedbridge. Log ("ZHUZHU520: LoginName:" +param. Args[0]);     

This trick made it the first input.

And then we'll see this one.

Xposedbridge. Log ("ZHUZHU520  assward:" +param. Args[1]);     

This trick is to engage its second input.

And then the last trick.

Xposedbridge. Log ("ZHUZHU520: End??? : "+param. GetResult ());    

The trick is to intercept the return value.

Little White Ah, there is a need to think about the content.

What is the meaning or function of this hook?

The thought of Little white

Master, I think first of all, this can intercept the input parameters, as well as the return value. If you have a skill to forward information in a hook. It is not possible to successfully access accounts and passwords for those who log into the account.

It's not like fishing.

I think this is a big loophole, if the login vendor did not do the corresponding treatment, then here I can take this to kill him.

OK, little white, you're right, let's test this out now.

F Stake Test

Little white Ah, you see here we have successfully intercepted content. Small gives you a task, with Hook F drop this stake, I hope he can log in successfully, even if I entered the right.

0x04 Stake F Advanced (small white self-improvement)

Xposedbridge. Log ("ZHUZHU520: End??? : "+param. GetResult ());    

Think of a

The master used a param.getresult () to get the return value, then I can use the same set method to re-assign the value AH.

According to various ways, we know that the return value here is Z, which is the Boolean type.

Do what you say, fight for F to drop the stakes.

To test.

Successful hooks.

Thinking two

In addition to the hook return value, you can also hook input values.

But it's a little superfluous feeling.

0x05 Concluding remarks

Little white, Hook learn to come here. There is time for us to continue to learn hook skills. Go back and practice more.

Android Reverse Step (7)--uncover the mystery of hooks