Hook on Android ?, Hook for Android games?
In the jungle of China's Internet, closed plagiarism is the pass of monopoly giants, and innovation is the tomb of weak entrepreneurs.
Learn about Hook
Readers who have not been familiar with the Hook technology will be very unfamiliar with the word Hook. Hook means "Hook, when should we use this "hook?
We know that the Android operating system maintains its own event distribution mechanism. Applications, including application trigger events and background logic processing, are also executed step by step based on the event process. The "Hook" means to intercept and monitor the transmission of events before the event is sent to the terminal, Just Like hook events. In addition, you can handle some specific events when you hook events. As shown in:
Hook's ability allows it to "integrate" its code into the process of the Hook program and become a part of the target process. We also know that the sandbox mechanism is used in the Android system. The process space of common user programs is independent, and the running of programs is independent of each other.
This makes it impossible to directly implement the idea of changing some behaviors of other programs through a program, but the appearance of Hook opens up the path for us to solve such problems. Of course, according to the different event methods of Hook object and Hook post-processing, Hook is also divided into different types, such as message Hook and API Hook.
CydiaSubstrate framework
Users who have used Apple mobile phones should be familiar with the Cydiasubstrate framework, because the Cydiasubstrate framework provides Apple users with jailbreak-related service frameworks.
Cydiasubstrate, formerly known as MobileSubstrate (all class libraries start with MS). The author is Jay Freeman (saurik), the famous one ).
Of course, Cydiasubstrate also launched the Android version. Cydia Substrate is a code modification platform. It can modify the code of any main process, whether written in Java or C/C ++ (native code.
Official website address: http://www.cydiasubstrate.com /.
Install the Cydiastrate framework Android Local Service
First, install the service application substrate.apk of the cydiasubstrateframework on the androiddevice. We can download it from its official website.
Official: http://www.cydiasubstrate.com/download/com.saurik.substrate.apk
Of course, after we install substrate, we need "Link Substrate Files" (to connect to the local Substrate service file). This step requires the Root permission. After the connection, we also need to restart the device to take effect.
Download and use the Cydiasubstrate Library
Cydiasubstrate officially recommends adding their plug-in addresses to Android SDK Manager for update and download.
For example, add http://asdk.cydiasubstrate.com/addon.xmlto the custom URL.
After downloading the Cydiasubstrate framework using the Android SDK Manager tool, it is stored in the directory $ {ANDROID_HOME} \ sdk \ extras \ saurikit \ cydia_substrate.
However, because the Android SDK Manager has many restrictions in use in China and the download process is not very stable, we recommend that you download the development library directly on the official website.
Official Website: http://asdk.cydiasubstrate.com/zips/cydia_substrate-r2.zip.
After the download is complete, copy all the files (many jar packages and so libraries) to the libs folder under the Android project for direct use.
The substrate. h header file and the so file in the lib folder provide Function Support libraries for native Hook program development using NDK.
TIPS: The CydiaSubstrate framework still has some bugs in inline Hook operations, which may crash when used, some devices that use custom ROM in China cannot be restarted or Hook when CydiaSubstrate framework is used.
How to Use CydiaSubstrate?
How to Use CydiaSubstrate? Actually, CydiaSubstrate provides three static method tool classes. We only need to learn how to use them.
MS. hookClassLoad gets the notification when the specified Class is loaded. MS. hookMethod uses one Java method to replace another Java method. MS. moveUnderClassLoader uses different ClassLoder to overload objects.
The details are as follows:
/*** Hook the package name + Class name of a specified Class ** @ param name Class, such as android. content. res. resources * @ param hook success Hook the callback after a Class */void hookClassLoad (String name, MS. classLoadHook hook);/*** Hook a specified method, replace the method code ** @ param _ class Hook's calss * @ param member Hook class method parameter * @ param hook callback after the method is successfully hooked * @ param old Hook method, similar to the method pointer */void hookMethod (Class _ class, Member member, MS. methodHook hook, MS. methodPointer old);/*** Hook a specified method, replace the method code ** @ param _ class Hook's calss * @ param member Hook class's method parameter * @ param alteration */void hookMethod (Class _ class, Member member, MS. methodAlteration alteration ); /*** use a ClassLoader to reload an object ** @ param loader use ClassLoader * @ param object with the overloaded object * @ return the overloaded object */<T> T moveUnderClassLoader (ClassLoader loader, T object );
Getting started (advertising injection)
When I heard this question, I guess many packaging parties can't wait. Advertisement cannot make a lot of money. I am also a package party. Programmers are still focusing on growth and development. Quick money will make you go farther and farther on the programming Road.
Back to the question, we can Hook Java APIs in the system using the Cydiasubstrate framework. Of course, many reflection mechanisms are also used. In addition to the APIS provided to developers in the system, can we Hook some methods in the application? The answer is yes. The following is an example of how to Hook an application.
Next we will Hook the onCreate method of the homepage Activity for the browser application of the Android operating system (other methods may not exist, but the onCreate method will certainly exist) and inject our advertisement into it. According to the introduction of Cydiasubstrate, we have a simple idea.
First, we enter some advertisement-related IDs in our AndroidManifest. xml file according to the requirements of an advertising platform. In addition, in the AndroidManifest. xml file, enter some configurations and permissions related to Cydiasubstrate. Of course, we will also declare an advertisement Activity and set this Activity as a background transparent Activity. Why do we set a transparent background Activity, for example:
Okay, let's take a look at it.
The AndroidManifest. xml file contains the following content:
<! -- Ad-related permissions --> <uses-permission android: name = "android. permission. INTERNET "/> <uses-permission android: name =" android. permission. ACCESS_NETWORK_STATE "/> <uses-permission android: name =" android. permission. ACCESS_WIFI_STATE "/> <uses-permission android: name =" android. permission. READ_PHONE_STATE "/> <uses-permission android: name =" android. permission. WRITE_EXTERNAL_STORAGE "/> <uses-permission android: name =" and Roid. permission. GET_TASKS "/> <! -- Add the substrate permission --> <uses-permission android: name = "cydia. permission. SUBSTRATE "/> <application android: allowBackup =" true "android: icon =" @ drawable/ic_launcher "android: label =" @ string/app_name "android: theme = "@ style/AppTheme"> <! -- Ad-related parameters --> <meta-data android: name = "APP_ID" android: value = "c62bd976138fa4f2ec853bb408bb38af"/> <meta-data android: name = "APP_PID" android: value = "DEFAULT"/> <! -- Declare the injection taste of substrate Main class --> <meta-data android: name = "com. saurik. substrate. main "android: value =" com. example. hookad. main "/> <! -- Transparent, non-animated advertising Activity --> <activity android: name = "com. example. hookad. mainActivity "android: theme =" @ android: style/Theme. translucent. noTitleBar "> <intent-filter> <action android: name =" android. intent. action. VIEW "/> <category android: name =" android. intent. category. DEFAULT "/> <! -- Advertisement action --> <action android: name = "com. example. hook. AD"/> </intent-filter> </activity> </application>
For the Main class of the Main entry of Cydiasubstrate, follow the previous steps to create a Main class containing the initialize method.
In this case, we want to use the MS. hookClassLoad method to find the Activity name of the browser homepage.
Here, we use the dumpsys activity command under the adb shell to find the Activity name on the browser homepage is com. android. browser. BrowserActivity.
Use the MS. hookClassLoad method to obtain BrowserActivity and then hook its onCreate method to start an Activity containing advertisement. The Main class code is as follows:
Public class Main {/*** entry after substrate initialization */static void initialize () {// Hook the Main Activity of the browser, BrowserActivity MS. hookClassLoad ("com. android. browser. browserActivity ", new MS. classLoadHook () {public void classLoaded (Class <?> Resources) {Log. e ("test", "com. android. browser. browserActivity "); // obtain the onCreate Method onCreate; try {onCreate = resources. getMethod ("onCreate", Bundle. class);} catch (NoSuchMethodException e) {onCreate = null;} if (onCreate! = Null) {final MS. methodPointer old = new MS. methodPointer (); // hook onCreate method MS. hookMethod (resources, onCreate, new MS. methodHook () {public Object invoked (Object object, Object... args) throws Throwable {Log. e ("test", "show ad"); // execute the onCreate method before the Hook to ensure that the browser starts the Object result = old normally. invoke (object, args); // No Context // execute a shell to start our advertisement Activity CMD. run ("am start-a com. example. hook. AD "); return result ;}}, old );}}});}}
For the MainActivity, A interstitial advertisement is displayed. Of course, it can also be other forms of advertising or floating layer. The content is relatively simple and will not be demonstrated here. Compile and run the entire project. At this time, when we restart the Android browser, we find that an advertisement box will pop up in the browser.
From the above picture, we can see that we set the plug-in Advertisement MainActivity to transparent without a title (Theme. translucent. noTitleBar) is used to integrate the pop-up advertisement with the browser, making the user feel like an advertisement popped up by the browser. It is also a common hidden means for malicious advertising programs to prevent themselves from being detached.
The injection advertisement demonstrated here starts an advertisement Activity through the onCreate method in the Activity specified by Hook. Of course, the Activity we demonstrate here is just a simple pop-up advertisement. If the started Activity is malicious, such as the same phishing Activity as the original Activity, it is extremely deceptive for mobile device users.
After writing
In fact, I don't want to post this article. I have worked as an advertising package party, and I know that this has provided some ideas for underground fund package parties.
However, CydiaSubstrate is not only born to inject advertisements. We hope you can explore more ideas and learn and improve together.
Finally, add me for discussion and make friends.
/*
* @ Author zhoushengtao (Zhou Shengtao)
* @ Since August 6, 2015 16:52:22
* @ Weixin stchou_zst
* @ Blog http://blog.csdn.net/yzzst
* @ Exchange and learning QQ group: 341989536
* @ Private QQ: 445914891
/
Copyright Disclaimer: Reprint Please note: http://blog.csdn.net/yzzst. This article is the original article of the blogger and cannot be reproduced without the consent of the blogger.