Reproduced Xposed Framework in Android---using xposed framework to implement interception system method

This article was reproduced from: http://www.wjdiankong.cn/android%E4%B8%ADxposed%E6%A1%86%E6%9E%B6%E7%AF%87-%E5%88%A9%E7%94%A8xposed%E6% a1%86%e6%9e%b6%e5%ae%9e%e7%8e%b0%e6%8b%a6%e6%88%aa%e7%b3%bb%e7%bb%9f%e6%96%b9%e6%b3%95/

First, preface

About the xposed framework I believe everyone should be familiar with, he is the Android Hook technology, a well-known framework, there is a framework is cydiasubstrate, but this framework is charged, and the personal feel not very useful, and xposed framework is free and open-source, there are many articles on the Internet to introduce the principle of xposed framework to achieve, do not know the students can consult themselves, this article mainly introduces how to use this framework to conduct the interception of system methods, such as our development process, for some test environment difficult to simulate , especially test students sometimes like random changes in the device IMEI,MCC and other information used to simulate different test scenarios, this time if you can modify the value of the system is very convenient for testing, in fact, these online already have a lot of similar gadgets, the following to explain in detail how to use the framework.

Second, the need to solve the premise of the problem

Before we introduce how to use this framework, we have to solve these problems first:

First question: First we know that the core point of this framework is the system process injection technology, then if you want to inject the system process, you have to root permissions, so if you want to use this framework, you have to have a root device.

The second question: there is another problem is the adaptation of this framework, not all the equipment all the system support the use of this framework, I encountered in the course of the experiment Millet 3+miui7 on the operation failed, the result has been re-brushed an Android native 4.4 system was successful.

The third question: The final question is the version of the xposed framework itself, and he has released multiple versions for different systems, so you have to install the correct xposed version for your device system.

Solve these three problems we can successfully install the xposed framework, and in this process we will find that the two problems are the most:

The first problem is the incompatibility issue:

The second issue is prompting for installation framework issues:

These two problems are more common and the egg hurts, because the bottom of the installation button can not click, follow-up no way to operate, so very helpless, I also met these two problems, and finally did not find the right answer, so one excited to brush a native Android4.4 system,

Third, the environment construction

The above mentioned at this stage of the use of this framework will encounter some problems, the following look at the specific environment to build, if the above problems are resolved, we open the application click on the installation framework:

Here is still a hint not activated, click to enter:

At this time see the normal, you can click Install, directly click the installation can:

Here is the need for root authorization, click Allow, the installation will also prompt you to restart the effective, because to inject the system process, it must be restarted to be effective.

Here we have successfully installed the Xposed framework, in the process must have a classmate will encounter problems, and the most problem is the above mentioned two problems, about the solution I have not found. The most fundamental way I solve is to brush the machine, so this article I operate the environment is:

Xiaomi 3 Mobile version +android native 4.4 system +XPOSED_V33 version

Iv. Writing module functions

Environment set up, the following began to operate, the above installation of the tool is actually a module manager, if we want to do some hook operation also have to write the module itself is the application, and then the module installed in the device, the tool can be detected, will prompt you to load the module and then restart the device, The module function is effective. So let's take a look at how to write a xposed module.

First step: Create a new Android project and import the Xposed toolkit

It is important to note that you cannot use the Libs folder, but the Lib folder, if the Libs folder is used here, after the installation of the successful module after the reboot will find that the hook is unsuccessful, by printing the tag xposed log information will find such an error:

Java.lang.IllegalAccessError:Class ref in Pre-verified Class resolved to unexpected implementation

This error we encountered in the previous development of plug-ins, mainly because the interface is included in the plug-in project, then we can guess that the error is the Xposed tool caused by the problem. Then we just need to change the Libs folder to Lib, and then add BuildPath a bit.

Attention:

In Eclipse, if the toolkit is placed in the Libs file, it is added to the compilation path by default, and all the classes in the toolkit are included in the compiled program, and for other non-libs folders, after we add the toolkit BuildPath only after the Project Reference Toolkit functionality, and ultimately does not include this toolkit in the program.

Step two: Write the module code

Module code writing is still relatively simple, we just need to create a new class to implement the Ixposedhookloadpackage interface, and then in the Handleloadpackage callback method to intercept the operation can be, and the specific interception operation is implemented by means of Xposedhelpers.findandhookmethod method and Xposedbridge.hookmethod method, these two methods are also relatively simple, from the parameter meaning can be seen, mainly hook class name and method name, and then there is a stop A truncated callback method, typically a Beforehookedmethod method for intercepting what to do before, and a Afterhookedmethod method for what to do after interception.

For Ixposedhookloadpackage This interface and callback method, we can know that should be the interception system of all applications running information, here passed back a Loadpackageparam parameter type is to include the hook application specific information, We can print the app's package name to see the effect.

Attention:

If you want to hook a specific method of a class, then you have to clearly understand the method's trust information, such as parameter type and number, return type and so on. Because this method must be analyzed in the interception process, such as to get the method parameters to modify the specific parameters, return value information to make the return value modification, here see the method to get the IMEI value is a parameterless return string type method, then if you want to intercept his return value, You need to modify his return value using the Setresult method. So from here you can see whether the method of hook system, or the future to hook third-party application of specific methods, the first step to understand the specific information of your hook object, about the system method can be viewed by the source to obtain information, and for third-party applications can only rely on anti-compilation technology, For example, to modify the game coin function, you must first decompile the game to know how to change the coin class and the specific method is feasible.

Here I not only hook the system's IMEI information, but also a simple hook of the system's geographical location information, in the Android to obtain latitude and longitude information There are three ways, here in order to demonstrate simple, with the GPS positioning function, general access to latitude and longitude information code is mainly two:

One is initialization. Call the Getlastknowlocation method to get geo-location information from the last system

There is also a onlocationchanged callback method in the callback interface that listens for geolocation changes:

So if you want the location of the hook system to intercept, then you need to manipulate the two code, and they have a difference is that the first is to return to the value of the second place through the callback method parameters. Here's a look at the specific hook code:

Hook the first code is relatively simple, directly constructs a dummy location object and then sets the return value.

Hook the second code is a bit complicated, you need to find the method to add location monitoring requestlocationupdates, and then through reflection to get the callback object, find the specific callback method, and then in action, Because the callback method passes the location object back through the parameters, the parameter values need to be modified here.

Well, here we have compiled the hook system's IMEI value and location information module.

Step three: Add Module portals

This step is very important, but also the most easy to forget, is to tell the xposed framework a module hook in the entrance, here you can see the module's entrance is the main class, so you need to add a Xposed_init file in the module's assets:

The content here is simple, that is, the full name of the module entry class:

Fourth Step: Add additional information for the module

The final step is to add additional information to the module's Androidmanifest.xml file, including the module description information, version number, etc.:

Xposedmodule: Represents the Android program as a module in the xposed, so the value is true;
Xposeddescription: Represents a description of the function of this module, you can simply describe it;
Xposedminversion: Represents the minimum version number of the Xposed jar package used in the development of this module, here is 30, and I use the Xposed jar package version is 54;

After the four steps above, we completed the definition of the module, and finally, in order to verify the results of our hook, in a new activity class, internally called the system to get the IMEI method and location information method, and displayed in the screen:

Six, the operating module

Let's run the module program, after installing to the device, Xposed will prompt the module is not activated:

This Xposedinstaller program should be judged by installing the broadcast and then getting the application information to analyze whether he contains the special attributes of the Xposed module. We clicked to activate:

At this point, after successful activation, you will be prompted to restart the device again to take effect, so you can see here each time if there is a new module or module code has been updated, such as:

All need to restart the device, the module to take effect, this is a bit of egg pain and trouble. Then after we restart the device, run our module code to see the effect:

From this show results see, Hook succeeded, before the hook effect is:

Now we're looking at the printed log information:

See, Baidu Map in the acquisition of our device's IMEI and location information, of course, this is in line with the normal situation, from here can be seen, we can also use this technology to observe what applications in the device to obtain some of the device's privacy data.

Project: http://download.csdn.net/detail/jiangwei0910410003/9654604

Vii. Practical uses

This article mainly introduces the basic use of the xposed framework and a simple role, but in the actual process, the framework is very useful, for example, at the beginning of the article, we can modify the system to help test the simulation of complex test environment, But this framework is now used by the most extensive when it is cracked, this is the focus of our follow-up, with this framework can be applied to the shelling, game plug and so on.

Viii. Summary

This article is to introduce the foundation of Xposed, mainly introduces the specific use of xposed, xposedinstaller.apk is actually a module carrier and manager, if you want to achieve the specific hook operation, you must write the module program, and then activate the loader to take effect. Follow-up will continue to introduce the use of this framework for some other operations, such as the application of shelling, game plug-ins, System information tampering and other knowledge, look forward to a lot of hope and praise you!!

Pay attention to the public number, the latest technology article dry real-time push

Reproduced Xposed Framework in Android---using xposed framework to implement interception system method