Two episodes of Hook and two episodes of Hook

Two episodes of Hook and two episodes of Hook

After reading the first three articles, let's have an episode ~~~~

The first episode is the analysis of a CM genie in the previous article. Here we use the hook code to solve it;

In the second episode, some games now have a payment limit. For example, you can only spend 20 yuan a day to buy.

Now, let's talk about it separately ~~~~

0x1: first episode

When the CM genie analyzes the software, the initial information that can be obtained by opening the software is that there is a limit on the use time of the software, which is 30 minutes. We can find the context to continue viewing it.

In terms of software analysis, I am too lazy to retype and describe it. Just read the following link:

Http://www.52pojie.cn/thread-285325-1-1.html

 

After analysis, we can get:

By viewing the () Z method, we can find that it is a method with the boolean Type returned. Therefore, we can also see the determined classes and Methods. Then we start to write the hook code, the hook code is simple to use with the framework:

1. Determine the hook class

2. determine the key call methods in the hook class

3. How to Use the hook Method

Well, let's continue with these three processes.

Here is the class where the hook method is needed:

MS.hookClassLoad("net.aisence.Touchelper.TouchelperLicense", new MS.ClassLoadHook()

Here is the input parameter for determining the method name and method to be hooked

hookvalid=arg0.getMethod("a", null);

Then there is the hook method. Here we only need to set its return value to true:

Final MS. methodPointer old = new MS. methodPointer (); MS. hookMethod (arg0, hookvalid, new MS. methodHook () {@ Overridepublic Object invoked (Object arg0, Object... arg1) throws Throwable {// TODO Auto-generated method stubSystem. out. println ("whether to register hook --->"); boolean aa = (Boolean) old. invoke (arg0, arg1); aa = true; System. out. println ("Have you registered? --> "+ Aa); return aa ;}}, old );

Okay, run and install the plug-in, and then restart the mobile phone to open the software:

When you click to play a script, the following information is displayed:

The printed information in our hook indicates that everything is normal.

In terms of testing, I just tested several plug-ins, but it was not as long as one hour in a row. If there are other problems in the test, continue to find the cause based on the problem.

 

0x2: second episode

If you want to spend money in the game, you can only pay for it every day. Therefore, we can speculate that the game gets mobile phone information and determines if you have paid too much, the common information is imei and imsi. The concepts of these two words can be searched by people who do not understand. One is the mobile phone imei, the other is the SIM card imsi, which is equivalent to a person's ID card.

Now, let's start with imei:

First, write down the code for normal imei retrieval during development:

TelephonyManager response = (TelephonyManager) getSystemService (this. TELEPHONY_SERVICE); String imei = mTelephonyMgr. getDeviceId (); System. out. println ("the current Imei is -->" + imei );

Well, the imei of the mobile phone can be obtained through normal software development. You can use the system API.

Then we need to analyze the class where TelephonyManager is located, and the reference import above is:

import android.telephony.TelephonyManager;

Therefore, we can know the complete class path and the method, so we can start to write the hook code:

According to the previous trilogy:

1. MS. hookClassLoad ("android. telephony. TelephonyManager", new MS. ClassLoadHook ()

 

 

2. hookimei = arg0.getMethod ("getDeviceId", null );

 

 

3. System. out. println ("hook imei -----------> ");

 

String imei = (String) old1.invoke (arg0, arg1 );

 

Imei = "999996015409081 ";

Return imei;

 

Now, let's install it and start the test. We just tested it in the project we previously wrote. We can know the result through various printed information.

The above print is the information in our hook code, and the last line of code is the print in our test to obtain the imei project. It means everything is normal and we have achieved the desired purpose!

IMEI acquisition is no problem, so let's start to operate on IMSI and follow the above ideas ~

1. MS. hookClassLoad ("android. telephony. TelephonyManager", new MS. ClassLoadHook ()

 

2. hookimsi = arg0.getMethod ("getSubscriberId", null );

 

3. System. out. println ("hook imsi -----------> ");

String imsi = (String) old1.invoke (arg0, arg1 );

Imsi = "460001200505666 ";

Return imsi;

 

Test:

For testing in a normal game, there is no suitable package for testing. We will not describe it here. If you have any need, you can test it on your own.

This plug-in can also be made into an interface form. Imei and Imsi can be made into values you want to modify. If you are interested, write them down.

Related attachments:

Http://pan.baidu.com/s/1gd9rV2r

If you haven't learned the first three lessons, read them by yourself and follow all the instructions in this article step by step. Then, you can think about how to expand the course. This is the purpose of our courses.

An episode of the fifth season in both Chinese and English

The song name is The man I love Baidu mp3.

The lyrics in the video are
Someday he'll come along
The man I love
And he'll be big and strong

An episode between two bad boys

<Love me, don't worry>: yan <love me, don't worry> Zhang Yafei's theme song "fly with me" ending song "Happiness once come" Wake up <gray happiness "and other four episodes are all from Li Na's new album of the same name" Li Na ".