Use Cydia substrate for Android hooks

Cydia substrate is a code modification platform. It can modify the code of any master process, whether it is written in Java or C/s (native code). Xposed only supports Java functions in hook app_process, so Cydia substrate is a powerful and useful hook tool.

Website address: http://www.cydiasubstrate.com/

Demo Address: Https://github.com/zencodex/cydia-android-hook

Official Tutorial: HTTP://WWW.CYDIASUBSTRATE.COM/ID/20CF4700-6379-4A14-9BC2-853FDE8CC9D1

Sdk:http://asdk.cydiasubstrate.com/zips/cydia_substrate-r2.zip

substrateIntroduction to several important APIs ms.hookclassload

Function prototype: void Hookclassload (String name, MS. Classloadhook hook);

This method implements a notification when the specified class is loaded. Because a class can be loaded at any time, substrate provides a way to detect when a class of interest to the user is loaded.

     

Parameters	Describe
Name	Package name + class name, using the. Symbols of Java
Hook	Ms. An instance of Classloadhook, when the class is loaded, its classloaded method is executed.

Ms.hookmethod

The API allows the developer to provide a callback function to replace the original method, which is an object that implements the Ms.methodhook interface and is a typical anonymous inner class. It consists of a invoked function.

Function Prototypes:

void Hookmethod (Class _class, Member Member, MS. Methodhook Hook, MS. Methodpointer old); void Hookmethod (Class _class, Member Member, MS. Methodalteration alteration);

Parameter description

A

Parameters	Describe
_class	Loaded target class, for classloaded passed down the class parameter
member	The method (or constructor) by which the hook is to be obtained by reflection. Note: You cannot hook a field (it will be detected at compile time).
hook	MS.MethodHookAn instance of the containing method that invoked is called to replace the member code in the

Two

Parameters	Describe
_class	Loaded target class, for classloaded passed down the class parameter
member	The method (or constructor) by which the hook is to be obtained by reflection. Note: You cannot hook a field (it will be detected at compile time).
alteration	An instance of MS.MethodAlteration whose boxed invoked method would be called instead of member . This instance would also be filled on using information from the original implementation, allowing invoke ll the original method implementation.

It is recommended that developers use the second approach, which is simple and rarely error-prone, and does not require a separate instance of the Ms.methodpointer class.

How to use

The following is an example of the official website to illustrate the use of Cydia substrate. The instance is implemented to modify the color of multiple interface components to a violet color.

Installation Required: http://www.cydiasubstrate.com/download/com.saurik.substrate.apk

Step one: Create an empty Android project. Because the created project will be loaded as a plug-in, no activity is required. Copy the Substrate-api.jar in the SDK to the Project/libs folder.

Step Two: Configure the manifest file

(1) need to specify permissions: Cydia.permission.SUBSTRATE

(2) Add the META tag, name Cydia.permission.substrate,value to the class name created in the next step. Main

<manifest xmlns:android= "Http://schemas.android.com/apk/res/android" >    <application>        < Meta-data android:name= "Com.saurik.substrate.main"            android:value= ". Main "/>    </application>    <uses-permission android:name=" Cydia.permission.SUBSTRATE "/></ Manifest>

Step Two: Create a class with the class name main. The class contains a static method initialize, and when the plug-in is loaded, the code in the method runs and completes the necessary initialization.

Importpublicclass  Main {    staticvoid  Initialize () {         //  ... code to run when extension is loaded    }}

Step three: In order to implement hooks, to modify the code in the target class, we need to get an instance of the target class, such as the resources in the example.

 Public class Main {    staticvoid  Initialize () {        ms.hookclassload (new  MS). Classloadhook () {            publicvoid classloaded (class<?> resources) {                 //  ... code to modify the class when loaded            }        });}    }

Step four: Implement the original code modification through the Ms.methodhook instance.

To invoke the method in the original code, we need to create an instance of the Ms.methodpointer class that can run the original code at any time.

Here we change all green to violet by invoking and modifying the original code of the resources object in the original code.

 Public voidClassloaded (class<?>Resources) {Method getColor;Try{GetColor= Resources.getmethod ("GetColor", Integer.type); } Catch(nosuchmethodexception e) {GetColor=NULL; }     if(GetColor! =NULL) {        FinalMs. Methodpointer old =NewMS.         Methodpointer (); Ms.hookmethod (Resources, GetColor,NewMS. Methodhook () { Publicobject invoked (object resources, Object ... args)throwsThrowable {intcolor =(Integer) Old.invoke (resources, args); returnColor & ~0X0000FF00 | 0x00ff0000;    }}, old); }}

Installation run, restart the system and found a lot of font color has changed. As shown in the following:

The code for Ms.hookmethod in the example can be changed to:

1Ms.hookmethod (Resources, GetColor,NewMs. Methodalteration<resources, integer>() {2           PublicInteger invoked (resources resources, Object ... args)3                  throwsThrowable4          {5                  intcolor =invoke (resources, args);6                  returnColor & ~0X0000FF00 | 0x00ffee00;7          }8});

SMS Monitoring Example

In the following example, we implemented the SMS monitoring function, the text message sender, receiver and text message content print out:

1 ImportJava.lang.reflect.Method;2 Importandroid.app.PendingIntent;3 ImportAndroid.util.Log;4 ImportCom.saurik.substrate.MS;5  6 7  Public classMain {8 9     Static voidInitialize () {Ten  OneMs.hookclassload ("Android.telephony.SmsManager",NewMS. Classloadhook () { A             -  - @Override the  -              Public voidClassloaded (class<?>Smsmanager) { -  -                 //code to modify the class when loaded +  - Method sendtextmessage; +  A             Try { at  -Sendtextmessage = Smsmanager.getmethod ("Sendtextmessage", -  -                             NewClass[]{string.class, String.class, String.class, Pendingintent.class, Pendingintent.class}); -                     -  in}Catch(nosuchmethodexception e) { -  toSendtextmessage =NULL; +  -                 } the  *Ms.hookmethod (Smsmanager, Sendtextmessage,NewMS. Methodalteration () { $ Panax Notoginseng                   PublicObject invoked (Object _this,object ... _args)throwsthrowable{ -  theLOG.I ("Smshook", "send_sms"); +  ALOG.I ("Smshook", "Destination:" +_args[0]); the  +LOG.I ("Smshook", "Source:" +_args[1]); -  $LOG.I ("Smshook", "Text:" +_args[2]); $  -                         returnInvoke (_this, _args); -  the                     } - Wuyi             }); the             -  Wu             } -  About         }); $  -     } -  -}

The result after the run is:

Use Cydia substrate for Android hooks