Use Cydia substrate from native Hook Android Java world

Here's how to use the Cydia substrate hook android java world. This article describes how to hook the Android Java world from native.

See the previous article for mobile-phone configuration.

First, the establishment of engineering

Build an Android project. You do not need to create a default activity. Modify the Androidmanifest.xml as follows:

<Manifestxmlns:android= "Http://schemas.android.com/apk/res/android" Package= "Com.example.cydia_native_hook_java"Android:versioncode= "1"Android:versionname= "1.0" >    <USES-SDKandroid:minsdkversion= "+"android:targetsdkversion= "+" />    <ApplicationAndroid:hascode= "false">    </Application>    <uses-permissionAndroid:name= "Cydia.permission.SUBSTRATE"/></Manifest>

Uses-permission must be added. This tells Cydia_substrate the core layer, the current project for the Cydia_substrate Hook project (probably this means).

New JNI folder for writing so file code, NDK development package recommended download version of the higher (the lower version needs Cydia), I use the R10.

Download the Cydia_substrate Development Kit from the official website or from here.

Copy the libsubstrate-dvm.so and libsubstrate.so files of the corresponding platform to the JNI directory.

Copy the Substrate.h file to the JNI directory.

To create a CPP file, I create the Main.cpp here, the reference code is as follows:

#include <substrate.h>MSConfig (msfilterexecutable,"/system/bin/app_process")StaticJint (*_resources$getcolor) (JNIENV *Jni, Jobject _this, ...);StaticJint $Resources $getcolor (jnienv *Jni, Jobject _this, Jint rids) {Jint color=_resources$getcolor (JNI, _this, RIDs); returnColor & ~0x0000ff00|0x00ff0000;}Static voidOnresources (jnienv *jni, Jclass Resources,void*data) {Jmethodid method= Jni->getmethodid (Resources,"GetColor","(i) I"); if(Method! =NULL) Msjavahookmethod (JNI, resources, method,& $Resources $getcolor, &_resources$getcolor);} msinitialize {msjavahookclassload (NULL,"android/content/res/resources", &onresources);}

Simply explain:

" /system/bin/app_process ")

is to tell cydia_substrate which module to hook

_resources$getcolor is the old function address.

$Resources $getcolor is a new function address that is customized. After the hook does not execute the old function, but directly into the custom new function.

To ensure that the function is correct, the custom function typically calls the old function.

Jint color = _resources$getcolor (jni, _this, RID); return color & ~0x0000ff000x00ff0000;

This is the first call to the old function and then the function return value.

Msinitialize is the initial execution point.

" android/content/res/resources ", &onresources);

The meaning of this sentence is to call the Onresources function when loading the Android/content/res/resources class.

Static void void *data) {    "getColor""(i) I" ) );     if (Method! = NULL)        Msjavahookmethod (JNI, resources, method,            & $Resources $getcolor, &_resources$getcolor);}

This is where you find the GetColor function when loading android/content/res/resources. Then hook it.

The Android.mk file is configured as follows:

Local_path: = $ (call my-dir) include $ (clear_vars) Local_module:= substrate-dvmlocal_src_files: = libsubstrate-dvm.soinclude $ (prebuilt_shared_library) include $ (clear_vars) Local_module:=  Substratelocal_src_files:= libsubstrate.soinclude $ (prebuilt_shared_library) include $ (clear_vars) LOCAL_ MODULE    := mainlocal_src_files:= Main. CPP local_ldlibs:=-+ =-l$ (local_path)-LSUBSTRATE-DVM-lsubstrateinclude $ (build_shared_ LIBRARY)

The files in the final Jni folder are as follows:

Second, compile the code

After the NDK environment is configured, enter the JNI directory under CMD. then enter Ndk-build. If the environment is configured successfully, it will have the following output:

There will be LIB files for the corresponding platform in the Project Libs directory.

Third, the Code effect

Iv. Related Downloads

Code

Use Cydia substrate from native Hook Android Java world