个人免密支付-支付宝-微信_微信支付宝免密支付开发-CSDN博客

本文链接：https://blog.csdn.net/duanjunkaisky/article/details/112686370

本文介绍了如何使用Xposed框架，在不启动支付宝应用的情况下，通过hook支付宝内部类`GetBillListDataRunnable`来静默获取用户账单数据。作者指出，大部分网上的教程仍采用模拟点击事件的方式，而此方法避免了打开应用，提高了用户体验。具体实现包括实例化和调用相关类及方法，最后通过广播将获取的数据发送到自己的应用程序。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

最近在看Xposed的开发,感觉还是很牛X的框架.基于它可以做很多好玩的事情.在网上也查看了很多的资料跟文章,借鉴了很多.但是发现大都是将文章复制来复制去的,有很多并不是最好的解决方案.

个人免密支付

首先先上图,

https://www.91phzf.com/test 测试地址

https://www.91phzf.com/main 管理后台: test001/test001 (用户/密码)

看别人的文章上实现的获取收款通知,调用的方式都是要模拟点击事件,那样就会打开支付宝,并打开账单页面,体验不好,能不能在后台实现呢,用户是无感的.其实是可以的,hook的时候,再稍微下沉一点就可以了:

hook的类: com.alipay.mobile.bill.list.ui.rpc.GetBillListDataRunnable

public static void getBill(String time,String auto){

        try {
            //实例化RpcRunConfig
            Class RpcRunConfigClazz = findClass("com.alipay.mobile.beehive.rpc.RpcRunConfig", Main.m_lpparam.classLoader);
            Object RpcRunConfigClazzObj = RpcRunConfigClazz.newInstance();
            Object silentMode = callStaticMethod(findClass("com.alipay.mobile.beehive.rpc.LoadingMode", Main.m_lpparam.classLoader), "fromString", "silent");
            XposedHelpers.findField(RpcRunConfigClazzObj.getClass(), "loadingMode").set(RpcRunConfigClazzObj, silentMode);
            XposedHelpers.findField(RpcRunConfigClazzObj.getClass(), "showFlowTipOnEmpty").set(RpcRunConfigClazzObj, true);
            //实例化GetBillListDataRunnable
            Class GetBillListDataRunnableClazz = findClass("com.alipay.mobile.bill.list.ui.rpc.GetBillListDataRunnable", Main.m_lpparam.classLoader);
            Object GetBillListDataRunnableObj = GetBillListDataRunnableClazz.newInstance();

            //实例化QueryListResProcessor
            Class QueryListResProcessorClazz = findClass("com.alipay.bill.rpc.beehive.QueryListResProcessor", Main.m_lpparam.classLoader);
            Object QueryListResProcessorObj = QueryListResProcessorClazz.newInstance();

            Class RpcRunnerClazz = findClass("com.alipay.mobile.beehive.rpc.RpcRunner", Main.m_lpparam.classLoader);
            Constructor con = RpcRunnerClazz.getConstructor(findClass("com.alipay.mobile.beehive.rpc.RpcRunConfig", Main.m_lpparam.classLoader),
                    findClass("com.alipay.mobile.beehive.rpc.RpcRunnable", Main.m_lpparam.classLoader),
                    findClass("com.alipay.mobile.beehive.rpc.RpcSubscriber", Main.m_lpparam.classLoader),
                    findClass("com.alipay.mobile.beehive.rpc.BaseRpcResultProcessor", Main.m_lpparam.classLoader));

            Object rpcRunnerObj = con.newInstance(RpcRunConfigClazzObj, GetBillListDataRunnableObj, null, QueryListResProcessorObj);


            Class QueryListReqClazz = findClass("com.alipay.mobilebill.common.service.model.pb.QueryListReq", Main.m_lpparam.classLoader);
            Class PagingConditionClazz = findClass("com.alipay.mobilebill.common.service.model.pb.PagingCondition", Main.m_lpparam.classLoader);
            Object PagingConditionObj = PagingConditionClazz.newInstance();
//            XposedHelpers.findField(PagingConditionObj.getClass(), "pageSize").set(PagingConditionObj, 60);
//            XposedHelpers.findField(PagingConditionObj.getClass(), "nextPageNum").set(PagingConditionObj, 1);
//            XposedHelpers.findField(PagingConditionObj.getClass(), "listQueryTime").set(PagingConditionObj, 1);

            SimpleDateFormat sdf  = new SimpleDateFormat("yyyyMM");
            SimpleDateFormat sdf2  = new SimpleDateFormat("yyyyMMddHHmmss");
            Date date = sdf2.parse(time);
            Date date2 = new Date(date.getTime()+60000l);

            Object QueryListReqObj = QueryListReqClazz.newInstance();
            XposedHelpers.findField(QueryListReqObj.getClass(), "category").set(QueryListReqObj, "ALL");
            XposedHelpers.findField(QueryListReqObj.getClass(), "date").set(QueryListReqObj, "");
            XposedHelpers.findField(QueryListReqObj.getClass(), "month").set(QueryListReqObj, "");
            XposedHelpers.findField(QueryListReqObj.getClass(), "endTime").set(QueryListReqObj, date2.getTime());
            XposedHelpers.findField(QueryListReqObj.getClass(), "needMonthSeparator").set(QueryListReqObj, false);
            XposedHelpers.findField(QueryListReqObj.getClass(), "pageType").set(QueryListReqObj, "WaitPayConsumeQuery");
            XposedHelpers.findField(QueryListReqObj.getClass(), "paging").set(QueryListReqObj, PagingConditionObj);
            XposedHelpers.findField(QueryListReqObj.getClass(), "startTime").set(QueryListReqObj, (date.getTime()-60000l) );
            XposedHelpers.findField(QueryListReqObj.getClass(), "tagIdList").set(QueryListReqObj, new ArrayList<String>());

            callMethod(rpcRunnerObj, "start", new Object[]{  new Object[]{QueryListReqObj}  });

        }catch (Exception e){
            e.printStackTrace();
        }

然后在hook查询结果,发送到自己的app:

findAndHookMethod("com.alipay.mobile.bill.list.ui.rpc.GetBillListDataRunnable", Main.m_lpparam.classLoader, "execute", new Object[0].getClass(), new XC_MethodHook() {

                @Override
                protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                    Object[] req_obj = (Object[])param.args[0];
                    Object res_obj = param.getResult();
                    if(null != res_obj){
                        Object listObj = XposedHelpers.findField(res_obj.getClass(), "billListItems").get(res_obj);
                        if(null != listObj){
                            Intent broadCastIntent = new Intent();
                            broadCastIntent.putExtra("data", new Gson().toJson(listObj));
                            broadCastIntent.setAction(Constants.ALIPAY_PIUGIN);
                            context.sendBroadcast(broadCastIntent);
                        }
                    }

                }
            });

第一次发文章...多多包涵,技术交流,共同进步!