7、XPOSED三、在靠谱助手上使用

承《叉叉助手框架--用XPOSED实现》,这次用模拟器来使用XPOSED框架,目前比较优秀的模拟器当属bluestacks,而靠谱助手又是集成得较好的一个。
截止目前为止,最新版本的靠谱助手(2.5.1143)在最新的引擎中就默认集成了2.6.1的XPOSED框架,而且默认是激活状态。这就少了许多麻烦的操作,在早期的靠谱助手版本中安装XPOSED,要么无法激活,要么激活后模块并不能有效工作。
开发模块时请使用XposedBridgeApi-42.jar。
注:靠谱助手升级到V3.0以上版本后,任何一个版本的引擎中xposed均失效,虽然0.8的引擎默认是安装有xposed,但是无法激活。
V2.5.1143版本靠谱助手下载地址: http://pan.baidu.com/s/1qWNopXy


V3.0以上版本界面和操作上有很大改观:




把ga.apk安装进去并运行,因为插件当初是写在ga里面,并由ga自动释放出来的。安装xposedemo.apk,并在XPOSEDInstaller中激活xposedemo,重启后运行helloapplication:

优化完善:
直接对GA进行修改,除了加载叉叉助手的插件外,拦截获取MAC的函数:
packagecom.netease.ga;importandroid.app.Activity;importandroid.content.Context;importandroid.content.SharedPreferences;importandroid.os.Build;importandroid.os.Bundle;importandroid.util.Log;importjava.io.BufferedReader;importjava.io.File;importjava.io.FileNotFoundException;importjava.io.FileOutputStream;importjava.io.FileReader;importjava.io.IOException;importjava.lang.reflect.Method;importcom.netease.ga.view.MainActivity;importdalvik.system.DexClassLoader;importde.robv.android.xposed.IXposedHookLoadPackage;importde.robv.android.xposed.XC_MethodHook;importde.robv.android.xposed.callbacks.XC_LoadPackage;importstaticde.robv.android.xposed.XposedHelpers.findAndHookMethod;importstaticde.robv.android.xposed.XposedHelpers.findClass;/*** Created by sing on 14-9-17. * desc:*/publicclassXposedXXHookimplementsIXposedHookLoadPackage {privatestaticfinalString TAG = "XposedXXHook";//private static final String TARGET_PACKAGE = "com.example.helloapplication";//private static final String TARGET_CLASS = "com.example.helloapplication.MainActivity";privatestaticfinalString TARGET_FUNCTION = "onCreate";//private SharedPreferences sp;/*** *@paramparam *@throwsThrowable*/@OverridepublicvoidhandleLoadPackage(XC_LoadPackage.LoadPackageParam param)throwsThrowable { Log.d(TAG,"handleLoadPackage: " +param.packageName);finalString packageName =getHookPackage(); Log.d(TAG,"handleLoadPackage-getHookPackage: " +packageName);if(packageName.equals(param.packageName) ==false) {return; } String hookmainclass=getHookActivity(); Log.d(TAG,"handleLoadPackage-hookmainclass: " +hookmainclass); Log.d(TAG,"handleLoadPackage: star hook");findAndHookMethod("android.net.wifi.WifiInfo", param.classLoader, "getMacAddress",newXC_MethodHook() { @OverrideprotectedvoidbeforeHookedMethod(MethodHookParam param)throwsThrowable { Log.d(TAG,"[getMacAddress]beforeHookedMethod"); } });XC_MethodHook.Unhook unhook= findAndHookMethod(hookmainclass, param.classLoader, TARGET_FUNCTION, Bundle.class,newXC_MethodHook() { @OverrideprotectedvoidbeforeHookedMethod(MethodHookParam param)throwsThrowable { Log.d(TAG,"[handleLoadPackage]beforeHookedMethod"); } @OverrideprotectedvoidafterHookedMethod(MethodHookParam param)throwsThrowable { Log.d(TAG,"[handleLoadPackage]afterHookedMethod: " +param.thisObject.toString()); String plugApkPath= "/data/data/com.netease.ga/app_plugin/lianmengplug.apk"; String plugSoPath= "/data/data/com.netease.ga/app_plugin/libxxlianmeng_mm.so"; String dexOutputDir= "/data/data/" + packageName + "/cache"; ClassLoader localClassLoader=ClassLoader.getSystemClassLoader(); DexClassLoader localDexClassLoader=newDexClassLoader(plugApkPath, dexOutputDir,null, localClassLoader); java.lang.Class<?> plugClass = localDexClassLoader.loadClass("com.xxAssistant.UI.UniversalUI"); Method mInit= plugClass.getDeclaredMethod("init", Activity.class, String.class); mInit.invoke(null, param.thisObject, plugSoPath); } });if(unhook!=null) { Log.d(TAG,"handleLoadPackage: hook ok"); }else{ Log.d(TAG,"handleLoadPackage: hook failed"); } }publicstaticString getHookPackage() {booleanbok =false; String strContent= "";try{ FileReader reader=newFileReader("/data/data/com.netease.ga/app_plugin/config.cfg"); BufferedReader br=newBufferedReader(reader); strContent=br.readLine(); }catch(FileNotFoundException e) { e.printStackTrace(); }catch(IOException e) { e.printStackTrace(); }returnstrContent; }publicstaticString getHookActivity() {booleanbok =false; String strContent= "";try{ FileReader reader=newFileReader("/data/data/com.netease.ga/app_plugin/config.cfg"); BufferedReader br=newBufferedReader(reader); strContent=br.readLine(); strContent=br.readLine(); }catch(FileNotFoundException e) { e.printStackTrace(); }catch(IOException e) { e.printStackTrace(); }returnstrContent.replace('/', '.'); } }
重启模拟器,在GA里面选择:
然后运行目标程序:
显示插件已经装载成功,再点击“显示当前信息”log输出:
10-28 13:58:19.170: D/XposedXXHook(1536): [getMacAddress]beforeHookedMethod

也可以在initZygote中就设置好HOOK,需要再实现一个接口:IXposedHookZygoteInit,如下:
publicclassXposedXXHookimplementsIXposedHookZygoteInit, IXposedHookLoadPackage
具体HOOK代码和上面的不太一样:
/*** *@paramstartupParam *@throwsThrowable*/@OverridepublicvoidinitZygote(StartupParam startupParam)throwsThrowable { Log.d(TAG,"initZygote: " +startupParam.toString());try{ Class<?> cSystemServer = Class.forName("android.net.wifi.WifiInfo"); Method getMacAddress= cSystemServer.getDeclaredMethod("getMacAddress"); XposedBridge.hookMethod(getMacAddress,newXC_MethodHook() { @OverrideprotectedvoidbeforeHookedMethod(MethodHookParam param)throwsThrowable { Log.d(TAG,"initZygote-getMacAddress-beforeHookedMethod: " +param.toString()); } @OverrideprotectedvoidafterHookedMethod(MethodHookParam param)throwsThrowable { Log.d(TAG,"initZygote-getMacAddress-afterHookedMethod: " +param.toString());super.afterHookedMethod(param); } }); }catch(Throwable ex) { } }


存在的问题:
测试到含有so文件的APK时,会有一些打不log,如hellojni,anep,易信等。追踪logcat显示如下错误信息:
10-28 10:51:55.240: I/ActivityManager(571): ARM Package com.example.hellojni doesn't have services
10-28 10:51:55.370: D/dalvikvm(3719): Trying to load lib /data/data/com.example.hellojni/lib/libhello-jni.so 0x31956f10
10-28 10:51:55.370: D/dalvikvm(3719): Added shared lib /data/data/com.example.hellojni/lib/libhello-jni.so 0x31956f10
10-28 10:51:55.370: D/dalvikvm(3719): No JNI_OnLoad found in /data/data/com.example.hellojni/lib/libhello-jni.so 0x31956f10, skipping init

10-28 10:57:07.710: I/ActivityManager(571): package `com.netease.anep` whitelisting status = false
10-28 10:57:07.710: I/ActivityManager(571): Attempting to launch an arm app com.netease.anep
10-28 10:57:07.710: I/ActivityManager(571): ARM Package com.netease.anep doesn't have services

更多错误:

也并不是所有的包含so文件的APK都不可以拦截,某些还是可以的,例如网易邮箱:

版权声明:本文为博主原创文章,未经博主允许不得转载。

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值