具体我就不多说了 xpsoed相关 看老帖子 重写版本注重代码
读取器 获取硬件相关信息 方便检测HOOK成功了吗 我只获取了少部分
---------------------------------------------------------------------------------------------------------------------------
private void init() {
DisplayMetrics book=new DisplayMetrics();
getWindowManager().getDefaultDisplay().getMetrics(book);
try {
Class localClass = Class.forName("android.os.SystemProperties");
Object localObject1 = localClass.newInstance();
Object localObject2 = localClass.getMethod("get", new Class[] { String.class, String.class }).invoke(localObject1, new Object[] { "gsm.version.baseband", "no message" });
setEditText(R.id.get,localObject2+"");
} catch (Exception e) {
e.printStackTrace();
}
//获取网络连接管理者
ConnectivityManager connectionManager = (ConnectivityManager)
getSystemService(CONNECTIVITY_SERVICE);
//获取网络的状态信息,有下面三种方式
NetworkInfo networkInfo = connectionManager.getActiveNetworkInfo();
setEditText(R.id.lianwang,networkInfo.getType()+"");
setEditText(R.id.lianwangname,networkInfo.getTypeName());
setEditText(R.id.imei, phone.getDeviceId());
setEditText(R.id.deviceversion,phone.getDeviceSoftwareVersion());
setEditText(R.id.imsi, phone.getSubscriberId());
setEditText(R.id.number, phone.getLine1Number());
setEditText(R.id.simserial, phone.getSimSerialNumber());
setEditText(R.id.simoperator,phone.getSimOperator());
setEditText(R.id.simoperatorname, phone.getSimOperatorName());
setEditText(R.id.simcountryiso, phone.getSimCountryIso());
setEditText(R.id.workType,phone.getNetworkType()+"");
setEditText(R.id.netcountryiso,phone.getNetworkCountryIso());
setEditText(R.id.netoperator,phone.getNetworkOperator());
setEditText(R.id.netoperatorname,phone.getNetworkOperatorName());
setEditText(R.id.radiovis,android.os.Build.getRadioVersion());
setEditText(R.id.wifimac, wifi.getConnectionInfo().getMacAddress());
setEditText(R.id.getssid,wifi.getConnectionInfo().getSSID());
setEditText(R.id.getbssid,wifi.getConnectionInfo().getBSSID());
setEditText(R.id.ip,wifi.getConnectionInfo().getIpAddress()+"");
setEditText(R.id.bluemac, BluetoothAdapter.getDefaultAdapter()
.getAddress());
setEditText(R.id.bluname, BluetoothAdapter.getDefaultAdapter().getName()
);
setEditText(R.id.cpu,Mnt.getCpuName());
setEditText(R.id.andrlid_id,
Settings.Secure.getString(getContentResolver(), Settings.Secure.ANDROID_ID));
setEditText(R.id.serial,android.os.Build.SERIAL);
setEditText(R.id.brand,android.os.Build.BRAND);
setEditText(R.id.tags, android.os.Build.TAGS);
setEditText(R.id.device,android.os.Build.DEVICE);
setEditText(R.id.fingerprint,android.os.Build.FINGERPRINT);
setEditText(R.id.bootloader, Build.BOOTLOADER);
setEditText(R.id.release, Build.VERSION.RELEASE);
setEditText(R.id.sdk,Build.VERSION.SDK);
// setEditText(R.id.sdk_INT,Build.VERSION.SDK_INT+"");
setEditText(R.id.codename,Build.VERSION.CODENAME);
setEditText(R.id.incremental,Build.VERSION.INCREMENTAL);
setEditText(R.id.cpuabi, android.os.Build.CPU_ABI);
setEditText(R.id.cpuabi2, android.os.Build.CPU_ABI2);
setEditText(R.id.board, android.os.Build.BOARD);
setEditText(R.id.model, android.os.Build.MODEL);
setEditText(R.id.product, android.os.Build.PRODUCT);
setEditText(R.id.type, android.os.Build.TYPE);
setEditText(R.id.user, android.os.Build.USER);
setEditText(R.id.disply, android.os.Build.DISPLAY);
setEditText(R.id.hardware, android.os.Build.HARDWARE);
setEditText(R.id.host, android.os.Build.HOST);
setEditText(R.id.changshang, android.os.Build.MANUFACTURER);
setEditText(R.id.phonetype,phone.getPhoneType()+"");
setEditText(R.id.simstate,phone.getSimState()+"");
setEditText(R.id.b_id,Build.ID);
setEditText(R.id.gjtime,android.os.Build.TIME+"");
setEditText(R.id.width,display.getWidth()+"");
setEditText(R.id.height,display.getHeight()+"");
setEditText(R.id.dpi,book.densityDpi+"");
setEditText(R.id.density,book.density+"");
setEditText(R.id.xdpi,book.xdpi+"");
setEditText(R.id.ydpi,book.ydpi+"");
setEditText(R.id.scaledDensity,book.scaledDensity+"");
//setEditText(R.id.wl,getNetworkState(this)+"");
// 方法2
DisplayMetrics dm = new DisplayMetrics();
getWindowManager().getDefaultDisplay().getMetrics(dm);
int width=dm.widthPixels;
int height=dm.heightPixels;
setEditText(R.id.xwidth,width+"");
setEditText(R.id.xheight,height+"");
}
private void setEditText(int id, String s) {
((TextView) this.findViewById(id)).setText(s);
}
-----------------------------------------------------------------------------------------------------------------------------------
/**
* 使用SharedPreferences 保存输入框输入的数据
*/
private void saveData() {
try {
SharedPreferences sh = this.getSharedPreferences("prefs",
Context.MODE_WORLD_READABLE);
SharedPreferences.Editor pre = sh.edit();
// Logger.d("保存内容");
pre.putString("imei", this.getEditText(R.id.imei));
pre.putString("deviceversion",this.getEditText(R.id.deviceversion));
pre.putInt("phonetype", Integer.parseInt(this.getEditText(R.id.phonetype)));
pre.putInt("simstate", Integer.parseInt(this.getEditText(R.id.simstate)));
pre.putInt("width", Integer.parseInt(this.getEditText(R.id.width)));
pre.putInt("height", Integer.parseInt(this.getEditText(R.id.height)));
pre.putString("imsi", this.getEditText(R.id.imsi));
pre.putString("number", this.getEditText(R.id.number));
pre.putString("simserial", this.getEditText(R.id.simserial));
pre.putString("simoperator", this.getEditText(R.id.simoperator));
pre.putString("simoperatorname", this.getEditText(R.id.simoperatorname));
pre.putString("simcountryiso", this.getEditText(R.id.simcountryiso));
pre.putString("netcountryiso", this.getEditText(R.id.netcountryiso));
pre.putString("netoperator", this.getEditText(R.id.netoperator));
pre.putString("netoperatorname", this.getEditText(R.id.netoperatorname));
pre.putString("radiovis",this.getEditText(R.id.radiovis));
pre.putString("wifimac", this.getEditText(R.id.wifimac));
pre.putString("bluemac", this.getEditText(R.id.bluemac));
pre.putString("bluname",this.getEditText(R.id.bluname));
pre.putString("serial", this.getEditText(R.id.serial));
pre.putString("brand", this.getEditText(R.id.brand));
pre.putString("tags", this.getEditText(R.id.tags));
pre.putString("device", this.getEditText(R.id.device));
pre.putString("fingerprint", this.getEditText(R.id.fingerprint));
pre.putString("bootloader", this.getEditText(R.id.bootloader));
pre.putString("release", this.getEditText(R.id.release));
pre.putString("sdk", this.getEditText(R.id.sdk));
pre.putString("codename", this.getEditText(R.id.codename));
pre.putString("incremental", this.getEditText(R.id.incremental));
pre.putString("cpuabi", this.getEditText(R.id.cpuabi));
pre.putString("cpuabi2", this.getEditText(R.id.cpuabi2));
pre.putString("board", this.getEditText(R.id.board));
pre.putString("model", this.getEditText(R.id.model));
pre.putString("product", this.getEditText(R.id.product));
pre.putString("type", this.getEditText(R.id.type));
pre.putString("user", this.getEditText(R.id.user));
pre.putString("disply", this.getEditText(R.id.disply));
pre.putString("hardware", this.getEditText(R.id.hardware));
pre.putString("host", this.getEditText(R.id.host));
pre.putString("changshang", this.getEditText(R.id.changshang));
pre.putInt("time", Integer.parseInt(this.getEditText(R.id.gjtime)));
pre.putString("androidid", this.getEditText(R.id.androidid));
pre.putInt("dpi", Integer.parseInt(this.getEditText(R.id.dpi)));
pre.apply();
} catch (Throwable e) {
// Logger.d("写入内容失败");
e.printStackTrace();
}
}
private void setEditText(int id, String s) {
((EditText) this.findViewById(id)).setText(s);
}
private String getEditText(int id) {
return ((EditText) this.findViewById(id)).getText().toString();
}
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
HOOK 界面 注意HOOK 很重要的一块 HOOK什么类型的值 通过SharedPreferences保存的时候也要是相应
的类型 改的函数是Int 必须是Int 字符串必须是字符串 传过来的 getString就得是字符串 getint就得是Int 要不然就溃 这个下面代码少部分类型貌似不对 这个也是初期的老代码 哎懒得找了 大家对付看吧 主要是思路
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
readData(lpparam);
}
private void readData(XC_LoadPackage.LoadPackageParam lpparam) throws IllegalAccessException {
final XSharedPreferences pre = new XSharedPreferences(this.getClass()
.getPackage().getName(), "prefs");
HookMethod(TelephonyManager.class, "getDeviceId",pre.getString("imei",null));
HookMethod(TelephonyManager.class, "getDeviceSoftwareVersion", pre.getString("deviceversion",null));
HookMethod(TelephonyManager.class,"getPhoneType",pre.getInt("phonetype",6));
HookMethod(TelephonyManager.class,"getSimState",pre.getInt("simstate",6));
HookMethod(Display.class,"getWidth",pre.getInt("width",6));
HookMethod(Display.class,"getHeight",pre.getInt("height",6));
// HookMethod(DisplayMetrics.class,"getDisplayMetrics",pre.getInt("dpi",6));
HookMethod(TelephonyManager.class,"getSubscriberId",pre.getString("imsi",null));
HookMethod(TelephonyManager.class, "getLine1Number",pre.getString("number",null));
HookMethod(TelephonyManager.class, "getSimSerialNumber",pre.getString("simserial",null));
HookMethod(TelephonyManager.class, "getSimOperator", pre.getString("simoperator",null));
HookMethod(TelephonyManager.class, "getSimOperatorName", pre.getString("simoperatorname",null));
HookMethod(TelephonyManager.class, "getSimCountryIso", pre.getString("simcountryiso",null));
HookMethod(TelephonyManager.class, "getNetworkCountryIso", pre.getString("netcountryiso",null));
HookMethod(TelephonyManager.class, "getNetworkOperator", pre.getString("netoperator",null));
HookMethod(TelephonyManager.class, "getNetworkOperatorName", pre.getString("netoperatorname",null));
HookMethod(android.os.Build.class, "getRadioVersion", pre.getString("radiovis",null));
HookMethod(WifiInfo.class, "getMacAddress",pre.getString("wifimac",null));
HookMethod(BluetoothAdapter.class, "getAddress", pre.getString("bluemac",null));
HookMethod(BluetoothAdapter.class,"getName",pre.getString("bluname",null));
XposedHelpers.findField(android.os.Build.class, "SERIAL").set(null, pre.getString("serial",null));
XposedHelpers.findField(android.os.Build.class, "BRAND").set(null, pre.getString("brand",null));
XposedHelpers.findField(android.os.Build.class, "TAGS").set(null, pre.getString("tags",null));
XposedHelpers.findField(android.os.Build.class, "DEVICE").set(null, pre.getString("device",null));
XposedHelpers.findField(android.os.Build.class, "FINGERPRINT").set(null, pre.getString("fingerprint",null));
XposedHelpers.findField(android.os.Build.class, "BOOTLOADER").set(null, pre.getString("bootloader",null));
XposedHelpers.findField(Build.VERSION.class, "RELEASE").set(null, pre.getString("release",null));
XposedHelpers.findField(Build.VERSION.class, "SDK").set(null, pre.getString("sdk",null));
XposedHelpers.findField(Build.VERSION.class, "CODENAME").set(null, pre.getString("codename",null));
XposedHelpers.findField(Build.VERSION.class, "INCREMENTAL").set(null, pre.getString("incremental",null));
XposedHelpers.findField(android.os.Build.class, "CPU_ABI").set(null, pre.getString("cpuabi",null));
XposedHelpers.findField(android.os.Build.class, "CPU_ABI2").set(null, pre.getString("cpuabi2",null));
XposedHelpers.findField(android.os.Build.class, "BOARD").set(null, pre.getString("board",null));
XposedHelpers.findField(android.os.Build.class, "MODEL").set(null, pre.getString("model",null));
XposedHelpers.findField(android.os.Build.class, "PRODUCT").set(null, pre.getString("product",null));
XposedHelpers.findField(android.os.Build.class, "TYPE").set(null, pre.getString("type",null));
XposedHelpers.findField(android.os.Build.class, "USER").set(null, pre.getString("user",null));
XposedHelpers.findField(android.os.Build.class, "DISPLAY").set(null, pre.getString("disply",null));
XposedHelpers.findField(android.os.Build.class, "HARDWARE").set(null, pre.getString("hardware",null));
XposedHelpers.findField(android.os.Build.class, "HOST").set(null, pre.getString("host",null));
XposedHelpers.findField(android.os.Build.class, "MANUFACTURER").set(null, pre.getString("changshang",null));
XposedHelpers.findField(android.os.Build.class,"TIME").set(null,pre.getInt("time",7));
}
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
GPU 相关HOOK 方法 这个网上目前没有 只有我这一份代码
mySP.setSharedPref("GLRenderer", "Adreno (TM) 111"); // GPU
mySP.setSharedPref("GLVendor", "UFU");// GPU厂商
try {
XposedHelpers.findAndHookMethod("com.google.android.gles_jni.GLImpl", loadPkgParam.classLoader, "glGetString", Integer.TYPE, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param)
throws Throwable {
// TODO Auto-generated method stub
//super.beforeHookedMethod(param);
if (param.args[0] != null) {
if (param.args[0].equals(Integer.valueOf(7936))) {
param.setResult(SharedPref.getXValue("GLVendor"));
}
if (param.args[0].equals(Integer.valueOf(7937))) {
param.setResult(SharedPref.getXValue("GLRenderer"));
}
}
}
});
} catch (Exception e) {
XposedBridge.log("Fake GLVendor|GLRenderer ERROR: " + e.getMessage());
}*/
---------------------------------------------------------------------------------------------------------------------------------------------
单独列出来的都是 不太好HOOK 的 其实 这种写法 不太适合新手阅读 但没办法了
// 屏幕相关函数 分辨率啊 xdpi ydpi 等等
try {
XposedHelpers.findAndHookMethod("android.view.Display", loadPkgParam.classLoader, "getMetrics", DisplayMetrics.class, new XC_MethodHook(XCallback.PRIORITY_LOWEST) {
@Override
protected void afterHookedMethod(MethodHookParam param)
throws Throwable {
// TODO Auto-generated method stub
super.afterHookedMethod(param);
final int dpi = tryParseInt(SharedPref.getXValue("DPI"));
DisplayMetrics metrics = (DisplayMetrics) param.args[0];
metrics.densityDpi = dpi;
}
});
} catch (Exception e) {
XposedBridge.log("Fake DPI ERROR: " + e.getMessage());
}
try {
XposedHelpers.findAndHookMethod("android.view.Display", loadPkgParam.classLoader, "getRealMetrics", DisplayMetrics.class, new XC_MethodHook(XCallback.PRIORITY_LOWEST) {
@Override
protected void afterHookedMethod(MethodHookParam param)
throws Throwable {
// TODO Auto-generated method stub
super.afterHookedMethod(param);
final int dpi = tryParseInt(SharedPref.getXValue("DPI"));
DisplayMetrics metrics = (DisplayMetrics) param.args[0];
metrics.densityDpi = dpi;
}
});
} catch (Exception e) {
}
try {
XposedHelpers.findAndHookMethod("android.view.Display", loadPkgParam.classLoader, "getMetrics", DisplayMetrics.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param)
throws Throwable {
// TODO Auto-generated method stub
super.afterHookedMethod(param);
final float sdensity = tryParsefloat(SharedPref.getXValue("density"));
DisplayMetrics metrics = (DisplayMetrics) param.args[0];
metrics.density = sdensity;
}
});
} catch (Exception e) {
}
try {
XposedHelpers.findAndHookMethod("android.view.Display", loadPkgParam.classLoader, "getMetrics", DisplayMetrics.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param)
throws Throwable {
// TODO Auto-generated method stub
super.afterHookedMethod(param);
final float sxdpi = tryParsefloat(SharedPref.getXValue("xdpi"));
DisplayMetrics metrics = (DisplayMetrics) param.args[0];
metrics.xdpi = sxdpi;
}
});
} catch (Exception e) {
XposedBridge.log("Fake Real DPI ERROR: " + e.getMessage());
}
try {
XposedHelpers.findAndHookMethod("android.view.Display", loadPkgParam.classLoader, "getMetrics", DisplayMetrics.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param)
throws Throwable {
// TODO Auto-generated method stub
super.afterHookedMethod(param);
final float sydpi = tryParsefloat(SharedPref.getXValue("ydpi"));
DisplayMetrics metrics = (DisplayMetrics) param.args[0];
metrics.ydpi = sydpi;
}
});
} catch (Exception e) {
}
try {
XposedHelpers.findAndHookMethod("android.view.Display", loadPkgParam.classLoader, "getMetrics", DisplayMetrics.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param)
throws Throwable {
// TODO Auto-generated method stub
super.afterHookedMethod(param);
final float scdensity = tryParsefloat(SharedPref.getXValue("scaledDensity"));
DisplayMetrics metrics = (DisplayMetrics) param.args[0];
metrics.scaledDensity = scdensity;
}
});
} catch (Exception e) {
}
private static int tryParseInt(String s) {
try {
return Integer.parseInt(s);
} catch (NumberFormatException e) {
return 320;
}
}
private static float tryParsefloat(String s) {
try {
return Float.parseFloat(s);
} catch (NumberFormatException e) {
return (float) 480.0;
}
}
--------------------------------------------------------------------------------------------------------------------------------------------
// get 参数HOOK 需要反射获取下路径
Class<?> classSysProp = Class
.forName("android.os.SystemProperties");
XposedHelpers.findAndHookMethod(classSysProp, "get", String.class,
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param)
throws Throwable {
// TODO Auto-generated method stub
super.afterHookedMethod(param);
String serialno = (String) param.args[0];
if (serialno.equals("gsm.version.baseband")
|| serialno.equals("no message")
) {
param.setResult(SharedPref.getXValue("getBaseband"));
}
}
});
XposedHelpers.findAndHookMethod(classSysProp, "get", String.class,
String.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param)
throws Throwable {
// TODO Auto-generated method stub
super.afterHookedMethod(param);
String serialno = (String) param.args[0];
if (serialno.equals("gsm.version.baseband")
|| serialno.equals("no message")
) {
param.setResult(SharedPref.getXValue("getBaseband"));
}
}
});
---------------------------------------------------------------------------------------------------------------------
基本上比较难HOOK的函数 我都列出来了 不太适合新手观看 写的比较乱 好多种版本混合的代码
但核心HOOK 都是对的 除了传值不太一样