一、前言
之前在破解某个软件中碰到了SSL证书校验的问题,当时的解决方案是搜索TrustManager,SSLContext之类的关键词,模仿JustTrustMe去hook一个加固的APP。
XposedHelpers.findAndHookMethod("javax.net.ssl.SSLContext", classLoader, "init", KeyManager[].class, TrustManager[].class, SecureRandom.class, new XC_MethodHook() { @Override protected void beforeHookedMethod(MethodHookParam param) throws Throwable { super.beforeHookedMethod(param); param.args[1] = new TrustManager[]{(new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0];//就是这里 原代码为return null; 即不信任任何证书 我们使他信任系统默认证书 } })}; XposedBridge.log(TAG + "geetest hook TrustManager OK"); } @Override protected void afterHoo