1、初始化Android项目:
2、在AndroidMainifest中添加xposed模块
<meta-data
android:name="xposedmodule"
android:value="true"/>
<meta-data
android:name="xposeddescription"
android:value="hook tmall sth"/>
<meta-data
android:name="xposedminversion"
android:value="53"/>
3、给项目添加xposed依赖:
compileOnly 'de.robv.android.xposed:api:82'
compileOnly 'de.robv.android.xposed:api:82:sources'
两个jar包需要添加到app/lib目录下面,具体得jar包可以到网上下载
4、实现具体得hook得类():
下面是具体的hook框架,具体的代码需要结合具体的业务逻辑:
package com.example.tmallfriend;
import android.app.Application;
import android.content.Context;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.util.zip.GZIPInputStream;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
public class TmallFriend implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(LoadPackageParam arg0) throws Throwable {
if (arg0.packageName == null) return;
if (!arg0.packageName.equals("com.ss.android.article.news")) return;
XposedBridge.log("[+] HookMeituan: arg0.packageName:" + arg0.packageName);
XposedBridge.log("[+] HookMeituan: arg0.processName" + arg0.processName);
XposedHelpers.findAndHookMethod(Application.class, "attach", Context.class,
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
Class<?> hook_class = null;
Context context = (Context) param.args[0];
ClassLoader classLoader = context.getClassLoader();
// start
try {
// hook_class 为具体的你要hook的类
hook_class = classLoader.loadClass("com.bytedance.frameworks.encryptor.EncryptorUtil");
XposedBridge.log("[+] HOOK-DOUYIN:com.bytedance.frameworks.encryptor.EncryptorUtil class loaded ok");
} catch (Exception e){
XposedBridge.log("[+] HOOK-DOUYIN:com.bytedance.frameworks.encryptor.EncryptorUtil class loaded error");
}
try {
XposedHelpers.findAndHookMethod(hook_class,
"a", // "a"为hook_class中我要具体调用的方法
byte[].class, // 为a方法的第一个入参
int.class, // 为a方法的第二个入参
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
byte[] a = (byte[])param.args[0];
ByteArrayInputStream bis = new ByteArrayInputStream(a);
GZIPInputStream gzip = new GZIPInputStream(bis);
byte[] buf = new byte[1024];
int num = -1;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
while ((num = gzip.read(buf, 0, buf.length)) != -1) {
baos.write(buf, 0, num);
}
a = baos.toByteArray();
baos.flush();
baos.close();
gzip.close();
bis.close();
int b = (int)param.args[1];
XposedBridge.log("[+] HOOK-DOUYIN:a param:" + new String(a));
XposedBridge.log("[+] HOOK-DOUYIN:b param:" + b);
byte[] c = (byte[])param.getResult();
String hexstring = bytesToHexString(c, c.length);
XposedBridge.log("[+] HOOK-DOUYIN:c result:" + c);
XposedBridge.log("[+] HOOK-DOUYIN:hexstring:" + hexstring);
}
});
} catch (Exception e) {
XposedBridge.log(e);
}
}
});
}
public static String bytesToHexString(byte[] bArray, int length)
{
StringBuffer sb = new StringBuffer(length);
String sTemp;
for (int i = 0; i < length; i++)
{
sTemp = Integer.toHexString(0xFF & bArray[i]);
if (sTemp.length() < 2)
sb.append(0);
sb.append(sTemp.toUpperCase());
}
return sb.toString();
}
}
5、申明你的xposed类的主入口的路径
在java的同级目录下面新建assets文件夹,并在下面新建xposed_init的申明文件,写上你实现的类名