创建 Hook 应用
- 先创建一个应用,用来做 Hook 之用
- 修改
app\build.gradle
,加入仓库与 Xposed 模块依赖
apply plugin: 'com.android.application' android { compileSdkVersion 29 buildToolsVersion "29.0.2" defaultConfig { applicationId "com.seliote.hook4ft" minSdkVersion 19 targetSdkVersion 29 versionCode 1 versionName "1.0" testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner" } buildTypes { release { minifyEnabled false proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' } } } // 加入仓库 repositories { jcenter() } dependencies { implementation fileTree(dir: 'libs', include: ['*.jar']) implementation 'androidx.appcompat:appcompat:1.0.2' implementation 'androidx.constraintlayout:constraintlayout:1.1.3' testImplementation 'junit:junit:4.12' androidTestImplementation 'androidx.test.ext:junit:1.1.0' androidTestImplementation 'androidx.test.espresso:espresso-core:3.1.1' // Xposed 依赖 compileOnly 'de.robv.android.xposed:api:82' compileOnly 'de.robv.android.xposed:api:82:sources' }
- 修改
app\src\main\AndroidManifest.xml
添加作为 Xposed 模块的元数据
<?xml version="1.0" encoding="utf-8"?> <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.seliote.hook4ft"> <application android:allowBackup="true" android:icon="@mipmap/ic_launcher" android:label="@string/app_name" android:roundIcon="@mipmap/ic_launcher_round" android:supportsRtl="true" android:theme="@style/AppTheme"> <!-- 这是一个 Xposed 模块 --> <meta-data android:name="xposedmodule" android:value="true" /> <!-- 模块描述 --> <meta-data android:name="xposeddescription" android:value="脚本" /> <!-- 最低 Xposed 版本 --> <meta-data android:name="xposedminversion" android:value="53" /> <activity android:name=".MainActivity"> <intent-filter> <action android:name="android.intent.action.MAIN" /> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> </activity> </application> </manifest>
- 创建一个 Hook 类
package com.seliote.hook4ft.hook; import de.robv.android.xposed.IXposedHookLoadPackage; import de.robv.android.xposed.XC_MethodHook; import de.robv.android.xposed.XposedBridge; import de.robv.android.xposed.XposedHelpers; import de.robv.android.xposed.callbacks.XC_LoadPackage; /** * Hook 主类 */ public class MainHook implements IXposedHookLoadPackage { @Override public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable { // 确认包名 if (loadPackageParam.packageName.equals("com.seliote.script4ft")) { XposedBridge.log("In hook"); // 创建 Hook 类对象 Class hookedClazz = loadPackageParam.classLoader.loadClass("com.seliote.script4ft.MainActivity"); // 创建 Hook XposedHelpers.findAndHookMethod(hookedClazz, "getText", new XC_MethodHook() { @Override protected void beforeHookedMethod(MethodHookParam param) throws Throwable { super.beforeHookedMethod(param); } @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { super.afterHookedMethod(param); param.setResult("Had hook"); } }); } } }
app\src\main\assets
目录下创建xposed_init
文件为 Xposed 指定 Hook 入口
com.seliote.hook4ft.hook.MainHook
- 在 Xposed 里启用模块重启后生效
分析原应用
# adb install app.apk
安装上应用后打开来看看,熟悉一下要做什么- 把 App 拖进 AK 里,提示
APK 反编译失败,无法继续下一步源码反编译!
下载新版本的 apktool 之后替换原bin\apktool\apktool\ShakaApktool.jar
,之后重试提示APK 反编译失败,无法继续下一步源码反编译!
,下载 AndroidKillerPlugin 修改WinAkPlugin.exe.config
下akpath
为 AK 的安装路径然后点开 AndroidKillerPlugin 除了合并之外的选项全部勾选然后执行选中功能
,结果报解压文件失败
,手动把 APK 解压到\WinAkPlugin\temp\${APP_NAME}
下,取消勾选解压 APK
,点击执行选中功能
,之后再用 AK 重新打开即可
来源:https://www.cnblogs.com/seliote/p/12164087.html