一、主要框架,hook代码主要填写在try代码块里
package com.bucuo.a20210908; import android.app.Application; import android.content.Context; import android.util.Log; import de.robv.android.xposed.IXposedHookLoadPackage; import de.robv.android.xposed.XposedBridge; import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam; import static de.robv.android.xposed.XposedHelpers.findAndHookMethod; import de.robv.android.xposed.IXposedHookLoadPackage; import de.robv.android.xposed.XC_MethodHook; import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam; public class hook implements IXposedHookLoadPackage { public void handleLoadPackage(final LoadPackageParam loadPackageParam) throws Throwable { Log.d("逆向有你", "hook成功"); try{ }catch (Exception e){ e.printStackTrace(); } } public String b2s(byte[] bt){ StringBuffer sb=new StringBuffer(); int i=0; while (i<bt.length){ int k=bt[i]; int j=k; if (k<0){ j=k+256; } if (j<16){ sb.append("0"); } sb.append(Integer.toHexString(j)); i+=1; } return sb.toString(); } }
二、MD5算法实现源码(SHA算法同理)
import java.security.MessageDigest; String bs= "逆向有你a"; MessageDigest md=MessageDigest.getInstance("MD5");//我要用md5算法 md.update(bs.getBytes());//我要加密的数据 byte[] res = md.digest();//给我加密 System.out.println("MD5加密(字节):"+Arrays.toString(res)); System.out.println("MD5加密(字符串):"+bytes2HexString(res)); MessageDigest mdmd = MessageDigest.getInstance("MD5"); mdmd.update("逆向".getBytes(StandardCharsets.UTF_8)); mdmd.update("有你".getBytes(StandardCharsets.UTF_8)); byte[] mdmdres = mdmd.digest("a".getBytes(StandardCharsets.UTF_8)); System.out.println(bytes2HexString(mdmdres));
三、分析要hook的地方
1、hook的类就是导入的包,即“java.security.MessageDigest”
2、update可以使用多次(如果hook这里会无限循环), digest只能使用一次(这里是hook点)
四、知道hook的类及方法名,开始编写代码
XposedBridge.hookAllMethods(XposedHelpers.findClass("java.security.MessageDigest", loadPackageParam.classLoader) , "digest", new XC_MethodHook() { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { super.afterHookedMethod(param); Log.e("逆向有你", "Stack:", new Throwable("stack dump")); MessageDigest md = (MessageDigest) param.thisObject;//实例化 String algorithm = md.getAlgorithm();//获取加密算法的名称 if (param.args.length >= 1) { byte[] params = (byte[]) param.args[0]; String data = new String(params); String datahex = b2s(params); String datab64 = Base64.encodeToString(params, 0); Log.d("逆向有你",algorithm+"data:"+data); Log.d("逆向有你",algorithm+"datahex:"+datahex); Log.d("逆向有你",algorithm+"datab63:"+datab64); } byte[] res=(byte[])param.getResult(); String reshex = b2s(res); String resb64 = Base64.encodeToString(res, 0); Log.d("逆向有你",algorithm+"resulthex:"+reshex); Log.d("逆向有你",algorithm+"resultb64:"+resb64); Log.d("逆向有你","========================================================================"); } });
禁止非法,后果自负
