一、主要框架,hook代码主要填写在try代码块里
package com.bucuo.a20210908;
import android.app.Application;
import android.content.Context;
import android.util.Log;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
public class hook implements IXposedHookLoadPackage {
public void handleLoadPackage(final LoadPackageParam loadPackageParam) throws Throwable {
Log.d("逆向有你", "hook成功");
try{
}catch (Exception e){
e.printStackTrace();
}
}
public String b2s(byte[] bt){
StringBuffer sb=new StringBuffer();
int i=0;
while (i<bt.length){
int k=bt[i];
int j=k;
if (k<0){
j=k+256;
}
if (j<16){
sb.append("0");
}
sb.append(Integer.toHexString(j));
i+=1;
}
return sb.toString();
}
}
二、MD5算法实现源码(SHA算法同理)
import java.security.MessageDigest;
String bs= "逆向有你a";
MessageDigest md=MessageDigest.getInstance("MD5");//我要用md5算法
md.update(bs.getBytes());//我要加密的数据
byte[] res = md.digest();//给我加密
System.out.println("MD5加密(字节):"+Arrays.toString(res));
System.out.println("MD5加密(字符串):"+bytes2HexString(res));
MessageDigest mdmd = MessageDigest.getInstance("MD5");
mdmd.update("逆向".getBytes(StandardCharsets.UTF_8));
mdmd.update("有你".getBytes(StandardCharsets.UTF_8));
byte[] mdmdres = mdmd.digest("a".getBytes(StandardCharsets.UTF_8));
System.out.println(bytes2HexString(mdmdres));
三、分析要hook的地方
1、hook的类就是导入的包,即“java.security.MessageDigest”
2、update可以使用多次(如果hook这里会无限循环), digest只能使用一次(这里是hook点)
四、知道hook的类及方法名,开始编写代码
XposedBridge.hookAllMethods(XposedHelpers.findClass("java.security.MessageDigest", loadPackageParam.classLoader)
, "digest",
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
Log.e("逆向有你", "Stack:", new Throwable("stack dump"));
MessageDigest md = (MessageDigest) param.thisObject;//实例化
String algorithm = md.getAlgorithm();//获取加密算法的名称
if (param.args.length >= 1) {
byte[] params = (byte[]) param.args[0];
String data = new String(params);
String datahex = b2s(params);
String datab64 = Base64.encodeToString(params, 0);
Log.d("逆向有你",algorithm+"data:"+data);
Log.d("逆向有你",algorithm+"datahex:"+datahex);
Log.d("逆向有你",algorithm+"datab63:"+datab64);
}
byte[] res=(byte[])param.getResult();
String reshex = b2s(res);
String resb64 = Base64.encodeToString(res, 0);
Log.d("逆向有你",algorithm+"resulthex:"+reshex);
Log.d("逆向有你",algorithm+"resultb64:"+resb64);
Log.d("逆向有你","========================================================================");
}
});
禁止非法,后果自负