一、主要架構,hook代碼主要填寫在try代碼塊裡
package com.bucuo.a20210908; import android.app.Application; import android.content.Context; import android.util.Log; import de.robv.android.xposed.IXposedHookLoadPackage; import de.robv.android.xposed.XposedBridge; import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam; import static de.robv.android.xposed.XposedHelpers.findAndHookMethod; import de.robv.android.xposed.IXposedHookLoadPackage; import de.robv.android.xposed.XC_MethodHook; import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam; public class hook implements IXposedHookLoadPackage { public void handleLoadPackage(final LoadPackageParam loadPackageParam) throws Throwable { Log.d("逆向有你", "hook成功"); try{ }catch (Exception e){ e.printStackTrace(); } } public String b2s(byte[] bt){ StringBuffer sb=new StringBuffer(); int i=0; while (i<bt.length){ int k=bt[i]; int j=k; if (k<0){ j=k+256; } if (j<16){ sb.append("0"); } sb.append(Integer.toHexString(j)); i+=1; } return sb.toString(); } }
二、MD5算法實作源碼(SHA算法同理)
import java.security.MessageDigest; String bs= "逆向有你a"; MessageDigest md=MessageDigest.getInstance("MD5");//我要用md5算法 md.update(bs.getBytes());//我要加密的資料 byte[] res = md.digest();//給我加密 System.out.println("MD5加密(位元組):"+Arrays.toString(res)); System.out.println("MD5加密(字元串):"+bytes2HexString(res)); MessageDigest mdmd = MessageDigest.getInstance("MD5"); mdmd.update("逆向".getBytes(StandardCharsets.UTF_8)); mdmd.update("有你".getBytes(StandardCharsets.UTF_8)); byte[] mdmdres = mdmd.digest("a".getBytes(StandardCharsets.UTF_8)); System.out.println(bytes2HexString(mdmdres));
三、分析要hook的地方
1、hook的類就是導入的包,即“java.security.MessageDigest”
2、update可以使用多次(如果hook這裡會無限循環), digest隻能使用一次(這裡是hook點)
四、知道hook的類及方法名,開始編寫代碼
XposedBridge.hookAllMethods(XposedHelpers.findClass("java.security.MessageDigest", loadPackageParam.classLoader) , "digest", new XC_MethodHook() { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { super.afterHookedMethod(param); Log.e("逆向有你", "Stack:", new Throwable("stack dump")); MessageDigest md = (MessageDigest) param.thisObject;//執行個體化 String algorithm = md.getAlgorithm();//擷取加密算法的名稱 if (param.args.length >= 1) { byte[] params = (byte[]) param.args[0]; String data = new String(params); String datahex = b2s(params); String datab64 = Base64.encodeToString(params, 0); Log.d("逆向有你",algorithm+"data:"+data); Log.d("逆向有你",algorithm+"datahex:"+datahex); Log.d("逆向有你",algorithm+"datab63:"+datab64); } byte[] res=(byte[])param.getResult(); String reshex = b2s(res); String resb64 = Base64.encodeToString(res, 0); Log.d("逆向有你",algorithm+"resulthex:"+reshex); Log.d("逆向有你",algorithm+"resultb64:"+resb64); Log.d("逆向有你","========================================================================"); } });
禁止非法,後果自負
歡迎關注公衆号:逆向有你
歡迎關注視訊号:之乎者也吧
