关于带壳Xposed HOOK
首先通过搜索“attachBaseContext”,找到调用该方法的地方,然后获取ClassLoader:
XposedHelpers.findAndHookMethod("com.Proxy.ShellApplication", // 壳入口类(需适配不同加固厂商)
loadPackageParam.classLoader, "attachBaseContext", Context.class,
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) {
ClassLoader shellClassLoader = ((Context) param.args[0]).getClassLoader();
// 后续HOOK需使用此ClassLoader
Class<?> clazz_EncryptManager = XposedHelpers.findClass("com.xxx.xxx.xxx",shellClassLoader);
//HOOK Rsa加密
XposedHelpers.findAndHookMethod(clazz_EncryptManager, "rsaEncrypt", String.class, String.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
MyLog.log("===========================RSA_Enc:");
MyLog.log("===Message:");
MyLog.log((String)param.args[0]);
MyLog.log("===Key:");
MyLog.log((String)param.args[1]);
MyLog.log("===Result:");
MyLog.log((String)param.getResult());
MyLog.log("=================================");
}
});
//HOOK AES加密
XposedHelpers.findAndHookMethod(clazz_EncryptManager, "aesEncrypt", String.class, String.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
MyLog.log("===========================AES_Enc:");
MyLog.log("===Message:");
MyLog.log((String)param.args[0]);
MyLog.log("===Key:");
MyLog.log((String)param.args[1]);
MyLog.log("===Result:");
MyLog.log((String)param.getResult());
MyLog.log("=================================");
}
});
}
});
}目录 返回
首页