Shulou(Shulou.com)05/31 Report--

This article mainly explains "what is the method of reverse upgrading of Android". The content of the explanation is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what is the method of reverse upgrading of Android".

1. Weapon get

Xiaobai, if you want to use this weapon, you must first open the meridians.

1.1 Meridians (environment)

1.Root, mobile root, no root without Android. Open the root meridian before we can do the later operation.

2.Xposed framework installation, if you want to use Xposed this weapon, you must be able to pick it up before you can talk about it.

1.2 weapons

XposedBridgeApi-82.jar.jar .

This is our weapon, Xiaobai. Come on, I'll show you how to use this weapon.

two。 Weapon demonstration

We use Xposed weapons here to intercept packageName and then output.

In fact, this weapon is combined with internal skills in order to give full play to its maximum ability.

With internal skills, master, how to do this.

Don't worry, let's take it one step at a time.

0x02 practice using the first internal power of Hook (Android Studio 3.0 + Xposed)

Xiaobai, let me first teach you the operating acupoints of the first internal skill. Listen carefully.

Android Studio 3.0 basic configuration

Let's first provide an environment for content to run.

(1) first build a project that does not require Activity

(2) then import jar package. And right-click add as Library.

(3) fill in the Androidmanifest.xml document.

(4) modify the dependency mode

The content of the jar package is already in Xposed. It will conflict if you package it again.

(5) basic Xposed model creation

Implement a method using alt+enter.

Xiaobai, listen to me for a minute.

HandleLoadPackage, this method is used to perform user actions when the application's package is loaded.

The parameter LoadPackageParam loadPackageParam:, contains some basic information about the loaded application.

Internal power realization

It can be realized in a word here.

XposedBridge.log ("HAI_app:" + loadPackageParam.packageName)

Here we need to think about what XposedBridge.log is.

The printing of posedBridge.log is output to the logging function of the launcher of the xposed framework. This is also more convenient for us to view.

Let's do the last step of the configuration. Set the starting place.

In the new assets directory, create a new file. The name of file is xposed_init.

Write the package name + class.

Test results

Build APK

Install and test.

Install the phone and restart it.

Thinking

As the saying goes, the master leads into the door, and the spiritual practice depends on the individual. So...

I know, master, can we filter through this simple one? For example, write a simple analysis system. Or something else, we can also filter this. I'll try it myself first.

Xiaobai's self-cultivation

Through this running path, the registration is analyzed and filtered.

Make a simple attempt.

Use the substring of the java string you learned yesterday to filter the string.

And then test it.

Of course, this can also be explained in more detail.

Practical practice of 0x03 stake

Xiaobai, come here, the master has found a stake for you. I'll show you. How does this hook perform Dharma Gong and how to fight? You have to learn well.

Got it, master.

Stake information collection 1. Basic information

Xiaobai, use a weapon we used before to collect these basic information.

Master, what kind of information do we usually collect?

Well, we usually collect

1. The package name of the stake

two。 The simple logic of a stake

....

Xiaobai, you can collect this by yourself.

Xiaobai's operation

The first is the name of the package. Use weapons, apkhelper.

Get the package name information. Com.example.login

Then there is a simple logical cell phone.

two。 Decompilation information collection

Xiaobai, have you collected and played yet?

I've finished the collection, master.

Okay, let's next collect decompilation information. Only when you know yourself and the enemy can you fight a hundred battles.

The master's operation

First of all, let's take a look at what we want to collect.

1. The key class name.

two。 The key function position.

To decompile the stake with an Android Killer weapon.

Location.

Look at the class name and record it.

Xiaobai, take a good look, this is the way to record.

i see. Com/example/login/MainActivity

But we have to change it to this. Com.example.login.MainActivity

Now you need to locate the key function.

This login is the function we want Hook to live in.

Ljava/lang/String;Ljava/lang/String; from here we can see that there are two inputs. And the type is String. What we need to do now is to hook the output and then output it.

Construction of practical practice environment for wooden piles

All right, Xiaobai, we have almost collected the previous information. I'm going to do some work now, so I need to see how I use it.

Adjust the environment first.

Then do a simple filter first.

At this time, the collection of package names will come in handy.

Because it is a method of hook, we use a method here.

The first parameter is the package name + method name of hook, which is also collected by us.

The second parameter does not move.

The third parameter method name

The parameter entered by the fourth parameter

We have two parameters of type String, which is why we write this

The last parameter is to do a monitor. You can monitor the use of this method before and after use.

F for stake

Xiaobai, when you are ready, you have to look at the teacher to give you this stake.

Xiaobai, look at this first move.

XposedBridge.log ("ZHUZHU520:LoginName:" + param.args [0])

This trick is its first input.

Then let's take a look at this move.

XposedBridge.log ("ZHUZHU520:Passward:" + param.args [1])

This trick takes its second input.

And then one last resort.

XposedBridge.log ("ZHUZHU520:end???:" + param.getResult ())

This trick is to intercept the return value.

Xiaobai, here is something to think about.

What is the meaning or function of hook?

The thinking of Xiaobai

Master, I think first of all, this can intercept the input parameters and the returned values. If you do a skill of forwarding messages in hook. Then you can successfully obtain the account number and password of the person who logs in to the account.

It's just like fishing.

I think this is a big loophole, if the login manufacturer does not deal with it accordingly, then I can kill him with this.

All right, Xiaobai, you're right. Let's test this now.

F wooden pile test

Xiaobai, look here, we have successfully intercepted the content. Xiaobai gives you a task, use hook f to drop this stake, I hope he can log in successfully, even if I typed it correctly.

0x04 stake f Advanced (Xiaobai's self-improvement) XposedBridge.log ("ZHUZHU520:end???:" + param.getResult ())

The master used a param.getResult () to get the return value before, so can I use the same set method to re-assign this value?

In a variety of ways, we know that the return value here is Z, which is Boolean.

Just do it and try to get rid of the stake.

Thank you for your reading, the above is the content of "what is the method of reverse upgrading of Android". After the study of this article, I believe you have a deeper understanding of what the method of reverse upgrading of Android is, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.