-
-
[原创]xpsoed 修改50多个函数 GPU 分辨率 等等
-
发表于: 2017-3-30 09:44 3832
-
具体我就不多说了 xpsoed相关 看老帖子 重写版本注重代码
读取器 获取硬件相关信息 方便检测HOOK成功了吗 我只获取了少部分
--------------------------------------------------------------------------------------------------------------------------- private void init() { DisplayMetrics book=new DisplayMetrics(); getWindowManager().getDefaultDisplay().getMetrics(book); try { Class localClass = Class.forName("Android.os.SystemProperties"); Object localObject1 = localClass.newInstance(); Object localObject2 = localClass.getMethod("get", new Class[] { String.class, String.class }).invoke(localObject1, new Object[] { "gsm.version.baseband", "no message" }); setEditText(R.id.get,localObject2+""); } catch (Exception e) { e.printStackTrace(); } //获取网络连接管理者 ConnectivityManager connectionManager = (ConnectivityManager) getSystemService(CONNECTIVITY_SERVICE); //获取网络的状态信息,有下面三种方式 NetworkInfo networkInfo = connectionManager.getActiveNetworkInfo(); setEditText(R.id.lianwang,networkInfo.getType()+""); setEditText(R.id.lianwangname,networkInfo.getTypeName()); setEditText(R.id.imei, phone.getDeviceId()); setEditText(R.id.deviceversion,phone.getDeviceSoftwareVersion()); setEditText(R.id.imsi, phone.getSubscriberId()); setEditText(R.id.number, phone.getLine1Number()); setEditText(R.id.simserial, phone.getSimSerialNumber()); setEditText(R.id.simoperator,phone.getSimOperator()); setEditText(R.id.simoperatorname, phone.getSimOperatorName()); setEditText(R.id.simcountryiso, phone.getSimCountryIso()); setEditText(R.id.workType,phone.getNetworkType()+""); setEditText(R.id.netcountryiso,phone.getNetworkCountryIso()); setEditText(R.id.netoperator,phone.getNetworkOperator()); setEditText(R.id.netoperatorname,phone.getNetworkOperatorName()); setEditText(R.id.radiovis,android.os.Build.getRadioVersion()); setEditText(R.id.wifimac, wifi.getConnectionInfo().getMacAddress()); setEditText(R.id.getssid,wifi.getConnectionInfo().getSSID()); setEditText(R.id.getbssid,wifi.getConnectionInfo().getBSSID()); setEditText(R.id.ip,wifi.getConnectionInfo().getIpAddress()+""); setEditText(R.id.bluemac, BluetoothAdapter.getDefaultAdapter() .getAddress()); setEditText(R.id.bluname, BluetoothAdapter.getDefaultAdapter().getName() ); setEditText(R.id.cpu,Mnt.getCpuName()); setEditText(R.id.andrlid_id, Settings.Secure.getString(getContentResolver(), Settings.Secure.ANDROID_ID)); setEditText(R.id.serial,android.os.Build.SERIAL); setEditText(R.id.brand,android.os.Build.BRAND); setEditText(R.id.tags, android.os.Build.TAGS); setEditText(R.id.device,android.os.Build.DEVICE); setEditText(R.id.fingerprint,android.os.Build.FINGERPRINT); setEditText(R.id.bootloader, Build.BOOTLOADER); setEditText(R.id.release, Build.VERSION.RELEASE); setEditText(R.id.sdk,Build.VERSION.SDK); // setEditText(R.id.sdk_INT,Build.VERSION.SDK_INT+""); setEditText(R.id.codename,Build.VERSION.CODENAME); setEditText(R.id.incremental,Build.VERSION.INCREMENTAL); setEditText(R.id.cpuabi, android.os.Build.CPU_ABI); setEditText(R.id.cpuabi2, android.os.Build.CPU_ABI2); setEditText(R.id.board, android.os.Build.BOARD); setEditText(R.id.model, android.os.Build.MODEL); setEditText(R.id.product, android.os.Build.PRODUCT); setEditText(R.id.type, android.os.Build.TYPE); setEditText(R.id.user, android.os.Build.USER); setEditText(R.id.disply, android.os.Build.DISPLAY); setEditText(R.id.hardware, android.os.Build.HARDWARE); setEditText(R.id.host, android.os.Build.HOST); setEditText(R.id.changshang, android.os.Build.MANUFACTURER); setEditText(R.id.phonetype,phone.getPhoneType()+""); setEditText(R.id.simstate,phone.getSimState()+""); setEditText(R.id.b_id,Build.ID); setEditText(R.id.gjtime,android.os.Build.TIME+""); setEditText(R.id.width,display.getWidth()+""); setEditText(R.id.height,display.getHeight()+""); setEditText(R.id.dpi,book.densityDpi+""); setEditText(R.id.density,book.density+""); setEditText(R.id.xdpi,book.xdpi+""); setEditText(R.id.ydpi,book.ydpi+""); setEditText(R.id.scaledDensity,book.scaledDensity+""); //setEditText(R.id.wl,getNetworkState(this)+""); // 方法2 DisplayMetrics dm = new DisplayMetrics(); getWindowManager().getDefaultDisplay().getMetrics(dm); int width=dm.widthPixels; int height=dm.heightPixels; setEditText(R.id.xwidth,width+""); setEditText(R.id.xheight,height+""); } private void setEditText(int id, String s) { ((TextView) this.findViewById(id)).setText(s); } ------------------------------------------------------------------------------------------------------------------------ /** * 使用SharedPreferences 保存输入框输入的数据 */ private void saveData() { try { SharedPreferences sh = this.getSharedPreferences("prefs", Context.MODE_WORLD_READABLE); SharedPreferences.Editor pre = sh.edit(); // Logger.d("保存内容"); pre.putString("imei", this.getEditText(R.id.imei)); pre.putString("deviceversion",this.getEditText(R.id.deviceversion)); pre.putInt("phonetype", Integer.parseInt(this.getEditText(R.id.phonetype))); pre.putInt("simstate", Integer.parseInt(this.getEditText(R.id.simstate))); pre.putInt("width", Integer.parseInt(this.getEditText(R.id.width))); pre.putInt("height", Integer.parseInt(this.getEditText(R.id.height))); pre.putString("imsi", this.getEditText(R.id.imsi)); pre.putString("number", this.getEditText(R.id.number)); pre.putString("simserial", this.getEditText(R.id.simserial)); pre.putString("simoperator", this.getEditText(R.id.simoperator)); pre.putString("simoperatorname", this.getEditText(R.id.simoperatorname)); pre.putString("simcountryiso", this.getEditText(R.id.simcountryiso)); pre.putString("netcountryiso", this.getEditText(R.id.netcountryiso)); pre.putString("netoperator", this.getEditText(R.id.netoperator)); pre.putString("netoperatorname", this.getEditText(R.id.netoperatorname)); pre.putString("radiovis",this.getEditText(R.id.radiovis)); pre.putString("wifimac", this.getEditText(R.id.wifimac)); pre.putString("bluemac", this.getEditText(R.id.bluemac)); pre.putString("bluname",this.getEditText(R.id.bluname)); pre.putString("serial", this.getEditText(R.id.serial)); pre.putString("brand", this.getEditText(R.id.brand)); pre.putString("tags", this.getEditText(R.id.tags)); pre.putString("device", this.getEditText(R.id.device)); pre.putString("fingerprint", this.getEditText(R.id.fingerprint)); pre.putString("bootloader", this.getEditText(R.id.bootloader)); pre.putString("release", this.getEditText(R.id.release)); pre.putString("sdk", this.getEditText(R.id.sdk)); pre.putString("codename", this.getEditText(R.id.codename)); pre.putString("incremental", this.getEditText(R.id.incremental)); pre.putString("cpuabi", this.getEditText(R.id.cpuabi)); pre.putString("cpuabi2", this.getEditText(R.id.cpuabi2)); pre.putString("board", this.getEditText(R.id.board)); pre.putString("model", this.getEditText(R.id.model)); pre.putString("product", this.getEditText(R.id.product)); pre.putString("type", this.getEditText(R.id.type)); pre.putString("user", this.getEditText(R.id.user)); pre.putString("disply", this.getEditText(R.id.disply)); pre.putString("hardware", this.getEditText(R.id.hardware)); pre.putString("host", this.getEditText(R.id.host)); pre.putString("changshang", this.getEditText(R.id.changshang)); pre.putInt("time", Integer.parseInt(this.getEditText(R.id.gjtime))); pre.putString("androidid", this.getEditText(R.id.androidid)); pre.putInt("dpi", Integer.parseInt(this.getEditText(R.id.dpi))); pre.apply(); } catch (Throwable e) { // Logger.d("写入内容失败"); e.printStackTrace(); } } private void setEditText(int id, String s) { ((EditText) this.findViewById(id)).setText(s); } private String getEditText(int id) { return ((EditText) this.findViewById(id)).getText().toString(); } ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ HOOK 界面 注意HOOK 很重要的一块 HOOK什么类型的值 通过SharedPreferences保存的时候也要是相应 的类型 改的函数是Int 必须是Int 字符串必须是字符串 传过来的 getString就得是字符串 getint就得是Int 要不然就溃 这个下面代码少部分类型貌似不对 这个也是初期的老代码 哎懒得找了 大家对付看吧 主要是思路 public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable { readData(lpparam); } private void readData(XC_LoadPackage.LoadPackageParam lpparam) throws IllegalAccessException { final XSharedPreferences pre = new XSharedPreferences(this.getClass() .getPackage().getName(), "prefs"); HookMethod(TelephonyManager.class, "getDeviceId",pre.getString("imei",null)); HookMethod(TelephonyManager.class, "getDeviceSoftwareVersion", pre.getString("deviceversion",null)); HookMethod(TelephonyManager.class,"getPhoneType",pre.getInt("phonetype",6)); HookMethod(TelephonyManager.class,"getSimState",pre.getInt("simstate",6)); HookMethod(Display.class,"getWidth",pre.getInt("width",6)); HookMethod(Display.class,"getHeight",pre.getInt("height",6)); // HookMethod(DisplayMetrics.class,"getDisplayMetrics",pre.getInt("dpi",6)); HookMethod(TelephonyManager.class,"getSubscriberId",pre.getString("imsi",null)); HookMethod(TelephonyManager.class, "getLine1Number",pre.getString("number",null)); HookMethod(TelephonyManager.class, "getSimSerialNumber",pre.getString("simserial",null)); HookMethod(TelephonyManager.class, "getSimOperator", pre.getString("simoperator",null)); HookMethod(TelephonyManager.class, "getSimOperatorName", pre.getString("simoperatorname",null)); HookMethod(TelephonyManager.class, "getSimCountryIso", pre.getString("simcountryiso",null)); HookMethod(TelephonyManager.class, "getNetworkCountryIso", pre.getString("netcountryiso",null)); HookMethod(TelephonyManager.class, "getNetworkOperator", pre.getString("netoperator",null)); HookMethod(TelephonyManager.class, "getNetworkOperatorName", pre.getString("netoperatorname",null)); HookMethod(android.os.Build.class, "getRadioVersion", pre.getString("radiovis",null)); HookMethod(WifiInfo.class, "getMacAddress",pre.getString("wifimac",null)); HookMethod(BluetoothAdapter.class, "getAddress", pre.getString("bluemac",null)); HookMethod(BluetoothAdapter.class,"getName",pre.getString("bluname",null)); XposedHelpers.findField(android.os.Build.class, "SERIAL").set(null, pre.getString("serial",null)); XposedHelpers.findField(android.os.Build.class, "BRAND").set(null, pre.getString("brand",null)); XposedHelpers.findField(android.os.Build.class, "TAGS").set(null, pre.getString("tags",null)); XposedHelpers.findField(android.os.Build.class, "DEVICE").set(null, pre.getString("device",null)); XposedHelpers.findField(android.os.Build.class, "FINGERPRINT").set(null, pre.getString("fingerprint",null)); XposedHelpers.findField(android.os.Build.class, "BOOTLOADER").set(null, pre.getString("bootloader",null)); XposedHelpers.findField(Build.VERSION.class, "RELEASE").set(null, pre.getString("release",null)); XposedHelpers.findField(Build.VERSION.class, "SDK").set(null, pre.getString("sdk",null)); XposedHelpers.findField(Build.VERSION.class, "CODENAME").set(null, pre.getString("codename",null)); XposedHelpers.findField(Build.VERSION.class, "INCREMENTAL").set(null, pre.getString("incremental",null)); XposedHelpers.findField(android.os.Build.class, "CPU_ABI").set(null, pre.getString("cpuabi",null)); XposedHelpers.findField(android.os.Build.class, "CPU_ABI2").set(null, pre.getString("cpuabi2",null)); XposedHelpers.findField(android.os.Build.class, "BOARD").set(null, pre.getString("board",null)); XposedHelpers.findField(android.os.Build.class, "MODEL").set(null, pre.getString("model",null)); XposedHelpers.findField(android.os.Build.class, "PRODUCT").set(null, pre.getString("product",null)); XposedHelpers.findField(android.os.Build.class, "TYPE").set(null, pre.getString("type",null)); XposedHelpers.findField(android.os.Build.class, "USER").set(null, pre.getString("user",null)); XposedHelpers.findField(android.os.Build.class, "DISPLAY").set(null, pre.getString("disply",null)); XposedHelpers.findField(android.os.Build.class, "HARDWARE").set(null, pre.getString("hardware",null)); XposedHelpers.findField(android.os.Build.class, "HOST").set(null, pre.getString("host",null)); XposedHelpers.findField(android.os.Build.class, "MANUFACTURER").set(null, pre.getString("changshang",null)); XposedHelpers.findField(android.os.Build.class,"TIME").set(null,pre.getInt("time",7)); } ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ GPU 相关HOOK 方法 这个网上目前没有 只有我这一份代码 mySP.setSharedPref("GLRenderer", "Adreno (TM) 111"); // GPU mySP.setSharedPref("GLVendor", "UFU");// GPU厂商 try { XposedHelpers.findAndHookMethod("com.google.android.gles_jni.GLImpl", loadPkgParam.classLoader, "glGetString", Integer.TYPE, new XC_MethodHook() { @Override protected void beforeHookedMethod(MethodHookParam param) throws Throwable { // TODO Auto-generated method stub //super.beforeHookedMethod(param); if (param.args[0] != null) { if (param.args[0].equals(Integer.valueOf(7936))) { param.setResult(SharedPref.getXValue("GLVendor")); } if (param.args[0].equals(Integer.valueOf(7937))) { param.setResult(SharedPref.getXValue("GLRenderer")); } } } }); } catch (Exception e) { XposedBridge.log("Fake GLVendor|GLRenderer ERROR: " + e.getMessage()); }*/ ------------------------------------------------------- 单独列出来的都是 不太好HOOK 的 其实 这种写法 不太适合新手阅读 但没办法了 // 屏幕相关函数 分辨率啊 xdpi ydpi 等等 ------------------------------------------------------------------------------------ try { XposedHelpers.findAndHookMethod("android.view.Display", loadPkgParam.classLoader, "getMetrics", DisplayMetrics.class, new XC_MethodHook(XCallback.PRIORITY_LOWEST) { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { // TODO Auto-generated method stub super.afterHookedMethod(param); final int dpi = tryParseInt(SharedPref.getXValue("DPI")); DisplayMetrics metrics = (DisplayMetrics) param.args[0]; metrics.densityDpi = dpi; } }); } catch (Exception e) { XposedBridge.log("Fake DPI ERROR: " + e.getMessage()); } try { XposedHelpers.findAndHookMethod("android.view.Display", loadPkgParam.classLoader, "getRealMetrics", DisplayMetrics.class, new XC_MethodHook(XCallback.PRIORITY_LOWEST) { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { // TODO Auto-generated method stub super.afterHookedMethod(param); final int dpi = tryParseInt(SharedPref.getXValue("DPI")); DisplayMetrics metrics = (DisplayMetrics) param.args[0]; metrics.densityDpi = dpi; } }); } catch (Exception e) { } try { XposedHelpers.findAndHookMethod("android.view.Display", loadPkgParam.classLoader, "getMetrics", DisplayMetrics.class, new XC_MethodHook() { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { // TODO Auto-generated method stub super.afterHookedMethod(param); final float sdensity = tryParsefloat(SharedPref.getXValue("density")); DisplayMetrics metrics = (DisplayMetrics) param.args[0]; metrics.density = sdensity; } }); } catch (Exception e) { } try { XposedHelpers.findAndHookMethod("android.view.Display", loadPkgParam.classLoader, "getMetrics", DisplayMetrics.class, new XC_MethodHook() { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { // TODO Auto-generated method stub super.afterHookedMethod(param); final float sxdpi = tryParsefloat(SharedPref.getXValue("xdpi")); DisplayMetrics metrics = (DisplayMetrics) param.args[0]; metrics.xdpi = sxdpi; } }); } catch (Exception e) { XposedBridge.log("Fake Real DPI ERROR: " + e.getMessage()); } try { XposedHelpers.findAndHookMethod("android.view.Display", loadPkgParam.classLoader, "getMetrics", DisplayMetrics.class, new XC_MethodHook() { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { // TODO Auto-generated method stub super.afterHookedMethod(param); final float sydpi = tryParsefloat(SharedPref.getXValue("ydpi")); DisplayMetrics metrics = (DisplayMetrics) param.args[0]; metrics.ydpi = sydpi; } }); } catch (Exception e) { } try { XposedHelpers.findAndHookMethod("android.view.Display", loadPkgParam.classLoader, "getMetrics", DisplayMetrics.class, new XC_MethodHook() { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { // TODO Auto-generated method stub super.afterHookedMethod(param); final float scdensity = tryParsefloat(SharedPref.getXValue("scaledDensity")); DisplayMetrics metrics = (DisplayMetrics) param.args[0]; metrics.scaledDensity = scdensity; } }); } catch (Exception e) { } public static int RandomNumber(int i, int i2) { return (int) (Math.random() * ((double) (i2 - i))); } private static int tryParseInt(String s) { try { return Integer.parseInt(s); } catch (NumberFormatException e) { return 320; } } private static float tryParsefloat(String s) { try { return Float.parseFloat(s); } catch (NumberFormatException e) { return (float) 480.0; } } -------------------------------------------------------------------------------------------------------------------- // get 参数HOOK 需要反射获取下路径 Class<?> classSysProp = Class .forName("android.os.SystemProperties"); XposedHelpers.findAndHookMethod(classSysProp, "get", String.class, new XC_MethodHook() { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { // TODO Auto-generated method stub super.afterHookedMethod(param); String serialno = (String) param.args[0]; if (serialno.equals("gsm.version.baseband") || serialno.equals("no message") ) { param.setResult(SharedPref.getXValue("getBaseband")); } } }); XposedHelpers.findAndHookMethod(classSysProp, "get", String.class, String.class, new XC_MethodHook() { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { // TODO Auto-generated method stub super.afterHookedMethod(param); String serialno = (String) param.args[0]; if (serialno.equals("gsm.version.baseband") || serialno.equals("no message") ) { param.setResult(SharedPref.getXValue("getBaseband")); } } });
基本上比较难HOOK的函数 我都列出来了 不太适合新手观看 写的比较乱 好多种版本混合的代码
但核心HOOK 都是对的 除了传值不太一样
http://blog.csdn.net/qq_35834055/article/details/68067528
赞赏
他的文章
- 钉钉打卡风控分析与破解 15638
- [原创]淘宝长x-mini-wua分析与破解 19577
- [原创]分析百度手机助手协议(实现app下载量上涨) 8960
- 华为手机Log开启分析 5749
- 破解微信数据库2.0需要root或Xposed 13160
看原图
赞赏
雪币:
留言: