首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 看雪峰会 看雪商城 证书查询
  1. 看雪社区
  2. ¥付费问答
    3. 发新帖
未解决 [求助]安卓使用XPOSED hook Google Advertising ID (广告ID) 50.00雪花
2021-4-19 22:08 3532

未解决 [求助]安卓使用XPOSED hook Google Advertising ID (广告ID) 50.00雪花

梦幻侠客 活跃值
2021-4-19 22:08
3532

最近在研究xposed 手机常规硬件信息都能HOOK到,谷歌广告ID一直不知道怎么HOOK,有懂的大佬吗,请指点一下,下面给出获取
谷歌广告ID的代码,方便大家查看
public class AdvertisingIdClient {
/**

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
* 这个方法是耗时的,不能在主线程调用
 */
public static String getGoogleAdId(Context context) throws Exception {
    if (Looper.getMainLooper() == Looper.myLooper()) {
        return "Cannot call in the main thread, You must call in the other thread";
    }
    PackageManager pm = context.getPackageManager();
    pm.getPackageInfo("com.android.vending", 0);
    AdvertisingConnection connection = new AdvertisingConnection();
    Intent intent = new Intent(
            "com.google.android.gms.ads.identifier.service.START");
    intent.setPackage("com.google.android.gms");
    if (context.bindService(intent, connection, Context.BIND_AUTO_CREATE)) {
        try {
            AdvertisingInterface adInterface = new AdvertisingInterface(
                    connection.getBinder());
            return adInterface.getId();
        } finally {
            context.unbindService(connection);
        }
    }
    return "";
}
 
private static final class AdvertisingConnection implements ServiceConnection {
    boolean retrieved = false;
    private final LinkedBlockingQueue<IBinder> queue = new LinkedBlockingQueue<>(1);
 
    public void onServiceConnected(ComponentName name, IBinder service) {
        try {
            this.queue.put(service);
        } catch (InterruptedException localInterruptedException) {
        }
    }
 
    public void onServiceDisconnected(ComponentName name) {
    }
 
    public IBinder getBinder() throws InterruptedException {
        if (this.retrieved)
            throw new IllegalStateException();
        this.retrieved = true;
        return this.queue.take();
    }
}
 
private static final class AdvertisingInterface implements IInterface {
    private IBinder binder;
 
    public AdvertisingInterface(IBinder pBinder) {
        binder = pBinder;
    }
 
    public IBinder asBinder() {
        return binder;
    }
 
    public String getId() throws RemoteException {
        Parcel data = Parcel.obtain();
        Parcel reply = Parcel.obtain();
        String id;
        try {
            data.writeInterfaceToken("com.google.android.gms.ads.identifier.internal.IAdvertisingIdService");
            binder.transact(1, data, reply, 0);
            reply.readException();
            id = reply.readString();
        } finally {
            reply.recycle();
            data.recycle();
        }
        return id;
    }
 
    public boolean isLimitAdTrackingEnabled(boolean paramBoolean)
            throws RemoteException {
        Parcel data = Parcel.obtain();
        Parcel reply = Parcel.obtain();
        boolean limitAdTracking;
        try {
            data.writeInterfaceToken("com.google.android.gms.ads.identifier.internal.IAdvertisingIdService");
            data.writeInt(paramBoolean ? 1 : 0);
            binder.transact(2, data, reply, 0);
            reply.readException();
            limitAdTracking = 0 != reply.readInt();
        } finally {
            reply.recycle();
            data.recycle();
        }
        return limitAdTracking;
    }
}

}

 

调用
public class MainActivity extends AppCompatActivity {
public TextView tv;
@SuppressLint("ResourceType")
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
Executors.newSingleThreadExecutor().execute(new Runnable() {
@Override
public void run() {
try {
String adid = AdvertisingIdClient.getGoogleAdId(getApplicationContext());
Log.e("MainActivity", "adid: " + adid);
tv=(TextView)findViewById(R.id.textview_hw);
tv.setText(adid);
} catch (Exception e) {
e.printStackTrace();
}
}
});
}
}

 

以下是hook IMEI的代码,请问换成HOOK 谷歌广告ID的应该怎么改
hook_method("android.telephony.TelephonyManager", lpp.classLoader, "getDeviceId", new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
Log.i(SHARK, "开始HOOK IMEI...");
Object obj = param.getResult();
Log.i(SHARK, "IMEI 参数是:" + obj);
param.setResult("shark chilli");
}
});


[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。

收藏
点赞0
打赏
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
 回帖  表情 雪币赚取及消费
高级回复
返回