CydiaHook实例

96
MagicalGuy
2018.10.10 00:50* 字数 48
  1. 设置权限和入口
<manifest xmlns:android="http://schemas.android.com/apk/res/android">
<application>
<meta-data android:name="com.saurik.substrate.main"
 android:value=".Main"/>
</application>
<uses-permission android:name="cydia.permission.SUBSTRATE"/>
</manifest>
  1. 导入 jar 包 substrate-api.jar 到 app/libs 目录下
  2. 新建一个类实现回调函数
import com.saurik.substrate.MS;
public class Main {
 static void initialize() {
 // ... code to run when extension is loaded
 }
}
  1. Hook 加载类
    使用 MS.hookClassLoad
public class Main {
 static void initialize() {
 MS.hookClassLoad("android.content.res.Resources", new 
MS.ClassLoadHook() {
 public void classLoaded(Class<?> resources) {
 // ... code to modify the class when loaded
 }
 });
 }
}
  1. 实现 Hook 方法
    使用 MS.hookMethod
public void classLoaded(Class<?> resources) {
 Method getColor; 
 try {
 getColor = resources.getMethod("getColor", Integer.TYPE);
 } catch (NoSuchMethodException e) {
 getColor = null;
 }

if (getColor != null) {
 final MS.MethodPointer old = new MS.MethodPointer();
 MS.hookMethod(resources, getColor, new MS.MethodHook() {
 public Object invoked(Object resources, Object... args)
 throws Throwable
 {
 int color = (Integer) old.invoke(resources, args);
 return color & ~0x0000ff00 | 0x00ff0000;
 }
 }, old);
 }
}
Android逆向