/methodHook

通过Xposed框架hook android的敏感函数,具体参考https://github.com/halfkiss/ZjDroid,并添加了相应的函数

Primary LanguageJava

#安装条件及过程:

  • 需要一台root过的android4.4.x的设备
  • 在该设备中安装Xposed Installer客户端,由于安装Xposed时,需要将android的app_main.cpp等文件进行替换,
    所以需要android的root权限
  • 安装编写好的com.bingpang.methodhook模块至该客户端,此时Xposed客户端将会检测到有Xposed模块,如图所示
    安装模板截图
  • 勾选该模板并重启android设备

#Hook Method解析 ##实现的功能

  • 标签为FM的log输出了具体敏感函数的类和方法名,如android.telephony.SmsManager->sendTextMessage
  • 标签为DetailInform的log则输出了敏感函数相应的数据,如在android.telephony.SmsManager->sendTextMessage中
    会输出Send SMS -> SMS DestNumber: destNumber , SMS Content: Content
    ##具体的敏感函数列表 SmsManager
  1. android.telephony.SmsManager/sendTextMessage
  2. android.telephony.SmsManager/getAllMessagesFromIcc
  3. android.telephony.SmsManager/sendDataMessage
  4. android.telephony.SmsManager/sendMultipartTextMessage TelephonyManager
  5. android.telephony.TelephonyManager/getLine1Number
  6. android.telephony.TelephonyManager/listen AccountManager
  7. android.accounts.AccountManager/getAccounts
  8. android.accounts.AccountManager/getAccountsByType ActivityManager
  9. android.app.ActivityManager/killBackgroundProcesses
  10. android.app.ActivityManager/forceStopPackage AlarmManager
  11. android.app.AlarmManager/setImpl AudioRecord
  12. android.media.AudioRecord Camera
  13. android.hardware.Camera/takepicture
  14. android.hardware.Camera/setPreviewCallback
  15. android.hardware.Camera/setPreviewCallbackWithBuffer
  16. android.hardware.Camera/setOneShotPreviewCallback ConnectivityManager
  17. android.net.ConnectivityManager/setMobileDataEnabled ContentResolver
  18. android.content.ContentResolver/qurey
  19. android.content.ContentResolver/registerContentObserver
  20. android.content.ContentResolver/insert
  21. android.content.ContentResolver/bulkInsert
  22. android.content.ContentResolver/delete
  23. android.content.ContentResolver/update
  24. android.content.ContentResolver/applyBatch ContextImpl
  25. android.app.ContextImpl/registerReceiver MediaRecorder
  26. android.media.MediaRecorder/start
  27. android.media.MediaRecorder/stop Internet
  28. java.net.URL/openConnection
  29. org.apache.http.impl.client.AbstractHttpClient/execute NotificationManager
  30. android.app.NotificationManager/notify ApplicationPackageManager
  31. android.app.ApplicationPackageManager/installPackage
  32. android.app.ApplicationPackageManager/deletePackage
  33. android.app.ApplicationPackageManager/getInstalledPackages