This is a proof-of-concept(PoC) project on detecting hooks in Android's PackageManagerService(PMS). PMS hook is a common way to bypass signature checks on Android apks.
The PoC comprises of two parts:
- Ported a typical PMS hook from MT Manager(binmt.cc) and replaced the default Application class in manifests
- Implemented PMS hook detection methods in both Java and native layers
- Detect hook in ActivityThread in Java
- Detect hook in ApplicationContext in Java
- Detect hook in ActivityThread in native
- Detect hook in ApplicationContext in native
- Recover PMS instance after hooking
- Download Android Studio
- Launch Android Studio.
- Open the sample directory.
- Open File/Project Structure..., click Download or Select NDK location.
- Click Tools/Android/Sync Project with Gradle Files.
- Click Run/Run 'app'.
http://weishu.me/2016/03/07/understand-plugin-framework-ams-pms-hook/