按照demoHookPlugin写的Hook不起作用
dtsdao opened this issue · comments
OAO commented
问题描述
我照着demoHookPlugin写了个插件试图Hook系统提供的File类的构造方法
但好像他只能Hook外面这个框架调用的那些File对象,里面的应用调用的不知道为什么抓不到,连日志也不打印
具体表现在这个应用上就是拿到的MD5校验码完全一致,好像都没有经过Hook...
系统信息
OS: Android 6.0.1 (SDK 23)
Device: SM-P355C
在模拟器上也是这样...
Hook 代码
public class HookFile {
public static String className = "java.io.File";
public static String methodName = "<init>";
public static String methodSig = "(Ljava/lang/String;)V";
public static void hook(File thiz, String fileName) {
Log.e("YAHFA", "open file "+fileName);
if(fileName.equals("/system/framework/services.jar"))
{
Log.e("YAHFA", "Hacked Services");
backup(thiz, "/sdcard/hack/services.jar");
return;
}
if(fileName.equals("/system/framework/framework.jar"))
{
Log.e("YAHFA", "Hacked Framework");
backup(thiz, "/sdcard/hack/framework.jar");
return;
}
backup(thiz, fileName);
}
public static void backup(File thiz, String fileName) {
Log.e("YAHFA", "should not be here");
throw new UnsupportedOperationException("Stub!");
}
}
源应用代码
public class HardwareInfo {
public static String calculateMD5(File file) {
String str = null;
try{
MessageDigest instance = MessageDigest.getInstance("MD5");
InputStream fileInputStream = new FileInputStream(file);
byte[] bArr = new byte[5242880];
while (true) {
int read = fileInputStream.read(bArr);
if (read <= 0) {
break;
}
instance.update(bArr, 0, read);
}
fileInputStream.close();
BigInteger bigInteger = new BigInteger(1, instance.digest());
str = String.format("%32s", new Object[]{bigInteger.toString(16)}).replace(' ', '0');
} catch (Throwable e)
{
Log.e("HardwareInfo","Error occured");
}
return str;
}
public static String getHardwareInfo(Context context) {
StringBuilder str = new StringBuilder();
str.append("FINGERPRINT: ");
str.append(Build.FINGERPRINT);
str.append("\n");
str.append("service.jar: ");
str.append(calculateMD5(new File("/system/framework/services.jar")));
str.append("\n");
str.append("framework.jar: ");
str.append(calculateMD5(new File("/system/framework/framework.jar")));
str.append("\n");
return str.toString();
}
}
日志
adb.exe shell "logcat | grep YAHFA"
03-17 16:12:56.282 17007 17007 I YAHFA-Native: init to SDK 23
03-17 16:12:56.282 17007 17007 I YAHFA : Start hooking with item org.github.hookstring.HookFile
03-17 16:12:56.282 17007 17007 W YAHFA-Native: not enough capacity. Allocating...
03-17 16:12:56.282 17007 17007 I YAHFA-Native: Allocating done
03-17 16:12:56.282 17007 17007 I YAHFA-Native: target method is at 0x715baab0, hook method is at 0xb2ec0dc0, backup method is at 0xb2ec0d98
03-17 16:12:56.282 17007 17007 I YAHFA-Native: origin ep is 0x74a36775, new ep is 0xb2d34000
03-17 16:12:56.282 17007 17007 I YAHFA-Native: hook and backup done
03-17 16:12:56.352 17007 17007 E YAHFA : open file /data/data/com.android.settings/app_fonts/sans.loc
没有一点报错信息