Xposed插件开发

Xposed插件开发（一）简单demo

xposed下载地址：http://repo.xposed.info/module/de.robv.android.xposed.installer
xposed开发包源码：https://github.com/rovo89/XposedBridge.git
xposed简易demo：https://github.com/rovo89/XposedExamples.git

---

准备阶段

新建android工程，只需要修改三个地方，就可以开发xposed插件了:
导入XposedBridgeApi.jar
我这边图省事直接将demo中lib文件拷贝到当前工程中了

Androidmanifest.xml 没有activity也不要紧。

    <application
        android:allowBackup="true"
        android:icon="@drawable/ic_launcher"
        android:label="@string/app_name"
        android:theme="@style/AppTheme" >

        
        <meta-data
            android:name="xposedmodule"
            android:value="true" />
        <meta-data
            android:name="xposeddescription"
            android:value="make a Simcard id" />
        <meta-data
            android:name="xposedminversion"
            android:value="30" />

    application>

在assets中添加xposed_init文件
xposed_init文件记录xposed插件处理类，文件写入格式为：包名+类名

简单demo

由于某app需要获取sim卡才能运行，这边准备利用xposed伪造一份simcard id绕过去。
代码放在gihub：https://github.com/saidyou/com.saidyou.xposed.simcard.git

package com.saiyou.xposed.simcard;
import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;
import android.telephony.TelephonyManager;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
public class Simcard  implements IXposedHookLoadPackage {
    public void handleLoadPackage(LoadPackageParam lpparam) throws Throwable {
        // TODO Auto-generated method stub
        XposedBridge.log(lpparam.packageName + " [Simcard]");           
        // sim is usefully      
        findAndHookMethod(TelephonyManager.class.getName(),lpparam.classLoader,"getSimState",new XC_MethodHook(){

            protected void beforeHookedMethod(XC_MethodHook.MethodHookParam param) throws Throwable {
                // TODO Auto-generated method stub
                super.beforeHookedMethod(param);
            }

            protected void afterHookedMethod(XC_MethodHook.MethodHookParam param) throws Throwable {
                // TODO Auto-generated method stub
                super.afterHookedMethod(param);
                //TelephonyManager.SIM_STATE_READY 5
                param.setResult(TelephonyManager.SIM_STATE_READY);
            }       
        });     
        // get sim id       
        findAndHookMethod("android.telephony.TelephonyManager",lpparam.classLoader,"getSubscriberId",new XC_MethodHook(){

    }
}

问题

xposed没有运行

问题描述： 在android studio下编译，会将XposedBridgeApi.jar编译到dex中，然后xposed框架在运行时不是调用系统中的xposed接口，而是自身的jar包

解决方法： 所以删掉不必要的代码，xposed的才能正常运行，我这边写脚本处理，可以借鉴

import sys
import os
import shutil

pwd = sys.path[0]
temp_path = pwd+'\\temp'
if os.path.exists(temp_path):
    shutil.rmtree(temp_path)

cmd = "apktool d -r %s\\app-release.apk -o %s"%(pwd,temp_path)

print cmd
os.system(cmd)

shutil.rmtree('%s\\smali\\de'%temp_path)
shutil.rmtree('%s\\smali\\androidx'%temp_path)
shutil.rmtree('%s\\smali\\android'%temp_path)
shutil.rmtree('%s\\unknown'%temp_path)

text = ''
is_unknown = False
for line in open('%s\\apktool.yml'%temp_path):
    if is_unknown == False and line.find('unknownFiles:')+1:
        is_unknown = True
    elif is_unknown and line.startswith('  ') == False:
        is_unknown = False
    elif is_unknown == False:
        text += line

open('%s\\apktool.yml'%temp_path, 'w+').write(text)
os.system("apktool b -r %s -o %s\\new.apk"%(temp_path,pwd))
os.system("apksign %s\\new.apk"%pwd)
os.system('adb install -r %s\\new_signed.apk'%pwd)

加载so

问题描述： xposed的模块，在高版本下，例如android7.1上无法加载自己的so
1、存在路径限制，只能加载/system/lib和/vertor/lib下的so
2、域空间名限制