About what Xposed is and its principle, I won’t say much here, just search a lot on the Internet. I'm only talking about dry goods here.
The following is suitable for developers with certain experience in Android development.
It is only used for development and learning, and it is strictly forbidden to use it for other purposes!
Note: The demo apk installation package is attached.
Material preparation:
1. One rooted Android device;
2. Download XposedInstaller.apk and install it on the rooted mobile phone as a dynamic debugging container. The xposed hook plug-in developed later must be added to this container to hook third-party applications. Download address: Link: https://pan.baidu.com/s/1EAGoAbJo8nRFJZwXqsip3A Password: gszz
3. Prepare the XposedBridgeApi.jar package, which can be downloaded from the official website:
[XposedBridgeApi-54 official download address] https://forum.xda- developers.com/attachment.php?s=5903ce1b3edb1032faba7292b21e1801&attachmentid=2748878&d=1400342298
Or introduce the xposed dependency package into the build.gradle file in the XposedDemo project written by yourself below, as shown in the figure below:
4. Android development environment and tools. Android studio is used here. 
Create your own XposeDemo framework project, the steps are as follows:
1. Create an empty project named XposedDemo
2. Add the core dependency package in build.gradle: provided 'de.robv.android.xposed:api:82'
3. Write the hook class , hook the function method of the third-party application, change the request parameters, response value, etc. to realize dynamic debugging. The premise is to determine the package name-class name-method name of the third-party application in advance, for example: my third-party application code to be hooked is as follows:
Let's get into the key point - write dynamic debugging code to realize the tampering of goLogin, no matter what pwd is input, make goLogin always return true, thus bypassing the login password verification of third-party applications.
4. The hook code class is as follows:
public class HookLogin implements IXposedHookLoadPackage {
private static final String PACKAGE_NAME = "com.mscf.finance";
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
Log.i(Contants.TAG, "xposeddemo--进入我的hook-----~~");
if (lpparam.packageName.equals(PACKAGE_NAME)) {
Log.i(Contants.TAG, "包名存在!");
} else {
Log.i(Contants.TAG, "com.mscf.finance--包名不存在!");
return;
}
//固定格式
findAndHookMethod(
"com.mscf.finance.activity.Aty_Login", //要hook的包名+类名
lpparam.classLoader, //classLoader固定
"goLogin", //要hook的方法名
// int.class,//方法参数 没有就不填
new XC_MethodHook() {
@Override
//此函数在执行被hook函数前调用,用来修改入参
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
Log.i(Contants.TAG, "进入beforeHookedMethod---");
}
//方法执行后执行,改方法的返回值一定要在方法执行完毕后更改
protected void afterHookedMethod(MethodHookParam param)
throws Throwable {
Log.i(Contants.TAG, "进入afterHookedMethod---");
//修改返回值为true,越过登录密码验证
param.setResult(true);
String result = param.getResult() + "";
Log.i(Contants.TAG, "afterHood输出结果---" + result);
}
}
);
}
}
5. Configure the hook startup entry: Create a new file xposed_init under main/assets/ in the project directory and copy the following content to the file:
com.zp.xposeddemo.HookLogin
Note that this directory is your own package name + hook class name.
6. Run the function XposedDemo to the rooted phone, and there is an application named MyXposeDemo on the desktop. Such a hook plug-in for dynamically debugging login events has been developed.
7. Add MyXposeDemo to the XposedInstaller container.
- Open the XposedInstaller container and activate it first. There are a lot of xposedInstaller activation tutorials online. I won't focus on it here.
- After activation, as shown below:
- Click the menu on the left, select Modules, check our XposedDemo, and restart the mobile device.
- After restarting, click on the hooked third-party APP, perform login, and enter any value, it will prompt "login successful". It's over!
Summary:
Finally, looking back at the whole process, in fact, it is mainly based on the development of a plug-in that tampers with the login function based on the Xposed dependency package. In the afterHookedMethod method, modify the hooked method name, tamper with its return value, and realize the login function override.
Attached is the actual combat experience demo: Download link: https://pan.baidu.com/s/1-fdOgNQfTSPJ8hLVIjMcRA Password: 9fcb
Remember: the mobile phone needs to be rooted before installing the above demo to experience.