1. Introduction to the principle of implementing Hook in the Xposed framework
Zygote is the core of Android. Every time an app is run, Zygote will fork a virtual machine instance to run the app.
Xposed Framework goes deep into the core mechanism of Android, and realizes some awesome
functions by transforming Zygote. The startup configuration of Zygote is in the init.rc script. This process is started when the system starts. The corresponding
execution file is /system/bin/app_process. This file completes the work of class library loading and some function calls.
When the Xposed Framework is installed in the system, the app_process will be extended, that is to say, the Xposed
Framework will overwrite the app_process file provided by Android with its own app_process, and
when the system starts, it will be loaded by the Xposed Framework. process file, and Xposed
Framework also defines a jar package, which will also be loaded when the system starts:
/data/data/de.robv.android.xposed.installer/bin/XposedBridge.jar
2. The conditions for the Xposed framework to run
1.Rooted Device / Emulator (rooted phone or emulator)
2.Xposed Installer (Xposed installer download)
3.Hooking Android App (target App to be Hooked)
3. Installation process
1. It is recommended to download Xposed3.1.5 version, XposedInstaller_3.1.5.zip.
After downloading and installing, you can activate it directly if you surf the Internet scientifically. Before changing http to https, you need to build a ladder.
2. Offline activation method:
https://dl-xda.xposed.info/framework/ Find your own mobile phone API-sdk corresponding version from this URL (arm|x86) (32 | 64 bits)
eg: Thunderbolt Simulator version 4.0.43 - " (X86 api 25)
-> Download version 25 https://dl-xda.xposed.info/framework/sdk25
3. After downloading, decompress the system in the compressed package to a new folder, and then place the following script.sh shell script in the file:
##########################################################################################
#
# Xposed framework installer zip.
#
# This script installs the Xposed framework files to the system partition.
# The Xposed Installer app is needed as well to manage the installed modules.
#
##########################################################################################
grep_prop() {
REGEX="s/^$1=//p"
shift
FILES=$@
if [ -z "$FILES" ]; then
FILES='/system/build.prop'
fi
cat $FILES 2>/dev/null | sed -n $REGEX | head -n 1
}
android_version() {
case $1 in
15) echo '4.0 / SDK'$1;;
16) echo '4.1 / SDK'$1;;
17) echo '4.2 / SDK'$1;;
18) echo '4.3 / SDK'$1;;
19) echo '4.4 / SDK'$1;;
21) echo '5.0 / SDK'$1;;
22) echo '5.1 / SDK'$1;;
23) echo '6.0 / SDK'$1;;
24) echo '7.0 / SDK'$1;;
25) echo '7.1 / SDK'$1;;
26) echo '8.0 / SDK'$1;;
27) echo '8.1 / SDK'$1;;
*) echo 'SDK'$1;;
esac
}
cp_perm() {
cp -f $1 $2 || exit 1
set_perm $2 $3 $4 $5 $6
}
set_perm() {
chown $2:$3 $1 || exit 1
chmod $4 $1 || exit 1
if [ "$5" ]; then
chcon $5 $1 2>/dev/null
else
chcon 'u:object_r:system_file:s0' $1 2>/dev/null
fi
}
install_nobackup() {
cp_perm ./$1 $1 $2 $3 $4 $5
}
install_and_link() {
TARGET=$1
XPOSED="${1}_xposed"
BACKUP="${1}_original"
if [ ! -f ./$XPOSED ]; then
return
fi
cp_perm ./$XPOSED $XPOSED $2 $3 $4 $5
if [ ! -f $BACKUP ]; then
mv $TARGET $BACKUP || exit 1
ln -s $XPOSED $TARGET || exit 1
chcon -h 'u:object_r:system_file:s0' $TARGET 2>/dev/null
fi
}
install_overwrite() {
TARGET=$1
if [ ! -f ./$TARGET ]; then
return
fi
BACKUP="${1}.orig"
NO_ORIG="${1}.no_orig"
if [ ! -f $TARGET ]; then
touch $NO_ORIG || exit 1
set_perm $NO_ORIG 0 0 600
elif [ -f $BACKUP ]; then
rm -f $TARGET
gzip $BACKUP || exit 1
set_perm "${BACKUP}.gz" 0 0 600
elif [ ! -f "${BACKUP}.gz" -a ! -f $NO_ORIG ]; then
mv $TARGET $BACKUP || exit 1
gzip $BACKUP || exit 1
set_perm "${BACKUP}.gz" 0 0 600
fi
cp_perm ./$TARGET $TARGET $2 $3 $4 $5
}
##########################################################################################
echo "**************************"
echo "Xposed framework installer"
echo "**************************"
if [ ! -f "system/xposed.prop" ]; then
echo "! Failed: Extracted file system/xposed.prop not found!"
exit 1
fi
echo "- Checking environment"
API=$(grep_prop ro.build.version.sdk)
APINAME=$(android_version $API)
ABI=$(grep_prop ro.product.cpu.abi | cut -c-3)
ABI2=$(grep_prop ro.product.cpu.abi2 | cut -c-3)
ABILONG=$(grep_prop ro.product.cpu.abi)
XVERSION=$(grep_prop version system/xposed.prop)
XARCH=$(grep_prop arch system/xposed.prop)
XMINSDK=$(grep_prop minsdk system/xposed.prop)
XMAXSDK=$(grep_prop maxsdk system/xposed.prop)
XEXPECTEDSDK=$(android_version $XMINSDK)
if [ "$XMINSDK" != "$XMAXSDK" ]; then
XEXPECTEDSDK=$XEXPECTEDSDK' - '$(android_version $XMAXSDK)
fi
ARCH=arm
IS64BIT=
if [ "$ABI" = "x86" ]; then ARCH=x86; fi;
if [ "$ABI2" = "x86" ]; then ARCH=x86; fi;
if [ "$API" -ge "21" ]; then
if [ "$ABILONG" = "arm64-v8a" ]; then ARCH=arm64; IS64BIT=1; fi;
if [ "$ABILONG" = "x86_64" ]; then ARCH=x86_64; IS64BIT=1; fi;
fi
# echo "DBG [$API] [$ABI] [$ABI2] [$ABILONG] [$ARCH] [$XARCH] [$XMINSDK] [$XMAXSDK] [$XVERSION]"
echo " Xposed version: $XVERSION"
XVALID=
if [ "$ARCH" = "$XARCH" ]; then
if [ "$API" -ge "$XMINSDK" ]; then
if [ "$API" -le "$XMAXSDK" ]; then
XVALID=1
else
echo "! Wrong Android version: $APINAME"
echo "! This file is for: $XEXPECTEDSDK"
fi
else
echo "! Wrong Android version: $APINAME"
echo "! This file is for: $XEXPECTEDSDK"
fi
else
echo "! Wrong platform: $ARCH"
echo "! This file is for: $XARCH"
fi
if [ -z $XVALID ]; then
echo "! Please download the correct package"
echo "! for your platform/ROM!"
exit 1
fi
echo "- Placing files"
install_nobackup /system/xposed.prop 0 0 0644
install_nobackup /system/framework/XposedBridge.jar 0 0 0644
install_and_link /system/bin/app_process32 0 2000 0755 u:object_r:zygote_exec:s0
install_overwrite /system/bin/dex2oat 0 2000 0755 u:object_r:dex2oat_exec:s0
install_overwrite /system/bin/oatdump 0 2000 0755
install_overwrite /system/bin/patchoat 0 2000 0755 u:object_r:dex2oat_exec:s0
install_overwrite /system/lib/libart.so 0 0 0644
install_overwrite /system/lib/libart-compiler.so 0 0 0644
install_overwrite /system/lib/libsigchain.so 0 0 0644
install_nobackup /system/lib/libxposed_art.so 0 0 0644
if [ $IS64BIT ]; then
install_and_link /system/bin/app_process64 0 2000 0755 u:object_r:zygote_exec:s0
install_overwrite /system/lib64/libart.so 0 0 0644
install_overwrite /system/lib64/libart-compiler.so 0 0 0644
install_overwrite /system/lib64/libart-disassembler.so 0 0 0644
install_overwrite /system/lib64/libsigchain.so 0 0 0644
install_nobackup /system/lib64/libxposed_art.so 0 0 0644
fi
mkdir -p /system/priv-app/XposedInstaller
chmod 0755 /system/priv-app/XposedInstaller
chcon -h u:object_r:system_file:s0 /system/priv-app/XposedInstaller
cp system/priv-app/XposedInstaller/XposedInstaller.apk /system/priv-app/XposedInstaller/XposedInstaller.apk
chmod 0644 /system/priv-app/XposedInstaller/XposedInstaller.apk
chcon -h u:object_r:system_file:s0 /system/priv-app/XposedInstaller/XposedInstaller.apk
if [ "$API" -ge "22" ]; then
find /system /vendor -type f -name '*.odex.gz' 2>/dev/null | while read f; do mv "$f" "$f.xposed"; done
fi
echo "- Done"
exit 0
4. Push the folder into the phone system:
adb remount
adb push 刚刚创建的文件夹 /system
adb shell
chmod 777 文件夹名
chmod 777 文件夹名 /shell脚本
chmod 777 文件夹名 /system
5. Run the script.sh script:
chmod 777 script.sh
./script.sh