(The following tests are based on the reverse analysis of an APP)

1. Check the stack information

2. Check the package name

public static boolean xp1(Context context) {

        boolean scanPackage = scanPackage(context, new String(Base64.decode("ZGUucm9idi5hbmRyb2lkLnhwb3NlZC5pbnN0YWxsZXI=".2)));

        MLog.b("attack"."Installed xposed:" + scanPackage);

        returnscanPackage; } decryption ZGUucm9idi5hbmRyb2lkLnhwb3NlZC5pbnN0YWxsZXI = = DE. Robv. Android. Xposed. The installerCopy the code

 public static boolean xp2(Context context) {

        StackTraceElement[] stackTrace;

        context.getFilesDir(a);try {

            throw new Exception("Convex one-convex");

        } catch (Exception e) {

            MLog.a("attack", e.getMessage());

            boolean z = false;

            for (StackTraceElement stackTraceElement : e.getStackTrace()) {

                if (stackTraceElement.getClassName().equals(new String(Base64.decode("ZGUucm9idi5hbmRyb2lkLnhwb3NlZC5YcG9zZWRCcmlkZ2U=".2))) && stackTraceElement.getMethodName().equals(new String(Base64.decode("bWFpbg==".2)))) {

                    z = true;

                }

                if (stackTraceElement.getClassName().equals(new String(Base64.decode("ZGUucm9idi5hbmRyb2lkLnhwb3NlZC5YcG9zZWRCcmlkZ2U=".2))) && stackTraceElement.getMethodName().equals(new String(Base64.decode("aGFuZGxlSG9va2VkTWV0aG9k".2)))) {

                    z = true;

                }

            }

            MLog.b("attack"."Exception hit:" + z);

            returnz; }} Decrypt:  ZGUucm9idi5hbmRyb2lkLnhwb3NlZC5YcG9zZWRCcmlkZ2U=de.robv.android.xposed.XposedBridge aGFuZGxlSG9va2VkTWV0aG9k = handleHookedMethod bWFpbg==main ``` ```C++public static String xp3(Context context) {

        String str;

        context.getFilesDir(a);try {

            Field declaredField = DexAOPEntry.java_lang_ClassLoader_loadClass_proxy(ClassLoader.getSystemClassLoader(), new String(Base64.decode("ZGUucm9idi5hbmRyb2lkLnhwb3NlZC5YcG9zZWRIZWxwZXJz".2))).getDeclaredField(new String(Base64.decode("ZmllbGRDYWNoZQ==".2)));

            declaredField.setAccessible(true);

            Map map = (Map) declaredField.get(null);

            ArrayList arrayList = new ArrayList(a); arrayList.addAll(map.keySet());

            str = new JSONArray(arrayList).toString(a); }catch (Exception e) {

            str = null;

        }

        MLog.b("attack"."FieldInHook msg:" + str);

        returnstr; } decryption: ZGUucm9idi5hbmRyb2lkLnhwb3NlZC5YcG9zZWRIZWxwZXJz = DE. Robv. Android. Xposed. XposedHelpers ZmllbGRDYWNoZQ = = fieldCacheCopy the code


 public static String xp4(Context context) {

        String str;

        context.getFilesDir(a); PackHookPlugin packHookPlugin =new PackHookPlugin(1);

        try {

            Field declaredField = DexAOPEntry.java_lang_ClassLoader_loadClass_proxy(ClassLoader.getSystemClassLoader(), new String(Base64.decode("ZGUucm9idi5hbmRyb2lkLnhwb3NlZC5YcG9zZWRCcmlkZ2U=".2))).getDeclaredField(new String(Base64.decode("c0hvb2tlZE1ldGhvZENhbGxiYWNrcw==".2)));

            declaredField.setAccessible(true);

            Map map = (Map) declaredField.get(null);

            Class java_lang_ClassLoader_loadClass_proxy = DexAOPEntry.java_lang_ClassLoader_loadClass_proxy(ClassLoader.getSystemClassLoader(), new String(Base64.decode("ZGUucm9idi5hbmRyb2lkLnhwb3NlZC5YcG9zZWRCcmlkZ2UkQ29weU9uV3JpdGVTb3J0ZWRTZXQ=".2)));

            Method declaredMethod = java_lang_ClassLoader_loadClass_proxy.getDeclaredMethod(new String(Base64.decode("Z2V0U25hcHNob3Q=".2)), new Class[0]);

            for (Entry entry : map.entrySet()) {

                Member member = (Member) entry.getKey(a); Object value = entry.getValue(a); String a = ScanMethod.a(member.toString());

                if (!"".equals(a) && java_lang_ClassLoader_loadClass_proxy.isInstance(value)) {

                    for (Object obj : (Object[]) declaredMethod.invoke(value, new Object[0])) {

                        String[] split = obj.getClass().getClassLoader().toString().split("\" ");

                        if (split.length > 1) {

                            packHookPlugin.a(StringTool.a(split, 1), a);

                        }

                    }

                }

            }

            JSONArray a2 = packHookPlugin.a(a); JSONArray methodToNative =methodToNative(a);if(a2 ! = null) {if(methodToNative ! = null) {for (int i = 0; i < methodToNative.length(a); i++) { a2.put(methodToNative.getJSONObject(i));

                    }

                }

                str = a2.toString(a); }else {

                if(methodToNative ! = null) { str = methodToNative.toString();

                }

                str = null;

            }

        } catch (Exception e) {

        }

        MLog.b("attack"."MethodInHook msg:" + str);

        returnstr; } decryption:  ZGUucm9idi5hbmRyb2lkLnhwb3NlZC5YcG9zZWRCcmlkZ2U=de.robv.android.xposed.XposedBridge c0hvb2tlZE1ldGhvZENhbGxiYWNrcw== sHookedMethodCallbacks ZGUucm9idi5hbmRyb2lkLnhwb3NlZC5YcG9zZWRCcmlkZ2UkQ29weU9uV3JpdGVTb3J0ZWRTZXQ= de.robv.android.xposed.XposedBridge$CopyOnWriteSortedSet Z2V0U25hcHNob3Q=getSnapshot ``` ```C++public static boolean xp5(Context context) {

        try {

            Throwable th = new Throwable(a); th.setStackTrace(new StackTraceElement[]{new StackTraceElement(new String(Base64.decode("U2NhbkF0dGFjaw==".2)), ""."".0), new StackTraceElement(new String(Base64.decode("ZGUucm9idi5hbmRyb2lkLnhwb3NlZC5YcG9zZWRCcmlkZ2U=".2)), ""."".0)});

            StackTraceElement[] stackTrace = th.getStackTrace(a);if(stackTrace.length ! =2| |! stackTrace[1].getClassName().equals(new String(Base64.decode("ZGUucm9idi5hbmRyb2lkLnhwb3NlZC5YcG9zZWRCcmlkZ2U=".2)))) {

                return true;

            }

            return false;

        } catch (Exception e) {

            return false; }} decryption: U2NhbkF0dGFjaw = = ScanAttack ZGUucm9idi5hbmRyb2lkLnhwb3NlZC5YcG9zZWRCcmlkZ2U = DE. Robv. Android. Xposed. XposedBridgeCopy the code


    public static boolean xp6(Context context) {

        try {

            StringWriter stringWriter = new StringWriter(a);new Throwable().printStackTrace(new PrintWriter(stringWriter));

            if (stringWriter.toString().contains(new String(Base64.decode("ZGUucm9idi5hbmRyb2lkLnhwb3NlZA==".2)))) {

                return true;

            }

            return false;

        } catch (Exception e) {

            return false; }} decryption: ZGUucm9idi5hbmRyb2lkLnhwb3NlZA = = DE robv. Android. XposedCopy the code

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

This article takes you through the testing of injection frameworks in Android.

1. Check the stack information

2. Check the package name

This article takes you through the testing of injection frameworks in Android.

1. Check the stack information

2. Check the package name

Related Posts

Resolve the Serializable principle

ListView fluency doubled!! Flutter caton analysis and general optimization scheme

Kotlin’s trick of Reified Type Parameter (Part 2)