Xposed entry to modify mobile phone IMEI
Author: Lv Yuanjiang, joined Qunar in January 2019, now responsible for app analysis and device fingerprint anti-crawling matters, app unshell, Java/NativeC layer encryption and decryption algorithm analysis has rich experience.
1. The background
Xposed for many Android security and reverse personnel is not strange, in the app function function analysis and interception will often be used. In this article, xposed to modify an application of IMEI as an example, as a simple introduction. For beginners to understand how to use Xposed to write their own hook module, as well as a brief introduction of xposed in other aspects of the application scenario.
2. Environmental requirements
Mobile phone system: 4.4.4-8.0 Mobile phone environment: Must be root environment
3. Xposed environment configuration required files
4. Xposed framework brush step ****4·1 brush into third party recovery: TWRP (TWRP-3.2.1 -1-hammerhead.img)
Find the version of your phone model at twrp.me/Devices/. After downloading it, push it to the phone’s sdcard root directory.
A) ADB reboot bootloaderb) fastboot Flash recovery TWRP-3.2.1 -1-hammerhead. Imgc) D) If the TWRP screen is displayed successfully, the TWRP screen will be displayed
4·2 Xposed framework brush into
Follow the previous step: Click Install to Install the Xposed-V89-SDk25-arm64.zip framework.
4·3 Brush to obtain the root management tool
4·4 Finally install XposedInstaller(xposed official website download)
You can use adb to install it: ADB install xposedInstaller_3.1.4. apk
5. Write hook module
After the above environment is built, we can write our first hook module. We take the app Device Id as an example to tamper with its IMEI.
5·1 Create an empty Android project
5.2 Modify androidmanifest.xml and add the following three meta-data
5·3 Import Xposed API library (XposedBridageAPI-54.jar, Xposed official website to provide download)
Xposedbridageapi.jar is copied to app/libs and imported via build.gradle.
5. 4. Write the entry class MainHook of hook module to realize IXposedHookLoadPackage interface
5·5 configuration file hook module main entrance (tell Xposed to start hook logic from here)
Create folder Assets under app/ SRC /main/ and create file xposed_init to configure the entry class full path into this file.
6. Start writing hook code **** 6.1 Locate the function to hook
We modified the line of IMEI of the software as the target test, as shown below before modification:
The DECOMpression tool was used to determine the API for obtaining IMEI and hook it. After analysis by the decompression tool, it was determined that the C method of ACR class returned the value of IMEI. We hook the method to modify the returned value to tamper with IMEI.
6.2 The complete hook code is as follows
Of course, IMEI can also be tampered with by obtaining THE API of IMEI through Hook Android (once and for all, it is left to the students who are interested here).
package com.phone.fakeimei; import android.content.Context; import android.util.Log; import de.robv.android.xposed.IXposedHookLoadPackage; import de.robv.android.xposed.XC_MethodHook; import de.robv.android.xposed.XposedHelpers; import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class MainHook implements IXposedHookLoadPackage {private static final String TAG = “fakeimei”; Hookpublic static String needHookApp = “com.evozi.deviceid”; @Overridepublic void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {if(! loadPackageParam.packageName.equals(needHookApp)){return; } the d (TAG, “found to hook the app package name:” + loadPackageParam. PackageName); //load to hook Class<? > acrClazz = XposedHelpers.findClassIfExists(“acr”, loadPackageParam.classLoader); if(null! =acrClazz){log. d(TAG,” find app class to hook: “+ acrclazz.getSimplename); XposedHelpers.findAndHookMethod(acrClazz, “c”, Context.class, new XC_MethodHook {@Overrideprotected void beforeHookedMethod(MethodHookParam param) throws Throwable {super.beforeHookedMethod(param); //hook before operation: @overrideprotected void afterHookedMethod(MethodHookParam param) throws Throwable {super.afterHookedMethod(param); // After hook, you can modify the return value String realImei =(String) param.getresult; String fakeImei = “123456789”; Log.d(TAG,” true IMEI: “+realImei+” false IMEI: “+fakeImei); // Call the setResult method param.setresult (fakeImei); }}); }}}
6·3 Compile hook module and package it as APK, then check hook module, and then select restart device (soft restart sometimes does not take effect on 7.0 mobile phone) to make hook module take effect
7. Hook effect after the module takes effect
|
|
|
8 xposed in other aspects of the application
Xposed as a hook tool it has a lot of application scenarios, not just a tool, as mentioned above you can be used to modify the mobile phone device information, to simulate a new mobile phone.
8·1 Protection of personal privacy information
For example, you don’t want to accept advertisements or spam messages pushed by e-commerce. Due to the wide opening of Android permissions, many apps will collect phone numbers, contacts, recent call records, etc., and even some will collect SMS content. Every e-commerce carnival will receive a bunch of so-called coupon spam messages. You can use Xposed will key information hook off, in some app to get your sensitive information back false data or empty, intercept harassment SMS, so as to protect personal privacy.
8·2 black ash production using xposed one key new machine
Using xposed with mature equipment simulation plug-in, can achieve a key new machine, a mobile phone into more than one, wool party commonly used to collect the wool of e-commerce, many e-commerce judge whether a new registered user is a new user, will often collect some information of the equipment, rather than a single from the registration time to judge. The wool party in order to reduce the cost, usually will use xposed not regularly simulate a new device, and even can simulate the file path of the mobile phone, geographical location, electricity, and call record information and so on.
In 618, a double tenth electricity wars billions in subsidies, attracted a lot of users, not only attracted more wool party, numerous users when ready to order goods have sold out of the state, the real situation, however, may have been wool party to it, even in October of this year, an electrical flagship store so at risk of collapse.
8·3 app advertising, simulation click and so on
Some app automatic click, attention, and even video app to advertising, some APP preferential activities, grab single and so on, will find the Xposed figure.