littlewhiteduck / simplehook Goto Github PK
View Code? Open in Web Editor NEWSimpleHook hook部分代码
License: Apache License 2.0
SimpleHook hook部分代码
License: Apache License 2.0
如题
部分软件使用simplehook hook之后会被检测,使用NFG Multi Crack不会出现这样的问题
小米系统桌面hook时钟常显无法在开机时生效,需要手动结束一下系统桌面进程才生效
配置如下:
{
"className": "com.miui.home.launcher.Workspace",
"enable": true,
"fieldClassName": "",
"fieldName": "",
"hookPoint": "after",
"methodName": "isScreenHasClockGadget",
"mode": 0,
"params": "long",
"resultValues": "false",
"returnClassName": ""
}
在Hook参数值时,参数类型为java.lang.Object时,修改值为json格式但因为有逗号无法完全正确修改(应该按照参数类型个数严格匹配修改值个数,或者建议加入特定转义字符)
Hook返回值可以再改进一下,支持正则随机值就最好了。
另外,感谢作者开发这个工具,简单又牛b
如我值想改变某个方法中的某一个参数的值,而其他值保持不变
在LSPosed6713上使用simplehook1.2.8 hook返回值+ hook酷我音乐10.3.4.1时报错,但是该配置可以在simplehook1.2.7上正常工作
lsp日志:
modules_2023-01-23.log
配置:{"appName":"酷我音乐","configs":"[{"className":"cn.kuwo.base.bean.vipnew.MusicAuthInfo","enable":true,"fieldClassName":"","fieldName":"","hookPoint":"after","methodName":"getListenMusicAuthResult","mode":10,"params":"cn.kuwo.service.DownloadProxy$Quality","resultValues":"{\"albumBr\":0,\"albumId\":0,\"albumPrice\":-1.0,\"albumSt\":-1,\"hasPayAuthInfo\":true,\"mMusicChargeType\":\"SONG_VIP\",\"packType\":0,\"songBr\":20000,\"songFmt\":\"ZP\",\"songPid\":\"119616910\",\"songPrice\":2.0,\"songSt\":103,\"vipBr\":20000,\"vipCost\":0.0,\"vipFmt\":\"ZP\",\"vipPid\":\"119766782\",\"vipPrice\":0.0,\"vipSt\":102}","returnClassName":"cn.kuwo.base.bean.vipnew.MusicAuthResult"}]","description":"","enable":true,"id":5,"packageName":"cn.kuwo.player","versionName":"10.3.4.1"}
推荐接入Shizuku使用adb权限来申请权限。
能否支持hook动态加载的类
在记录里面搜索MD5值时,增加从加密结果或者原始数据里搜索值,或者搜索选项增加完整匹配。而不是搜索全部数据。很多MD5值是多个值拼凑出来的,分析时出来太多的含有搜索值的结果,很难寻找完整匹配的结果。
我hook了一个实例变量,但是没有效果
但是复制这个hook,改成记录实例变量,却可以记录 ,hook点before和after都不行,
app有储存权限,也能hook返回值,
如题,1.2.7版本授予Android/data目录访问权限后可正常免root使用,升级1.2.8后无法使用,清除配置和模块数据也不行。如果只是data目录访问权限问题能否通过引入shizuku支持来支持无root运行?
只要保存时取消隐藏,或者将所有系统应用设为白名单即可
me.simpleHook
java.lang.OutOfMemoryError: Failed to allocate a 1600648 byte allocation with 413912 free bytes and 404KB until OOM, target footprint 268435456, growth limit 268435456
at java.util.Arrays.copyOf(Arrays.java:3257)
at java.lang.AbstractStringBuilder.ensureCapacityInternal(AbstractStringBuilder.java:124)
at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:596)
at java.lang.StringBuffer.append(StringBuffer.java:367)
at java.io.BufferedReader.readLine(BufferedReader.java:381)
at java.io.BufferedReader.readLine(BufferedReader.java:400)
at littleWhiteDuck.ۥ۫ۨ$ۦۖ۫.hasNext(:2)
at android.support.v4.media.session.۫ۖۡ۟.ۨ۬ۙ(Unknown Source:8)
at littleWhiteDuck.ۥۗۘ.ۦۖ۠(Unknown Source:152)
at littleWhiteDuck.q9$ۦۖ۠.ۦۖۖ(:2)
at littleWhiteDuck.ۦۢۨ.ۦۗۡ(:2)
at littleWhiteDuck.ۦۚۥۥ.run(Unknown Source:86)
at littleWhiteDuck.ۥ۬ۘ.run(Unknown Source:12)
at littleWhiteDuck.qi.run(Unknown Source:2)
at littleWhiteDuck.ۥۖ۟ۥ.ۦۖۘ(Unknown Source:0)
at littleWhiteDuck.ۥۖ۟ۥ$ۦۖ۫.run(:5
有时候手太快,看见就直接划掉后台卡片了,然后又得重新挂后台,配置才能生效
老哥,这个软件你那边有崩溃监控么, 我一开始测试了一个app hook了一个方法的返回值,成功了。然后不知道怎么了在打开SimpleHook,SimpleHook就闪退(app打开大概2s闪退)。我尝试清除了simplehook的应用缓存,清除了app的所有数据,LsPosed里取消勾选simplehook等 依旧不行,不知道为什么闪退。(Redmi k30 pro -MIUI开发版-android12)
考虑过适配android13吗
如果参数类型有出现这里面字符(Z I J S C B F D)的组合会自动被以逗号分隔,如DBM会被分隔为D,BM我需要的类型是DBM。
就像伪装签名那那,希望可以伪装包名欺骗别的app
现在场景是:
class User implement Serializable{ public String name; publi int age; }
`
class b {
public void a(){
User user = xxx();//web请求框架直接response序列化
String u = "uid:" + user.name;
return u;
}
}
`
这个类 如何hook 修改成员变量? 目前我看是只能先通过hook方法获取对象后修改实例变量,如果实例类本身除了默空构造无法获取对象?
另外有个小建议。
hook到的入参和返回结果可以序列化为gson对象的话,希望能简单脚本支持。
比如入参:
public User aaa(User a,User b){
}
params=[{"name":"tom","age":2},{"name":"cat","age":3}]
params[0]={"name":"tom","age":2}
params[1]={"name":"cat","age":23}
// 修改参数对象的成员变量,而不是替换整个参数
params[0].put("age","18")
让params作为内置参数,可以修改参数其中的某个成员变量的值,而不是直接去替换整个入参变量/返回结果
报错日志如下
java.lang.RuntimeException: Unable to start activity ComponentInfo{me.simpleHook/me.simpleHook.ui.activity.ExtensionActivity}: java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.lang.Class.isInterface()' on a null object reference
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3825)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3971)
at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:101)
at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:135)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:95)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2389)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loopOnce(Looper.java:210)
at android.os.Looper.loop(Looper.java:299)
at android.app.ActivityThread.main(ActivityThread.java:8261)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:559)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:954)
Caused by: java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.lang.Class.isInterface()' on a null object reference
at java.lang.Class.isAssignableFrom(Class.java:589)
at android.os.Parcel.readParcelableCreatorInternal(Parcel.java:4853)
at android.os.Parcel.readParcelableInternal(Parcel.java:4766)
at android.os.Parcel.readValue(Parcel.java:4532)
at android.os.Parcel.readValue(Parcel.java:4312)
at android.os.Parcel.-$$Nest$mreadValue(Unknown Source:0)
at android.os.Parcel$LazyValue.apply(Parcel.java:4410)
at android.os.Parcel$LazyValue.apply(Parcel.java:4369)
at android.os.BaseBundle.getValueAt(BaseBundle.java:394)
at android.os.BaseBundle.getValue(BaseBundle.java:374)
at android.os.BaseBundle.getValue(BaseBundle.java:357)
at android.os.BaseBundle.get(BaseBundle.java:696)
at android.os.Bundle.getParcelable(Bundle.java:947)
at littleWhiteDuck.ۦۙۡ.ۦۖۥ(SourceFile:1)
at me.simpleHook.ui.activity.ExtensionActivity.onCreate(SourceFile:48)
at android.app.Activity.performCreate(Activity.java:8516)
at android.app.Activity.performCreate(Activity.java:8480)
at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1418)
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3806)
... 12 more
如getJsonStr()
返回字符串{"status":"fail"}
,需要修改成{"status":"success"}
输入修改值
框中输入{"status":"success"}
,但实际并没有hook,仍然返回{"status":"fail"}
hook的加密算法,如 AES RSA 等,密钥 ,iv及其它,显示为 乱码,并且 没有十六进制 和 base64 密钥显示。希望bug及时修复
有点奇怪 算法助手和这个都需要在data下获取权限写入配置,我想可能是因为防止目标应用没有存储权限所以不写入sd写到他们的私有目录。但是必须要存储文件吗,大部分这种应用hook类也没有这样的存储方式,直接设置好目标应用就可以hook了。实现方式上有什么不同吗?还是他们用的内存读取?
并不是对软件质疑,只是有点疑惑,能不能采用一种不需要读取data的方式实现?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.