VirtualXposed開發1

VirtualXposed開發1

1.安裝

git clone https://github.com/android-hacker/VirtualXposed.git
cd VirtualXposed
git submodule update --init --recursive

使用android studio打開運行, 就安裝成功了.

默認安裝了xposed

2.設置安裝默認apk

需要修改NewHomeActivity.java, 把需要安裝的apk放在跟XposedInstaller_3.1.5.apk_同一個目錄(就是assets裏), 然後添加遍歷assets目錄的方法, 最後安裝apk.

// 添加遍歷assets目錄並安裝的方法
private void installApks(String name) {
    ProgressDialog dialog = new ProgressDialog(this);
    dialog.setCancelable(false);
    dialog.setMessage("Loading " + name);
    dialog.show();

    VUiKit.defer().when(() -> {
        File installerApk = getFileStreamPath(name + ".apk");
        if (!installerApk.exists()) {
            InputStream input = null;
            OutputStream output = null;
            try {
                input = getApplicationContext().getAssets().open(name);
                output = new FileOutputStream(installerApk);
                byte[] buffer = new byte[1024];
                int length;
                while ((length = input.read(buffer)) > 0) {
                    output.write(buffer, 0, length);
                }
            } catch (Throwable e) {
                VLog.e(TAG, "copy file error", e);
            } finally {
                FileUtils.closeQuietly(input);
                FileUtils.closeQuietly(output);
            }
        }

        if (installerApk.isFile() && !DeviceUtil.isMeizuBelowN()) {
            try {
                VirtualCore.get().installPackage(installerApk.getPath(), InstallStrategy.TERMINATE_IF_EXIST);
            } catch (Throwable ignored) {

            }
        }
    }).then((v) -> {
        dismissDialog(dialog);
        mUiHandler.sendEmptyMessageDelayed(2, 500);
    }).fail((err) -> {
        dismissDialog(dialog);
        mUiHandler.sendEmptyMessageDelayed(2, 500);
    });
}

private List<String> names;
private void initNames() {
    names = new ArrayList<>();
    try {
        boolean isXposedInstalled = VirtualCore.get().isAppInstalled(XPOSED_INSTALLER_PACKAGE);
        if (!isXposedInstalled) {
            for (String s : getAssets().list("")) {
                names.add(s);
            }
        }
    } catch (IOException e) {
        Toast.makeText(this, "Init error!", Toast.LENGTH_SHORT).show();
    }
}

// 重寫獲取mUiHandler方法
private Handler getmUiHandler() {
    return new Handler(getMainLooper()) {
        @Override
        public void handleMessage(Message msg) {
            if (msg.what == 1) {
                if (names.size() > 0) {
                    installApks(names.get(0));
                }
            }
            if (msg.what == 2) {
                if (names.size() > 0) {
                    names.remove(0);
                    sendEmptyMessage(1);
                }
            }
        }
    };
}

替換原來mUiHandler初始化的方法

mUiHandler = getmUiHandler();
initNames();

// 註釋原來installXposed的方法
if (checkXposedInstaller) {
    checkXposedInstaller = false;
//            installXposed();
    mUiHandler.sendEmptyMessage(1);
}

重新運行, 這時候除了XposedInstaller還安裝了你放在該目錄裏的其他apk

不會android開發直接搞xposed確實夠嗆, 慢慢來, 把過程都記錄好, 💪
下篇寫怎樣hook, 一邊google一邊學, 網上資料確實少或者很多過時的, 還是ios逆向簡單😅