VirtualHook icon indicating copy to clipboard operation
VirtualHook copied to clipboard
verified publisher icon PAGalaxyLab

并不能Hook爱加密的App

Open dtsdao opened this issue 6 years ago • 2 comments

系统信息

OS: Android 6.0.1 (SDK 23) Device: SM-P355C 目标应用为企业定制应用

Hook 代码

package com.github.superhooker;

import android.content.Context;
import android.util.Log;

public class HookClass {
    public static String className = "com.netspace.library.utilities.HardwareInfo";
    public static String methodName = "getHardwareInfo";
    public static String methodSig = "(Landroid/content/Context;)Ljava/lang/String;";

    public static String hook(Context context) {
        Log.e("Hooker","Hooked!");
        return "";
    }
}

Log

01-29 22:53:50.688 17570 17570 I VClientImpl: Binding application com.github.superhooker (com.github.superhooker)
01-29 22:53:50.718 17570 17570 D VA++    : do_dlopen : libart.so, return : 0xb41901a4.
01-29 22:53:50.738 17570 17570 D NativeEngine: DexOrJarPath = /data/user/0/io.virtualhook/virtual/data/app/com.github.superhooker/base.apk, OutputPath = null.
01-29 22:53:50.738 17570 17570 D VA++    : do_dlopen : /data/data/io.virtualhook/virtual/opt/data@[email protected]@[email protected], return : 0xae049d04.
01-29 22:53:50.748 17570 17570 D NativeEngine: DexOrJarPath = /data/user/0/io.virtualhook/virtual/data/app/com.github.superhooker/base.apk, OutputPath = null.
01-29 22:53:50.758 17570 17570 W VirtualHook: Applying hook com.github.superhooker
01-29 22:53:50.758 17570 17570 D NativeEngine: DexOrJarPath = /data/user/0/io.virtualhook/virtual/data/app/com.github.superhooker/base.apk, OutputPath = /data/user/0/io.virtualhook/virtual/opt/base.dex.
01-29 22:53:50.768 17570 17570 D VA++    : do_dlopen : /data/app/io.virtualhook-1/lib/arm/libyahfa.so, return : 0xb2b07004.
01-29 22:53:50.768 17570 17570 I YAHFA-Native: init to SDK 23
01-29 22:53:50.768 17570 17570 I YAHFA   : Start hooking with item com.github.superhooker.HookClass
01-29 22:53:50.768  1472  1484 I art     : Background partial concurrent mark sweep GC freed 45481(3MB) AllocSpace objects, 48(976KB) LOS objects, 33% free, 28MB/42MB, paused 2.867ms total 143.900ms
01-29 22:53:50.768 17570 17570 W System.err: java.lang.ClassNotFoundException: com.netspace.library.utilities.HardwareInfo
01-29 22:53:50.778 17570 17570 W System.err: 	at java.lang.Class.classForName(Native Method)
01-29 22:53:50.778 17570 17570 W System.err: 	at java.lang.Class.forName(Class.java:324)
01-29 22:53:50.778 17570 17570 W System.err: 	at lab.galaxy.yahfa.HookMain.doHookItemDefault(HookMain.java:56)
01-29 22:53:50.778 17570 17570 W System.err: 	at lab.galaxy.yahfa.HookMain.doHookDefault(HookMain.java:34)
01-29 22:53:50.778 17570 17570 W System.err: 	at com.lody.virtual.client.VClientImpl.applyHookPlugin(VClientImpl.java:375)
01-29 22:53:50.778 17570 17570 W System.err: 	at com.lody.virtual.client.VClientImpl.bindApplicationNoCheck(VClientImpl.java:359)
01-29 22:53:50.778 17570 17570 W System.err: 	at com.lody.virtual.client.VClientImpl.bindApplication(VClientImpl.java:211)
01-29 22:53:50.778 17570 17570 W System.err: 	at com.lody.virtual.client.hook.proxies.am.HCallbackStub.handleLaunchActivity(HCallbackStub.java:120)
01-29 22:53:50.778 17570 17570 W System.err: 	at com.lody.virtual.client.hook.proxies.am.HCallbackStub.handleMessage(HCallbackStub.java:73)
01-29 22:53:50.778 17570 17570 W System.err: 	at android.os.Handler.dispatchMessage(Handler.java:98)
01-29 22:53:50.778 17570 17570 W System.err: 	at android.os.Looper.loop(Looper.java:148)
01-29 22:53:50.778 17570 17570 W System.err: 	at android.app.ActivityThread.main(ActivityThread.java:7325)
01-29 22:53:50.778 17570 17570 W System.err: 	at java.lang.reflect.Method.invoke(Native Method)
01-29 22:53:50.778 17570 17570 W System.err: 	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1321)
01-29 22:53:50.778 17570 17570 W System.err: 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1211)
01-29 22:53:50.778 17570 17570 W System.err: Caused by: java.lang.ClassNotFoundException: Didn't find class "com.netspace.library.utilities.HardwareInfo" on path: DexPathList[[zip file "/data/user/0/io.virtualhook/virtual/data/app/com.github.superhooker/base.apk", zip file "/data/user/0/io.virtualhook/virtual/data/app/com.github.superhooker/base.apk"],nativeLibraryDirectories=[/data/user/0/io.virtualhook/virtual/data/app/com.github.superhooker/lib, /data/user/0/io.virtualhook/virtual/data/app/com.github.superhooker/base.apk!/lib/armeabi-v7a, /data/user/0/io.virtualhook/virtual/data/app/com.github.superhooker/base.apk!/lib/armeabi-v7a, /vendor/lib, /system/lib]]
01-29 22:53:50.778 17570 17570 W System.err: 	at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:56)
01-29 22:53:50.778 17570 17570 W System.err: 	at java.lang.ClassLoader.loadClass(ClassLoader.java:511)
01-29 22:53:50.778 17570 17570 W System.err: 	at java.lang.ClassLoader.loadClass(ClassLoader.java:469)
01-29 22:53:50.778 17570 17570 W System.err: 	... 15 more
01-29 22:53:50.778 17570 17570 W System.err: 	Suppressed: java.lang.ClassNotFoundException: com.netspace.library.utilities.HardwareInfo
01-29 22:53:50.778 17570 17570 W System.err: 		at java.lang.Class.classForName(Native Method)
01-29 22:53:50.778 17570 17570 W System.err: 		at java.lang.BootClassLoader.findClass(ClassLoader.java:781)
01-29 22:53:50.778 17570 17570 W System.err: 		at java.lang.BootClassLoader.loadClass(ClassLoader.java:841)
01-29 22:53:50.778 17570 17570 W System.err: 		at java.lang.ClassLoader.loadClass(ClassLoader.java:504)
01-29 22:53:50.778 17570 17570 W System.err: 		... 16 more
01-29 22:53:50.778 17570 17570 W System.err: 	Caused by: java.lang.NoClassDefFoundError: Class not found using the boot class loader; no stack trace available
01-29 22:53:50.838 17570 17570 W art     : Before Android 4.1, method android.graphics.PorterDuffColorFilter android.support.graphics.drawable.VectorDrawableCompat.updateTintFilter(android.graphics.PorterDuffColorFilter, android.content.res.ColorStateList, android.graphics.PorterDuff$Mode) would have incorrectly overridden the package-private method in android.graphics.drawable.Drawable
01-29 22:53:50.878 17570 17570 I art     : Rejecting re-init on previously-failed class java.lang.Class<android.support.v4.view.ViewCompat$OnUnhandledKeyEventListenerWrapper>
01-29 22:53:50.878 17570 17570 I art     : Rejecting re-init on previously-failed class java.lang.Class<android.support.v4.view.ViewCompat$OnUnhandledKeyEventListenerWrapper>
01-29 22:53:50.878 17570 17570 I art     : Rejecting re-init on previously-failed class java.lang.Class<android.support.v4.view.ViewCompat$OnUnhandledKeyEventListenerWrapper>

我觉得这可能跟dex加载有关系,如果加了壳的都不能用的话还是最好在README里写一下

dtsdao avatar Jan 29 '19 15:01 dtsdao

ClassNotFoundException,需要确保拿到目标的classloader,网上有很多参考文章

rk700 avatar Jan 30 '19 01:01 rk700

@rk700 ClassNotFoundException,需要确保拿到目标的classloader,网上有很多参考文章

我看着那个 demoHookPlugin 里并没有获取 ClassLoader 啊? 所以我应该修改 VirtualHook 的源码来拿它的 ClassLoader 吗? 还是说我应该使用 YAHFA 的什么东西来获取它的 ClassLoader ?

dtsdao avatar Jan 30 '19 09:01 dtsdao