Android Hook 挂钩框架 cydia substrate

元始天尊 发表于 2016-5-19 00:16:52

本帖最后由元始天尊于 2016-5-20 18:50 编辑

substrate框架xposed框架dexposed框架
dalvik/art虚拟机支持dalvikdalvikdalvik/art
android版本支持2.x 3.x 4.x2.x 3.x 4.x2.x 3.x 4.x 5.x 6.x
hook能力java/c apijava apijava/c api(自身模块)
修改文件app_processliblog.so自身文件
hook时机app_process启动时app_process启动前加载so的时刻未知
hook方式修改method结构体重新映射java层对应的jni函数修改method结构体
c层hook类型无inline未知
是否需要root是是否
使用形式宿主+插件宿主+插件未知
风险app_process随每个版本变化加载so较多未知

ABIx86/armx86/arm未知
对于Android端Cydia Substrate 框架的完全逆向
已经完成90%的源码，现在开源给大家
https://github.com/lichao890427/CydiaSubstrate_OpenSource

剩下的只有x86和arm的指令集hook逻辑，由于指令集比较心烦，暂时不想继续

reverse and recover the code logic of Cydia Substrate on Android

Cydia Substrate is a hook library for android and ios device It's easy to anaylysis an app with this tool, while not Open-Source I'm doing reverse-engineering on it, and will soon recover it's main code

relevant files: substrate.h //c++ header file used in JNI layer hook substrate-api.jar //import package used in java layer hook substrate-bless.jar //used to remove properties(private,protect,etc...) in java layer hook com.saurik.substrate.apk//host apk, we can only develop plugin for it to install package \lib\armeabi \lib\x86 //real operation for hooking libAndroidBootstrap0.so //used to fake /system/lib/liblog.so and pull up libAndroidLoader.so each java process need to load liblog.so libAndroidLoader.so //used to pull all *.cy.so libAndroidCydia.cy.so //still in research libDalvikLoader.cy.so //still in research libsubstrate.so //provide jni layer hook low-level api libsubstrate-dvm.so //provide java layer hook low-level api libSubstrateJNI.so //used by substrate.apk to do c++ layer work libSubstrateRun.so //used by substrate.apk to do patch/unpatch/link/unlink operation update-binary.so //used by substrate.apk to recover patch/link operation

页: [1]

技术宅的结界's Archiver

Android Hook 挂钩 框架 cydia substrate

Android Hook 挂钩框架 cydia substrate