使用xposed 来解阿里ctf-2014 第三题
只能说,有了xposed以后,对于java代码的hook从此非常简单
直接粘贴代码了,对于xposed 怎么上手,请参考https://github.com/rovo89/XposedBridge/wiki/Development-tutorial
关键是找到addJavascriptInterface这个函数并hook即可,然后找到到底注入的名字以及object对象。
public class Tutorial implements IXposedHookLoadPackage {
public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable {
//XposedBridge.log("Loaded app: " + lpparam.packageName);
if (!lpparam.packageName.equals("com.ali.tg.testapp"))
return;
findAndHookMethod("android.webkit.WebView",lpparam.classLoader,"addJavascriptInterface",Object.class,String.class,new XC_MethodHook(){
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
// this will be called before the clock was updated by the original method
XposedBridge.log("before addJavascriptInterface:"+param.args[1].toString());
XposedBridge.log("methods:");
Object obj=param.args[0];
Class<?> cls= obj.getClass();
Method[] ms=cls.getDeclaredMethods();
for( int i=0;i<ms.length;i++)
{
XposedBridge.log(ms[i].toString());
}
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
}
});
}
}