Hey,
I am trying to create a module for my Nexus 7 mobile tablet (2013). This module is supposed to allow the device to receive all APDUs and send them to my target application.
To do this I want to modify the HostEmulationManager class, specifically the notifyHostEmulationData() method. I have had a look at the 4.4.3 source code and notifyHostEmulationData() exists, but I am getting a NoSuchMethodError and having trouble figuring out what is wrong, any thoughts?
Logcat:
Code:
07-10 23:06:56.556: D/Xposed(185): Starting Xposed binary version 58, compiled for SDK 16
07-10 23:06:56.556: D/Xposed(185): Phone: Nexus 7 (asus), Android version 4.4.3 (SDK 19)
07-10 23:06:56.556: D/Xposed(185): ROM: KTU84L
07-10 23:06:56.556: D/Xposed(185): Build fingerprint: google/razorg/deb:4.4.3/KTU84L/1148727:user/release-keys
07-10 23:06:56.556: I/Xposed(185): -----------------
07-10 23:06:56.556: I/Xposed(185): Added Xposed (/data/data/de.robv.android.xposed.installer/bin/XposedBridge.jar) to CLASSPATH.
07-10 23:06:56.786: D/Xposed(185): Using structure member offsets for mode WITH_JIT
07-10 23:06:56.846: I/Xposed(185): Found Xposed class 'de/robv/android/xposed/XposedBridge', now initializing
07-10 23:06:57.327: I/Xposed(185): -----------------
07-10 23:06:57.327: I/Xposed(185): Jul 10, 2014 11:06:57 AM UTC
07-10 23:06:57.327: I/Xposed(185): Loading Xposed v54 (for Zygote)...
07-10 23:06:57.337: I/Xposed(185): Running ROM 'KTU84L' with fingerprint 'google/razorg/deb:4.4.3/KTU84L/1148727:user/release-keys'
07-10 23:06:57.457: I/Xposed(185): Loading modules from /data/app/com.example.nfc_xposed_module_nfcmanager-1.apk
07-10 23:06:57.757: I/Xposed(185): Loading class com.example.nfc_xposed_module_nfcmanager.ModEmulationManager
07-10 23:07:09.979: I/Xposed(932): In the com.android.nfc application
07-10 23:07:09.989: I/Xposed(932): java.lang.NoSuchMethodError: com.android.nfc.cardemulation.HostEmulationManager#notifyHostEmulationData()#exact
07-10 23:07:09.989: I/Xposed(932): at de.robv.android.xposed.XposedHelpers.findMethodExact(XposedHelpers.java:179)
07-10 23:07:09.989: I/Xposed(932): at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:129)
07-10 23:07:09.989: I/Xposed(932): at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:136)
07-10 23:07:09.989: I/Xposed(932): at com.example.nfc_xposed_module_nfcmanager.ModEmulationManager.handleLoadPackage(ModEmulationManager.java:25)
07-10 23:07:09.989: I/Xposed(932): at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)
07-10 23:07:09.989: I/Xposed(932): at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:34)
07-10 23:07:09.989: I/Xposed(932): at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:70)
07-10 23:07:09.989: I/Xposed(932): at de.robv.android.xposed.XposedBridge$1.beforeHookedMethod(XposedBridge.java:208)
07-10 23:07:09.989: I/Xposed(932): at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:611)
07-10 23:07:09.989: I/Xposed(932): at android.app.ActivityThread.handleBindApplication(Native Method)
07-10 23:07:09.989: I/Xposed(932): at android.app.ActivityThread.access$1500(ActivityThread.java:135)
07-10 23:07:09.989: I/Xposed(932): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1256)
07-10 23:07:09.989: I/Xposed(932): at android.os.Handler.dispatchMessage(Handler.java:102)
07-10 23:07:09.989: I/Xposed(932): at android.os.Looper.loop(Looper.java:136)
07-10 23:07:09.989: I/Xposed(932): at android.app.ActivityThread.main(ActivityThread.java:5001)
07-10 23:07:09.989: I/Xposed(932): at java.lang.reflect.Method.invokeNative(Native Method)
07-10 23:07:09.989: I/Xposed(932): at java.lang.reflect.Method.invoke(Method.java:515)
07-10 23:07:09.989: I/Xposed(932): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:785)
07-10 23:07:09.989: I/Xposed(932): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:601)
07-10 23:07:09.989: I/Xposed(932): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
07-10 23:07:09.989: I/Xposed(932): at dalvik.system.NativeStart.main(Native Method)
This is my code:
Code:
package com.example.nfc_xposed_module_nfcmanager;
import android.webkit.WebView.FindListener;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XC_MethodHook.MethodHookParam;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;
public class ModEmulationManager implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(LoadPackageParam lpparam) throws Throwable {
if(!lpparam.packageName.equals("com.android.nfc")){
return;
}
//Log that we are in the com.android.nfc application
XposedBridge.log("In the com.android.nfc application");
try{
findAndHookMethod("com.android.nfc.cardemulation.HostEmulationManager",
lpparam.classLoader,
"notifyHostEmulationData",
new XC_MethodHook(){
@Override
protected void beforeHookedMethod(MethodHookParam param)
throws Throwable {
XposedBridge.log("Before");
}
@Override
protected void afterHookedMethod(MethodHookParam param)
throws Throwable {
XposedBridge.log("After");
}
});
}catch(Exception e){
}
}
}
This is your current code:
Code:
findAndHookMethod("com.android.nfc.cardemulation.HostEmulationManager", lpparam.classLoader, notifyHostEmulationData", …);
You're hooking notifyHostEmulationData() which doesn't exist. What you want to hook is notifyHostEmulationData(byte[] data), so your code should look like this instead:
Code:
findAndHookMethod("com.android.nfc.cardemulation.HostEmulationManager", lpparam.classLoader, "notifyHostEmulationData", [COLOR="Red"]byte[].class[/COLOR], …);
GermainZ said:
This is your current code:
Code:
findAndHookMethod("com.android.nfc.cardemulation.HostEmulationManager", lpparam.classLoader, notifyHostEmulationData", …);
You're hooking notifyHostEmulationData() which doesn't exist. What you want to hook is notifyHostEmulationData(byte[] data), so your code should look like this instead:
Code:
findAndHookMethod("com.android.nfc.cardemulation.HostEmulationManager", lpparam.classLoader, "notifyHostEmulationData", [COLOR="Red"]byte[].class[/COLOR], …);
Click to expand...
Click to collapse
Thanks, it worked!
Now to code the rest of the module
Related
I tried to hook method "java.lang.System.loadLibrary", but it caused the process crashed.
My code is simple:
@Override
public void handleLoadPackage(final XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
if (!loadPackageParam.packageName.equals("com.shinybox.yongchuandixiachengfortx13"))
return;
XposedHelpers.findAndHookMethod("java.lang.System", loadPackageParam.classLoader, "loadLibrary",
String.class,
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
String libName = (String) param.args[0];
XposedBridge.log("XPOSED:" + libName);
XposedBridge.log("XPOSED:" + loadPackageParam.classLoader.toString());
super.beforeHookedMethod(param);
}
});
}
Click to expand...
Click to collapse
And I could got some output:
I/Xposed ( 1709): XPOSED:crypto
I/Xposed ( 1709): XPOSED:dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/com.shinybox.yongchuandixiachengfortx13-1.apk"],nativeLibraryDirectories=[/data/app-lib/com.shinybox.yongchuandixiachengfortx13-1, /vendor/lib, /system/lib]]]
I/Xposed ( 1709): XPOSED:ssl
I/Xposed ( 1709): XPOSED:dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/com.shinybox.yongchuandixiachengfortx13-1.apk"],nativeLibraryDirectories=[/data/app-lib/com.shinybox.yongchuandixiachengfortx13-1, /vendor/lib, /system/lib]]]
I/Xposed ( 1709): XPOSEDpenal
I/Xposed ( 1709): XPOSED:dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/com.shinybox.yongchuandixiachengfortx13-1.apk"],nativeLibraryDirectories=[/data/app-lib/com.shinybox.yongchuandixiachengfortx13-1, /vendor/lib, /system/lib]]]
Click to expand...
Click to collapse
But the app crashed and here is the error info:
E/AndroidRuntime( 1709): java.lang.UnsatisfiedLinkError: Couldn't load openal from loader dalvik.system.PathClassLoader[DexPathList[[zip file "/data/data/de.robv.android.xposed.installer/bin/XposedBridge.jar"],nativeLibraryDirectories=[/vendor/lib, /system/lib]]]: findLibrary returned null
E/AndroidRuntime( 1709): at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
E/AndroidRuntime( 1709): at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
E/AndroidRuntime( 1709): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
Click to expand...
Click to collapse
The reason is that the app tried to load the library "openal" from xposed installer's class loader rather than its own's. How this happened?
All my xposed modules stopped working.. I copied the log so you can see.
-----------------
17 apr. 2015 10:18:09 UTC
Loading Xposed v54 (for Zygote)...
Running ROM 'KOT49H.I9505XXUGNK4' with fingerprint 'samsung/jfltexx/jflte:4.4.2/KOT49H/I9505XXUGNK4:user/release-keys'
Loading modules from /data/app/com.datanasov.popupvideo-1.apk
Loading class com.datanasov.popupvideo.Mod
Loading modules from /data/app/fi.veetipaananen.android.disableflagsecure-1.apk
Loading class fi.veetipaananen.android.disableflagsecure.DisableFlagSecureModule
Loading modules from /data/app/com.android.vending.billing.InAppBillingService.LUCK-3.apk
Loading class com.chelpus.XSupport
Loading modules from /data/app/ma.wanam.youtubeadaway-2.apk
Loading class ma.wanam.youtubeadaway.Xposed
Loading modules from /data/app/com.datanasov.popupvideo.youtube-1.apk
Loading class com.datanasov.popupvideo.youtube.Mod
java.lang.NoSuchMethodError: bja#a(java.lang.String)#exact
at de.robv.android.xposed.XposedHelpers.findMethodExact(XposedHelpers.java:179)
at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:129)
at com.datanasov.popupvideo.youtube.Mod.handleLoadPackage(Mod.java:74)
at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)
at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:34)
at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:70)
at de.robv.android.xposed.XposedBridge$1.beforeHookedMethod(XposedBridge.java:208)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:611)
at android.app.ActivityThread.handleBindApplication(Native Method)
at android.app.ActivityThread.access$1600(ActivityThread.java:161)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1325)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:157)
at android.app.ActivityThread.main(ActivityThread.java:5356)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1265)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1081)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
at dalvik.system.NativeStart.main(Native Method)
Brute force failed! Class/Param sequence not found.
java.lang.NoSuchMethodError: bja#a(java.lang.String)#exact
at de.robv.android.xposed.XposedHelpers.findMethodExact(XposedHelpers.java:179)
at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:129)
at com.datanasov.popupvideo.youtube.Mod.handleLoadPackage(Mod.java:74)
at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)
at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:34)
at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:70)
at de.robv.android.xposed.XposedBridge$1.beforeHookedMethod(XposedBridge.java:208)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:611)
at android.app.ActivityThread.handleBindApplication(Native Method)
at android.app.ActivityThread.access$1600(ActivityThread.java:161)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1325)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:157)
at android.app.ActivityThread.main(ActivityThread.java:5356)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1265)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1081)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
at dalvik.system.NativeStart.main(Native Method)
Brute force failed! Class/Param sequence not found.
-----------------
17 apr. 2015 10:31:07 UTC
Loading Xposed v54 (for Zygote)...
Running ROM 'KOT49H.I9505XXUGNK4' with fingerprint 'samsung/jfltexx/jflte:4.4.2/KOT49H/I9505XXUGNK4:user/release-keys'
Loading modules from /data/app/fi.veetipaananen.android.disableflagsecure-1.apk
Loading class fi.veetipaananen.android.disableflagsecure.DisableFlagSecureModule
Loading modules from /data/app/com.datanasov.popupvideo-1.apk
Loading class com.datanasov.popupvideo.Mod
Loading modules from /data/app/com.android.vending.billing.InAppBillingService.LUCK-3.apk
Loading class com.chelpus.XSupport
Loading modules from /data/app/ma.wanam.youtubeadaway-2.apk
Loading class ma.wanam.youtubeadaway.Xposed
Loading modules from /data/app/com.datanasov.popupvideo.youtube-1.apk
Loading class com.datanasov.popupvideo.youtube.Mod
java.lang.NoSuchMethodError: bja#a(java.lang.String)#exact
at de.robv.android.xposed.XposedHelpers.findMethodExact(XposedHelpers.java:179)
at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:129)
at com.datanasov.popupvideo.youtube.Mod.handleLoadPackage(Mod.java:74)
at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)
at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:34)
at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:70)
at de.robv.android.xposed.XposedBridge$1.beforeHookedMethod(XposedBridge.java:208)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:611)
at android.app.ActivityThread.handleBindApplication(Native Method)
at android.app.ActivityThread.access$1600(ActivityThread.java:161)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1325)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:157)
at android.app.ActivityThread.main(ActivityThread.java:5356)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1265)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1081)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
at dalvik.system.NativeStart.main(Native Method)
Brute force failed! Class/Param sequence not found.
-----------------
17 apr. 2015 10:37:21 UTC
Loading Xposed v54 (for Zygote)...
Running ROM 'KOT49H.I9505XXUGNK4' with fingerprint 'samsung/jfltexx/jflte:4.4.2/KOT49H/I9505XXUGNK4:user/release-keys'
Loading modules from /data/app/com.datanasov.popupvideo-2.apk
Loading class com.datanasov.popupvideo.Mod
Loading modules from /data/app/fi.veetipaananen.android.disableflagsecure-1.apk
Loading class fi.veetipaananen.android.disableflagsecure.DisableFlagSecureModule
Loading modules from /data/app/com.android.vending.billing.InAppBillingService.LUCK-3.apk
Loading class com.chelpus.XSupport
Loading modules from /data/app/ma.wanam.youtubeadaway-2.apk
Loading class ma.wanam.youtubeadaway.Xposed
Loading modules from /data/app/com.datanasov.popupvideo.youtube-1.apk
Loading class com.datanasov.popupvideo.youtube.Mod
java.lang.NoSuchMethodError: bja#a(java.lang.String)#exact
at de.robv.android.xposed.XposedHelpers.findMethodExact(XposedHelpers.java:179)
at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:129)
at com.datanasov.popupvideo.youtube.Mod.handleLoadPackage(Mod.java:74)
at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)
at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:34)
at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:70)
at de.robv.android.xposed.XposedBridge$1.beforeHookedMethod(XposedBridge.java:208)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:611)
at android.app.ActivityThread.handleBindApplication(Native Method)
at android.app.ActivityThread.access$1600(ActivityThread.java:161)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1325)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:157)
at android.app.ActivityThread.main(ActivityThread.java:5356)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1265)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1081)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
at dalvik.system.NativeStart.main(Native Method)
Brute force failed! Class/Param sequence not found.
-----------------
17 apr. 2015 11:14:25 UTC
Loading Xposed v54 (for Zygote)...
Running ROM 'KOT49H.I9505XXUGNK4' with fingerprint 'samsung/jfltexx/jflte:4.4.2/KOT49H/I9505XXUGNK4:user/release-keys'
Loading modules from /data/app/fi.veetipaananen.android.disableflagsecure-1.apk
Loading class fi.veetipaananen.android.disableflagsecure.DisableFlagSecureModule
Loading modules from /data/app/com.datanasov.popupvideo-2.apk
Loading class com.datanasov.popupvideo.Mod
Loading modules from /data/app/com.android.vending.billing.InAppBillingService.LUCK-3.apk
Loading class com.chelpus.XSupport
Loading modules from /data/app/ma.wanam.youtubeadaway-3.apk
Loading class ma.wanam.youtubeadaway.Xposed
Loading modules from /data/app/com.datanasov.popupvideo.youtube-1.apk
Loading class com.datanasov.popupvideo.youtube.Mod
Trying to hook com.google.android.youtube 10.14.56 ...
java.lang.NoSuchMethodError: bja#a(java.lang.String)#exact
at de.robv.android.xposed.XposedHelpers.findMethodExact(XposedHelpers.java:179)
at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:129)
at com.datanasov.popupvideo.youtube.Mod.handleLoadPackage(Mod.java:74)
at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)
at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:34)
at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:70)
at de.robv.android.xposed.XposedBridge$1.beforeHookedMethod(XposedBridge.java:208)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:611)
at android.app.ActivityThread.handleBindApplication(Native Method)
at android.app.ActivityThread.access$1600(ActivityThread.java:161)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1325)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:157)
at android.app.ActivityThread.main(ActivityThread.java:5356)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1265)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1081)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
at dalvik.system.NativeStart.main(Native Method)
Succes hook for sequence: class =gdb param=ezd
Trying to hook com.google.android.youtube 10.14.56 ...
java.lang.NoSuchMethodError: bja#a(java.lang.String)#exact
at de.robv.android.xposed.XposedHelpers.findMethodExact(XposedHelpers.java:179)
at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:129)
at com.datanasov.popupvideo.youtube.Mod.handleLoadPackage(Mod.java:74)
at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)
at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:34)
at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:70)
at de.robv.android.xposed.XposedBridge$1.beforeHookedMethod(XposedBridge.java:208)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:611)
at android.app.ActivityThread.handleBindApplication(Native Method)
at android.app.ActivityThread.access$1600(ActivityThread.java:161)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1325)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:157)
at android.app.ActivityThread.main(ActivityThread.java:5356)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1265)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1081)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
at dalvik.system.NativeStart.main(Native Method)
Succes hook for sequence: class =gdb param=ezd
I'm having the same issue. Running it on a Galaxy S5, stock, rooted, 4.4.4.
Sent from my SM-G900V using XDA Free mobile app
Not sure why it worked, but I went through and uninstalled all the modules, the framework, and the installer, redownloaded and installed, and everything works.
Sent from my SM-G900V using XDA Free mobile app
When I reinstalled XPrivacy, the modules and installer stopped working. Had to do the whole process again.
Sent from my SM-G900V using XDA Free mobile app
SOLVED: I should not use the construction function...
Is it related to the construction function or static mathod?
PS:the [ CODE ] tag seems not very suitable for showing logs... Any better ideas?
Logs:
Code:
06-11 10:55:07.367 I/Xposed ( 303): Loading modules from /data/app/com.runapp.wakelockblocker-1/base.apk
06-11 10:55:07.617 I/Xposed ( 303): Loading class com.runapp.wakelockblocker.HookClass
06-11 10:55:07.647 E/Xposed ( 303): java.lang.IllegalAccessException: com.runapp.wakelockblocker.HookClass() is not accessible from class de.robv.android.xposed.XposedBridge
06-11 10:55:07.647 E/Xposed ( 303): at java.lang.Class.newInstance(Class.java:1569)
06-11 10:55:07.647 E/Xposed ( 303): at de.robv.android.xposed.XposedBridge.loadModule(XposedBridge.java:492)
06-11 10:55:07.647 E/Xposed ( 303): at de.robv.android.xposed.XposedBridge.loadModules(XposedBridge.java:447)
06-11 10:55:07.647 E/Xposed ( 303): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:105)
Part of my code:
Code:
public class HookClass implements IXposedHookZygoteInit,IXposedHookLoadPackage {
private static XSharedPreferences prefs;
private static String[] appn;
private static String[] wln;
private static boolean reloadPref;
HookClass(){
Log.e("HookClass","Constructing!");
}
@Override
public void initZygote(IXposedHookZygoteInit.StartupParam paramStartupParam) throws Throwable {
prefs = new XSharedPreferences(Common.MY_PACKAGE_NAME, Common.MY_PREFERENCE_NAME);
loadPref();
}
public static void loadPref() {
...
HookClass(){
Log.e("HookClass","Constructing!");
}
This is code is useless and causes bugs. Simply remove it. You don't need it. You can place logging to initZygote.
So I'm trying to hook my specific application's class onCreate method, because that's when I initialize my DaggerComponent.
My application looks like this:
Code:
private ApplicationComponent component;
@Override
public void onCreate() {
super.onCreate();
component = DaggerApplicationComponent.builder()
.applicationModule(new ApplicationModule(this))
.build();
}
public ApplicationComponent getComponent() {
return component;
}
And in my Xposed loadPackage method, I'm trying to hook the component so I can inject it into the module like so:
Code:
String name = lpparam.packageName;
if (name.equals(Common.PACKAGE_NAME)) {
XposedHelpers.findAndHookMethod(Application.class, "attach", Context.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
findAndHookMethod(
XposedHelpers.findClass(Common.APPLICATION, lpparam.classLoader),
"onCreate",
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
Application application = (Application) param.thisObject;
Class clazz = param.method.getDeclaringClass();
for (Field field: clazz.getDeclaredFields()) {
String typeName = field.getType().getName();
if (typeName.equals(ApplicationComponent.class.getName())) {
Object object = XposedHelpers.getObjectField(param.thisObject, field.getName());
Class<?> component = object.getClass();
Method injector = component.getDeclaredMethod(
ApplicationComponent.INJECTOR, Loader.class);
injector.invoke(Loader.this);
Logg.log("GOT PAST THE BULL");
}
}
}
});
}
});
}
However, this always leads to a ClassNotFoundException where my Loader (the xposed module) is not found on my apk.
Code:
03-29 15:13:05.186 8571-8571/software.umlgenerator I/Xposed: java.lang.NoClassDefFoundError: software/umlgenerator/xposed/loaders/Loader
at java.lang.Class.getDeclaredConstructorOrMethod(Native Method)
at java.lang.Class.getConstructorOrMethod(Class.java:468)
at java.lang.Class.getDeclaredMethod(Class.java:640)
at software.umlgenerator.xposed.loaders.Loader$1$1.afterHookedMethod(Loader.java:67)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at software.umlgenerator.UMLApplication.onCreate(Native Method)
at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1007)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4328)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at android.app.ActivityThread.handleBindApplication(Native Method)
at android.app.ActivityThread.access$1500(ActivityThread.java:135)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1256)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:136)
at android.app.ActivityThread.main(ActivityThread.java:5001)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:785)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:601)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
at dalvik.system.NativeStart.main(Native Method)
Caused by: java.lang.ClassNotFoundException: Didn't find class "software.umlgenerator.xposed.loaders.Loader" on path: DexPathList[[zip file "/data/app/software.umlgenerator-1.apk"],nativeLibraryDirectories=[/data/app-lib/software.umlgenerator-1, /system/lib]]
at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:56)
at java.lang.ClassLoader.loadClass(ClassLoader.java:497)
at java.lang.ClassLoader.loadClass(ClassLoader.java:457)
at java.lang.Class.getDeclaredConstructorOrMethod(Native Method)*
at java.lang.Class.getConstructorOrMethod(Class.java:468)*
at java.lang.Class.getDeclaredMethod(Class.java:640)*
at software.umlgenerator.xposed.loaders.Loader$1$1.afterHookedMethod(Loader.java:67)*
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)*
at software.umlgenerator.UMLApplication.onCreate(Native Method)*
at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1007)*
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4328)*
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)*
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)*
at android.app.ActivityThread.handleBindApplication(Native Method)*
at android.app.ActivityThread.access$1500(ActivityThread.java:135)*
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1256)*
at android.os.Handler.dispatchMessage(Handler.java:102)*
at android.os.Looper.loop(Looper.java:136)*
at android.app.ActivityThread.main(ActivityThread.java:5001)*
at java.lang.reflect.Method.invokeNative(Native Method)*
at java.lang.reflect.Method.invoke(Method.java:515)*
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:785)*
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:601)*
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)*
at dalvik.system.NativeStart.main(Native Method)*
Any ideas?
I've been able to hook static methods using Xposed but can not figure out how to hook android classes such as android.bluetooth.BluetoothGatt. My goal is to log bluetooth payloads and then trace the static method within the given app responsible for said payload. I can access the desired payload using the JDB debugger as follows:
Code:
> stop in android.bluetooth.BluetoothGatt.writeCharacteristic
Set breakpoint android.bluetooth.BluetoothGatt.writeCharacteristic
>
Breakpoint hit: "thread=main",
android.bluetooth.BluetoothGatt.writeCharacteristic(), line=926 bci=0
main[1] dump characteristic.mValue
characteristic.mValue = {
116, 101, 115, 116, 49, 51, 51
}
This is my code for attempting to hook the android.bluetooth.BluetoothGatt.writeCharacteristic method:
Code:
package com.example.test.xposed3;
import java.lang.reflect.Method;
import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;
import static de.robv.android.xposed.XposedHelpers.findClass;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
public class Xposed3 implements IXposedHookLoadPackage {
public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable {
if (!lpparam.packageName.equals("com.macdom.ble.blescanner"))
return;
XposedBridge.log("Loaded app: " + lpparam.packageName);
findAndHookMethod("com.macdom.ble.blescanner.a", lpparam.classLoader, "onStart", new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("Calling com.macdom.ble.blescanner.a onStart()");
}
});
Class<?> BluetoothGatt = findClass("android.bluetooth.BluetoothGatt", lpparam.classLoader);
Method writeCharacteristic = XposedHelpers.findMethodBestMatch(BluetoothGatt, "writeCharacteristic");
XposedBridge.hookMethod(writeCharacteristic, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("Calling android.bluetooth.BluetoothGatt writeCharacteristic()");
}
});
The logs show I'm successfully hooking the static method com.macdom.ble.blescanner.a onStart() but outputs a java.lang.NoSuchMethodError when attempting to hook android.bluetooth.BluetoothGatt writeCharacteristic()
Code:
I/Xposed (11661): Loaded app: com.macdom.ble.blescanner
E/Xposed (11661): java.lang.NoSuchMethodError: android.bluetooth.BluetoothGatt#writeCharacteristic()#bestmatch
E/Xposed (11661): at de.robv.android.xposed.XposedHelpers.findMethodBestMatch(XposedHelpers.java:440)
E/Xposed (11661): at com.example.test.xposed3.Xposed3.handleLoadPackage(Xposed3.java:34)
E/Xposed (11661): at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:34)
E/Xposed (11661): at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:61)
E/Xposed (11661): at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:106)
E/Xposed (11661): at de.robv.android.xposed.XposedInit$2.beforeHookedMethod(XposedInit.java:116)
E/Xposed (11661): at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:314)
E/Xposed (11661): at android.app.ActivityThread.handleBindApplication(<Xposed>)
E/Xposed (11661): at android.app.ActivityThread.access$1500(ActivityThread.java:151)
E/Xposed (11661): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1364)
E/Xposed (11661): at android.os.Handler.dispatchMessage(Handler.java:102)
E/Xposed (11661): at android.os.Looper.loop(Looper.java:135)
E/Xposed (11661): at android.app.ActivityThread.main(ActivityThread.java:5254)
E/Xposed (11661): at java.lang.reflect.Method.invoke(Native Method)
E/Xposed (11661): at java.lang.reflect.Method.invoke(Method.java:372)
E/Xposed (11661): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:903)
E/Xposed (11661): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:698)
E/Xposed (11661): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:102)
I/Xposed (11661): Calling com.macdom.ble.blescanner.a onStart()
The module should be usable for any given app that uses bluetooth BLE. I'm not sure if this is the best approach or if there is a way to dynamically discover the the app's instance of BluetoothGatt and hook it.
jostomp said:
I've been able to hook static methods using Xposed but can not figure out how to hook android classes such as android.bluetooth.BluetoothGatt. My goal is to log bluetooth payloads and then trace the static method within the given app responsible for said payload. I can access the desired payload using the JDB debugger as follows:
Code:
> stop in android.bluetooth.BluetoothGatt.writeCharacteristic
Set breakpoint android.bluetooth.BluetoothGatt.writeCharacteristic
>
Breakpoint hit: "thread=main",
android.bluetooth.BluetoothGatt.writeCharacteristic(), line=926 bci=0
main[1] dump characteristic.mValue
characteristic.mValue = {
116, 101, 115, 116, 49, 51, 51
}
This is my code for attempting to hook the android.bluetooth.BluetoothGatt.writeCharacteristic method:
Code:
package com.example.test.xposed3;
import java.lang.reflect.Method;
import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;
import static de.robv.android.xposed.XposedHelpers.findClass;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
public class Xposed3 implements IXposedHookLoadPackage {
public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable {
if (!lpparam.packageName.equals("com.macdom.ble.blescanner"))
return;
XposedBridge.log("Loaded app: " + lpparam.packageName);
findAndHookMethod("com.macdom.ble.blescanner.a", lpparam.classLoader, "onStart", new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("Calling com.macdom.ble.blescanner.a onStart()");
}
});
Class<?> BluetoothGatt = findClass("android.bluetooth.BluetoothGatt", lpparam.classLoader);
Method writeCharacteristic = XposedHelpers.findMethodBestMatch(BluetoothGatt, "writeCharacteristic");
XposedBridge.hookMethod(writeCharacteristic, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("Calling android.bluetooth.BluetoothGatt writeCharacteristic()");
}
});
The logs show I'm successfully hooking the static method com.macdom.ble.blescanner.a onStart() but outputs a java.lang.NoSuchMethodError when attempting to hook android.bluetooth.BluetoothGatt writeCharacteristic()
Code:
I/Xposed (11661): Loaded app: com.macdom.ble.blescanner
E/Xposed (11661): java.lang.NoSuchMethodError: android.bluetooth.BluetoothGatt#writeCharacteristic()#bestmatch
E/Xposed (11661): at de.robv.android.xposed.XposedHelpers.findMethodBestMatch(XposedHelpers.java:440)
E/Xposed (11661): at com.example.test.xposed3.Xposed3.handleLoadPackage(Xposed3.java:34)
E/Xposed (11661): at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:34)
E/Xposed (11661): at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:61)
E/Xposed (11661): at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:106)
E/Xposed (11661): at de.robv.android.xposed.XposedInit$2.beforeHookedMethod(XposedInit.java:116)
E/Xposed (11661): at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:314)
E/Xposed (11661): at android.app.ActivityThread.handleBindApplication(<Xposed>)
E/Xposed (11661): at android.app.ActivityThread.access$1500(ActivityThread.java:151)
E/Xposed (11661): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1364)
E/Xposed (11661): at android.os.Handler.dispatchMessage(Handler.java:102)
E/Xposed (11661): at android.os.Looper.loop(Looper.java:135)
E/Xposed (11661): at android.app.ActivityThread.main(ActivityThread.java:5254)
E/Xposed (11661): at java.lang.reflect.Method.invoke(Native Method)
E/Xposed (11661): at java.lang.reflect.Method.invoke(Method.java:372)
E/Xposed (11661): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:903)
E/Xposed (11661): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:698)
E/Xposed (11661): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:102)
I/Xposed (11661): Calling com.macdom.ble.blescanner.a onStart()
The module should be usable for any given app that uses bluetooth BLE. I'm not sure if this is the best approach or if there is a way to dynamically discover the the app's instance of BluetoothGatt and hook it.
Click to expand...
Click to collapse
If the method have some args, Xposed won't find it. Can you share the source? And why you didn't use findandhookmethod?
Massi-X said:
If the method have some args, Xposed won't find it. Can you share the source? And why you didn't use findandhookmethod?
Click to expand...
Click to collapse
Thanks for the reply. This method does not take any arguments - https:[//]developer.android.com/reference/android/bluetooth/BluetoothGatt.html#writeCharacteristic(android.bluetooth.BluetoothGattCharacteristic)
Using the findandhookmethod returns a similar error:
Code:
java.lang.NoSuchMethodError: android.bluetooth.BluetoothGatt#writeCharacteristic()#exact
The application I'm testing on is called BLE Scanner - I do not have the source for this.
jostomp said:
Thanks for the reply. This method does not take any arguments - https:[//]developer.android.com/reference/android/bluetooth/BluetoothGatt.html#writeCharacteristic(android.bluetooth.BluetoothGattCharacteristic)
Using the findandhookmethod returns a similar error:
Code:
java.lang.NoSuchMethodError: android.bluetooth.BluetoothGatt#writeCharacteristic()#exact
The application I'm testing on is called BLE Scanner - I do not have the source for this.
Click to expand...
Click to collapse
Uhm from the page you share it says the method wants an argument of BluetoothGattCharacteristic type .
So, this is the problem!
Massi-X said:
Uhm from the page you share it says the method wants an argument of BluetoothGattCharacteristic type .
So, this is the problem!
Click to expand...
Click to collapse
Ahh yes you are completely right! Thanks
Here's the working code:
Code:
package com.example.djason.xposed3;
import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
import android.bluetooth.BluetoothGattCharacteristic;
public class Xposed3 implements IXposedHookLoadPackage {
public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable {
if (!lpparam.packageName.equals("com.macdom.ble.blescanner"))
return;
XposedBridge.log("Loaded app: " + lpparam.packageName);
findAndHookMethod("android.bluetooth.BluetoothGatt", lpparam.classLoader, "writeCharacteristic", BluetoothGattCharacteristic.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("Calling android.bluetooth.BluetoothGatt writeCharacteristic()");
}
});
}
}
Glad to help!