Hello,
I want to hook a method in com.android.commands.pm.PM but i fail to load this class (i get class not found exception)
I tried both using initZygote approach and handleLoadPackage approach, both with the same result..
what am i doing wrong?
Thanks!
Maybe @GermainZ can help?
Can you post the relevant Xposed code and exact error, please?
Hi,
Thanks.
Yes, here are my both tries...
Code:
public class XPm implements IXposedHookZygoteInit, IXposedHookLoadPackage {
[user=439709]@override[/user]
public void initZygote(StartupParam startupParam) throws Throwable {
String methodName = "installFailureToString";
XC_MethodHook hookMethod = new XC_MethodHook() {
[user=439709]@override[/user]
protected void beforeHookedMethod(final MethodHookParam param)
throws Throwable {
int result = (Integer) param.args[0];
switch (result) {
case 1:
param.setResult("BLA");
break;
case 2:
param.setResult("BLA BLA");
break;
}
}
};
final Class<?> clsPMS = XposedHelpers.findClass(
"com.android.commands.pm.Pm$1", XPm.class.getClassLoader());
XposedHelpers.findAndHookMethod(clsPMS, methodName, int.class,
hookMethod);
}
[user=439709]@override[/user]
public void handleLoadPackage(LoadPackageParam lpparam) throws Throwable {
String methodName = "installFailureToString";
if (!lpparam.packageName.equals("com.android.commands.pm"))
return;
Log.d(TAG, "com.android.commands.pm is loaded...");
XC_MethodHook hookMethod = new XC_MethodHook() {
[user=439709]@override[/user]
protected void beforeHookedMethod(final MethodHookParam param)
throws Throwable {
int result = (Integer) param.args[0];
switch (result) {
case 1:
param.setResult("BLA");
break;
case 2:
param.setResult("BLA BLA");
break;
}
}
};
final Class<?> clsPMS = XposedHelpers.findClass(
"com.android.commands.pm.Pm", XPm.class.getClassLoader());
XposedHelpers.findAndHookMethod(clsPMS, methodName, int.class,
hookMethod);
}
}
Well, there is no android.commands.pm. Not sure what you're trying to hook, but you should get the correct class name first.
PS. Please wrap your code in [CODE][/CODE] tags next time.
GermainZ said:
Well, there is no android.commands.pm. Not sure what you're trying to hook, but you should get the correct class name first.
PS. Please wrap your code in [CODE][/CODE] tags next time.
Click to expand...
Click to collapse
Hi,
sure, Sorry.
one of the things android.commands.pm.Pm is doing is to print the ADB installation message like "Failure [INVALIED_APK]"
my goal is to print my own message, so it's either by hooking the method i tried or by hooking PackageManager.class.getFields() and add my own fields.
this is the code from Pm.Java
Code:
/**
* Converts a failure code into a string by using reflection to find a matching constant
* in PackageManager.
*/
private String installFailureToString(int result) {
Field[] fields = PackageManager.class.getFields();
for (Field f: fields) {
if (f.getType() == int.class) {
int modifiers = f.getModifiers();
// only look at public final static fields.
if (((modifiers & Modifier.FINAL) != 0) &&
((modifiers & Modifier.PUBLIC) != 0) &&
((modifiers & Modifier.STATIC) != 0)) {
String fieldName = f.getName();
if (fieldName.startsWith("INSTALL_FAILED_") ||
fieldName.startsWith("INSTALL_PARSE_FAILED_")) {
// get the int value and compare it to result.
try {
if (result == f.getInt(null)) {
return fieldName;
}
} catch (IllegalAccessException e) {
// this shouldn't happen since we only look for public static fields.
}
}
}
}
}
// couldn't find a matching constant? return the value
return Integer.toString(result);
}
If it's not possible to hook this method, i understand i should add my own fields to packageManager
Thanks!
So we're talking about this? You haven't pasted the exact error but I'm guessing it's failing because you're using the wrong classloader. In initZygote, you shouldn't normally pass a classloader — just pass "null". In handleLoadPackage, use the hooked process' classloader (lpparam.classLoader).
EDIT: You can change/get a method's return value using param.setResult/param.getResult. Check the wiki for some more info.
GermainZ said:
So we're talking about this? You haven't pasted the exact error but I'm guessing it's failing because you're using the wrong classloader. In initZygote, you shouldn't normally pass a classloader — just pass "null". In handleLoadPackage, use the hooked process' classloader (lpparam.classLoader).
EDIT: You can change/get a method's return value using param.setResult/param.getResult. Check the wiki for some more info.
Click to expand...
Click to collapse
Hi,
First of all thanks a lot!
this is the exception I'm getting when trying to initZygote and pass null as classloader:
Code:
de.robv.android.xposed.XposedHelpers$ClassNotFoundError: java.lang.ClassNotFoundException: com.android.commands.pm.Pm
I/Xposed ( 8491): at de.robv.android.xposed.XposedHelpers.findClass(XposedHelpers.java:52)
I/Xposed ( 8491): at com.myapp.Hooks.XPm.initZygote(XPm.java:29)
I/Xposed ( 8491): at de.robv.android.xposed.XposedBridge.loadModule(XposedBridge.java:437)
I/Xposed ( 8491): at de.robv.android.xposed.XposedBridge.loadModules(XposedBridge.java:386)
I/Xposed ( 8491): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:120)
I/Xposed ( 8491): at dalvik.system.NativeStart.main(Native Method)
I/Xposed ( 8491): Caused by: java.lang.ClassNotFoundException: com.android.commands.pm.Pm
I/Xposed ( 8491): at java.lang.Class.classForName(Native Method)
I/Xposed ( 8491): at java.lang.Class.forName(Class.java:204)
I/Xposed ( 8491): at external.org.apache.commons.lang3.ClassUtils.getClass(ClassUtils.java:823)
I/Xposed ( 8491): at de.robv.android.xposed.XposedHelpers.findClass(XposedHelpers.java:50)
I/Xposed ( 8491): ... 5 more
I/Xposed ( 8491): Caused by: java.lang.NoClassDefFoundError: com/android/commands/pm/Pm
I/Xposed ( 8491): ... 9 more
I/Xposed ( 8491): Caused by: java.lang.ClassNotFoundException: Didn't find class "com.android.commands.pm.Pm" on path: DexPathList[[zip file "/data/data/de.robv.android.xposed.installer/bin/XposedBridge.jar"],nativeLibraryDirectories=[/system/lib]]
BTW, i also tried this approach:
Code:
final Class<?> clsPm = XposedHelpers.findClass("android.content.pm.PackageManager", XPm.class.getClassLoader());
XposedHelpers.setAdditionalStaticField(clsPm, "MY_MESSAGE", 1000);
But it doesn't seem to work either...
As I said, you're using the wrong class loader.
Yes, i understand that, but which class loader should I use?
actually, which approach is better for this case? use initZygote or handleLoadPackage?
this how i did it this time:
Code:
final Class<?> clsPMS = XposedHelpers.findClass("com.android.commands.pm.Pm", null);
XposedHelpers.findAndHookMethod(clsPMS, methodName,int.class, hookMethod);
I'd use initZygote since it's more readable/shorter.
As for which class loader to use, please see post #7.
I tried that (please see post #10), is that what you meant? since i got the same exception as in post #8
shnapsi said:
I tried that (please see post #10), is that what you meant? since i got the same exception as in post #8
Click to expand...
Click to collapse
You didn't indicate anything was wrong in post #10, I assumed that had worked. As usual, you should post the full code (including the initZygote/handleLoadPackage part so we know which you're using) and the exact error.
This is how you'd do it in initZygote:
Java:
public void initZygote(StartupParam startupParam) throws Throwable {
findAndHookMethod("full.class.Name", null, "methodName",
SomeArgument.class, new XC_MethodHook() {
[PLAIN]@Override[/PLAIN]
protected void afterHookedMethod(final MethodHookParam param) throws Throwable {
// Do something.
}
}
);
}
And in handleLoadPackage:
Java:
public void handleLoadPackage(final XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if (!lpparam.packageName.equals("some.package.name"))
return;
findAndHookMethod("full.class.Name", lpparam.classLoader, "methodName",
SomeArgument.class, new XC_MethodHook() {
[PLAIN]@Override[/PLAIN]
protected void afterHookedMethod(final MethodHookParam param) throws Throwable {
// Do something.
}
}
);
}
GermainZ said:
You didn't indicate anything was wrong in post #10, I assumed that had worked. As usual, you should post the full code (including the initZygote/handleLoadPackage part so we know which you're using) and the exact error.
This is how you'd do it in initZygote:
Java:
public void initZygote(StartupParam startupParam) throws Throwable {
findAndHookMethod("full.class.Name", null, "methodName",
SomeArgument.class, new XC_MethodHook() {
[PLAIN]@Override[/PLAIN]
protected void afterHookedMethod(final MethodHookParam param) throws Throwable {
// Do something.
}
}
);
}
And in handleLoadPackage:
Java:
public void handleLoadPackage(final XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if (!lpparam.packageName.equals("some.package.name"))
return;
findAndHookMethod("full.class.Name", lpparam.classLoader, "methodName",
SomeArgument.class, new XC_MethodHook() {
[PLAIN]@Override[/PLAIN]
protected void afterHookedMethod(final MethodHookParam param) throws Throwable {
// Do something.
}
}
);
}
Click to expand...
Click to collapse
Hi,
Strange since i do see in #10 an example (not full code...) of how i tried to do it.
anyway, I don't think that this is my problem. here is my code:
Code:
public class XPm implements IXposedHookZygoteInit {
@Override
public void initZygote(StartupParam startupParam) throws Throwable {
String methodName = "installFailureToString";
XC_MethodHook hookMethod = new XC_MethodHook() {
@Override
protected void beforeHookedMethod(final MethodHookParam param) throws Throwable {
int result = (Integer) param.args[0];
switch(result) {
case 1:
param.setResult("BLA");
break;
case 2:
param.setResult("BLA BLA");
break;
}
}
};
final Class<?> clsPMS = XposedHelpers.findClass("com.android.commands.pm.Pm", null);
XposedHelpers.findAndHookMethod(clsPMS, methodName,int.class, hookMethod);
}
}
shnapsi said:
Hi,
Strange since i do see in #10 an example (not full code...) of how i tried to do it.
Click to expand...
Click to collapse
Not the initZygote/handleLoadPackage part, though, so I couldn't know which you're using.
shnapsi said:
anyway, I dont think that this is my problem. here is my code:
Click to expand...
Click to collapse
That looks correct to me. What's the error you're getting?
GermainZ said:
Not the initZygote/handleLoadPackage part, though, so I couldn't know which you're using.
That looks correct to me. What's the error you're getting?
Click to expand...
Click to collapse
The same exception as i posted in #8
I think this might be your problem (see post #2): http://forum.xda-developers.com/xposed/xposed-api-changelog-developer-news-t2714067
GermainZ said:
I think this might be your problem (see post #2): http://forum.xda-developers.com/xposed/xposed-api-changelog-developer-news-t2714067
Click to expand...
Click to collapse
So, I'm not sure I understand, can i hook it or not?
I didn't find IXposedHookCmdInit under XposedHelpers...
Thanks!
shnapsi said:
So, Im not sure I understand, can i hook it or not?
I didnt find IXposedHookCmdInit under XposedHelpers...
Thanks!
Click to expand...
Click to collapse
Also check post #4 in the same thread.
Basically, you could do it, but you probably don't want to since it's deprecated and disabled by default. I guess you'll want to look into hooking PackageManager instead.
GermainZ said:
Also check post #4 in the same thread.
Basically, you could do it, but you probably don't want to since it's deprecated and disabled by default. I guess you'll want to look into hooking PackageManager instead.
Click to expand...
Click to collapse
I agree, so if this the method I wanted to hook (under PM):
Code:
private String installFailureToString(int result) {
Field[] fields = PackageManager.class.getFields();
for (Field f: fields) {
if (f.getType() == int.class) {
int modifiers = f.getModifiers();
// only look at public final static fields.
if (((modifiers & Modifier.FINAL) != 0) &&
((modifiers & Modifier.PUBLIC) != 0) &&
((modifiers & Modifier.STATIC) != 0)) {
String fieldName = f.getName();
if (fieldName.startsWith("INSTALL_FAILED_") ||
fieldName.startsWith("INSTALL_PARSE_FAILED_")) {
// get the int value and compare it to result.
try {
if (result == f.getInt(null)) {
return fieldName;
}
} catch (IllegalAccessException e) {
// this shouldn't happen since we only look for public static fields.
}
}
}
}
}
// couldn't find a matching constant? return the value
return Integer.toString(result);
}
I now need to hook this part:
Code:
Field[] fields = PackageManager.class.getFields();
which as i understand means to add more fields under PackageManager. is this the right way to do it? (since it didn't work for me)
Code:
final Class<?> clsPMS = XposedHelpers.findClass("android.content.pm.PackageManager", XPm.class.getClassLoader());
XposedHelpers.setAdditionalStaticField(clsPMS, "MY_KEY", 1000);
Thanks!
Related
Hello,
I'm trying to create my own first xposed module after completing the tutorial successfully
What I'm trying to do is to hook the sendTextMessage from the class android.telephony.SmsManager
I've a modified ROM, so i added logs to this API and I see that when I'm sending SMS, i enter this API for sure.
I also know that the class loading and method getting works fine, but the before and after hooks are not called...
this is my module code:
Code:
package com.example.xpossedexample;
import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;
import android.app.PendingIntent;
import android.graphics.Color;
import android.os.Message;
import android.widget.TextView;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XC_MethodHook.MethodHookParam;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
public class Smstry implements IXposedHookLoadPackage {
public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable {
// XposedBridge.log("handleLoadPackage:: Enter:: package name is:: " + lpparam.packageName);
if (!lpparam.packageName.equals("android")) {
// XposedBridge.log("not android package");
return;
}
XposedBridge.log("this is android package");
findAndHookMethod("android.telephony.SmsManager", lpparam.classLoader, "sendTextMessage",String.class,String.class,String.class,PendingIntent.class,PendingIntent.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("Enter:: before sendTextMessage hook");
}
});
}
}
any idea why the hooks are not called? any good way to debug this?
Thanks,
Gidi
Is the method being hooked correctly? Check your Xposed log and see if there are any errors. If not, then that method probably isn't getting called.
PS. You may want to use IXposedHookZygote/initZygote instead of IXposedHookLoadPackage/handleLoadPackage for "android".
GermainZ said:
Is the method being hooked correctly? Check your Xposed log and see if there are any errors. If not, then that method probably isn't getting called.
PS. You may want to use IXposedHookZygote/initZygote instead of IXposedHookLoadPackage/handleLoadPackage for "android".
Click to expand...
Click to collapse
Hi,
Thanks for your reply.
from the test i did, the method is being correctly hooked, there are no errors in the logs.
The method is definitely being called, I added logs to the original method, so I see that it's being called.
Since i need to hook this method, I'm not sure if IXposedHookZygote/initZygote will work here (at least from the examples i saw).
can I use IXposedHookZygote/initZygote to hook a method?
Thanks,
Gidi
Ok, I managed to hook my method as you suggested.
Now, I've a problem I don't understand.
in AOSP, there's a class called RIL (com.android.internal.telephony.RIL), when i try to hook it, and give it as com.android.internal.telephony.RIL.class, I get an error, the IDE doesn't recognize this class (only com.android.internal.util) can be found...
any idea?
Thanks,
Gidi
shnapsi said:
Ok, I managed to hook my method as you suggested.
Now, I've a problem I don't understand.
in AOSP, there's a class called RIL (com.android.internal.telephony.RIL), when i try to hook it, and give it as com.android.internal.telephony.RIL.class, I get an error, the IDE doesn't recognize this class (only com.android.internal.util) can be found...
any idea?
Thanks,
Gidi
Click to expand...
Click to collapse
Use "com.android.internal.telephony.RIL" (as a string).
GermainZ said:
Use "com.android.internal.telephony.RIL" (as a string).
Click to expand...
Click to collapse
Thanks, but then i need to give a classLoader as a parameter which i don't have when i'm using initZygote method.
Have i missed something?
shnapsi said:
Thanks, but then i need to give a classLoader as a parameter which i don't have when i'm using initZygote method.
Have i missed something?
Click to expand...
Click to collapse
I found the solution: i'm using the startupParam class's classloader
startupParam.getClass().getClassLoader(),
Thanks a lot!
If you're using initZygote the classloader argument can be null as well.
GermainZ said:
If you're using initZygote the classloader argument can be null as well.
Click to expand...
Click to collapse
So now I'm confused...
In that case, if i want to hook this specific method (or method located in packages that are not recognized, it's better to use handleLoadPackage and not initZygote?
No, just replace "startupParam.getClass().getClassLoader()" by "null".
GermainZ said:
No, just replace "startupParam.getClass().getClassLoader()" by "null".
Click to expand...
Click to collapse
Sorry, now i lost you completely
shnapsi said:
Sorry, now i lost you completely
Click to expand...
Click to collapse
Here's an example that should show the difference clearly. Both methods (initZygote and handleLoadPackage) will have the same effect (this is only true if you're hooking the "android" package; if you're hooking anything else, you must use handleLoadPackage).
Java:
public class XposedMod implements IXposedHookLoadPackage, IXposedHookZygoteInit {
[PLAIN]@Override[/PLAIN]
public void initZygote(StartupParam startupParam) throws Throwable {
XC_MethodHook myHook = new XC_MethodHook() {
[PLAIN]@Override[/PLAIN]
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
// Do something.
}
};
findAndHookMethod(SomeSdkClass.class, "methodName", myHook);
findAndHookMethod("SomeOtherClass", null , "methodName", myHook);
}
[PLAIN]@Override[/PLAIN]
public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable {
if (!lpparam.packageName.equals("android"))
return;
XC_MethodHook myHook = new XC_MethodHook() {
[PLAIN]@Override[/PLAIN]
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
// Do something.
}
};
findAndHookMethod(SomeSdkClass.class, "methodName", myHook);
findAndHookMethod("SomeOtherClass", lpparam.classLoader , "methodName", myHook);
}
}
GermainZ said:
Here's an example that should show the difference clearly. Both methods (initZygote and handleLoadPackage) will have the same effect (this is only true if you're hooking the "android" package; if you're hooking anything else, you must use handleLoadPackage).
Java:
public class XposedMod implements IXposedHookLoadPackage, IXposedHookZygoteInit {
[PLAIN]@Override[/PLAIN]
public void initZygote(StartupParam startupParam) throws Throwable {
XC_MethodHook myHook = new XC_MethodHook() {
[PLAIN]@Override[/PLAIN]
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
// Do something.
}
};
findAndHookMethod(SomeSdkClass.class, "methodName", myHook);
findAndHookMethod("SomeOtherClass", null , "methodName", myHook);
}
[PLAIN]@Override[/PLAIN]
public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable {
if (!lpparam.packageName.equals("android"))
return;
XC_MethodHook myHook = new XC_MethodHook() {
[PLAIN]@Override[/PLAIN]
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
// Do something.
}
};
findAndHookMethod(SomeSdkClass.class, "methodName", myHook);
findAndHookMethod("SomeOtherClass", lpparam.classLoader , "methodName", myHook);
}
}
Click to expand...
Click to collapse
Thanks a lot!!! :laugh:
Hi everyone. I ask for help. I literally beg for it..
com.android.dialer.dialpad.LatinSmartDialMap
You can see it here http://grepcode.com/file/repository...id/dialer/dialpad/LatinSmartDialMap.java?av=f
I only want to replace method . Any of them.
For example I want this method returns FALSE every time it's called.
Code:
@Override
public boolean isValidDialpadAlphabeticChar(char ch) {
return (ch >= 'a' && ch <= 'z');
}
Here is my code
Code:
public class Fm implements IXposedHookLoadPackage {
public void handleLoadPackage(final LoadPackageParam loadpkg) throws Throwable {
if (loadpkg.packageName.equals("com.android.dialer")) {
ClassLoader classLoader = loadpkg.classLoader;
XC_MethodReplacement methodreplacer = new XC_MethodReplacement() {
protected Object replaceHookedMethod(
XC_MethodHook.MethodHookParam paramAnonymousMethodHookParam)
throws Throwable {
XposedBridge.log("ALLLLL RIGHTTTT . NOW We ARE IN. AND MADE IT FALSe");
return false;
}
};
XposedHelpers.findAndHookMethod("com.android.dialer.dialpad.LatinSmartDialMap", loadpkg.classLoader,
"[COLOR="Red"]isValidDialpadAlphabeticChar[/COLOR]", Character.class, methodreplacer);
}
}
}
But this doesn't work
Here what I see in xposed log file:
java.lang.NoSuchMethodError: com.android.dialer.dialpad.LatinSmartDialMap#isValidDialpadAlphabeticChar(java.lang.Character)#exact
at de.robv.android.xposed.XposedHelpers.findMethodExact(XposedHelpers.java:179)
at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:129)
at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:136)
at com.s0bes.fmspeaker.Fm.handleLoadPackage(Fm.java:30)
at de.robv.android.xposed.IXposedHookLoadPackage
BUUUT. If I will try to replace other method. For example
matchesCombination in com.android.dialer.dialpad.SmartDialNameMatcher (http://grepcode.com/file/repository...dialer/dialpad/SmartDialNameMatcher.java?av=f)
Here the part of code which was changed:
Code:
XposedHelpers.findAndHookMethod("com.android.dialer.dialpad.SmartDialNameMatcher", loadpkg.classLoader,
"matchesCombination", String.class, String.class, ArrayList.class, methodreplacer);
Now everything work...
So, it works with one thing and doesnt work with method I need
If you want to replace a method to return a consatnt, you can use the XC_MethodReplacement.returnConstant(…) shortcut. For example:
Java:
XposedHelpers.findAndHookMethod("com.android.dialer.dialpad.SmartDialNameMatcher", loadpkg.classLoader,
"matchesCombination", String.class, String.class, ArrayList.class, XC_MethodReplacement.returnConstant(false));
As for your problem, you're trying to hook isValidDialpadAlphabeticChar(Character.class), but you should be hooking isValidDialpadAlphabeticChar(char.class). Just replace "Character.class" by "char.class" in your findAndHookMethod call.
I have one app which can call java functions from scripts defined at runtime, but has not enough permissions to do most of the stuff, like toggling wifi.
So I tried to create a module hooking the Packagemanager to grant these permissions.
My code so far:
Code:
public class Hook implements IXposedHookLoadPackage, IXposedHookZygoteInit {
ArrayList<String> newPerms;
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
if(!loadPackageParam.packageName.equals("android"))return;
final Class<?> clsPMS = findClass("com.android.server.pm.PackageManagerService", loadPackageParam.classLoader);
XC_MethodHook hookGrantPermissions = new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
String pkgName = (String) getObjectField(param.args[0], "packageName");
if(!(pkgName.equals(Strings.LLX)||pkgName.equals(Strings.LL)))return;
//XposedBridge.log("Package: "+pkgName);
if(newPerms == null || newPerms.isEmpty() ) return;
ArrayList<String> origRequestedPermissions = (ArrayList<String>) getObjectField(param.args[0], "requestedPermissions");
param.setObjectExtra("orig_requested_permissions", origRequestedPermissions);
//XposedBridge.log("Old Permissions "+Arrays.toString(origRequestedPermissions.toArray()));
//XposedBridge.log("New Permissions "+Arrays.toString(newPerms.toArray()));
ArrayList<String> newRequestedPermissions = new ArrayList<>(origRequestedPermissions);
newRequestedPermissions.addAll(newPerms);
//XposedBridge.log("All Permissions"+Arrays.toString(newRequestedPermissions.toArray()));
//param.args[1] = true;
[U][B]setObjectField(param.args[0], "requestedPermissions", newRequestedPermissions);[/B][/U]
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
ArrayList<String> origRequestedPermissions = (ArrayList<String>) param.getObjectExtra("orig_requested_permissions");
if (origRequestedPermissions != null)
setObjectField(param.args[0], "requestedPermissions", origRequestedPermissions);
}
};
if (Build.VERSION.SDK_INT < 21) {
findAndHookMethod(clsPMS, "grantPermissionsLPw", "android.content.pm.PackageParser$Package", boolean.class, hookGrantPermissions);
} else {
findAndHookMethod(clsPMS, "grantPermissionsLPw", "android.content.pm.PackageParser$Package", boolean.class, String.class, hookGrantPermissions);
}
}
@Override
public void initZygote(StartupParam startupParam) throws Throwable {
XSharedPreferences pref = new XSharedPreferences(this.getClass().getPackage().getName(), Strings.PREF_NAME);
pref.makeWorldReadable();
newPerms = Strings.read(pref);
}
Sidenote: Code is partially forked from Appsettings module: https://github.com/rovo89/XposedAppSettings
The problem is: when I restart my phone after enabling the module, I just get a blackscreen after the bootanimation.
When I comment out the line marked fat underlined, it works, but does nothing (because this line is essential).
I have practically no idea why this isn't working.
I know that the input returned from Strings.read is valid.
My Question: What am I doing wrong?
LM13 said:
I have one app which can call java functions from scripts defined at runtime, but has not enough permissions to do most of the stuff, like toggling wifi.
So I tried to create a module hooking the Packagemanager to grant these permissions.
My code so far:
Code:
public class Hook implements IXposedHookLoadPackage, IXposedHookZygoteInit {
ArrayList<String> newPerms;
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
if(!loadPackageParam.packageName.equals("android"))return;
final Class<?> clsPMS = findClass("com.android.server.pm.PackageManagerService", loadPackageParam.classLoader);
XC_MethodHook hookGrantPermissions = new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
String pkgName = (String) getObjectField(param.args[0], "packageName");
if(!(pkgName.equals(Strings.LLX)||pkgName.equals(Strings.LL)))return;
//XposedBridge.log("Package: "+pkgName);
if(newPerms == null || newPerms.isEmpty() ) return;
ArrayList<String> origRequestedPermissions = (ArrayList<String>) getObjectField(param.args[0], "requestedPermissions");
param.setObjectExtra("orig_requested_permissions", origRequestedPermissions);
//XposedBridge.log("Old Permissions "+Arrays.toString(origRequestedPermissions.toArray()));
//XposedBridge.log("New Permissions "+Arrays.toString(newPerms.toArray()));
ArrayList<String> newRequestedPermissions = new ArrayList<>(origRequestedPermissions);
newRequestedPermissions.addAll(newPerms);
//XposedBridge.log("All Permissions"+Arrays.toString(newRequestedPermissions.toArray()));
//param.args[1] = true;
[U][B]setObjectField(param.args[0], "requestedPermissions", newRequestedPermissions);[/B][/U]
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
ArrayList<String> origRequestedPermissions = (ArrayList<String>) param.getObjectExtra("orig_requested_permissions");
if (origRequestedPermissions != null)
setObjectField(param.args[0], "requestedPermissions", origRequestedPermissions);
}
};
if (Build.VERSION.SDK_INT < 21) {
findAndHookMethod(clsPMS, "grantPermissionsLPw", "android.content.pm.PackageParser$Package", boolean.class, hookGrantPermissions);
} else {
findAndHookMethod(clsPMS, "grantPermissionsLPw", "android.content.pm.PackageParser$Package", boolean.class, String.class, hookGrantPermissions);
}
}
@Override
public void initZygote(StartupParam startupParam) throws Throwable {
XSharedPreferences pref = new XSharedPreferences(this.getClass().getPackage().getName(), Strings.PREF_NAME);
pref.makeWorldReadable();
newPerms = Strings.read(pref);
}
Sidenote: Code is partially forked from Appsettings module: https://github.com/rovo89/XposedAppSettings
The problem is: when I restart my phone after enabling the module, I just get a blackscreen after the bootanimation.
When I comment out the line marked fat underlined, it works, but does nothing (because this line is essential).
I have practically no idea why this isn't working.
I know that the input returned from Strings.read is valid.
My Question: What am I doing wrong?
Click to expand...
Click to collapse
I am doing something similar. Maybe you can get some ideas from my PermissionGranter at:
https://github.com/GravityBox/Gravi...co/lollipop/gravitybox/PermissionGranter.java
I thought it would be better to modify the query instead of lists itself, but I'll try that out. Thanks!
Now my Hook looks like this:
Code:
XC_MethodHook hookGrantPermissions = new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
String pkgName = (String) getObjectField(param.args[0], "packageName");
if (!(pkgName.equals(Strings.LLX) || pkgName.equals(Strings.LL))) return;
Object extras = getObjectField(param.args[0], "mExtras");
Set<String> grantedPerms = (Set<String>) getObjectField(extras, "grantedPermissions");
Object settings = getObjectField(param.thisObject, "mSettings");
Object permissions = getObjectField(settings, "mPermissions");
for (String perm : newPerms) {
Object permission = callMethod(permissions, "get", perm);
if (permission == null) continue;
grantedPerms.add(perm);
int[] gpGids = (int[]) getObjectField(extras, "gids");
int[] bpGids = (int[]) getObjectField(permission, "gids");
gpGids = (int[]) callStaticMethod(param.thisObject.getClass(),
"appendInts", gpGids, bpGids);
if (BuildConfig.DEBUG) XposedBridge.log("Permission added: " + permission);
}
}
};
But checkCallingOrSelfPermsisson still fails for the added permissions...
I get the log (in fact two times) but I still don't seem to have the permissions inside of the app.
Solved it myself. If there is a shared user, it has to be used instead of normal object.
Code:
XC_MethodHook hookGrantPermissions = new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
String pkgName = (String) getObjectField(param.args[0], "packageName");
if (!(pkgName.equals(Strings.LLX) || pkgName.equals(Strings.LL))) return;
Object extras = getObjectField(param.args[0], "mExtras");
Set<String> grantedPerms = (Set<String>) getObjectField(extras, "grantedPermissions");
Object sharedUser = getObjectField(extras, "sharedUser");
if(sharedUser != null) grantedPerms = (Set<String>) getObjectField(sharedUser, "grantedPermissions");
Object settings = getObjectField(param.thisObject, "mSettings");
Object permissions = getObjectField(settings, "mPermissions");
for (String perm : newPerms) {
Object permission = callMethod(permissions, "get", perm);
if (permission == null) continue;
grantedPerms.add(perm);
int[] gpGids = (int[]) getObjectField(sharedUser!=null?sharedUser:extras, "gids");
int[] bpGids = (int[]) getObjectField(permission, "gids");
callStaticMethod(param.thisObject.getClass(),
"appendInts", gpGids, bpGids);
if (BuildConfig.DEBUG) XposedBridge.log("Permission added: " + permission);
}
}
};
@C3C076 do you know any way how to get runtime (level dangerous) permissions on Android Marshmallow?
Getting normal permissions is actually a bit easier now, but I haven't found a way for runtime permissions.
Hello. I have this code.
Code:
public String getId() throws RemoteException {
Parcel data = Parcel.obtain();
Parcel reply = Parcel.obtain();
String id;
try {
data.writeInterfaceToken("com.google.android.gms.ads.identifier.internal.IAdvertisingIdService");
binder.transact(1, data, reply, 0);
reply.readException();
id = reply.readString();
} finally {
reply.recycle();
data.recycle();
}
return id;
}
How i can hook " id = reply.readString();" when a don't know method name like "getId()". Thanks.
PS: Sorry for my bad English.
Now i can hook "transact" method like this:
Code:
XposedHelpers.findAndHookMethod("android.os.BinderProxy", loadPackageParam.classLoader, "transact", int.class, Parcel.class, Parcel.class, int.class, new XC_MethodHook() {
protected void afterHookedMethod(XC_MethodHook.MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
IBinder binder = (IBinder) param.thisObject;
String interfaceBinder = binder.getInterfaceDescriptor();
if (interfaceBinder.equals("com.google.android.gms.ads.identifier.internal.IAdvertisingIdService")) {
// change result for readString
}
}
});
But i cant override "readString" result for Parcel (args[2]) object. How can i do this? Thanks.
Code:
public class SuperHook implements IXposedHookLoadPackage, IXposedHookZygoteInit {
Config mConfig;
Gson mGson;
@Override
public void initZygote(StartupParam startupParam) throws Throwable {
mConfig = new Config();
mGson = new Gson();
}
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
Log.d("SuperHook", "handleLoadPackage imei:" + mConfig.getmImei());
if (loadPackageParam.packageName.equals("cn.superscript.supertools")) {
Class<?> classSuperService = XposedHelpers.findClass(SuperService.class.getName(), loadPackageParam.classLoader);
XposedHelpers.findAndHookMethod(classSuperService, "onStartCommand", Intent.class, int.class, int.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
Intent intent = (Intent) param.args[0];
String json = intent.getStringExtra("json");
mConfig = mGson.fromJson(json, new TypeToken<Config>() {
}.getType());
Log.d("SuperHook", "onStartCommand: imei = " + mConfig.getmImei());
}
});
}
}
}
Log:
01-21 18:49:56.220 664-664/? D/SuperHook: handleLoadPackage imei:null
01-21 18:49:56.240 664-664/? D/SuperHook: onStartCommand: imei = 3333333
01-21 18:50:00.930 757-757/com.android.settings D/SuperHook: handleLoadPackage imei:null
why handleLoadPackage imei = null , onStartCommand: imei = 3333333 successful.
Please help me, thank you