EDIT: FOUND THE BUG!
Turns out that Android's Instant Run feature does not work with Xposed. I turned it off and the module ran perfectly.
Kinda sad that I spent hours just staring at my code trying to find a bug. I guess I'll submit an issue on GitHub to update the tutorial. Hopefully other developers will see that a lot quicker
===============
Hey guys, I'm new to developing Xposed modules and have been following the Xposed development guide that Rovo made on GitHub. I understand how Xposed works and have tried to recreate the tutorial on Android Studio myself. However, when I load the module, I keep getting a java.lang.ClassNotFoundException. I was hoping that someone could take a look at my (very short) code and tell me if I am forgetting to do something.
Here is the error I am getting:
Code:
05-19 11:03:15.591 4049-4049/? I/Xposed: Loading modules from /data/app/com.tejasvinareddy.xposed.tutorial-1/base.apk
05-19 11:03:15.636 4049-4049/? I/Xposed: Loading class com.tejasvinareddy.xposed.tutorial.Main
05-19 11:03:15.637 4049-4049/? E/Xposed: java.lang.ClassNotFoundException: Didn't find class "com.tejasvinareddy.xposed.tutorial.Main" on path: DexPathList[[zip file "/data/app/com.tejasvinareddy.xposed.tutorial-1/base.apk"],nativeLibraryDirectories=[/vendor/lib, /system/lib]]
at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:56)
at java.lang.ClassLoader.loadClass(ClassLoader.java:511)
at java.lang.ClassLoader.loadClass(ClassLoader.java:469)
at de.robv.android.xposed.XposedBridge.loadModule(XposedBridge.java:497)
at de.robv.android.xposed.XposedBridge.loadModules(XposedBridge.java:457)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:122)
Suppressed: java.lang.ClassNotFoundException: Didn't find class "com.tejasvinareddy.xposed.tutorial.Main" on path: DexPathList[[zip file "/system/framework/XposedBridge.jar"],nativeLibraryDirectories=[/vendor/lib, /system/lib]]
at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:56)
at java.lang.ClassLoader.loadClass(ClassLoader.java:511)
at java.lang.ClassLoader.loadClass(ClassLoader.java:504)
... 4 more
Suppressed: java.lang.ClassNotFoundException: com.tejasvinareddy.xposed.tutorial.Main
at java.lang.Class.classForName(Native Method)
at java.lang.BootClassLoader.findClass(ClassLoader.java:781)
at java.lang.BootClassLoader.loadClass(ClassLoader.java:841)
at java.lang.ClassLoader.loadClass(ClassLoader.java:504)
... 5 more
Caused by: java.lang.NoClassDefFoundError: Class not found using the boot class loader; no stack trace available
AndroidManifest.xml
Code:
<manifest xmlns:android="<<CAN'T POST LINK CAUSE I'M NEW ugh>>"
package="com.tejasvinareddy.xposed.tutorial">
<application android:allowBackup="true"
android:label="@string/app_name"
android:icon="@mipmap/ic_launcher"
android:supportsRtl="true"
android:theme="@style/AppTheme">
<meta-data
android:name="xposedmodule"
android:value="true" />
<meta-data
android:name="xposeddescription"
android:value="Teju's first Xposed module" />
<meta-data
android:name="xposedminversion"
android:value="53" />
</application>
</manifest>
The app's build.gradle file:
Code:
apply plugin: 'com.android.application'
android {
compileSdkVersion 23
buildToolsVersion "23.0.3"
defaultConfig {
applicationId "com.tejasvinareddy.xposed.tutorial"
minSdkVersion 15
targetSdkVersion 23
versionCode 2
versionName "1.0.1"
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
}
dependencies {
compile fileTree(dir: 'libs', include: ['*.jar'])
testCompile 'junit:junit:4.12'
compile 'com.android.support:appcompat-v7:23.4.0'
provided 'de.robv.android.xposed:api:82'
provided 'de.robv.android.xposed:api:82:sources'
}
My main code:
Code:
package com.tejasvinareddy.xposed.tutorial;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class Main implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam)
throws Throwable {
XposedBridge.log("TUTORIAL: Loaded app " + lpparam.packageName);
}
}
And finally xposed_init:
Code:
com.tejasvinareddy.xposed.tutorial.Main
Are there any other files that I could be messing up?
Related
I tried to hook method "java.lang.System.loadLibrary", but it caused the process crashed.
My code is simple:
@Override
public void handleLoadPackage(final XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
if (!loadPackageParam.packageName.equals("com.shinybox.yongchuandixiachengfortx13"))
return;
XposedHelpers.findAndHookMethod("java.lang.System", loadPackageParam.classLoader, "loadLibrary",
String.class,
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
String libName = (String) param.args[0];
XposedBridge.log("XPOSED:" + libName);
XposedBridge.log("XPOSED:" + loadPackageParam.classLoader.toString());
super.beforeHookedMethod(param);
}
});
}
Click to expand...
Click to collapse
And I could got some output:
I/Xposed ( 1709): XPOSED:crypto
I/Xposed ( 1709): XPOSED:dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/com.shinybox.yongchuandixiachengfortx13-1.apk"],nativeLibraryDirectories=[/data/app-lib/com.shinybox.yongchuandixiachengfortx13-1, /vendor/lib, /system/lib]]]
I/Xposed ( 1709): XPOSED:ssl
I/Xposed ( 1709): XPOSED:dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/com.shinybox.yongchuandixiachengfortx13-1.apk"],nativeLibraryDirectories=[/data/app-lib/com.shinybox.yongchuandixiachengfortx13-1, /vendor/lib, /system/lib]]]
I/Xposed ( 1709): XPOSEDpenal
I/Xposed ( 1709): XPOSED:dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/com.shinybox.yongchuandixiachengfortx13-1.apk"],nativeLibraryDirectories=[/data/app-lib/com.shinybox.yongchuandixiachengfortx13-1, /vendor/lib, /system/lib]]]
Click to expand...
Click to collapse
But the app crashed and here is the error info:
E/AndroidRuntime( 1709): java.lang.UnsatisfiedLinkError: Couldn't load openal from loader dalvik.system.PathClassLoader[DexPathList[[zip file "/data/data/de.robv.android.xposed.installer/bin/XposedBridge.jar"],nativeLibraryDirectories=[/vendor/lib, /system/lib]]]: findLibrary returned null
E/AndroidRuntime( 1709): at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
E/AndroidRuntime( 1709): at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
E/AndroidRuntime( 1709): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
Click to expand...
Click to collapse
The reason is that the app tried to load the library "openal" from xposed installer's class loader rather than its own's. How this happened?
SOLVED: I should not use the construction function...
Is it related to the construction function or static mathod?
PS:the [ CODE ] tag seems not very suitable for showing logs... Any better ideas?
Logs:
Code:
06-11 10:55:07.367 I/Xposed ( 303): Loading modules from /data/app/com.runapp.wakelockblocker-1/base.apk
06-11 10:55:07.617 I/Xposed ( 303): Loading class com.runapp.wakelockblocker.HookClass
06-11 10:55:07.647 E/Xposed ( 303): java.lang.IllegalAccessException: com.runapp.wakelockblocker.HookClass() is not accessible from class de.robv.android.xposed.XposedBridge
06-11 10:55:07.647 E/Xposed ( 303): at java.lang.Class.newInstance(Class.java:1569)
06-11 10:55:07.647 E/Xposed ( 303): at de.robv.android.xposed.XposedBridge.loadModule(XposedBridge.java:492)
06-11 10:55:07.647 E/Xposed ( 303): at de.robv.android.xposed.XposedBridge.loadModules(XposedBridge.java:447)
06-11 10:55:07.647 E/Xposed ( 303): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:105)
Part of my code:
Code:
public class HookClass implements IXposedHookZygoteInit,IXposedHookLoadPackage {
private static XSharedPreferences prefs;
private static String[] appn;
private static String[] wln;
private static boolean reloadPref;
HookClass(){
Log.e("HookClass","Constructing!");
}
@Override
public void initZygote(IXposedHookZygoteInit.StartupParam paramStartupParam) throws Throwable {
prefs = new XSharedPreferences(Common.MY_PACKAGE_NAME, Common.MY_PREFERENCE_NAME);
loadPref();
}
public static void loadPref() {
...
HookClass(){
Log.e("HookClass","Constructing!");
}
This is code is useless and causes bugs. Simply remove it. You don't need it. You can place logging to initZygote.
SplashAcvtivity.java File
Code:
package com[.]nijinsha.didyouknow;
import android.content.Intent;
import android.os.Bundle;
import android.support.v7.app.AppCompatActivity;
import android.os.Handler;
/**
* Created by Digit on 3/17/2016.
*/
public class SplashActivity extends AppCompatActivity {
// Splash screen timer
private static int SPLASH_TIME_OUT = 3000;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_splash);
new Handler().postDelayed(new Runnable() {
/*
* Showing splash screen with a timer. This will be useful when you
* want to show case your app logo / company
*/
@Override
public void run() {
// This method will be executed once the timer is over
// Start your app main activity
Intent i = new Intent(SplashActivity.this, MainActivity.class);
startActivity(i);
// close this activity
finish();
}
}, SPLASH_TIME_OUT);
}
Manifest.xml
Code:
<?xml version="1.0" encoding="utf-8"?>
<manifest
package="com.nijinsha.didyouknow">
<application
android:allowBackup="true"
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:supportsRtl="true">
<activity
android:name=".SplashActivity"
android:label="@string/app_name"
android:screenOrientation="portrait"
android:theme="@android:style/Theme.Black.NoTitleBar" >
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<activity
android:theme="@style/Theme.AppCompat.DayNight.NoActionBar"
android:name=".MainActivity"
android:configChanges="keyboardHidden|orientation|screenSize">
</activity>
</application>
</manifest>
LOG FILE
03-17 14:53:21.490 7053-7053/com.nijinsha.didyouknow E/AndroidRuntime: FATAL EXCEPTION: main
Process: com.nijinsha.didyouknow, PID: 7053
java.lang.RuntimeException: Unable to start activity ComponentInfo{com.nijinsha.didyouknow/com.nijinsha.didyouknow.SplashActivity}: java.lang.IllegalStateException: You need to use a Theme.AppCompat theme (or descendant) with this activity.
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2327)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2378)
at android.app.ActivityThread.access$800(ActivityThread.java:155)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1244)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:136)
at android.app.ActivityThread.main(ActivityThread.java:5433)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1268)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1084)
at dalvik.system.NativeStart.main(Native Method)
Caused by: java.lang.IllegalStateException: You need to use a Theme.AppCompat theme (or descendant) with this activity.
at android.support.v7.app.AppCompatDelegateImplV7.createSubDecor(AppCompatDelegateImplV7.java:340)
at android.support.v7.app.AppCompatDelegateImplV7.ensureSubDecor(AppCompatDelegateImplV7.java:309)
at android.support.v7.app.AppCompatDelegateImplV7.setContentView(AppCompatDelegateImplV7.java:273)
at android.support.v7.app.AppCompatActivity.setContentView(AppCompatActivity.java:139)
at com.nijinsha.didyouknow.SplashActivity.onCreate(SplashActivity.java:21)
at android.app.Activity.performCreate(Activity.java:5301)
at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1094)
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2291)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2378)*
at android.app.ActivityThread.access$800(ActivityThread.java:155)*
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1244)*
at android.os.Handler.dispatchMessage(Handler.java:102)*
at android.os.Looper.loop(Looper.java:136)*
at android.app.ActivityThread.main(ActivityThread.java:5433)*
at java.lang.reflect.Method.invokeNative(Native Method)*
at java.lang.reflect.Method.invoke(Method.java:515)*
This line
Code:
at com.nijinsha.didyouknow.SplashActivity.onCreate(Sp lashActivity.java:21)
suggest that app crash in:
Code:
setContentView(R.layout.activity_splash);
Your activity extends AppCompatActivity, but in manifest You declared for this activity:
Code:
android:theme="@android:style/Theme.Black.NoTitleBar" >
You need to use another theme for this acitivty.
You must use AppCompat themes with activity that extended from AppCompatActivity class,
Code:
android:theme="@android:style/Theme.AppCompat.Light"
or don't extend your activity from AppCompatActivity.
Code:
public class SplashActivity extends Activity
So I'm trying to hook my specific application's class onCreate method, because that's when I initialize my DaggerComponent.
My application looks like this:
Code:
private ApplicationComponent component;
@Override
public void onCreate() {
super.onCreate();
component = DaggerApplicationComponent.builder()
.applicationModule(new ApplicationModule(this))
.build();
}
public ApplicationComponent getComponent() {
return component;
}
And in my Xposed loadPackage method, I'm trying to hook the component so I can inject it into the module like so:
Code:
String name = lpparam.packageName;
if (name.equals(Common.PACKAGE_NAME)) {
XposedHelpers.findAndHookMethod(Application.class, "attach", Context.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
findAndHookMethod(
XposedHelpers.findClass(Common.APPLICATION, lpparam.classLoader),
"onCreate",
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
Application application = (Application) param.thisObject;
Class clazz = param.method.getDeclaringClass();
for (Field field: clazz.getDeclaredFields()) {
String typeName = field.getType().getName();
if (typeName.equals(ApplicationComponent.class.getName())) {
Object object = XposedHelpers.getObjectField(param.thisObject, field.getName());
Class<?> component = object.getClass();
Method injector = component.getDeclaredMethod(
ApplicationComponent.INJECTOR, Loader.class);
injector.invoke(Loader.this);
Logg.log("GOT PAST THE BULL");
}
}
}
});
}
});
}
However, this always leads to a ClassNotFoundException where my Loader (the xposed module) is not found on my apk.
Code:
03-29 15:13:05.186 8571-8571/software.umlgenerator I/Xposed: java.lang.NoClassDefFoundError: software/umlgenerator/xposed/loaders/Loader
at java.lang.Class.getDeclaredConstructorOrMethod(Native Method)
at java.lang.Class.getConstructorOrMethod(Class.java:468)
at java.lang.Class.getDeclaredMethod(Class.java:640)
at software.umlgenerator.xposed.loaders.Loader$1$1.afterHookedMethod(Loader.java:67)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at software.umlgenerator.UMLApplication.onCreate(Native Method)
at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1007)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4328)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at android.app.ActivityThread.handleBindApplication(Native Method)
at android.app.ActivityThread.access$1500(ActivityThread.java:135)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1256)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:136)
at android.app.ActivityThread.main(ActivityThread.java:5001)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:785)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:601)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
at dalvik.system.NativeStart.main(Native Method)
Caused by: java.lang.ClassNotFoundException: Didn't find class "software.umlgenerator.xposed.loaders.Loader" on path: DexPathList[[zip file "/data/app/software.umlgenerator-1.apk"],nativeLibraryDirectories=[/data/app-lib/software.umlgenerator-1, /system/lib]]
at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:56)
at java.lang.ClassLoader.loadClass(ClassLoader.java:497)
at java.lang.ClassLoader.loadClass(ClassLoader.java:457)
at java.lang.Class.getDeclaredConstructorOrMethod(Native Method)*
at java.lang.Class.getConstructorOrMethod(Class.java:468)*
at java.lang.Class.getDeclaredMethod(Class.java:640)*
at software.umlgenerator.xposed.loaders.Loader$1$1.afterHookedMethod(Loader.java:67)*
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)*
at software.umlgenerator.UMLApplication.onCreate(Native Method)*
at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1007)*
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4328)*
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)*
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)*
at android.app.ActivityThread.handleBindApplication(Native Method)*
at android.app.ActivityThread.access$1500(ActivityThread.java:135)*
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1256)*
at android.os.Handler.dispatchMessage(Handler.java:102)*
at android.os.Looper.loop(Looper.java:136)*
at android.app.ActivityThread.main(ActivityThread.java:5001)*
at java.lang.reflect.Method.invokeNative(Native Method)*
at java.lang.reflect.Method.invoke(Method.java:515)*
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:785)*
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:601)*
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)*
at dalvik.system.NativeStart.main(Native Method)*
Any ideas?
I've been able to hook static methods using Xposed but can not figure out how to hook android classes such as android.bluetooth.BluetoothGatt. My goal is to log bluetooth payloads and then trace the static method within the given app responsible for said payload. I can access the desired payload using the JDB debugger as follows:
Code:
> stop in android.bluetooth.BluetoothGatt.writeCharacteristic
Set breakpoint android.bluetooth.BluetoothGatt.writeCharacteristic
>
Breakpoint hit: "thread=main",
android.bluetooth.BluetoothGatt.writeCharacteristic(), line=926 bci=0
main[1] dump characteristic.mValue
characteristic.mValue = {
116, 101, 115, 116, 49, 51, 51
}
This is my code for attempting to hook the android.bluetooth.BluetoothGatt.writeCharacteristic method:
Code:
package com.example.test.xposed3;
import java.lang.reflect.Method;
import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;
import static de.robv.android.xposed.XposedHelpers.findClass;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
public class Xposed3 implements IXposedHookLoadPackage {
public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable {
if (!lpparam.packageName.equals("com.macdom.ble.blescanner"))
return;
XposedBridge.log("Loaded app: " + lpparam.packageName);
findAndHookMethod("com.macdom.ble.blescanner.a", lpparam.classLoader, "onStart", new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("Calling com.macdom.ble.blescanner.a onStart()");
}
});
Class<?> BluetoothGatt = findClass("android.bluetooth.BluetoothGatt", lpparam.classLoader);
Method writeCharacteristic = XposedHelpers.findMethodBestMatch(BluetoothGatt, "writeCharacteristic");
XposedBridge.hookMethod(writeCharacteristic, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("Calling android.bluetooth.BluetoothGatt writeCharacteristic()");
}
});
The logs show I'm successfully hooking the static method com.macdom.ble.blescanner.a onStart() but outputs a java.lang.NoSuchMethodError when attempting to hook android.bluetooth.BluetoothGatt writeCharacteristic()
Code:
I/Xposed (11661): Loaded app: com.macdom.ble.blescanner
E/Xposed (11661): java.lang.NoSuchMethodError: android.bluetooth.BluetoothGatt#writeCharacteristic()#bestmatch
E/Xposed (11661): at de.robv.android.xposed.XposedHelpers.findMethodBestMatch(XposedHelpers.java:440)
E/Xposed (11661): at com.example.test.xposed3.Xposed3.handleLoadPackage(Xposed3.java:34)
E/Xposed (11661): at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:34)
E/Xposed (11661): at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:61)
E/Xposed (11661): at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:106)
E/Xposed (11661): at de.robv.android.xposed.XposedInit$2.beforeHookedMethod(XposedInit.java:116)
E/Xposed (11661): at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:314)
E/Xposed (11661): at android.app.ActivityThread.handleBindApplication(<Xposed>)
E/Xposed (11661): at android.app.ActivityThread.access$1500(ActivityThread.java:151)
E/Xposed (11661): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1364)
E/Xposed (11661): at android.os.Handler.dispatchMessage(Handler.java:102)
E/Xposed (11661): at android.os.Looper.loop(Looper.java:135)
E/Xposed (11661): at android.app.ActivityThread.main(ActivityThread.java:5254)
E/Xposed (11661): at java.lang.reflect.Method.invoke(Native Method)
E/Xposed (11661): at java.lang.reflect.Method.invoke(Method.java:372)
E/Xposed (11661): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:903)
E/Xposed (11661): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:698)
E/Xposed (11661): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:102)
I/Xposed (11661): Calling com.macdom.ble.blescanner.a onStart()
The module should be usable for any given app that uses bluetooth BLE. I'm not sure if this is the best approach or if there is a way to dynamically discover the the app's instance of BluetoothGatt and hook it.
jostomp said:
I've been able to hook static methods using Xposed but can not figure out how to hook android classes such as android.bluetooth.BluetoothGatt. My goal is to log bluetooth payloads and then trace the static method within the given app responsible for said payload. I can access the desired payload using the JDB debugger as follows:
Code:
> stop in android.bluetooth.BluetoothGatt.writeCharacteristic
Set breakpoint android.bluetooth.BluetoothGatt.writeCharacteristic
>
Breakpoint hit: "thread=main",
android.bluetooth.BluetoothGatt.writeCharacteristic(), line=926 bci=0
main[1] dump characteristic.mValue
characteristic.mValue = {
116, 101, 115, 116, 49, 51, 51
}
This is my code for attempting to hook the android.bluetooth.BluetoothGatt.writeCharacteristic method:
Code:
package com.example.test.xposed3;
import java.lang.reflect.Method;
import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;
import static de.robv.android.xposed.XposedHelpers.findClass;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
public class Xposed3 implements IXposedHookLoadPackage {
public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable {
if (!lpparam.packageName.equals("com.macdom.ble.blescanner"))
return;
XposedBridge.log("Loaded app: " + lpparam.packageName);
findAndHookMethod("com.macdom.ble.blescanner.a", lpparam.classLoader, "onStart", new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("Calling com.macdom.ble.blescanner.a onStart()");
}
});
Class<?> BluetoothGatt = findClass("android.bluetooth.BluetoothGatt", lpparam.classLoader);
Method writeCharacteristic = XposedHelpers.findMethodBestMatch(BluetoothGatt, "writeCharacteristic");
XposedBridge.hookMethod(writeCharacteristic, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("Calling android.bluetooth.BluetoothGatt writeCharacteristic()");
}
});
The logs show I'm successfully hooking the static method com.macdom.ble.blescanner.a onStart() but outputs a java.lang.NoSuchMethodError when attempting to hook android.bluetooth.BluetoothGatt writeCharacteristic()
Code:
I/Xposed (11661): Loaded app: com.macdom.ble.blescanner
E/Xposed (11661): java.lang.NoSuchMethodError: android.bluetooth.BluetoothGatt#writeCharacteristic()#bestmatch
E/Xposed (11661): at de.robv.android.xposed.XposedHelpers.findMethodBestMatch(XposedHelpers.java:440)
E/Xposed (11661): at com.example.test.xposed3.Xposed3.handleLoadPackage(Xposed3.java:34)
E/Xposed (11661): at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:34)
E/Xposed (11661): at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:61)
E/Xposed (11661): at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:106)
E/Xposed (11661): at de.robv.android.xposed.XposedInit$2.beforeHookedMethod(XposedInit.java:116)
E/Xposed (11661): at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:314)
E/Xposed (11661): at android.app.ActivityThread.handleBindApplication(<Xposed>)
E/Xposed (11661): at android.app.ActivityThread.access$1500(ActivityThread.java:151)
E/Xposed (11661): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1364)
E/Xposed (11661): at android.os.Handler.dispatchMessage(Handler.java:102)
E/Xposed (11661): at android.os.Looper.loop(Looper.java:135)
E/Xposed (11661): at android.app.ActivityThread.main(ActivityThread.java:5254)
E/Xposed (11661): at java.lang.reflect.Method.invoke(Native Method)
E/Xposed (11661): at java.lang.reflect.Method.invoke(Method.java:372)
E/Xposed (11661): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:903)
E/Xposed (11661): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:698)
E/Xposed (11661): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:102)
I/Xposed (11661): Calling com.macdom.ble.blescanner.a onStart()
The module should be usable for any given app that uses bluetooth BLE. I'm not sure if this is the best approach or if there is a way to dynamically discover the the app's instance of BluetoothGatt and hook it.
Click to expand...
Click to collapse
If the method have some args, Xposed won't find it. Can you share the source? And why you didn't use findandhookmethod?
Massi-X said:
If the method have some args, Xposed won't find it. Can you share the source? And why you didn't use findandhookmethod?
Click to expand...
Click to collapse
Thanks for the reply. This method does not take any arguments - https:[//]developer.android.com/reference/android/bluetooth/BluetoothGatt.html#writeCharacteristic(android.bluetooth.BluetoothGattCharacteristic)
Using the findandhookmethod returns a similar error:
Code:
java.lang.NoSuchMethodError: android.bluetooth.BluetoothGatt#writeCharacteristic()#exact
The application I'm testing on is called BLE Scanner - I do not have the source for this.
jostomp said:
Thanks for the reply. This method does not take any arguments - https:[//]developer.android.com/reference/android/bluetooth/BluetoothGatt.html#writeCharacteristic(android.bluetooth.BluetoothGattCharacteristic)
Using the findandhookmethod returns a similar error:
Code:
java.lang.NoSuchMethodError: android.bluetooth.BluetoothGatt#writeCharacteristic()#exact
The application I'm testing on is called BLE Scanner - I do not have the source for this.
Click to expand...
Click to collapse
Uhm from the page you share it says the method wants an argument of BluetoothGattCharacteristic type .
So, this is the problem!
Massi-X said:
Uhm from the page you share it says the method wants an argument of BluetoothGattCharacteristic type .
So, this is the problem!
Click to expand...
Click to collapse
Ahh yes you are completely right! Thanks
Here's the working code:
Code:
package com.example.djason.xposed3;
import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
import android.bluetooth.BluetoothGattCharacteristic;
public class Xposed3 implements IXposedHookLoadPackage {
public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable {
if (!lpparam.packageName.equals("com.macdom.ble.blescanner"))
return;
XposedBridge.log("Loaded app: " + lpparam.packageName);
findAndHookMethod("android.bluetooth.BluetoothGatt", lpparam.classLoader, "writeCharacteristic", BluetoothGattCharacteristic.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("Calling android.bluetooth.BluetoothGatt writeCharacteristic()");
}
});
}
}
Glad to help!