一、原理
原理很简单就是hook auto.js的com.stardust.autojs.script.StringScriptSource类,当然前题你要逆向的auto.js程序dex没有加固,当然可以先解固后再hook,不过好像加固也能hook,因为一般是这个类com.stardust.autojs.script.StringScriptSource。
这里的构造函数直接输入解密后的代码,有两个参数,一个是文件名,一个是js解密后代码,直接hook他就可以了。
二、编写xopsed模块进行hook
利用XposedBridgeApi-54.jar编写xposed模块
三、模块源码
这里附上模块核心代码,解密后的文件在sd卡根目录的autojs目录
package com.example.autojshook; import android.os.Environment; import java.io.FileWriter; import java.io.IOException; import de.robv.android.xposed.IXposedHookLoadPackage; import de.robv.android.xposed.XC_MethodHook; import de.robv.android.xposed.XposedBridge; import de.robv.android.xposed.XposedHelpers; import de.robv.android.xposed.callbacks.XC_LoadPackage; public class MyModule implements IXposedHookLoadPackage { @Override public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable { final Class<?> class1 = XposedHelpers.findClass("com.stardust.autojs.script.StringScriptSource", loadPackageParam.classLoader); XposedHelpers.findAndHookConstructor(class1, String.class, String.class, new XC_MethodHook() { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { String data = (String)param.args[1]; //数据 String name = (String)param.args[0]; //文件名 XposedBridge.log("前几个数据为"+data.substring(0, 100)); XposedBridge.log("开始保存"+name); strToFile(data, name); XposedBridge.log("保存完成"+name); super.afterHookedMethod(param); } }); } private static void strToFile(String data, String name){ String path = Environment.getExternalStorageDirectory()+"/"+name; XposedBridge.log("保存路径为:"+path); FileWriter fwriter = null; try { fwriter = new FileWriter(path); fwriter.write(data); } catch (IOException ex) { ex.printStackTrace(); } finally { if(fwriter != null) try { fwriter.flush(); fwriter.close(); } catch (IOException ex) { ex.printStackTrace(); } } } }
四、成品
模块仅供学习交流,需要的小伙伴可以去https://github.com/Rakers1024/AutoJsHook获取。如有需要可以私信交流学习下。