![Android Hook -
Xposed Framework
[Android Penetration Testing] Elven
2016/06](https://image.slidesharecdn.com/androidhookxposedframewrok-160817131828/85/Android-Hook-Xposed-Framework-Elven-Liu-1-320.jpg)
![Who am I?
• Elven Liu
•
•
•
•
• HITCON GIRLS [Android Penetration Testing]
• liuelven@gmail.com
• www.linkedin.com/in/liu-elven](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
More Related Content
Viewers also liked
Viewers also liked (20)
Similar to Android Hook - Xposed Framework (Elven Liu)
Similar to Android Hook - Xposed Framework (Elven Liu) (20)
More from HITCON GIRLS
More from HITCON GIRLS (20)
Recently uploaded
Recently uploaded (20)
Android Hook - Xposed Framework (Elven Liu)
- 1. Android Hook - Xposed Framework [Android Penetration Testing] Elven 2016/06
- 2. Who am I? • Elven Liu • • • • • HITCON GIRLS [Android Penetration Testing] • liuelven@gmail.com • www.linkedin.com/in/liu-elven
- 3. Outline • Zygote • Xposed Framework • • Hook System Clock
- 4. Zygote
- 5. Zygote • • = • zygote system/bin/app_process • Android Zygote
- 6. Activity Service New Activity Process Accept Socket Connection Select fd Read Argument Parse Argument Fork() a app_process Zygote Socket fork() Android
- 7. Activity Service New Activity Process Accept Socket Connection Select fd Read Argument Parse Argument Fork() a app_process Zygote Fork()
- 9. • rovo89, Tungstwenty • Source: https://github.com/rovo89 • Module Repository: http://repo.xposed.info/ • systemui, systemserver…….
- 10. • XposedBridge API xposed framework Java Jar Package • XposeInstall Xposed APP • Xposed: xposed app_process /system/ bin/ app_process .orig
- 11. WARNING ROM Xposed Xposed Recovery
- 12. Activity Service New Activity Process Accept Socket Connection Select fd Read Argument Parse Argument Fork() a app_process Zygote com.android.internal.os.ZygoteInit
- 13. Activity Service New Activity Process Accept Socket Connection Select fd Read Argument Parse Argument Fork() a app_process Zygote de.robv.android.xposed.XposedBridge
- 14. Activity Service New Activity Process Accept Socket Connection Select fd Read Argument Parse Argument Fork() a app_process Zygote de.robv.android.xposed.XposedBridge Input
- 16. Android Xposed Installer APK (4.0) URL: http://repo.xposed.info/ module/ Xposed Bridge API (54) URL: http://forum.xda-developers.com/ xposed/xposed-api-changelog-developer- news-t2714067
- 18. Find Target APK Static Analysis reset Decompiler apk Find Target *package Name *class *function Create a Project Import xposed api write java code Root Hook Success exposed install
- 20. Create a Project
- 23. AndroidManifest.xml <meta-data android:name="xposedmodule" android:value="true"/> <meta-data android:name="xposeddescription" android:value="Hooking Module for Clock" /> <meta-data android:name="xposedminversion" android:value="54" />
- 24. assets
- 25. create java class • Xposed API • http://api.xposed.info/reference/de/robv/android/ xposed/ XC_MethodHook.MethodHookParam.html
- 26. Demo