Review past
Android Apk 360 Hardening procedure
Frida environment installation
JNI dynamic registration
In-game purchase “buy buy buy”, free of charge
Cydia Substrate is a Hook based code modification framework that can be used on Android and iOS platforms to modify system default code.
I. Introduction to SUBSTRATE API
The specific operation of Substrate is performed by the jar package shown below.
1. Code preparation of Substrate to achieve system text color tampering. (1) Create an empty Android project. Since the created project will be loaded as a plug-in, there is no need for activity. Copy the SUBSTRATE -api.jar in the SDK into the project/ libs folder. Configure the Manifest file to specify permissions, cydia.Permission. SUBSTRATE, as shown in the following figure.
(2) Create a class named Main that contains a static method initialize. When the plug-in is loaded, the code in this method will run to do the necessary initialization, as shown below.
(3) add meta tags, name for cydia. Permission. The SUBSTRATE, the value for the next step to create the name of the class, such as the Main, as shown in the figure below.
(4) In order to achieve the HOOK and modify the code in the target class, it is necessary to obtain an instance of the target class, as shown in the figure below.
(5) The modification of the original code is realized through the instance of Ms. MethodHook. To call the methods in the original code, you need to create an instance of the Ms. MethodPointer class, which can run the original code at any time, as shown in the figure below.
(6) Return the color and restart the system, as shown below.
2. Code preparation of Substrate to achieve game gold tamper. (1) Define methods, as shown in the figure below.
(2) Hook method to obtain the number of gold coins, as shown in the figure below
(3) Create a new MethodPointer object, as shown below.
(4) Start hook method and write the data you want to change, as shown below.
(5) Call the original getMoney method and put the return value of the original method into coin_num, as shown in the figure below.
(6) Modify the number of coins, return to coin_num and return to the game, as shown below.
Ii: Native layer hook
1. Create an Android application, create a new JNI folder in the Android project, and add the relevant header file Substrate. H and library files.
For example, if the project only supports ARM, add two so files under Cydia_Substrate \lib\armeabi, as shown below.
2. Register cydia’s custom permission cydia.permission. XML in Androidmanifest.xml, set Android :hasCode to “false”, Android: Set the install Location to “internalOnly”, as shown below.
3. Write Hook module code, namely test. CPP above, as shown below.
4. Write Android.mk, as shown below.
5. The NDK-build will generate the LIBS directory in the Android project, as shown below.
6. Build the Android project to generate the APK installation package of hook module.
7. Open frame APK, click Link Substrate Files, and then click Restart System to use it.
- After the Hook Native demo is run, the loading of SO of each program will be printed, as shown in the figure below
conclusion
Today, the basic concept of substrate, API introduction of substrate, code writing of substrate to achieve system text color tampering, code writing of substrate to achieve game gold tampering, native layer hook of substrate are mainly shared.
If you are also interested in Android reverse, please add contact information, you can also scan the following TWO-DIMENSIONAL code, or wechat search [Chen Dao mobile security team], pay attention to surprise oh!
Qq: 3543756281
Ag: Yjxiaox
