安卓逆向 -- 自吐算法（MD5和SHA）

一、主要框架，hook代码主要填写在try代码块里

package com.bucuo.a20210908;  import android.app.Application;import android.content.Context;import android.util.Log;import de.robv.android.xposed.IXposedHookLoadPackage;import de.robv.android.xposed.XposedBridge;import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;import de.robv.android.xposed.IXposedHookLoadPackage;import de.robv.android.xposed.XC_MethodHook;import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam; public class hook implements IXposedHookLoadPackage { public void handleLoadPackage(final LoadPackageParam loadPackageParam) throws Throwable { Log.d("逆向有你", "hook成功"); try{   }catch (Exception e){ e.printStackTrace(); } } public String b2s(byte[] bt){ StringBuffer sb=new StringBuffer(); int i=0; while (i<bt.length){ int k=bt[i]; int j=k; if (k<0){ j=k+256; } if (j<16){ sb.append("0"); } sb.append(Integer.toHexString(j)); i+=1; } return sb.toString(); }}

二、MD5算法实现源码（SHA算法同理）

import java.security.MessageDigest; String bs= "逆向有你a";MessageDigest md=MessageDigest.getInstance("MD5");//我要用md5算法md.update(bs.getBytes());//我要加密的数据byte[] res = md.digest();//给我加密System.out.println("MD5加密（字节）："+Arrays.toString(res));System.out.println("MD5加密（字符串）："+bytes2HexString(res)); MessageDigest mdmd = MessageDigest.getInstance("MD5");mdmd.update("逆向".getBytes(StandardCharsets.UTF_8));mdmd.update("有你".getBytes(StandardCharsets.UTF_8));byte[] mdmdres = mdmd.digest("a".getBytes(StandardCharsets.UTF_8));System.out.println(bytes2HexString(mdmdres));

三、分析要hook的地方

1、hook的类就是导入的包，即“java.security.MessageDigest”

2、update可以使用多次（如果hook这里会无限循环）， digest只能使用一次（这里是hook点）

四、知道hook的类及方法名，开始编写代码

XposedBridge.hookAllMethods(XposedHelpers.findClass("java.security.MessageDigest", loadPackageParam.classLoader) , "digest", new XC_MethodHook() { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { super.afterHookedMethod(param); Log.e("逆向有你", "Stack：", new Throwable("stack dump")); MessageDigest md = (MessageDigest) param.thisObject;//实例化 String algorithm = md.getAlgorithm();//获取加密算法的名称 if (param.args.length >= 1) { byte[] params = (byte[]) param.args[0]; String data = new String(params); String datahex = b2s(params); String datab64 = Base64.encodeToString(params, 0); Log.d("逆向有你",algorithm+"data:"+data); Log.d("逆向有你",algorithm+"datahex:"+datahex); Log.d("逆向有你",algorithm+"datab63:"+datab64); } byte[] res=(byte[])param.getResult(); String reshex = b2s(res); String resb64 = Base64.encodeToString(res, 0); Log.d("逆向有你",algorithm+"resulthex:"+reshex); Log.d("逆向有你",algorithm+"resultb64:"+resb64); Log.d("逆向有你","========================================================================"); } });