YAHFA
Introduction
YAHFA is a hook framework for Android ART. It provides an efficient way for Java method hooking or replacement. Currently it supports:
Android 5.0(API 21)
Android 5.1(API 22)
Android 6.0(API 23)
Android 7.0(API 24)
Android 7.1(API 25)
Android 8.0(API 26)
Android 8.1(API 27)
Android 9.0(API 28)
Android 10.0(API 29)
with ABI:
x86
x86_64
armeabi-v7a
arm64-v8a
YAHFA is utilized by VirtualHook so that applications can be hooked without root permission.
Please take a look at this article and this one for a detailed introduction.
Setup
Add Maven central repo in build.gradle:
buildscript {
repositories {
mavenCentral()
}
}
allprojects {
repositories {
mavenCentral()
}
}
Then add YAHFA as a dependency:
dependencies {
implementation 'io.github.pagalaxylab:yahfa:0.10.0'
}
Usage
To hook a method:
HookMain.backupAndHook(Method target, Method hook, Method backup);
where backup would be a placeholder for invoking the target method. Set backup to null or just use HookMain.hook(Method target, Method hook) if the original code is not needed.
Both hook and backup are static methods, and their parameters should match the ones of target. Please take a look at demoPlugin on how these methods are defined.
Workaround for Method Inlining
Hooking would fail for methods that are compiled to be inlined. For example:
0x00004d5a: f24a7e81 movw lr, #42881
0x00004d5e: f2c73e11 movt lr, #29457
0x00004d62: f6495040 movw r0, #40256
0x00004d66: f2c70033 movt r0, #28723
0x00004d6a: 4641 mov r1, r8
0x00004d6c: 1c32 mov r2, r6
0x00004d6e: 47f0 blx lr
Here the value of register lr is hardcoded instead of reading from entry point field of ArtMethod.
A simple workaround is to build the APP with debuggable option on, in which case the inlining optimization will not apply. However the option --debuggable of dex2oat is not available until API 23. So please take a look at machine instructions of the target when the hook doesn't work.
License
YAHFA is distributed under GNU GPL V3.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
