开发模块插件
模块插件使用场景
主要用于在云机中为指定应用注入自己的代码,对java层或native进行修改。
支持的功能
自动注入dex
自动注入so
内置java层Hook框架LspLant
内置native层Hook框架Dobby
模块示例下载
编译环境
该项目当前使用:
- Android Gradle Plugin:8.6.0
- Gradle Wrapper:8.7
- compileSdk / targetSdk:34
- minSdk:29
- CMake:3.22.1
- JDK:21
注意:请使用 JDK 21 编译。若使用更高版本的 JDK(例如 JDK 23),执行
./gradlew assembleDebug时可能出现如下错误:
Unsupported class file major version 67
环境准备
建议使用 Android Studio 打开并编译项目,同时提前安装好以下组件:
- Android SDK Platform 34
- Android SDK Build-Tools
- CMake 3.22.1
- Android NDK
- JDK 21
下载和配置 JDK 21
方式一:通过 Android Studio 下载
- 打开 Android Studio。
- 进入
Settings/Preferences->Build, Execution, Deployment->Build Tools->Gradle。 - 在
Gradle JDK中选择Download JDK...。 - 版本选择
21,下载完成后应用配置即可。
如果你只在 Android Studio 中编译,这是最省事的方式。
方式二:手动安装 JDK 21
你也可以自行安装 OpenJDK 21 / Temurin 21,然后配置 JAVA_HOME。
Linux / macOS 示例:
export JAVA_HOME=/path/to/jdk-21
export PATH=$JAVA_HOME/bin:$PATH
java -version确认输出中包含 21 后,再执行编译命令。
如果你使用 zsh,可以将上面的两行环境变量追加到 ~/.zshrc 中长期生效。
如果你不想修改系统默认 JDK,也可以单独为 Gradle 指定 JDK 21。在 ~/.gradle/gradle.properties 或项目根目录的 gradle.properties 中加入:
org.gradle.java.home=/path/to/jdk-21这样即使终端默认的 Java 版本不是 21,Gradle 也会优先使用这里指定的 JDK。
编译方法
使用 Android Studio 编译
- 使用 Android Studio 打开项目。
- 确认
Gradle JDK为 JDK 21。 - 等待 Gradle Sync 完成。
- 执行
Build->Make Project,或者直接编译assembleDebug。
使用命令行编译
先确认当前终端的 Java 版本为 21:
java -version
./gradlew -version然后执行:
./gradlew assembleDebug编译成功后,生成的 APK 默认位于:
app/build/outputs/apk/debug/app-debug.apk常见问题
1. 出现 Unsupported class file major version 67
原因:当前 Gradle 进程使用了错误的 JDK 版本,通常是 JDK 23,而不是 JDK 21。
处理方式:
export JAVA_HOME=/path/to/jdk-21
export PATH=$JAVA_HOME/bin:$PATH
java -version
./gradlew assembleDebug如果是在 Android Studio 中编译,请把 Gradle JDK 切换为 JDK 21。
如果你有多个 JDK 并且不想频繁切换,也可以使用上面的 org.gradle.java.home 方式固定 Gradle 使用 JDK 21。
模块安装
使用Android Studio打开该项目。编译后得到模块app-debug.apk
将该文件上传自云机中,例如/sdcard/Download/app-debug.apk路径下
通过下面的命令可进行安装和查看
//首先连接到云机
adb connect xx.xx.xx.xx
//进入云机终端
adb shell
//然后安装模块
dplus install patch:/sdcard/Download/app-debug.apk
//成功安装后可以查看模块
dplus dump
//可以通过模块name卸载删除模块
dplus uninstall dplus_demo模块开发介绍
模块源码结构如下图
config.json文件用于配置模块
native-lib.cpp中实现dobby的hook例子
Entry.java是java层hook的入口
config配置说明
该文件主要用于描述模块,并且引导注入的,样例数据如下
{
"name": "dplus_demo", //模块名称,卸载时使用
"package":"com.example.dplus_demo", //模块的包名
"desc": "module", //模块的描述
"type": "user", //模块的类型,主要为system和user。
"libs": "libdplus_demo.so", //要注入的so,可以不配置或者通过';'配置多条
"pattern": [
"com.android.settings" //需要生效的包名
]
}dobby例子
下面演示了如何简单的对openat函数进行hook输出
int (*source_openat)(int fd, const char *path, int oflag, int mode) = nullptr;
int MyOpenAt(int fd, const char *pathname, int flags, int mode) {
LOGI("MyOpenAt pathname %s",pathname);
return source_openat(fd, pathname, flags, mode);
}
void HookOpenAt() {
//查找函数地址
void *__openat =
DobbySymbolResolver("libc.so", "__openat");
if (__openat == nullptr) {
LOGI("__openat null ");
return;
}
LOGI("拿到 __openat 地址 ");
//通过dobby替换原函数
if (DobbyHook((void *) __openat,
(void *) MyOpenAt,
(void **) &source_openat) == 0) {
LOGI("DobbyHook __openat sucess");
}
}
jint JNICALL JNI_OnLoad(JavaVM *vm, void *reserved) {
LOGI("Test JNI_OnLoad 开始加载");
HookOpenAt();
return JNI_VERSION_1_6;
}java层例子
init函数是作为应用启动完后的一个入口点,在这里执行相关逻辑即可。LspLant相关的代码进行了简单的修改,所以部分类和函数不是原名称。
public class Entry {
public String TAG="demo_Entry";
public void init(Application app){
DPLog.i(TAG,"enter init");
LSPHelpers.findAndHookMethod("java.util.HashMap", app.getClassLoader(), "put",Object.class,Object.class, new LSP_MethodH() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
super.beforeHookedMethod(param);
Log.i(TAG,"enter HashMap.put key:"+param.args[0]+",value:"+param.args[1]);
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
Log.i(TAG,"leave HashMap.put");
}
});
}
}模块注入后的效果
该模块对应用Setting进行测试,关掉Setting应用重新打开时相关日志如下图
;}.cls-2{fill:%230868f7;}.cls-3{fill:url(%23未命名的渐变_44);}.cls-4{fill:%23333;}%3c/style%3e%3clinearGradient%20id='未命名的渐变_8'%20x1='33.73'%20y1='100.61'%20x2='-0.03'%20y2='-1.06'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20offset='0'%20stop-color='%237ae9fb'/%3e%3cstop%20offset='0.67'%20stop-color='%232b90f8'/%3e%3cstop%20offset='1'%20stop-color='%230868f7'/%3e%3c/linearGradient%3e%3clinearGradient%20id='未命名的渐变_44'%20x1='27.86'%20y1='18.67'%20x2='68.36'%20y2='22.22'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20offset='0'%20stop-color='%235ac7f2'/%3e%3cstop%20offset='1'%20stop-color='%230868f7'/%3e%3c/linearGradient%3e%3c/defs%3e%3cpath%20class='cls-1'%20d='M29,28.74V81.91l-9.51-3.68v0L8.52,74A7.17,7.17,0,0,1,4,67.32V24.54A3.76,3.76,0,0,1,9.08,21Z'/%3e%3cpath%20class='cls-2'%20d='M68.09,78.07a13.15,13.15,0,0,1-17.9,12.06L29,81.91h0V28.74L50.19,37A13.17,13.17,0,0,0,68.08,25.3h0Z'/%3e%3cpath%20class='cls-3'%20d='M68.08,25.3a13.19,13.19,0,0,1-6.73,10.87A13.09,13.09,0,0,1,50.19,37L29,28.74V6A3.76,3.76,0,0,1,34.1,2.52l25.59,9.91A13.22,13.22,0,0,1,68.08,25.3Z'/%3e%3cpath%20class='cls-4'%20d='M129.06,81.76a4.33,4.33,0,0,1-3.19-1.31,4.4,4.4,0,0,1-1.31-3.24V56.86H97.65V77.21a4.36,4.36,0,0,1-1.35,3.2A4.68,4.68,0,0,1,93,81.76a4.32,4.32,0,0,1-3.19-1.31,4.37,4.37,0,0,1-1.32-3.24V27.27A4.58,4.58,0,0,1,89.83,24a4.59,4.59,0,0,1,7.82,3.27V48.15h26.91V27.27A4.58,4.58,0,0,1,125.91,24a4.59,4.59,0,0,1,7.82,3.27V77.21a4.37,4.37,0,0,1-1.36,3.2A4.65,4.65,0,0,1,129.06,81.76Z'/%3e%3cpath%20class='cls-4'%20d='M163.77,81.66c-6.57,0-11.76-1.92-15.44-5.7s-5.54-9.07-5.54-15.74a26.76,26.76,0,0,1,2.09-10.43,17.72,17.72,0,0,1,6.67-8.06,19.15,19.15,0,0,1,10.68-2.95,19,19,0,0,1,10.46,2.8,18.7,18.7,0,0,1,6.55,7.36,22.53,22.53,0,0,1,2.36,10.28A4.51,4.51,0,0,1,177,63.77H152.23a10.8,10.8,0,0,0,3.49,6.65c2,1.68,4.88,2.52,8.66,2.52a22.25,22.25,0,0,0,7.54-1.21c.74-.3,1.55-.67,2.37-1.07a3.75,3.75,0,0,1,1.84-.4,4.09,4.09,0,0,1,3,1.15,4,4,0,0,1,1.12,3,4.38,4.38,0,0,1-2.58,3.82,32.34,32.34,0,0,1-6.36,2.61A28.67,28.67,0,0,1,163.77,81.66ZM172.4,55.9a9.72,9.72,0,0,0-1.63-4.56A9.9,9.9,0,0,0,167,48a10.38,10.38,0,0,0-4.64-1.14,12,12,0,0,0-4.77,1.06,9.54,9.54,0,0,0-4.89,5.66,11.78,11.78,0,0,0-.51,2.3Z'/%3e%3cpath%20class='cls-4'%20d='M193,81.64a4.49,4.49,0,0,1-4.51-4.55V27.28A4.58,4.58,0,0,1,189.84,24a4.48,4.48,0,0,1,3.28-1.36A4.36,4.36,0,0,1,196.35,24a4.46,4.46,0,0,1,1.31,3.31V77.09a4.34,4.34,0,0,1-1.35,3.2A4.67,4.67,0,0,1,193,81.64Z'/%3e%3cpath%20class='cls-4'%20d='M263.79,81.71a5.7,5.7,0,0,1-4.2-1.74,5.76,5.76,0,0,1-1.73-4.19V27.37a4.58,4.58,0,0,1,1.35-3.27A4.59,4.59,0,0,1,267,27.37V72.53h24a4.58,4.58,0,0,1,3.27,7.82A4.66,4.66,0,0,1,291,81.71Z'/%3e%3cpath%20class='cls-4'%20d='M424.48,81.74a4.71,4.71,0,0,1-2.71-.88,5.43,5.43,0,0,1-1-1l-.07-.09-12.41-17-5.41,5v9.44a4.31,4.31,0,0,1-1.36,3.19,4.66,4.66,0,0,1-3.3,1.36A4.29,4.29,0,0,1,395,80.42a4.36,4.36,0,0,1-1.32-3.23V27.37A4.58,4.58,0,0,1,395,24.1a4.52,4.52,0,0,1,6.58.12,4.54,4.54,0,0,1,1.24,3.15V56.31l17.72-16.38.05,0a4.8,4.8,0,0,1,2.94-1.11,4.4,4.4,0,0,1,3.27,1.2,4.57,4.57,0,0,1,1.2,3.27,4.44,4.44,0,0,1-.77,2.33,7.45,7.45,0,0,1-1.43,1.65l-11,9.64,13.34,17.68a5,5,0,0,1,1,2.71,4.12,4.12,0,0,1-1.36,3.24A4.64,4.64,0,0,1,424.48,81.74Z'/%3e%3cpath%20class='cls-4'%20d='M317.93,81.76a21.5,21.5,0,1,1,21.17-21.5A21.37,21.37,0,0,1,317.93,81.76Zm0-34.1a12.61,12.61,0,1,0,12.42,12.6A12.52,12.52,0,0,0,317.93,47.66Z'/%3e%3cpath%20class='cls-4'%20d='M212.18,101.22a4.12,4.12,0,0,1-3.05-1.26,4.17,4.17,0,0,1-1.26-3.1V43.34a4.37,4.37,0,0,1,1.3-3.14,4.26,4.26,0,0,1,3.13-1.3,4.19,4.19,0,0,1,3.1,1.26,4.32,4.32,0,0,1,1.26,3.16,20.77,20.77,0,0,1,13-4.54,21.51,21.51,0,0,1,0,43,20.51,20.51,0,0,1-13-4.57V96.86a4.15,4.15,0,0,1-1.3,3.06A4.5,4.5,0,0,1,212.18,101.22Zm17.43-53.63c-6.23,0-12.93,4.11-12.93,12.72a12.73,12.73,0,0,0,25.46,0A12.71,12.71,0,0,0,229.61,47.59Z'/%3e%3cpath%20class='cls-4'%20d='M365.76,81.76a21.5,21.5,0,1,1,21.18-21.5A21.37,21.37,0,0,1,365.76,81.76Zm0-34.1a12.61,12.61,0,1,0,12.42,12.6A12.52,12.52,0,0,0,365.76,47.66Z'/%3e%3c/svg%3e)