1200字范文 > 基于xposed Hook框架实现个人免签支付方案(支付宝)

基于xposed Hook框架实现个人免签支付方案(支付宝)

时间：2024-08-06 18:31:32

这个有点非常复杂的，关键点在于如何逆向微信支付宝云闪付这些App，找到核心函数钩子

反编译apk稍微提一下

方法：使用jadx反编译（推荐，简单方便）

首先下载jadx，下载地址：/skylot/jadx

修改bin\jadx-gui.bat和bin\jadx.bat文件下对"maximum java heap size"的配置，如果不修改，对反编译大一点的apk可能会出现卡死，修改如下：

jadx-gui.bat文件中

@rem Add default JVM options here. You can also use JAVA_OPTS and JADX_GUI_OPTS to pass JVM options to this script.

set DEFAULT_JVM_OPTS="-d64" "-Xms4g" "-Xmx8g"

jadx.bat文件中

@rem Add default JVM options here. You can also use JAVA_OPTS and JADX_OPTS to pass JVM options to this script.

set DEFAULT_JVM_OPTS="-Xms4g" "-Xmx8g"

然后就可以直接在cmd中运行jadx-gui.bat了，会打开jadx的图像界面，然后打开对应的apk即可完成反编译。

仅放上hook支付宝代码

// 获得二维码urlfindAndHookMethod("com.alipay.mobile.payee.ui.PayeeQRSetMoneyActivity", lpparam.classLoader, "a",findClass("com.alipay.transferprod.rpc.result.ConsultSetAmountRes", lpparam.classLoader), new XC_MethodHook() {@Overrideprotected void afterHookedMethod(MethodHookParam param) throws Throwable {log("com.alipay.mobile.payee.ui.PayeeQRSetMoneyActivity a" + "\n");String cookieStr = getCookieStr();Object consultSetAmountRes = param.args[0];String consultSetAmountResString = "";if (consultSetAmountRes != null) {consultSetAmountResString = (String) callMethod(consultSetAmountRes, "toString");}// {codeId='1804106465231431',qrCodeUrl='/FKX007021VPOLKNEMJRV5C',printQrCodeUrl='HTTPS: ///FKX024385RNIN3NEYG3MDD'}log("consultSetAmountResString:" + consultSetAmountResString + "\n");log("cookieStr:" + cookieStr + "\n");Field moneyField = XposedHelpers.findField(param.thisObject.getClass(), "g");String money = (String) moneyField.get(param.thisObject);Field markField = XposedHelpers.findField(param.thisObject.getClass(), "c");Object markObject = markField.get(param.thisObject);String mark = (String) XposedHelpers.callMethod(markObject, "getUbbStr");Object consultSetAmountRes = param.args[0];Field consultField = XposedHelpers.findField(consultSetAmountRes.getClass(), "qrCodeUrl");String payurl = (String) consultField.get(consultSetAmountRes);Field consultField2 = XposedHelpers.findField(consultSetAmountRes.getClass(), "printQrCodeUrl");String payurloffline = (String) consultField2.get(consultSetAmountRes);}});

大家有需要可以加我QQ：553772553；

本内容不代表本网观点和政治立场，如有侵犯你的权益请联系我们处理。

网友评论

网友评论仅供其表达个人看法，并不表明网站立场。