这个有点非常复杂的,关键点在于如何逆向微信支付宝云闪付这些App,找到核心函数钩子
反编译apk稍微提一下
方法:使用jadx反编译(推荐,简单方便)
首先下载jadx,下载地址:/skylot/jadx
修改bin\jadx-gui.bat和bin\jadx.bat文件下对"maximum java heap size"的配置,如果不修改,对反编译大一点的apk可能会出现卡死,修改如下:
jadx-gui.bat文件中
@rem Add default JVM options here. You can also use JAVA_OPTS and JADX_GUI_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-d64" "-Xms4g" "-Xmx8g"
jadx.bat文件中
@rem Add default JVM options here. You can also use JAVA_OPTS and JADX_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-Xms4g" "-Xmx8g"
然后就可以直接在cmd中运行jadx-gui.bat了,会打开jadx的图像界面,然后打开对应的apk即可完成反编译。
仅放上hook支付宝代码
// 获得二维码urlfindAndHookMethod("com.alipay.mobile.payee.ui.PayeeQRSetMoneyActivity", lpparam.classLoader, "a",findClass("com.alipay.transferprod.rpc.result.ConsultSetAmountRes", lpparam.classLoader), new XC_MethodHook() {@Overrideprotected void afterHookedMethod(MethodHookParam param) throws Throwable {log("com.alipay.mobile.payee.ui.PayeeQRSetMoneyActivity a" + "\n");String cookieStr = getCookieStr();Object consultSetAmountRes = param.args[0];String consultSetAmountResString = "";if (consultSetAmountRes != null) {consultSetAmountResString = (String) callMethod(consultSetAmountRes, "toString");}// {codeId='1804106465231431',qrCodeUrl='/FKX007021VPOLKNEMJRV5C',printQrCodeUrl='HTTPS: ///FKX024385RNIN3NEYG3MDD'}log("consultSetAmountResString:" + consultSetAmountResString + "\n");log("cookieStr:" + cookieStr + "\n");Field moneyField = XposedHelpers.findField(param.thisObject.getClass(), "g");String money = (String) moneyField.get(param.thisObject);Field markField = XposedHelpers.findField(param.thisObject.getClass(), "c");Object markObject = markField.get(param.thisObject);String mark = (String) XposedHelpers.callMethod(markObject, "getUbbStr");Object consultSetAmountRes = param.args[0];Field consultField = XposedHelpers.findField(consultSetAmountRes.getClass(), "qrCodeUrl");String payurl = (String) consultField.get(consultSetAmountRes);Field consultField2 = XposedHelpers.findField(consultSetAmountRes.getClass(), "printQrCodeUrl");String payurloffline = (String) consultField2.get(consultSetAmountRes);}});
大家有需要可以加我QQ:553772553;