Xposed API使用大全

Xposed常用HOOK方法

不讲废话

hook修改静态方法

XposedHelpers.setBooleanField("对象", "名称", false);
XposedHelpers.setIntField("对象", "名称", 1);
XposedHelpers.setObjectField("对象", "名称", "值");

hook 构造函数

// 找到类名方法
Class<?> clazz = XposedHelpers.findClass("xxx.xxx.类名", lpparam.classLoader);
XposedHelpers.findAndHookConstructor(clazz, new XC_MethodHook() {
   @Override
   protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
      super.beforeHookedMethod(param);
   }
});
XposedHelpers.findAndHookConstructor(clazz, String.class, new XC_MethodHook() {
   @Override
   protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
      super.beforeHookedMethod(param);
   }
});

hook 普通方法

// 找到类名方法
Class<?> clazz = XposedHelpers.findClass("xxx.xxx.类名", lpparam.classLoader);
XposedHelpers.findAndHookMethod(clazz, "方法名", new XC_MethodHook() {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
        super.beforeHookedMethod(param);
    }

    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        super.afterHookedMethod(param);
    }
});

hook 复杂函数

// 找到类名方法
Class<?> clazz = XposedHelpers.findClass("xxx.xxx.类名", lpparam.classLoader);
XposedHelpers.findAndHookMethod(clazz, "方法名",
        String[][].class,
        String.class,
        Map.class,
        ArrayList.class,
        new XC_MethodHook() {
            @Override
            protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                super.beforeHookedMethod(param);
            }

            @Override
            protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                super.afterHookedMethod(param);
            }
        }
);

或者

// 找到类名方法
 
XposedHelpers.findAndHookMethod(clazz, "方法名",
        "[[Ljava.lang.String",
        "java.lang.String",
        Class.forName("java.utils.Map"),
        Class.forName("java.util.ArrayList"),
        new XC_MethodHook() {
            @Override
            protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                super.beforeHookedMethod(param);
            }

            @Override
            protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                super.afterHookedMethod(param);
            }
        }
);

hook 自定义类参数

获取类的方式

1. 类名.class
2. 对象.getClass()
3. class.forName()
4. xposedHelpers.findClass(“”,””)
5. new DexClassLoader(“”,””,””,””).loadClass() .// 加载类 用于脱壳加固

// 类名.class  对象.getClass()  class.forName()  xposedHelpers.findClass("","")
Class<?> JiaZaiClazz = lpparam.classLoader.loadClass("xxxx.xxx.xxx.类名");
Class<?> clazz = XposedHelpers.findClass("xxx.xxx.类名", lpparam.classLoader);
XposedHelpers.findAndHookMethod(clazz, "方法名", 
        "[[Ljava.lang.String",
        "java.lang.String",
        JiaZaiClazz,// 加载的自定义类
        Class.forName("java.utils.Map"),
        Class.forName("java.util.ArrayList"),
        new XC_MethodHook() {
            @Override
            protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                super.beforeHookedMethod(param);
            }
        }
);

或者用上面的前四种的方法。

简单示例

Class<?> JiaZaiClazz = Class.forName("xxxx.xxx.xxx.类名", // 路径类名
                                     false,// 是否初始化，一般都是false
                                     lpparam.classLoader// 这个意思是用哪个加载器加载这个类
                                    );

Class<?> JiaZaiClazz = XposedHelpers.findClass("xxxx.xxx.xxx.类名","lpparam.classLoader");

还有一种特殊的

"xxxx.xxx.xxx.类名" // 直接输入即可

hook 替换函数

即改掉整个函数，不在提前或者之后hook

Class<?> clazz = XposedHelpers.findClass("xxx.xxx.类名", lpparam.classLoader);
XposedHelpers.findAndHookMethod(clazz, "方法名", new XC_MethodReplacement() {
    @Override
    protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
        Log.d(TAG, "替换的函数输出");
        return null;
    }
});

hook内部类

XposedHelpers.findAndHookMethod(XposedHelpers.findClass("xxx.xxx.xxx.类名$内部类名", lpparam.classLoader),
                "内部类的方法名",
                String.class,
                new XC_MethodHook() {
                    @Override
                    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                        super.beforeHookedMethod(param);
                    }
                }
        );

主动调用

final Class<?> clazz = XposedHelpers.findClass("xxx.xxx.类名", lpparam.classLoader);
XposedHelpers.findAndHookMethod(XposedHelpers.findClass("xxx.xxx.xxx.类名$内部类名", lpparam.classLoader),
        "内部类的方法名",
        String.class,
        new XC_MethodHook() {
            @Override
            protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                XposedHelpers.callMethod(clazz.newInstance(),"具体方法","值");
                super.beforeHookedMethod(param);
            }
        }
);

打印堆栈

log.e("标签","打印的数据",,new Throwable("打印的堆栈"));

Java 反射大法

反射调用方法

1. 找到类
2. 找到字段和方法
3. 修改字段或者调用方法

Class.forName("com.xxx.xxx",false,ClassLoader);
Class.forName("com.xxx.xxx")
类名.class
对象.getClass()
Xposed中的findClass
classLoader中的LoadClass
Class clazz =  lpparam.classLoader.loadClass("");

XposedHelpers.findClass("",lpparam.classLoader);
clazz.getClass();
String.class;

调用

Class clazz = lpparam.classLoader.loadClass("");
Class DemoClazz = Class.forName("xxx.xxx.xxx");
// DemoClazz.getMethod("");
Method DeclareMethodName = DemoClazz.getDeclaredMethod("方法名称");
DeclareMethodName.setAccessible(true); // 给权限
DeclareMethodName.invoke(clazz.newInstance());

反射调用属性

Class clazz = lpparam.classLoader.loadClass("");
Class DemoClazz = Class.forName("xxx.xxx.xxx");
// 获取
Field DeclaredFieldName = DemoClazz.getDeclaredField("对象");


DeclaredFieldName.getType();// 获取字段类型
DeclaredFieldName.getName(); // 获取字段名称
DeclaredFieldName.getModifiers();// 获取访问修饰符


DeclaredFieldName.setAccessible(true);// 给权限
Object insClass = clazz.newInstance();
Object GD = DeclaredFieldName.get(insClass);
Log.d("标签", "取值 MSG:" + (String) GD);
DeclaredFieldName.set(insClass, "值");
Object SD = DeclaredFieldName.get(insClass);
Log.d("标签", "设置 MSG:" + (String) SD);

遍历所有的方法和字段

if (!lpparam.processName.equals("com.xxx.xxx"))return;
    Class<?> clazz = XposedHelpers.findClass("com.xiaojianbang.XposedDemo.demo", lpparam.classLoader);
    Method[] md = clazz.getDeclaredMethods(); // 获取方法
    for(int i =0;i < md.length;i++){
        Log.d("遍历",md[i].toString());
    }

    Field[] fd = clazz.getDeclaredFields(); // 获取字段
    for(int i =0;i < fd.length;i++){
        Log.d("遍历",fd[i].toString());
    }

遍历所有内部类

clazz.getDeclaredClasses();  // 遍历所有类
clazz.getDeclaredConstructors();// 遍历所有构造函数

Class<?>[] cls = clazz.getDeclaredClasses();

for (int i = 0; i < cls.length; i++) {
      Log.d(TAG, "正在遍历内部类");
      Method[] innerMDs = clazz.getDeclaredMethods(); // 获取方法
      for (Method innerMD : innerMDs) {
          Log.d("遍历", innerMD.toString());
      }

      Field[] innerFDs = clazz.getDeclaredFields(); // 获取字段
      for (Field innerFD : innerFDs) {
          Log.d("遍历", innerFD.toString());
      }
  }

遍历所有类

XposedHelpers.findAndHookMethod(
ClassLoader.class,
"com.xxx.xx",
String.class,
new XC_MethodHook() {
  @Override
  protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
      Class clazz = (Class) param.getResult();
      Log.d(TAG, "loadClass" + clazz.getName());

  }
});

hook所有类中的所有方法

XposedBridge.hookAllConstructors(); // hook所有构造函数
XposedBridge.hookAllMethods(); // hook单个类所有函数
XposedBridge.hookMethod(); // hook 所有函数

XposedHelpers.findAndHookMethod(
ClassLoader.class,
"com.xxx.xx",
String.class,
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
    Class clazz = (Class) param.getResult();
    String className = clazz.getName();

    Log.d(TAG, "loadClass" + clazz.getName());
    if (className.equals("xxx")) {
        for (Method md : clazz.getDeclaredMethods()) {
            XposedBridge.hookMethod(md, new XC_MethodHook() {
                @Override
                protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                    super.beforeHookedMethod(param);
                    Log.d(TAG, "Hook_Method：" + md.toString());
                }
            });
        }
    }
}
});

得到了一个方法 如何判断呢？

for (Method md : clazz.getDeclaredMethods())

XposedHelpers.findAndHookMethod(
ClassLoader.class,
"com.xxx.xx",
String.class,
new XC_MethodHook() {
    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        Class clazz = (Class) param.getResult();
        String className = clazz.getName();

        Log.d(TAG, "loadClass" + clazz.getName());
        if (className.equals("xxx")) {
            for (Method md : clazz.getDeclaredMethods()) {

                int mod = md.getModifiers();
                if (!Modifier.isAbstract(mod)  // 是不是一个抽象类 判断
                        && !Modifier.isNative(mod)  // 是不是一个Native方法 判断
                        && !Modifier.isInterface(mod)) // 是不是一个Interface接口
                {
                    XposedBridge.hookMethod(md, new XC_MethodHook() {
                        @Override
                        protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                            super.beforeHookedMethod(param);
                            Log.d(TAG, "Hook_Method：" + md.toString());
                        }
                    });
                }
            }
        }
    }
});

获取参数

if (md.getName().contains("xxxx")) {
    for (int i = 0; i < param.args.length; i++) {
        Log.d(TAG, param.args[i].getClass().getName());
    }
}

自吐算法模块开发

私人仓库： https://github.com/hybpjx/HookEncryptXposed

package com.hybpjx.hookencrypt;

import android.util.Base64;
import android.util.Log;

import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.PublicKey;

import javax.crypto.Cipher;
import javax.crypto.Mac;

import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;

public class Hook implements IXposedHookLoadPackage {

    private static final String TAG = "Hook_Encrypt";

    @Override
    public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
        Log.d(TAG, "Hooking...");

        // hook md5 Sha 的 digest方法
        try {
            XposedBridge.hookAllMethods(XposedHelpers.findClass("java.security.MessageDigest", lpparam.classLoader),
                    "digest",
                    new XC_MethodHook() {
                        @Override
                        protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                            Log.e(TAG, "Stack:", new Throwable("stack dump"));
                            MessageDigest md = (MessageDigest) param.thisObject; // 得到对象
                            String algoritm = md.getAlgorithm(); // 获取加密名
                            if (param.args.length >= 1) {
                                byte[] params = (byte[]) param.args[0];
                                String data = new String(params);
                                String dataHex = byteArray2HexString(params);
                                Log.d(TAG, algoritm + " data: " + data);
                                Log.d(TAG, algoritm + " dataHex: " + dataHex);
                            }
                            byte[] res = (byte[]) param.getResult();
                            String resHex = byteArray2HexString(res);
                            String resBase64 = Base64.encodeToString(res, 0);
                            Log.d(TAG, algoritm + " resultHex: " + resHex);
                            Log.d(TAG, algoritm + " resultBase64: " + resBase64);
                            Log.d(TAG, "=======================================================================");
                        }
                    });
        } catch (Exception e) {
            e.printStackTrace();
        }

        // hook md5的 update方法
        try {
            XposedBridge.hookAllMethods(XposedHelpers.findClass("java.security.MessageDigest", lpparam.classLoader),
                    "update",
                    new XC_MethodHook() {
                        @Override
                        protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                            Log.e(TAG, "Stack:", new Throwable("stack dump"));
                            MessageDigest md = (MessageDigest) param.thisObject;
                            String algoritm = md.getAlgorithm();
                            int offset = 0;
                            int len = 0;
                            byte[] params = (byte[]) param.args[0];
                            if (param.args.length != 3) {
                                offset = 0;
                                len = params.length;
                            } else {
                                offset = (Integer) param.args[1];
                                len = (Integer) param.args[2];
                            }
                            byte[] input = new byte[len];
                            System.arraycopy(params, offset, input, 0, len);
                            String data = new String(input);
                            String dataHex = byteArray2HexString(input);
                            Log.d(TAG, algoritm + " update data: " + data);
                            Log.d(TAG, algoritm + " update dataHex: " + dataHex);
                            Log.d(TAG, "=======================================================================");
                        }
                    });
        } catch (Exception e) {
            Log.e(TAG, "MessageDigest.update Error: " + e.getMessage());
        }

        // hook mac算法
        try {
            XposedBridge.hookAllMethods(XposedHelpers.findClass("javax.crypto.Mac", lpparam.classLoader),
                    "doFinal",
                    new XC_MethodHook() {
                        // 获取返回值 要 after, 传参要before
                        @Override
                        protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                            Log.e(TAG, "Stack:", new Throwable("stack dump"));
                            if (param.args.length == 2) return;
                            Mac mac = (Mac) param.thisObject;
                            String algoritm = mac.getAlgorithm();
                            if (param.args.length == 1) {
                                byte[] params = (byte[]) param.args[0];
                                String data = new String(params);
                                String dataHex = byteArray2HexString(params);
                                Log.d(TAG, algoritm + " data: " + data);
                                Log.d(TAG, algoritm + " dataHex: " + dataHex);
                            }
                            byte[] res = (byte[]) param.getResult();
                            String resHex = byteArray2HexString(res);
                            String resBase64 = Base64.encodeToString(res, 0);
                            Log.d(TAG, algoritm + " resultHex: " + resHex);
                            Log.d(TAG, algoritm + " resultBase64: " + resBase64);
                            Log.d(TAG, "=======================================================================");
                        }
                    });
        } catch (Exception e) {
            Log.e(TAG, "crypto.Mac.doFinal Error: " + e.getMessage());
        }

        // hook 密钥 可以是 DES，3Des，Aes,Mac算法
        // 构造函数 SecretKeySpec 这个方法   https://www.oschina.net/uploads/doc/javase-6-doc-api-zh_CN/index.html?index-filesindex-4.html
        try {
            XposedBridge.hookAllConstructors(XposedHelpers.findClass("javax.crypto.spec.SecretKeySpec", lpparam.classLoader),
                    new XC_MethodHook() {
                        @Override
                        protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                            Log.e(TAG, "Stack:", new Throwable("stack dump"));
                            byte[] secretkey = (byte[]) param.args[0];
                            int offset = 0;
                            int size = 0;
                            String algoritm = null;
                            if (param.args.length != 2) {
                                offset = (Integer) param.args[1];
                                size = (Integer) param.args[2];
                                algoritm = (String) param.args[3];
                            } else {
                                size = secretkey.length;
                                algoritm = (String) param.args[1];
                            }
                            byte[] keybyte = new byte[size];
                            System.arraycopy(secretkey, offset, keybyte, 0, size);
                            String keyHex = byteArray2HexString(keybyte);
                            String keyBase64 = Base64.encodeToString(keybyte, 0);
                            Log.d(TAG, algoritm + " SecretKey: " + new String(keybyte));
                            Log.d(TAG, algoritm + " SecretKeyHex: " + keyHex);
                            Log.d(TAG, algoritm + " SecretKeyBase64: \n" + keyBase64);
                            Log.d(TAG, "=======================================================================");
                        }
                    });
        } catch (Exception e) {
            Log.e(TAG, "SecretKeySpec Error: " + e.getMessage());
        }


        // hook des的 密钥 https://www.oschina.net/uploads/doc/javase-6-doc-api-zh_CN/index.html?index-filesindex-4.html
        try {
            XposedBridge.hookAllConstructors(XposedHelpers.findClass("javax.crypto.spec.DESKeySpec", lpparam.classLoader),
                    new XC_MethodHook() {
                        @Override
                        protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                            Log.e(TAG, "Stack:", new Throwable("stack dump"));
                            byte[] desKey = new byte[8];
                            byte[] deskeybyte = (byte[]) param.args[0];
                            int offset = 0;
                            if (param.args.length != 1)
                                offset = (Integer) param.args[1];
                            System.arraycopy(deskeybyte, offset, desKey, 0, 8);
                            String keyHex = byteArray2HexString(desKey);
                            String keyBase64 = Base64.encodeToString(desKey, 0);
                            Log.d(TAG, "DESKey: " + new String(desKey));
                            Log.d(TAG, "DESKeyHex: " + keyHex);
                            Log.d(TAG, "DESKeyBase64: \n" + keyBase64);
                            Log.d(TAG, "=======================================================================");
                        }
                    });
        } catch (Exception e) {
            Log.e(TAG, "DESKeySpec Error: " + e.getMessage());
        }


        // hook IV向量 AES DES 3DES, Java 加密体系中的一个类，用于提供初始化向量（IV），主要应用于对称加密算法中的分组加密模式，如 CBC、CFB、OFB 等
        try {
            XposedBridge.hookAllConstructors(XposedHelpers.findClass("javax.crypto.spec.IvParameterSpec", lpparam.classLoader),
                    new XC_MethodHook() {
                        @Override
                        protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                            Log.e(TAG, "Stack:", new Throwable("stack dump"));
                            byte[] ivbyte = (byte[]) param.args[0];
                            int offset = 0;
                            int size = 0;
                            if (param.args.length != 1) {
                                offset = (Integer) param.args[1];
                                size = (Integer) param.args[2];
                            } else size = ivbyte.length;
                            byte[] iv = new byte[size];
                            System.arraycopy(ivbyte, offset, iv, 0, size);
                            String IVHex = byteArray2HexString(iv);
                            String IVBase64 = Base64.encodeToString(iv, 0);
                            Log.d(TAG, "IvParameter: " + new String(iv));
                            Log.d(TAG, "IvParameterHex: " + IVHex);
                            Log.d(TAG, "IvParameterBase64: \n" + IVBase64);
                            Log.d(TAG, "=======================================================================");
                        }
                    });
        } catch (Exception e) {
            Log.e(TAG, "IvParameterSpec Error: " + e.getMessage());
        }


        // hook Cipher(RSA,DES,3DES,AES)  https://www.oschina.net/uploads/doc/javase-6-doc-api-zh_CN/index.html?index-filesindex-4.html
        try {
            XposedBridge.hookAllMethods(XposedHelpers.findClass("javax.crypto.Cipher", lpparam.classLoader),
                    "doFinal",
                    new XC_MethodHook() {
                        // 只hook了 返回值非int的
                        @Override
                        protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                            Log.e(TAG, "Stack:", new Throwable("stack dump"));
                            if (param.args.length != 0 && param.args.length != 1 && param.args.length != 3)
                                return;
                            Cipher cipher = (Cipher) param.thisObject;
                            String algoritm = cipher.getAlgorithm(); // 返回算法名称
                            byte[] dataAll = (byte[]) param.args[0];
                            if (param.args.length == 3) {
                                int offset = (Integer) param.args[1];
                                int size = (Integer) param.args[2];
                                byte[] dataByte = new byte[size];
                                System.arraycopy(dataAll, offset, dataByte, 0, size);
                                Log.d(TAG, algoritm + " data: " + new String(dataByte));
                                Log.d(TAG, algoritm + " dataHex: " + byteArray2HexString(dataByte));
                                Log.d(TAG, algoritm + " dataBase64: \n" + Base64.encodeToString(dataByte, 0));
                            } else if (param.args.length == 1) {
                                Log.d(TAG, algoritm + " data: " + new String(dataAll));
                                Log.d(TAG, algoritm + " dataHex: " + byteArray2HexString(dataAll));
                                Log.d(TAG, algoritm + " dataBase64: \n" + Base64.encodeToString(dataAll, 0));
                            }
                            byte[] res = (byte[]) param.getResult();
                            String resHex = byteArray2HexString(res);
                            String resBase64 = Base64.encodeToString(res, 0);
                            Log.d(TAG, algoritm + " resultHex: " + resHex);
                            Log.d(TAG, algoritm + " resultBase64: \n" + resBase64);
                            Log.d(TAG, "=======================================================================");
                        }
                    });
        } catch (Exception e) {
            Log.e(TAG, "crypto.Cipher.doFinal Error: " + e.getMessage());
        }


        // Hook 3Des 算法 除了密钥 其他都一样 
        try {
            XposedBridge.hookAllConstructors(XposedHelpers.findClass("javax.crypto.spec.DESedeKeySpec", lpparam.classLoader),
                    new XC_MethodHook() {
                        @Override
                        protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                            Log.e(TAG, "Stack:", new Throwable("stack dump"));
                            byte[] keybyte = (byte[]) param.args[0];
                            int offset = 0;
                            if (param.args.length != 1)
                                offset = (Integer) param.args[1];
                            byte[] desedeKey = new byte[24];
                            System.arraycopy(keybyte, offset, desedeKey, 0, 24);
                            String desedeKeyHex = byteArray2HexString(desedeKey);
                            String desedeKeyBase64 = Base64.encodeToString(desedeKey, 0);
                            Log.d(TAG, "3DESKey: " + new String(desedeKey));
                            Log.d(TAG, "3DESKeyHex: " + desedeKeyHex);
                            Log.d(TAG, "3DESKeyBase64: \n" + desedeKeyBase64);
                            Log.d(TAG, "=======================================================================");
                        }
                    });
        } catch (Exception e) {
            Log.e(TAG, "DESedeKeySpec Error: " + e.getMessage());
        }

        // hook RSA的Base64密钥
        try {
            XposedBridge.hookAllConstructors(XposedHelpers.findClass("java.security.spec.X509EncodedKeySpec", lpparam.classLoader),
                    new XC_MethodHook() {
                        @Override
                        protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                            Log.e(TAG, "Stack:", new Throwable("stack dump"));
                            byte[] keybyte = (byte[]) param.args[0];
                            String keybyteBase64 = Base64.encodeToString(keybyte, 0);
                            String keybyteHex = byteArray2HexString(keybyte);
                            Log.d(TAG, "X509KeyHex: " + keybyteHex);
                            Log.d(TAG, "X509KeyBase64: \n" + keybyteBase64);
                            Log.d(TAG, "=======================================================================");
                        }
                    });
        } catch (Exception e) {
            Log.e(TAG, "X509EncodedKeySpec Error: " + e.getMessage());
        }


        // hook RSA 16进制的密钥
        try {
            XposedBridge.hookAllConstructors(XposedHelpers.findClass("java.security.spec.PKCS8EncodedKeySpec", lpparam.classLoader),
                    new XC_MethodHook() {
                        @Override
                        protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                            Log.e(TAG, "Stack:", new Throwable("stack dump"));
                            byte[] keybyte = (byte[]) param.args[0];
                            String keybyteBase64 = Base64.encodeToString(keybyte, 0);
                            String keybyteHex = byteArray2HexString(keybyte);
                            Log.d(TAG, "PKCS8KeyHex: " + keybyteHex);
                            Log.d(TAG, "PKCS8KeyBase64: \n" + keybyteBase64);
                            Log.d(TAG, "=======================================================================");
                        }
                    });
        } catch (Exception e) {
            Log.e(TAG, "PKCS8EncodedKeySpec Error: " + e.getMessage());
        }

        // hook生成生成公钥对象
        try {
            XposedBridge.hookAllMethods(XposedHelpers.findClass("java.security.KeyFactory", lpparam.classLoader),
                    "generatePublic",
                    new XC_MethodHook() {
                        @Override
                        protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                            super.afterHookedMethod(param);
                            Log.e(TAG, "Stack" + new Throwable("stack Dump"));
                            PublicKey res = (PublicKey) param.getResult();
                            String resHex = byteArray2HexString(res.getEncoded());
                            String ResBase64 = Base64.encodeToString(res.getEncoded(), 0);
                            Log.d(TAG, "RSAKey Result:" + res);
                            Log.d(TAG, "RSAKey ResultHex:" + resHex);
                            Log.d(TAG, "RSAKey ResultBase64:" + ResBase64);
                            Log.d(TAG, "=======================================================================");
                        }
                    });
        } catch (Exception e) {
            Log.e(TAG, "KeyFactory Error: " + e.getMessage());
        }

        // hook RSA 16进制的密钥
        try {
            XposedBridge.hookAllConstructors(XposedHelpers.findClass("java.security.spec.RSAPublicKeySpec", lpparam.classLoader),
                    new XC_MethodHook() {
                        @Override
                        protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                            Log.e(TAG, "Stack:", new Throwable("stack dump"));
                            BigInteger N = (BigInteger) param.args[0];
                            BigInteger E = (BigInteger) param.args[1];
                            Log.d(TAG, "RSAPublicKey N : " + N.toString(16));
                            Log.d(TAG, "RSAPublicKey E : " + E.toString(16));
                            Log.d(TAG, "=======================================================================");
                        }
                    });
        } catch (Exception e) {
            Log.e(TAG, "RSAPublicKeySpec Error: " + e.getMessage());
        }

        try {
            XposedBridge.hookAllConstructors(XposedHelpers.findClass("java.security.spec.RSAPrivateKeySpec", lpparam.classLoader),
                    new XC_MethodHook() {
                        @Override
                        protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                            Log.e(TAG, "Stack:", new Throwable("stack dump"));
                            BigInteger N = (BigInteger) param.args[0];
                            BigInteger D = (BigInteger) param.args[1];
                            Log.d(TAG, "RSAPrivateKey N : " + N.toString(16));
                            Log.d(TAG, "RSAPrivateKey D : " + D.toString(16));
                            Log.d(TAG, "=======================================================================");
                        }
                    });
        } catch (Exception e) {
            Log.e(TAG, "RSAPrivateKeySpec Error: " + e.getMessage());
        }


    }


    public static String byteArray2HexString(byte[] bytes) {
        char[] HEX = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        char[] str = new char[bytes.length * 2];
        int j = 0;
        for (byte ele : bytes) {
            str[j++] = HEX[(ele & 0xF0) >>> 4]; //无符号左移
            str[j++] = HEX[(ele & 0x0F)];
        }
        return String.valueOf(str);
    }

}