Convert Figma logo to code with AI

WindySha logoXpatch

This is a tool to repackage apk file, then the apk can load any xposed modules installed in the device. It is another way to hook an app without root device.

2,568
392
2,568
40
View on GitHub

Top Related Projects

pxb1988's avatar

dex2jar

12,282

Tools to work with android .dex and java .class files

JesusFreke's avatar

smali

6,309

smali/baksmali

skylot's avatar

jadx

41,326

Dex to Java decompiler

asLody's avatar

VirtualApp

10,196

Virtual Engine for Android(Support 14.0 in business version)

Konloch's avatar

bytecode-viewer

14,649

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

iBotPeaches's avatar

Apktool

20,044

A tool for reverse engineering Android apk files

Quick Overview

Xpatch is an Android application reinforcement tool that can generate a custom APK file by modifying an existing APK. It aims to protect Android applications from being cracked or reverse-engineered by adding a custom DEX file to the original APK, making it more difficult for attackers to analyze or modify the app's code.

Pros

  • Enhances security of Android applications by making them harder to crack or reverse-engineer
  • Supports both signed and unsigned APK files
  • Provides a command-line interface for easy integration into build processes
  • Open-source project with potential for community contributions and improvements

Cons

  • May increase the size of the APK file due to the addition of custom DEX
  • Could potentially impact app performance, depending on the complexity of the added protection
  • Requires regular updates to keep up with evolving Android security measures and attack techniques
  • May not provide complete protection against determined attackers with advanced skills

Code Examples

// Example 1: Basic usage of Xpatch
String srcApkPath = "path/to/source.apk";
String outApkPath = "path/to/output.apk";
XpatchClient.patch(srcApkPath, outApkPath);

// Example 2: Using Xpatch with custom options
XpatchOption option = new XpatchOption();
option.setDebug(true);
option.setKeepSignature(false);
XpatchClient.patch(srcApkPath, outApkPath, option);

// Example 3: Handling exceptions during patching process
try {
    XpatchClient.patch(srcApkPath, outApkPath);
} catch (Exception e) {
    System.err.println("Error patching APK: " + e.getMessage());
}

Getting Started

To use Xpatch in your project:

  1. Clone the repository:

    git clone https://github.com/WindySha/Xpatch.git

  2. Build the project using Gradle:

    cd Xpatch
./gradlew build

  3. Use the generated JAR file in your Java project or run it from the command line:

    java -jar xpatch.jar -f path/to/source.apk -o path/to/output.apk

For more detailed instructions and options, refer to the project's README file on GitHub.

Competitor Comparisons

pxb1988 logo

dex2jar

12,282

Tools to work with android .dex and java .class files

Pros of dex2jar

  • More comprehensive toolset for working with Android DEX and Java class files
  • Supports conversion of DEX to Java JAR files, enabling easier analysis and decompilation
  • Actively maintained with regular updates and bug fixes

Cons of dex2jar

  • Primarily focused on DEX/JAR conversion, lacking Xpatch's APK patching capabilities
  • May require additional tools for complete APK analysis and modification
  • Less user-friendly for those specifically interested in APK patching

Code Comparison

Xpatch (Main patching logic):

public void patch(String apkPath, String outApkPath, String signatureType) throws Exception {
    File apkFile = new File(apkPath);
    File outApkFile = new File(outApkPath);
    // ... (patching logic)
}

dex2jar (DEX to class file conversion):

public static void doFile(String dexFilePath) throws IOException {
    DexFileReader reader = new DexFileReader(new File(dexFilePath));
    DexFileVisitor visitor = new DexFileVisitor(ASM4);
    reader.accept(visitor);
    // ... (conversion logic)
}

While Xpatch focuses on APK patching, dex2jar provides tools for DEX/JAR conversion and analysis. Xpatch is more specialized for APK modification, while dex2jar offers a broader set of utilities for working with Android bytecode.

JesusFreke logo

smali

6,309

smali/baksmali

Pros of smali

  • More established and widely used in the Android reverse engineering community
  • Supports a broader range of Android versions and features
  • Offers a more comprehensive set of tools for disassembling and assembling Android DEX files

Cons of smali

  • Steeper learning curve for beginners
  • Requires more manual intervention for complex modifications
  • Less focused on specific patching tasks compared to Xpatch

Code Comparison

smali:

.method public static main([Ljava/lang/String;)V
    .registers 2
    sget-object v0, Ljava/lang/System;->out:Ljava/io/PrintStream;
    const-string v1, "Hello, World!"
    invoke-virtual {v0, v1}, Ljava/io/PrintStream;->println(Ljava/lang/String;)V
    return-void
.end method

Xpatch:

public class XpatchPlugin implements Plugin {
    @Override
    public void process(File apkFile, File outputFile) {
        // Xpatch-specific patching logic
    }
}

Note: The code comparison showcases the different focus of each project. smali deals with low-level Dalvik bytecode, while Xpatch provides a higher-level API for APK patching.

skylot logo

jadx

41,326

Dex to Java decompiler

Pros of jadx

  • More comprehensive decompilation tool, supporting Java and Kotlin
  • Actively maintained with frequent updates and bug fixes
  • Includes a GUI for easier navigation and analysis

Cons of jadx

  • Larger project scope, potentially more complex for simple APK patching tasks
  • May require more system resources due to its extensive features

Code comparison

Xpatch (Java):

public static void patchDexFile(byte[] dexBytes) {
    DexBackedDexFile dexFile = DexBackedDexFile.fromBuffer(Opcodes.getDefault(), dexBytes);
    DexRewriter rewriter = new DexRewriter(new RewriterModule());
    DexFile modifiedDexFile = rewriter.rewriteDexFile(dexFile);
}

jadx (Java):

public static void decompile(File inputFile, File outputDir) {
    JadxArgs args = new JadxArgs();
    args.setInputFile(inputFile);
    args.setOutDir(outputDir);
    JadxDecompiler jadx = new JadxDecompiler(args);
    jadx.load();
    jadx.save();
}

While Xpatch focuses on patching APK files to bypass signature verification, jadx is a more general-purpose decompiler and analyzer for Android applications. Xpatch is specifically designed for a single task, whereas jadx offers a broader range of features for reverse engineering and analysis of Android apps.

asLody logo

VirtualApp

10,196

Virtual Engine for Android(Support 14.0 in business version)

Pros of VirtualApp

  • More comprehensive virtualization solution, allowing multiple apps to run in a single process
  • Supports a wider range of Android versions and features
  • Active community and regular updates

Cons of VirtualApp

  • More complex implementation and setup process
  • Potentially higher resource usage due to its comprehensive nature
  • May require more frequent updates to maintain compatibility

Code Comparison

VirtualApp:

@Override
public void onCreate() {
    super.onCreate();
    VirtualCore.get().setComponentDelegate(new MyComponentDelegate());
    VirtualCore.get().setTaskDescriptionDelegate(new MyTaskDescriptionDelegate());
    VirtualCore.get().setPhoneInfoDelegate(new MyPhoneInfoDelegate());
}

Xpatch:

public class XpatchApplication extends Application {
    @Override
    public void onCreate() {
        super.onCreate();
        XpatchManager.getInstance().init(this);
    }
}

The code snippets show that VirtualApp requires more setup and configuration, while Xpatch has a simpler initialization process. VirtualApp offers more customization options through delegates, whereas Xpatch focuses on a straightforward patching approach.

Konloch logo

bytecode-viewer

14,649

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

Pros of bytecode-viewer

  • More comprehensive Java bytecode analysis tool with multiple decompilers
  • Supports a wider range of file formats, including JAR, CLASS, and APK
  • Active development with frequent updates and bug fixes

Cons of bytecode-viewer

  • Larger file size and more complex setup compared to Xpatch
  • May be overwhelming for users who only need simple APK patching functionality
  • Requires more system resources due to its extensive features

Code Comparison

Xpatch (simplified usage):

XpatchClient client = new XpatchClient();
client.patch("input.apk", "output.apk");

bytecode-viewer (simplified usage):

BytecodeViewer.start(new String[]{"input.jar"});
// GUI-based interaction for analysis and modification

Summary

Bytecode-viewer is a more powerful and versatile tool for Java bytecode analysis and modification, offering support for multiple file formats and decompilers. It's ideal for advanced users who require in-depth analysis capabilities. Xpatch, on the other hand, is more focused on APK patching and offers a simpler, more straightforward approach for users who primarily work with Android applications. The choice between the two depends on the specific needs of the user and the complexity of the tasks they need to perform.

iBotPeaches logo

Apktool

20,044

A tool for reverse engineering Android apk files

Pros of Apktool

  • More comprehensive feature set for APK manipulation
  • Larger community and better documentation
  • Supports both decompiling and recompiling APKs

Cons of Apktool

  • Slower processing speed for large APKs
  • More complex setup and usage for beginners
  • Requires additional tools for certain operations

Code Comparison

Xpatch (Java):

public static void main(String[] args) {
    XpatchClient client = new XpatchClient();
    client.patch(apkFile, outputFile);
}

Apktool (Java):

public static void main(String[] args) {
    ApktoolDecoder decoder = new ApktoolDecoder();
    decoder.decode(apkFile, outputDir);
    // Additional steps for modification and recompilation
}

Xpatch focuses on a streamlined patching process, while Apktool offers more granular control over APK manipulation. Xpatch provides a simpler API for quick patching, whereas Apktool requires additional steps for decompilation, modification, and recompilation. Apktool's approach allows for more extensive customization but at the cost of increased complexity.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

English Version

Android App破解工具Xpatch的使用方法

Xpatch概述

Xpatch用来重新签名打包Apk文件,使重打包后的Apk能加载安装在系统里的Xposed插件,从而实现免Root Hook任意App。

Xpatch基本原理

Xpatch的原理是对Apk文件进行二次打包,重新签名,并生成一个新的apk文件。 在Apk二次打包过程中,插入加载Xposed插件的逻辑,这样,新的Apk文件就可以加载任意Xposed插件,从而实现免Root Hook任意App的Java代码。

1.0~1.4版本,Hook框架使用的是Lody的whale
2.0版本开始,Hook框架底层使用的是ganyao114的SandHook。
3.0版本开始,默认使用SandHook,同时,兼容切换为whale

Xpatch工具包下载

下载最新的Xpatch Jar包
或者进入Releases页面下载指定版本:releases

Xpatch App版本(Xposed Tool)下载

XposedTool 下载XposedTool Apk

Xpatch使用方法

Xpatch项目最终生成物是一个Jar包,此Jar使用起来非常简单,只需要一行命令,一个接入xposed hook功能的apk就生成:

$ java -jar XpatchJar包路径 apk文件路径

For example:
$ java -jar ../xpatch.jar ../Test.apk

这条命令之后,在原apk文件(Test.apk)相同的文件夹中,会生成一个名称为Test-xposed-signed.apk的新apk,这就是重新签名之后的支持xposed插件的apk。

Note: 由于签名与原签名不一致,因此需要先卸载掉系统上已经安装的原apk,才能安装这个Xpatch后的apk

当然,也可以增加-o参数,指定新apk生成的路径:

$ java -jar ../xpatch.jar ../Test.apk -o ../new-Test.apk

更多参数类型可以使用--help查看,或者不输入任何参数运行jar包:

$ java -jar ../xpatch.jar --h(可省略)

这行命令之后得到结果(v1.0-v2.0):

Please choose one apk file you want to process. 
options:
 -f,--force                   force overwrite
 -h,--help                    Print this help message
 -k,--keep                    not delete the jar file that is changed by dex2jar
                               and the apk zip files
 -l,--log                     show all the debug logs
 -o,--output <out-apk-file>   output .apk file, default is $source_apk_dir/[file
                              -name]-xposed-signed.apk

Xposed模块开关控制的两种方法

1. 手动修改sdcard文件控制模块开关

当新apk安装到系统之后,应用启动时,默认会加载所有已安装的Xposed插件(Xposed Module)。

一般情况下,Xposed插件中都会对包名过滤,有些Xposed插件有界面,并且在界面上可以设置开关,所以默认启用所有的Xposed插件的方式,大多数情形下都可行。

但在少数情况可能会出现问题,比如,同一个应用安装有多个Xposed插件(wechat插件就非常多),并且都没有独立的开关界面,同时启用这些插件可能会产生冲突。

为了解决此问题,当应用启动时,会查找系统中所有已安装的Xposed插件,并在文件目录下生成一个文件 mnt/sdcard/xposed_config/modules.list,记录这些Xposed插件App。 比如:

com.blanke.mdwechat#MDWechat
com.example.wx_plug_in3#畅玩微信
liubaoyua.customtext#文本自定义

记录的方式是:插件app包名#插件app名称

需要禁用某个插件,只需要修改此文件,在该插件包名前面增加一个#号即可。

比如,需要禁用畅玩微信和文本自定义两个插件,只需要修改该文本文件,增加一个#号即可:

com.blanke.mdwechat#MDWechat
#com.example.wx_plug_in3#畅玩微信
#liubaoyua.customtext#文本自定义

如果需要禁用所有插件,只需在所有的包名前面增加#。

注意: 有些App没有获取到sd卡文件读写权限,这会导致无法读取modules.list配置文件,此时会默认启用所有插件。这种情况下,需要手动打开app的文件读写权限。

2. 通过Xposed Tool App控制模块开关

下载并安装Xpatch App(Xposed Tool) 点我下载XposedTool Apk 通过Xposed模块管理页面来控制模块开关。(原理跟方法1一致)
Screenshot.png

可用的Xposed模块示例

其他

assets目录下的classes.dex是来加载设备上已安装的Xposed插件,其源代码也已经开源:
xposed_module_loader
欢迎star and fork.

局限性

Xpatch是基于apk二次打包实现的,而且使用到了dex2Jar工具,因此,也存在不少的局限性。大概有以下几点:

  1. Hook框架默认使用的是SandHook,此框架存在一些不稳定性,在少数机型上hook可能会崩溃。
  2. 对于校验了文件完整性的app,重打包后可能无法启动;
  3. Xposed Hook框架暂时不支持Dalvik虚拟机。
  4. 暂时不支持Xposed插件中的资源Hook。

Technology Discussion

QQ Group: 741998508
or
Post comments under this article: Xpatch: 免Root实现App加载Xposed插件的一种方案

功能更新

1. 2019/4/15 updated

增加自动破解签名检验的功能,此功能默认开启,如果需要关闭可以增加-c即可,比如:

$ java -jar ../xpatch.jar ../Test.apk -c

通过help(-h)可以查看到:

options:
-c,--crach disable craching the apk's signature.

2. 2019/4/25 updated

增加将Xposed modules打包到apk中的功能 通过help(-h)可以查看到:

-xm,--xposed-modules the xposed mpdule files to be packaged into the ap k, multi files should be seperated by :(mac) or ;( win)

使用方式为在命令后面增加-xm path即可,比如:

$ java -jar ../xpatch.jar ../source.apk -xm ../module1.apk

假如需要将多个Xposed插件打包进去,在Mac中使用":",在Windows下使用";",隔开多个文件路径即可,比如:

mac
$  java -jar ../xpatch.jar ../source.apk -xm ../module1.apk:../module2.apk  

windows
$  java -jar ../xpatch.jar ../source.apk -xm ../module1.apk;../module2.apk

注意:

  1. 多个Xposed modules使用:(mac)/;(win)分割;
  2. 假如此module既被打包到apk中,又安装在设备上,则只会加载打包到apk中的module,不会加载安装的。 这里是通过包名区分是不是同一个module。

3. 2020/02/09 updated (Version 3.0)

3.0版本增加了不少新功能,同时修复了一些用户反馈的Bug。

新增功能:

  1. 支持android 10;
  2. 支持更改植入的hook框架,默认使用Sandhook(支持android10),可更改为whale(暂不支持android10)(-w);
  3. 默认使用修改Maniest文件方式,植入初始化代码,同时,支持更改为老版本中的修改dex文件的方式植入代码(-dex);
  4. 支持修改apk包名(一般不建议使用,很多应用会校验包名,会导致无法使用)
  5. 支持修改apk的version code;
  6. 支持修改apk的version name;
  7. 支持修改apk的debuggable为true或者false;

Bug修复:

  1. 修复Manifest文件中未定义ApplicationName类,导致无法实现Hook的问题;
  2. 修复破解无so文件的apk时,出现无法找到so的问题;
  3. 修复签名可能会失败的问题;
  4. 修复dex文件数超过65536的问题;

新功能用法

在命令行中输入-h,可以看到3.0版本完整的帮助文档: $ java -jar ../xpatch-3.0.jar -h

options:
 -c,--crach                   disable craching the apk's signature.
 -d,--debuggable <0 or 1>     set 1 to make the app debuggable = true, set 0 to 
                              make the app debuggable = false
 -dex,--dex                   insert code into the dex file, not modify manifest
                               application name attribute
 -f,--force                   force overwrite
 -h,--help                    Print this help message
 -k,--keep                    not delete the jar file that is changed by dex2jar
                               and the apk zip files
 -l,--log                     show all the debug logs
 -o,--output <out-apk-file>   output .apk file, default is $source_apk_dir/[file
                              -name]-xposed-signed.apk
 -pkg,--packageName <new package name>modify the apk package name
 -vc,--versionCode <new-version-code>set the app version code
 -vn,--versionName <new-version-name>set the app version name
 -w,--whale                   Change hook framework to Lody's whale
 -xm,--xposed-modules <xposed module file path>
                              the xposed module files to be packaged into the ap
                              k, multi files should be seperated by :(mac) or ;(
                              win) 
version: 3.0

具体用法:

  1. 修改Apk的debuggable = true:
    $ java -jar ../xpatch-3.0.jar ../Test.apk -d 1 (false改为0)
  2. 使用老版本的破解dex方法破解apk:
    $ java -jar ../xpatch-3.0.jar ../Test.apk -dex
  3. 修改包名,版本号:
    $ java -jar ../xpatch-3.0.jar ../Test.apk -pkg com.test.test -vc 1000 -vn 1.1.1
  4. 更改Hook框架为whale:
    $ java -jar ../xpatch-3.0.jar ../Test.apk -w

4. 2021/01/13 updated (Version 4.0)

Update SandHook to the newest version and SandHook support the Android 11.

Thanks