Write a Xposed Module: Anti Screenshot

Category: Tag:

Today, I will solve the problem that some apps cannot take screenshots. The actual test can bypass the flash map function of an im, the payment code interface of a payment software, and a bank app.

Code download

1. Environmental preparation
A test machine with xposed environment has been configured.

Get a copy of XposedBridge API jar: https://forum.xda-developers.com/xposed/xposed-api-changelog-developer-news-t2714067

2. Project initialization
1. Android Studio new project
Create a new Empty Activity project here

Note

If you choose No Activity, there is no way to install it directly on the test machine for testing in the studio, because there is no actvity. After the module development is over, you can delete the activity and generate a signed apk, so that after installation, the module will not generate icons on the desktop, which is perfect.

I thought about it. The minimum Android version of the test machine I will use is 8.1, so I set the Minimum SDK to 8.0.

2. Write basic information of xposed module
Add the following in src/main/res/values/strings.xml:

<string name="xposed_description">Force screenshot @lushan</string>

In the AndroidManifest.xml file, add the following code inside the <application> tag

<meta-data android:name="xposedmodule" android:value="true" /> <meta-data android:name="xposeddescription" android:value="@string/xposed_description" /> <meta-data android:name="xposedminversion" android:value="54" />

As shown:

3. Load the XposedBridge API package
Copy the XposedBridgeApi package to libs, and then right click Add As Library:

 

Check the content in the dependencies block in build.gradle under the app folder.

 

Note: Most online tutorials are written with provided, and this keyword has been replaced by compileOnly.

If this step is not set properly, the xposed framework will print the following log:

 

4. Create a new Xposed module entry function.

 

Function body:

public class HookMain implements IXposedHookLoadPackage {
    @Override
    public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
    
    }
}

In this step, let’s write an empty entry function first, and write the internal logic later.

5. Specify the Xposed module entry function
Under src/main, create new assets/xposed_init,The content of the file is the package name + the entry function name.

 

At this point, the prototype of an xposed module is almost complete. Next, we need to improve the related hook logic, but we can execute it now to see the effect

 

The xposed framework can correctly recognize that this is a module, and can display the basic information of the previously set module.

 

3, analyze the relevant functions of Android prohibiting screenshots
In general, after my careful observation, the method of prohibiting screenshots provided by Android is to add the “FLAG_SECURE” attribute to the “Display” class.

Below is the official document on how to set “FLAG_SECURE”:

An application creates a window with a secure surface by specifying the WindowManager.LayoutParams#FLAG_SECUREwindow flag. Likewise, an application creates a SurfaceView with a secure surface by calling SurfaceView#setSecure before attaching the secure view to its containing window.

Documentation: https://developer.android.com/reference/android/view/Display#FLAG_SECURE

Obviously, the above document introduces two methods to set Display.FLAG_SECURE, one is to specify the flag of the window class: WindowManager.LayoutParams#FLAG_SECURE, and the other is to use the SurfaceView#setSecure method.

Next, take a good look at the related functions for Hook use.

1. Specify the window flag
It can be achieved by the following two methods:

window.setFlag(WindowManager.LayoutParams.FLAG_SECURE)

文档:https://developer.android.com/reference/android/view/Window#setFlags(int,%20int)

window.addFlags(WindowManager.LayoutParams.FLAG_SECURE)

 

 

https://developer.android.com/reference/android/view/Window#addFlags(int)

2.SurfaceView.setSecure

https://developer.android.com/reference/android/view/SurfaceView#setSecure(boolean)

In summary, we need to hook three functions.
Fourth, complete the module writing
In fact, the logic is quite simple. Call the hook function and change the parameters。

public class HookMain implements IXposedHookLoadPackage {
    String packageName = new String();

    @Override
    public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {

        packageName = loadPackageParam.packageName;

        // Hook "window.setFlag(WindowManager.LayoutParams.FLAG_SECURE)"
        XposedHelpers.findAndHookMethod(Window.class, "setFlags", int.class, int.class,
                removeSecureFlagHook);

        // Hook "window.addFlags(WindowManager.LayoutParams.FLAG_SECURE)"
        XposedHelpers.findAndHookMethod(Window.class, "addFlags", int.class,
                removeSecureFlagHook);

        // Hook "SurfaceView.setSecure"
        XposedHelpers.findAndHookMethod(SurfaceView.class, "setSecure", boolean.class,
                removeSetSecureHook);


    }


    private final XC_MethodHook removeSecureFlagHook = new XC_MethodHook() {
        @Override
        protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
            if ((Integer) param.args[0] == WindowManager.LayoutParams.FLAG_SECURE){
                param.args[0] = 0;
                XposedBridge.log("Anti Screenshot : Blocked" + packageName);
            }
        }
    };



    private final XC_MethodHook removeSetSecureHook = new XC_MethodHook() {
        @Override
        protected void beforeHookedMethod(XC_MethodHook.MethodHookParam param) throws Throwable {
            param.args[0] = false;
            XposedBridge.log("Anti Screenshot : Blocked" + packageName);
        }
    };

}

 

Five, test
After ensuring that this module is enabled in the Xposed framework, let’s simply test the flash image

 

Yes! Succeeded!

At this point, we can see in the log interface of Xposed:

Done.

Reviews

There are no reviews yet.

Be the first to review “Write a Xposed Module: Anti Screenshot”

Your email address will not be published. Required fields are marked *