You can use Xposed without Root!

Xposed is a well-known framework on the Android system. It gives ordinary users the ability to DIY the system at will; such as typical WeChat anti-withdrawal, automatic red envelope grabbing, theme font modification, simulated location, etc. However, one of the prerequisites for using Xposed is that Root is required. With the evolution of the Android system, this condition is becoming more and more difficult to meet; so, can we enjoy the functions of Xposed without Root?

Let's think about it, why does Xposed need Root? From the current implementation, it is because Xposed needs to modify system files, and these files can only be modified with root permissions; but this is only a feature of the current implementation (modifying system partition files), not the root reason. The ultimate goal of Xposed is to be able to load the code of a specific Xposed module before any App process is started; these specific Xposed modules have the opportunity to execute specific code before the App process is started, thereby controlling the behavior of any process. In the final analysis, Xposed needs to control other processes, and without advanced permissions (Root), it is not possible to take over other people's business.

Is there any other way to implement it?

Although there is no way to control other processes, you can do whatever you want within your own process. If you change the way, put other apps in your own process to run, and then Hook yourself, wouldn't that achieve the goal? The mechanism of "putting other apps in your own process to run" is a container, or in layman's terms, dual opening; "Hooking yourself" is a typical Dexposed idea, but Dexposed does not support ART - but the emergence of epic not long ago completed this last piece of the puzzle.

The typical implementation of dual opening is lody's VirtualApp, so let's take a look at what kind of wonderful chemical reaction will be produced by combining VirtualApp with epic.

Our idea is very clear: use VirtualApp to start other apps, and control the started app by epic Hooking the process during the startup process. At the same time, since the Xposed module is already relatively mature and has thousands of plug-in ecosystems, *** can directly reuse the Xposed module, so that in a dual-open environment, the Xposed module is the same as the Xposed environment running in the Root phone. To this end, I wrote an Xposed compatibility layer for a dual-open environment: Exposed; at the same time, I modified part of the implementation of VirtualApp so that it can load the Exposed compatibility layer when the process starts. The code is here: VAExposed. In this way, in a dual-open environment, you can directly load the existing Xposed module and realize the functions of Xposed in non-Root mode. What's more interesting is that you can also use XposedInstaller directly to install and manage any Xposed module, just like you use real Xposed!

I won’t go into detail about the specific code. You can go directly to the source code Exposed and VAExposed. Let’s take WeChat anti-withdrawal as an example to see the specific effect:

• First install the modified version of VAExposed dual-open APK. You can clone the source code and build it directly, or you can use my compiled version Github to download Baidu network disk: https://pan.baidu.com/s/1o8mRlUi Password: sanf
• Then install the WeChat anti-withdrawal module: WeChat Magician, the homepage of the release is here: WeChat Magician;
• Next, you need to make sure that the WeChat on your phone is supported by WeChat Wizard. The current supported versions of WeChat are 6.5.8~6.5.16; if not, you need to download a supported version, such as WeChat_6.5.8.apk.
• ***, you need to open the dual-opening software VAExposed, add WeChat and WeChat Wizard as dual-opening modules, as shown below:

In this way, when using WeChat in dual-open mode, you can enjoy the anti-withdrawal function of the Xposed module!

In addition, you can also use XposedInstaller directly in dual opening, and then you can easily download and manage Xposed modules:

That’s it, we can enjoy the functions of Xposed module on non-rooted phones, have fun ：)

However, after implementing this function, I shuddered: Never run critical apps in a root environment or a dual-open environment, otherwise your WeChat login password, Alipay payment password, and bank card account number are likely to be seen.

PS: Currently the implementation of the Exposed layer is in its early stages, and my personal energy is very limited (I usually write code in the early morning); if you are interested in implementing Xposed in non-Root mode, you are very welcome to join me:) The project address is here: https://github.com/android-hacker/exposed.