我是正在从事Android安全研究的中国学生。(我的句子中可能会有一些语法错误)我想使用辅助功能API捕获用户的行为,例如单击IME的键盘和选择某些字符..但是当我尝试这个API时,我只能获取当前窗口的文本和用户执行的操作,而不是键盘中的任何事件。也许我错过了什么。 (我无法接收来自onKeyEvent和onGesture的任何事件。但我可以从onAccessibilityEvent接收事件。)
我创建了以下基本辅助功能服务。
package com.jack.accessibility;
import java.util.List;
import android.accessibilityservice.AccessibilityService;
import android.accessibilityservice.AccessibilityServiceInfo;
import android.annotation.SuppressLint;
import android.util.Log;
import android.view.KeyEvent;
import android.view.accessibility.AccessibilityEvent;
import android.view.accessibility.AccessibilityNodeInfo;
@SuppressLint("NewApi")
public class MyAccessibilityService extends AccessibilityService {
@Override
public void onAccessibilityEvent(AccessibilityEvent event) {
String eventText = getTypeName(event.getEventType()) + "===="
+ event.getContentDescription();
Log.e("------------------------", "-------------------------");
Log.d("PackageName", event.getPackageName().toString());
Log.d("EventName", eventText);
traverseNode(getRootInActiveWindow());
Log.e("------------------------", "-------------------------");
}
@Override
public void onServiceConnected() {
Log.e("---------ServiceConnected--------------",
"------------ServiceConnected------------");
AccessibilityServiceInfo info = new AccessibilityServiceInfo();
info.packageNames = new String[] { "com.android.mms" };
info.eventTypes = AccessibilityEvent.TYPES_ALL_MASK;
info.notificationTimeout = 100;
info.feedbackType = AccessibilityServiceInfo.FEEDBACK_SPOKEN;
info.flags = AccessibilityServiceInfo.FLAG_REQUEST_FILTER_KEY_EVENTS;
setServiceInfo(info);
}
@Override
public boolean onKeyEvent(KeyEvent event) {
Log.i("Key", ".....");
return true;
}
@Override
public boolean onGesture(int gestureId) {
Log.v("THEIA", String.format("onGesture: [type] %s", gIdToString(gestureId)));
return false;
}
@Override
public void onInterrupt() {
Log.e("---------Interrupt--------------",
"------------Interrupt------------");
}
private void traverseNode(AccessibilityNodeInfo node) {
if (null == node)
return;
final int count = node.getChildCount();
if (count > 0) {
for (int i = 0; i < count; i++) {
AccessibilityNodeInfo childNode = node.getChild(i);
traverseNode(childNode);
}
} else {
CharSequence text = node.getText();
Log.d("test", "Node text = " + text);
}
}
private String getTypeName(int type) {
switch (type) {
case AccessibilityEvent.TYPE_TOUCH_EXPLORATION_GESTURE_START:
return "TYPE_TOUCH_EXPLORATION_GESTURE_START";
case AccessibilityEvent.TYPE_TOUCH_EXPLORATION_GESTURE_END:
return "TYPE_TOUCH_EXPLORATION_GESTURE_END";
case AccessibilityEvent.TYPE_TOUCH_INTERACTION_START:
return "TYPE_TOUCH_INTERACTION_START";
case AccessibilityEvent.TYPE_TOUCH_INTERACTION_END:
return "TYPE_TOUCH_INTERACTION_END";
case AccessibilityEvent.TYPE_GESTURE_DETECTION_START:
return "TYPE_GESTURE_DETECTION_START";
case AccessibilityEvent.TYPE_GESTURE_DETECTION_END:
return "TYPE_GESTURE_DETECTION_END";
case AccessibilityEvent.TYPE_VIEW_HOVER_ENTER:
return "TYPE_VIEW_HOVER_ENTER";
case AccessibilityEvent.TYPE_VIEW_HOVER_EXIT:
return "TYPE_VIEW_HOVER_EXIT";
case AccessibilityEvent.TYPE_VIEW_SCROLLED:
return "TYPE_VIEW_SCROLLED";
case AccessibilityEvent.TYPE_VIEW_CLICKED:
return "TYPE_VIEW_CLICKED";
case AccessibilityEvent.TYPE_VIEW_LONG_CLICKED:
return "TYPE_VIEW_LONG_CLICKED";
case AccessibilityEvent.TYPE_VIEW_FOCUSED:
return "TYPE_VIEW_FOCUSED";
case AccessibilityEvent.TYPE_VIEW_SELECTED:
return "TYPE_VIEW_SELECTED";
case AccessibilityEvent.TYPE_VIEW_ACCESSIBILITY_FOCUSED:
return "TYPE_VIEW_ACCESSIBILITY_FOCUSED";
case AccessibilityEvent.TYPE_VIEW_ACCESSIBILITY_FOCUS_CLEARED:
return "TYPE_VIEW_ACCESSIBILITY_FOCUS_CLEARED";
case AccessibilityEvent.TYPE_WINDOW_STATE_CHANGED:
return "TYPE_WINDOW_STATE_CHANGED";
case AccessibilityEvent.TYPE_NOTIFICATION_STATE_CHANGED:
return "TYPE_NOTIFICATION_STATE_CHANGED";
case AccessibilityEvent.TYPE_ANNOUNCEMENT:
return "TYPE_ANNOUNCEMENT";
case AccessibilityEvent.TYPE_WINDOW_CONTENT_CHANGED:
return "TYPE_WINDOW_CONTENT_CHANGED";
case AccessibilityEvent.TYPE_VIEW_TEXT_CHANGED:
return "TYPE_VIEW_TEXT_CHANGED";
case AccessibilityEvent.TYPE_VIEW_TEXT_SELECTION_CHANGED:
return "TYPE_VIEW_TEXT_SELECTION_CHANGED";
case AccessibilityEvent.TYPE_VIEW_TEXT_TRAVERSED_AT_MOVEMENT_GRANULARITY:
return "TYPE_VIEW_TEXT_TRAVERSED_AT_MOVEMENT_GRANULARITY";
}
return "Unknown";
}
private String gIdToString(int gID) {
switch (gID) {
case 1:
return "GESTURE_SWIPE_UP";
case 2:
return "GESTURE_SWIPE_DOWN";
case 3:
return "GESTURE_SWIPE_LEFT";
case 4:
return "GESTURE_SWIPE_RIGHT";
case 5:
return "GESTURE_SWIPE_LEFT_AND_RIGHT";
case 6:
return "GESTURE_SWIPE_RIGHT_AND_LEFT";
case 7:
return "GESTURE_SWIPE_UP_AND_DOWN";
case 8:
return "GESTURE_SWIPE_DOWN_AND_UP";
case 9:
return "GESTURE_SWIPE_LEFT_AND_UP";
case 10:
return "GESTURE_SWIPE_LEFT_AND_DOWN";
case 11:
return "GESTURE_SWIPE_RIGHT_AND_UP";
case 12:
return "GESTURE_SWIPE_RIGHT_AND_DOWN";
case 13:
return "GESTURE_SWIPE_UP_AND_LEFT";
case 14:
return "GESTURE_SWIPE_UP_AND_RIGHT";
case 15:
return "GESTURE_SWIPE_DOWN_AND_LEFT";
case 16:
return "GESTURE_SWIPE_DOWN_AND_RIGHT";
}
return "UNKNOWN";
}
}
的AndroidManifest.xml:
<uses-sdk
android:minSdkVersion="8"
android:targetSdkVersion="18" />
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" />
<uses-permission android:name="android.permission.BIND_ACCESSIBILITY_SERVICE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
<application
android:allowBackup="true"
android:icon="@drawable/ic_launcher"
android:label="@string/app_name"
android:theme="@style/AppTheme" >
<activity
android:name="com.jack.accessibility.MainActivity"
android:label="@string/app_name" >
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<service android:label="@string/acc_service_name" android:name=".MyAccessibilityService" android:permission="android.permission.BIND_ACCESSIBILITY_SERVICE">
<intent-filter>
<action android:name="android.accessibilityservice.AccessibilityService" />
</intent-filter>
<meta-data
android:name="android.accessibilityservice"
android:resource="@xml/phone_accessibility" />
</service>
</application>
phone_accessibility.xml:
<?xml version="1.0" encoding="utf-8"?>
<accessibility-service android:description="@string/accessibility_service_description"
android:accessibilityEventTypes="typeAllMask"
android:accessibilityFeedbackType="feedbackAllMask"
android:notificationTimeout="100"
android:canRetrieveWindowContent="true"
android:canRequestTouchExplorationMode="true"
android:canRequestEnhancedWebAccessibility="true"
android:canRequestFilterKeyEvents="true"
android:accessibilityFlags="flagDefault"
xmlns:android="http://schemas.android.com/apk/res/android" />
答案 0 :(得分:1)
添加:
info.flags = AccessibilityServiceInfo.FLAG_REQUEST_TOUCH_EXPLORATION_MODE;
答案 1 :(得分:0)
从AccessibilityService开始,我无法获得AccessibilityNodeInfo或IME的{{1}}。
根据我的理解,你正在尝试记录密钥;但这是不可能的。您需要拥有自己的键盘才能记录Keyboard上按下的键。
但是从Keyboard开始,您可以获取所有AccessibilityService的文字内容,但密码EditText除外(EditText为password inputType )。
由于你已经想到了这一点,我不会编写代码来从节点获取文本。
如果这是可能的,那不是一个重大的安全问题吗?!
答案 2 :(得分:0)
尝试像这样配置辅助功能服务:
<?xml version="1.0" encoding="utf-8"?>
<accessibility-service
xmlns:android="http://schemas.android.com/apk/res/android"
android:accessibilityEventTypes="typeContextClicked|typeViewClicked"
android:packageNames="com.example.andres.eventcapture"
android:accessibilityFlags="flagRequestFilterKeyEvents"
android:accessibilityFeedbackType="feedbackAllMask"
android:notificationTimeout="50"
android:canRetrieveWindowContent="true"
android:settingsActivity=""
android:canRequestFilterKeyEvents="true"
/>
效果很好!