What is VirtualXposed?
An OPEN-SOURCE Container-like environment for running apks on Android, which allows the use of (some) xposed features without the need for root/xposed/unlocked bootloader etc. If this can be made trustable and stable, it has the potential to bring Xposed mods to a much wider community.
How VirtualXposed works, based on a review of the source code and dev response -
- All apps run inside VirtualApp (https://github.com/asLody/VirtualApp) - A containter-like library (like docker) that wraps around some android system calls to allows to run apks as plugins inside the original app.
The project is also mostly open-source, but there seem to be some propreitary code blocks as well (such as https://github.com/asLody/VirtualApp...bs/armeabi-v7a). Its not free for commercial use though, that requires the purchase of a license.The dev maintains and independent fork of VirtualApp, without these closed-source blobs. The docs for VirtualApp can be found here - https://github.com/prife/VirtualAppDoc
- Uses Epic (https://github.com/tiann/epic) to actually process xposed hooks - This is an open-source library, actually inspired from xposed itself, for developer to "hook" into their own Java methods in their own apps.
- Uses a simple compatibility layer Exposed (https://github.com/android-hacker/exposed/ ) - Fully open source, Compatibility layer for Xposed, it loads Xposed modules and does some basic services (such as dealing with unsupported feature: initForZygote/resource hooks)
- For the UI, uses this Launcher (https://github.com/android-hacker/Launcher3) - This is a fork of the popular (and open source) Rootless Pixel Launcher, modified for multi-user scenarios
- Launcher3 and VirtualApp are project dependencies in VirtualXposed, exposed and epic are depended by aar.
- The app requests a ton of permissions - Seems legit given that it has to emulate all of those APIs. Perhaps these can be changed to runtime permissions?
Possible proprietary blobs (Not sure yet - waiting for dev response)The app is fully open source.
- Noone knows in detail how it works - Well, I am starting to get an idea of how it works :P
- Virus Scan results - 1 virus detected by VirusTotal. See developer rant - https://github.com/android-hacker/Vi...ment-377295527, I think is a false positive
What works so far -
- Hooking into a virtual app's own java functions (hooked using findAndHookMethod())
- Hooking into SOME base Android APIs (I tried TextView.setText()) - I have published a working sample here - https://github.com/akhilkedia/VirtualXposedSamplePOC
Limitations of VirtualXposed so far that I know -
Module hooks sometimes work, sometimes dont. I tested AllTrans 5 times, and it only worked oncewas because of change in Application.onCreate() - see below.
Hooking Application.onCreate and casting it to Application returns and errorsee below
- New modules are seemingly often not changed even after re-installing. Un-installed virtual apps are sometimes detected as still being present by the xposed module (?!)
- Cannot hook apks outside of VirtualApp (including possibly SystemUI).
- No Resource Hooks
- No Google Play Service yet.
- Epic library's readme says not supported for arm32, x86_64 and mips device architectures for ART.
Logging to logcat doesnt seem to work.Logging to logcat works. @#$*%$ Android studio log filters.
How to develop modules on it.-
- Some utilities for developers (translated wiki page from VirtualXposed) - https://translate.googleusercontent....bMpfzUV70sy_fg
I have not tried any of the steps mentioned here.These steps work.
- Application.onCreate/attachBaseContext is transformed to ContextWrapper.attachBaseContext
Here is what I am currently doing, which seems to be a more stable way of getting consistent results - Erase application data of VirtualXposed, install xposed module, enable xposed module in xposed installer, force-stop VirtualXposed, start VirtualXposed.If you have enabled an Xposed Module outside of VirtualXposed, it will still affect apps inside it - So its recommended to turn the module off outside.
The original developer seems to not speak perfect English, and the current users are mostly all Chinese.
Note - I intend to keep updating this post as we get more/new information.
@ Forum Moderators - Please feel free to move this thread if this is not the correct forum for it.
Edits - updated with more information from dev.