隐私安全检查
需要frida环境、root设备
Java.perform(function x() {
console.log("jscode start");
var TelephonyManager = Java.use("android.telephony.TelephonyManager");
//IMEI hook
TelephonyManager.getDeviceId.overload().implementation = function () {
console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Throwable").$new()));
console.log("[*]Called - getDeviceId()");
var temp = this.getDeviceId();
console.log("real IMEI: " + temp);
console.log(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
return "867979021642856";
};
// muti IMEI
TelephonyManager.getDeviceId.overload('int').implementation = function (p) {
console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Throwable").$new()));
console.log("[*]Called - getDeviceId(int) param is" + p);
var temp = this.getDeviceId(p);
console.log("real IMEI " + p + ": " + temp);
console.log(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
return "867979021642856";
};
TelephonyManager.getImei.overload('int').implementation = function (p) {
console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Throwable").$new()));
console.log("[*]Called - getImei(int) param is" + p);
var temp = this.getImei(p);
console.log("real IMEI " + p + ": " + temp);
console.log(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
return "867979021642856";
};
TelephonyManager.getMeid.overload('int').implementation = function (p) {
console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Throwable").$new()));
console.log("[*]Called - getMeid(int) param is" + p);
var temp = this.getMeid(p);
console.log("real IMEI " + p + ": " + temp);
console.log(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
return "867979021642856";
};
// 测试检查
var ImageViewClass = Java.use("android.widget.ImageView");
ImageViewClass.setImageDrawable.implementation = function (drawable) {
// var intrinsicWidth = drawable.getIntrinsicWidth();
//console.log("setImageDrawable");
return this.setImageDrawable(drawable);
}
console.log("jscode end");
});```
```python
import frida, sys
print("python runnig....")
# 查找USB设备并附加到目标进程
process = frida.get_usb_device().attach('com.xxxxxx.xxxxx')
#com.android.quicksearchbox
# 读取js文件, 在目标进程里创建脚本
with open("hook_java.js", 'r', encoding='UTF-8') as f:
jscode_script = process.create_script(f.read())
# 加载创建的javascript脚本
jscode_script.load()
# 读取系统输入
sys.stdin.read()