Android逆向之Frida

最新推荐文章于 2024-06-09 22:30:59 发布

NeilLiu200

最新推荐文章于 2024-06-09 22:30:59 发布

阅读量854

点赞数

分类专栏：安卓逆向文章标签： android javascript

本文链接：https://blog.csdn.net/liumingzhuo/article/details/107670764

版权

文章目录

frida 常用shell命令

Usage: frida [options] target

Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -D ID, --device=ID    connect to device with the given ID
  -U, --usb             connect to USB device
  -R, --remote          connect to remote frida-server
  -H HOST, --host=HOST  connect to remote frida-server on HOST
  -f FILE, --file=FILE  spawn FILE
  -F, --attach-frontmost
                        attach to frontmost application
  -n NAME, --attach-name=NAME
                        attach to NAME
  -p PID, --attach-pid=PID
                        attach to PID
  --stdio=inherit|pipe  stdio behavior when spawning (defaults to “inherit”)
  --runtime=duk|v8      script runtime to use (defaults to “duk”)
  --debug               enable the Node.js compatible script debugger
  -O FILE, --options-file=FILE
                        text file containing additional command line options
  -l SCRIPT, --load=SCRIPT
                        load SCRIPT
  -P PARAMETERS_JSON, --parameters=PARAMETERS_JSON
                        parameters as JSON, same as Gadget
  -C CMODULE, --cmodule=CMODULE
                        load CMODULE
  -c CODESHARE_URI, --codeshare=CODESHARE_URI
                        load CODESHARE_URI
  -e CODE, --eval=CODE  evaluate CODE
  -q                    quiet mode (no prompt) and quit after -l and -e
  --no-pause            automatically start main thread after startup
  -o LOGFILE, --output=LOGFILE
                        output to log file
  --exit-on-error       exit with code 1 after encountering any exception in
                        the SCRIPT

Frida hook app启动项

objection -N -h  ip -p port --debug -g  packageName explore --startup-command 'android hooking watch class xxxx'

Frida 常用java api

frida -H ip:port -f packageName -l xxxx.js --no-pause

1. frida 重载

Java.perform(fn)将当前线程与VM相连接，连接后调用fn方法。

Java.use(className)动态的获取一个js实例。可以使用$new调用构造函数进行实例化。

如果有重载需要添加overload指定重载的参数。

function main(){
   
    Java.perform(function(){
     
            Java.use("java.lang.Character").toString.overload("char").implementation = function(x){
   
            var result = this.toString(x);
            console.log("x--->",x,"result---->",result);
            return result;
        }
    })
}
setImmediate(main)

2. 内存扫描实例

Java.choose(className, callbacks)通过扫描java中的堆，来枚举实例，回调中有onMatch: function (instance)和onComplete: function ()。

Java.choose("package.class",{
   
    onMatch:function(instance)

最低0.47元/天解锁文章

NeilLiu200

关注

0
点赞
踩
3

收藏

觉得还不错? 一键收藏
0
评论
Android逆向之Frida

文章目录frida 常用shell命令Frida hook app启动项Frida 常用java api1. frida 重载2. 内存扫描实例3. Array数组4. HashMap 数组5. 乱码情况 no-ascii6. 枚举类7. 类型转换8. 创建一个新类frida 常用shell命令Usage: frida [options] targetOptions: --version show program's version number and ex
复制链接

扫一扫