前言
使用
frida + sekiro
远程rpc
调用淘宝sgmain 70102
之前写过一篇类似的,可以参考一下
androidAsync fridaManager 实现某宝 sgmain 70102 rpc 远程调用
frida + sekiro 环境搭建
参考之前的文章: frida 加载 sekiro dex 文件 实现与服务端交互
sekiro java demo
public static void main(String[] args) {
String group = "testJava";
String clientId = "clientId";
String host = "127.0.0.1";
int port = 5620;
SekiroClient sekiroClient = new SekiroClient(group, clientId, host, port);
sekiroClient.setupSekiroRequestInitializer(new SekiroRequestInitializer() {
@Override
public void onSekiroRequest(SekiroRequest sekiroRequest, HandlerRegistry handlerRegistry) {
handlerRegistry.registerSekiroHandler(new ActionHandler() {
@Override
public String action() {
return "time";
}
@Override
public void handleRequest(SekiroRequest sekiroRequest, SekiroResponse sekiroResponse) {
sekiroResponse.success(System.currentTimeMillis());
}
});
}
});
sekiroClient.start();
}
注册了一个 time action
返回当前系统的时间戳
请求 http://127.0.0.1:5620/business-demo/groupList
结果正常返回
在请求 http://127.0.0.1:5620/business-demo/invoke?group=testJava&action=time
成功返回了时间戳
sekiro frida demo
使用 frida
就是把 java
使用 frida js
重新写一遍
function initSekiro() {
const SekiroClient = Java.use('com.virjar.sekiro.business.api.SekiroClient');
const ActionHandler = Java.use('com.virjar.sekiro.business.api.interfaze.ActionHandler');
const SekiroRequestInitializer = Java.use('com.virjar.sekiro.business.api.interfaze.SekiroRequestInitializer');
const TimeHandler = Java.registerClass({
name: 'TimeHandler',
implements: [ActionHandler],
meth