app逆向-frida hook so层

我是花臂不花

已于 2024-02-05 02:54:34 修改

阅读量919

点赞数 11

分类专栏： app逆向随笔文章标签：前端 javascript 开发语言

于 2024-02-05 02:54:20 首次发布

本文链接：https://blog.csdn.net/u010226586/article/details/136035072

版权

app逆向随笔专栏收录该内容

19 篇文章 4 订阅

订阅专栏

案例：

import frida
import sys

hook_code = """
Java.perform(
    function(){
        var aes_decrypt_cbc = Module.getExportByName('libnative.so', '_Z15aes_decrypt_cbcPKhjPhPKjiS0_');
        Interceptor.attach(aes_decrypt_cbc, {
            onEnter:function(args){
                console.log('1:')
                console.log('0:',args[0].readByteArray(16))
                console.log('1:',args[1].toInt32())
                console.log('2:',args[2].readByteArray(16))
                console.log('3:',args[3].readByteArray(16))
                console.log('4:',args[4].toInt32())
                console.log('5:',args[5].readByteArray(16))
            },
            onLeave:function(retval){

            }
        })

        var aes_key_setup = Module.getExportByName('libnative.so', '_Z13aes_key_setupPKhPji');
        Interceptor.attach(aes_key_setup, {
            onEnter:function(args){
                console.log('2:')
                console.log('0:',args[0].readByteArray(16))
                console.log('2:',args[1].readByteArray(16))
                console.log('1:',args[2].toInt32())
            },
            onLeave:function(retval){

            }
        })
    }
)

function printstack() {
    send(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
}
"""


def test_hook():
    process = frida.get_usb_device(-1).attach('com.shjt.xxxxxx')
    script = process.create_script(hook_code)
    script.load()
    sys.stdin.read()


if __name__ == "__main__":
    test_hook()