frida hook ios 新机参数

最新推荐文章于 2024-08-26 16:40:14 发布
最新推荐文章于 2024-08-26 16:40:14 发布
阅读量50 收藏
点赞数
文章标签: ios cocoa macos
原文链接:https://codeshare.frida.re/@lichao890427/device--parameter/
版权

frida hook ios 新机参数

var O_RDONLY = 0;
var O_WRONLY = 1;
var O_RDWR = 2;
var O_CREAT = 512;

var SEEK_SET = 0;
var SEEK_CUR = 1;
var SEEK_END = 2;

var NSData = ObjC.classes.NSData;
var NSString = ObjC.classes.NSString;
var NSFileManager = ObjC.classes.NSFileManager;


function str(s) {
    return Memory.allocUtf8String(s);
}

function nsstr(str) {
    return ObjC.classes.NSString.stringWithUTF8String_(Memory.allocUtf8String(str));
}


function nsstr2nsdata(nsstr) {
    return nsstr.dataUsingEncoding_(4);
}


function nsdata2nsstr(nsdata) {
    return ObjC.classes.NSString.alloc().initWithData_encoding_(nsdata, 4);
}


function callstack() {
    console.log(Thread.backtrace(this.context, Backtracer.ACCURATE).map(DebugSymbol.fromAddress).join("\n") + "\n");
}

function allocStr(str) {
    return Memory.allocUtf8String(str);
}

function getNSString(str) {
    return NSString.stringWithUTF8String_(Memory.allocUtf8String(str));
}

function getStr(addr) {
    if (typeof addr == "number") {
        addr = ptr(addr);
    }
    return Memory.readUtf8String(addr);
}

function getStrSize(addr, size) {
    if (typeof addr == "number") {
        addr = ptr(addr);
    }
    return Memory.readUtf8String(addr, size);
}

function putStr(addr, str) {
    if (typeof addr == "number") {
        addr = ptr(addr);
    }
    return Memory.writeUtf8String(addr, str);
}

function getByteArr(addr, l) {
    if (typeof addr == "number") {
        addr = ptr(addr);
    }
    return Memory.readByteArray(addr, l);
}

function getU8(addr) {
    if (typeof addr == "number") {
        addr = ptr(addr);
    }
    return Memory.readU8(addr);
}

function putU8(addr, n) {
    if (typeof addr == "number") {
        addr = ptr(addr);
    }
    return Memory.writeU8(addr, n);
}

function getU16(addr) {
    if (typeof addr == "number") {
        addr = ptr(addr);
    }
    return Memory.readU16(addr);
}

function putU16(addr, n) {
    if (typeof addr == "number") {
        addr = ptr(addr);
    }
    return Memory.writeU16(addr, n);
}

function getU32(addr) {
    if (typeof addr == "number") {
        addr = ptr(addr);
    }
    return Memory.readU32(addr);
}

function putU32(addr, n) {
    if (typeof addr == "number") {
        addr = ptr(addr);
    }
    return Memory.writeU32(addr, n);
}

function getU64(addr) {
    if (typeof addr == "number") {
        addr = ptr(addr);
    }
    return Memory.readU64(addr);
}

function putU64(addr, n) {
    if (typeof addr == "number") {
        addr = ptr(addr);
    }
    return Memory.writeU64(addr, n);
}

function getPt(addr) {
    if (typeof addr == "number") {
        addr = ptr(addr);
    }
    return Memory.readPointer(addr);
}

function putPt(addr, n) {
    if (typeof addr == "number") {
        addr = ptr(addr);
    }
    if (typeof n == "number") {
        n = ptr(n);
    }
    return Memory.writePointer(addr, n);
}

function geterr() {
    var strerror = getExportFunction("f", "strerror", "pointer", ["int"]);
    var errno = getExportFunction("d", "errno");
    return Memory.readUtf8String(strerror(errno.toInt32()));
}

function malloc(size) {
    return Memory.alloc(size);
}

function getExportFunction(type, name, ret, args) {
    var nptr;
    nptr = Module.findExportByName(null, name);
    if (nptr === null) {
        console.log("cannot find " + name);
        return null;
    } else {
        if (type === "f") {
            var funclet = new NativeFunction(nptr, ret, args);
            if (typeof funclet === "undefined") {
                console.log("parse error " + name);
                return null;
            }
            return funclet;
        } else if (type === "d") {
            var datalet = Memory.readPointer(nptr);
            if (typeof datalet === "undefined") {
                console.log("parse error " + name);
                return null;
            }
            return datalet;
        }
    }
}

function modload(modpath) {
    var dlopen = getExportFunction("f", "dlopen", "pointer", ["pointer", "int"]);
    dlopen(str(modpath), 1);
}

function print_sysctl_str(name, sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf) {
    Memory.writeU64(buf, 0);
    Memory.writeU32(sizep, 64);
    Memory.writeU32(bufsize, bsize);
    if (0 == sysctlnametomib(str(name), mibp, sizep)) {
        sysctl(mibp, Memory.readU8(sizep), buf, bufsize, ptr("0"), 0);
        console.log(name, 'bymib', getStr(buf));
    }
    Memory.writeU64(buf, 0);
    Memory.writeU32(bufsize, bsize);
    if (0 == sysctlbyname(str(name), buf, bufsize, ptr("0"), 0)) {
        console.log(name, 'byname', getStr(buf));
    }
}

function print_sysctl_u32(name, sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf) {
    Memory.writeU64(buf, 0);
    Memory.writeU32(sizep, 64);
    Memory.writeU32(bufsize, bsize);
    if (0 == sysctlnametomib(str(name), mibp, sizep)) {
        sysctl(mibp, Memory.readU8(sizep), buf, bufsize, ptr("0"), 0);
        console.log(name, 'bymib', getU32(buf));
    }
    Memory.writeU64(buf, 0);
    Memory.writeU32(bufsize, bsize);
    if (0 == sysctlbyname(str(name), buf, bufsize, ptr("0"), 0)) {
        console.log(name, 'byname', getU32(buf));
    }
}

var sleep = getExportFunction("f", "sleep", "void", ["int"]);

function get_location() {
    var waitforstart = 5;
    var location = "please enable location service in iOS settings";
    var locman = null;
    var locproxy = null;
    var CLLocationManager = ObjC.classes.CLLocationManager;
    const MyConnectionDelegateProxy = ObjC.registerClass({
        super: ObjC.classes.NSObject,
        protocols: [ObjC.protocols.CLLocationManagerDelegate],
        methods: {
            '- locationManager:didUpdateLocations:': {
                types: ObjC.protocols.CLLocationManagerDelegate.methods['- locationManager:didUpdateLocations:'].types,
                implementation: function (man, locs) {
                    var loc = locs.lastObject();
                    location = "coordinate=" + loc.coordinate() + ",altitude=" + loc.altitude() + 
                        ",horizontalAccuracy=" + loc.horizontalAccuracy() + ",verticalAccuracy=" + loc.verticalAccuracy() +
                        ",course=" + loc.course() + ",speed=" + loc.speed() + ",timestamp=" + loc.timestamp();
                    waitforstart = false;
                }
            },
            '- locationManager:didFailWithError:': {
                types: ObjC.protocols.CLLocationManagerDelegate.methods['- locationManager:didFailWithError:'].types,
                implementation: function (man, err) {
                    location = "get location error " + err.toString();
                    waitforstart = false;
                }
            }
        }
    });
        
    ObjC.schedule(ObjC.mainQueue, function() {
        locman = CLLocationManager.alloc().init();
        locproxy = MyConnectionDelegateProxy.alloc().init();
        locman.setDelegate_(locproxy);
        locman.requestAlwaysAuthorization();
        locman.setDesiredAccuracy_(-1.0);
        locman.startUpdatingLocation();
        waitforstart = 0;
    })
    while (waitforstart-- > 0) {
        sleep(1);
    }
    locman.stopUpdatingLocation();
    return location;
}

function get_networkinfo() {
    var AF_INET = 2;
    var AF_INET6 = 30;
    var AF_LINK = 18;
    var bufsize = 256;
    var buf = Memory.alloc(bufsize);
    var int2family = function (i) {
        return { "2": "AF_INET", "18": "AF_LINK", "30": "AF_INET6" }[i.toString()];
    }
    var getifaddrs = getExportFunction("f", "getifaddrs", "int", ["pointer"]);
    var inet_ntop = getExportFunction("f", "inet_ntop", "pointer", ["int", "pointer", "pointer", "int"]);
    var paddrs = Memory.alloc(Process.pointerSize);
    getifaddrs(paddrs);
    var caddr = Memory.readPointer(paddrs);
    while (caddr != 0) {
        var ifa_addr = Memory.readPointer(caddr.add(Process.pointerSize * 3));
        var ifa_netmask = Memory.readPointer(caddr.add(Process.pointerSize * 4));
        var ifa_dstaddr = Memory.readPointer(caddr.add(Process.pointerSize * 5));
        var ifa_data = Memory.readPointer(caddr.add(Process.pointerSize * 6));
        var ifa_name = Memory.readPointer(caddr.add(Process.pointerSize));
        var name = Memory.readUtf8String(Memory.readPointer(caddr.add(Process.pointerSize)));
        var family = Memory.readU8(ifa_addr.add(1));
        var s_addr = "none";
        var s_netmask = "none";
        var s_dstaddr = "none";
        var ibytes = 0, obytes = 0, ipackets = 0, opackets = 0, baudrate = 0;
        if (!ifa_addr.isNull()) {
            if (!inet_ntop(family, ifa_addr.add(4), buf, bufsize).isNull()) {
                s_addr = Memory.readUtf8String(buf);
            }
        }
        if (!ifa_netmask.isNull()) {
            if (!inet_ntop(family, ifa_netmask.add(4), buf, bufsize).isNull()) {
                s_netmask = Memory.readUtf8String(buf);
            }
        }
        if (!ifa_dstaddr.isNull()) {
            if (!inet_ntop(family, ifa_dstaddr.add(4), buf, bufsize).isNull()) {
                var s_dstaddr = Memory.readUtf8String(buf);
            }
        }
        if (!ifa_addr.isNull()) {
            baudrate = Memory.readU32(ifa_addr.add(16));
            ipackets = Memory.readU32(ifa_addr.add(20));
            opackets = Memory.readU32(ifa_addr.add(28));
            ibytes = Memory.readU32(ifa_addr.add(40));
            obytes = Memory.readU32(ifa_addr.add(44));
        }
        console.log(name + ",family:" + family + ",addr:" + s_addr + ",netmask:" +
            s_netmask + ",dstaddr:" + s_dstaddr + ",ibytes:" + ibytes + ",obytes:" + obytes +
            ",ipackets:" + ipackets + ",opackets:" + opackets + ",baudrate:" + baudrate);
        caddr = Memory.readPointer(caddr);
    }
    var SCNetworkReachabilityCreateWithAddress = getExportFunction("f", "SCNetworkReachabilityCreateWithAddress",
        "pointer", ["pointer", "pointer"]);
    var SCNetworkReachabilityGetFlags = getExportFunction("f", "SCNetworkReachabilityGetFlags",
        "int", ["pointer", "pointer"]);
    Memory.writeU64(buf, 0);
    Memory.writeU64(buf.add(8), 0);
    Memory.writeU8(buf, 16);
    Memory.writeU8(buf.add(1), AF_INET);
    var defaultRouteReachability = SCNetworkReachabilityCreateWithAddress(ptr('0'), buf);
    var SCNetworkReachabilityFlags = Memory.alloc(4);
    SCNetworkReachabilityGetFlags(defaultRouteReachability, SCNetworkReachabilityFlags);
    console.log("SCNetworkReachabilityFlags", Memory.readU32(SCNetworkReachabilityFlags));
}

function get_deviceinfo() {
    var bsize = 256;
    var buf = Memory.alloc(bsize);
    var bufsize = Memory.alloc(4);

    var _SYS_NAMELEN = 256;
    var uname = getExportFunction("f", "uname", "int", ["pointer"]);
    var utsname = Memory.alloc(_SYS_NAMELEN * 5);
    uname(utsname);
    console.log("uname.sysname", getStr(utsname.add(0 * _SYS_NAMELEN)));
    console.log("uname.nodename", getStr(utsname.add(1 * _SYS_NAMELEN)));
    console.log("uname.release", getStr(utsname.add(2 * _SYS_NAMELEN)));
    console.log("uname.version", getStr(utsname.add(3 * _SYS_NAMELEN)));
    console.log("uname.machine", getStr(utsname.add(4 * _SYS_NAMELEN)));

    var sysctlbyname = getExportFunction("f", "sysctlbyname", "int", 
        ["pointer", "pointer", "pointer", "pointer", "int"]);
    var sysctl = getExportFunction("f", "sysctl", "int", 
        ["pointer", "int", "pointer", "pointer", "pointer", "int"]);
    var sysctlnametomib = getExportFunction("f", "sysctlnametomib", "int",
        ["pointer", "pointer", "pointer"]);
    var mibp = Memory.alloc(256);
    var sizep = Memory.alloc(4);

    print_sysctl_str("kern.osrelease", sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf);
    print_sysctl_str("kern.version", sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf);
    print_sysctl_str("kern.hostname", sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf);
    print_sysctl_u32("kern.boottime", sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf);
    print_sysctl_str("kern.osversion", sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf);
    print_sysctl_str("hw.machine", sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf);
    print_sysctl_str("hw.model", sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf);
    print_sysctl_u32("hw.ncpu", sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf);
    print_sysctl_u32("hw.availcpu", sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf);
    print_sysctl_u32("hw.physmem", sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf);
    print_sysctl_u32("hw.memsize", sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf);
    print_sysctl_u32("hw.usermem", sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf);
    print_sysctl_u32("hw.l1icachesize", sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf);
    print_sysctl_u32("hw.l1dcachesize", sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf);
    print_sysctl_u32("hw.l2cachesize", sysctlbyname, sysctlnametomib, sysctl, mibp, sizep, bufsize, bsize, buf);

    var UIDevice = ObjC.classes.UIDevice.currentDevice();
    console.log("UIDevice.localizedModel", UIDevice.localizedModel());
    console.log("UIDevice.systemVersion", UIDevice.systemVersion());
    console.log("UIDevice.model", UIDevice.model());
    console.log("UIDevice.name", UIDevice.name());
    console.log("UIDevice.systemName", UIDevice.systemName());
    console.log("UIDevice.orientation", UIDevice.orientation());
    console.log("UIDevice.identifierForVendor", UIDevice.identifierForVendor());
    console.log("UIDevice.userInterfaceIdiom", UIDevice.userInterfaceIdiom());

    var NSProcessInfo = ObjC.classes.NSProcessInfo.processInfo();
    console.log("NSProcessInfo.hostName", NSProcessInfo.hostName());
    console.log("NSProcessInfo.operatingSystemVersionString", NSProcessInfo.operatingSystemVersionString());
    // console.log("NSProcessInfo.operatingSystemVersion", NSProcessInfo.operatingSystemVersion());
    console.log("NSProcessInfo.processorCount", NSProcessInfo.processorCount());
    console.log("NSProcessInfo.activeProcessorCount", NSProcessInfo.activeProcessorCount());
    console.log("NSProcessInfo.physicalMemory", NSProcessInfo.physicalMemory());
    console.log("NSProcessInfo.systemUptime", NSProcessInfo.systemUptime());

    modload('/System/Library/Frameworks/AdSupport.framework/AdSupport');
    var ASIdentifierManager = ObjC.classes.ASIdentifierManager.sharedManager();
    console.log("ASIdentifierManager.advertisingIdentifier", ASIdentifierManager.advertisingIdentifier());
    console.log("ASIdentifierManager.isAdvertisingTrackingEnabled", ASIdentifierManager.isAdvertisingTrackingEnabled());

    var ctinfo = ObjC.classes.CTTelephonyNetworkInfo.alloc().init();
    var carrier = ctinfo.subscriberCellularProvider();
    console.log("CTCarrier.carrierName", carrier.carrierName());
    console.log("CTCarrier.mobileCountryCode", carrier.mobileCountryCode());
    console.log("CTCarrier.mobileNetworkCode", carrier.mobileNetworkCode());
    console.log("CTCarrier.isoCountryCode", carrier.isoCountryCode());
    console.log("CTTelephonyNetworkInfo.currentRadioAccessTechnology", ctinfo.currentRadioAccessTechnology());

    var NSLocale = ObjC.classes.NSLocale.currentLocale();
    console.log("NSLocale.localeIdentifier", NSLocale.localeIdentifier());
    console.log("NSLocale.languageCode", NSLocale.languageCode());
    console.log("NSLocale.collatorIdentifier", NSLocale.collatorIdentifier());
    console.log("NSLocale.countryCode", NSLocale.countryCode());
    console.log("NSLocale.currencySymbol", NSLocale.currencySymbol());
    console.log("NSLocale.currencyCode", NSLocale.currencyCode());

    var NSUserDefaults = ObjC.classes.NSUserDefaults.standardUserDefaults();
    console.log("NSUserDefaults.NSLanguages", NSUserDefaults.objectForKey_(nsstr('NSLanguages')));
    console.log("NSUserDefaults.ApplePasscodeKeyboards", NSUserDefaults.objectForKey_(nsstr('ApplePasscodeKeyboards')));
    console.log("NSUserDefaults.AppleLanguages", NSUserDefaults.objectForKey_(nsstr('AppleLanguages')));
    console.log("NSUserDefaults.AppleKeyboards", NSUserDefaults.objectForKey_(nsstr('AppleKeyboards')));
    console.log("NSUserDefaults.AppleKeyboardsExpanded", NSUserDefaults.objectForKey_(nsstr('AppleKeyboardsExpanded')));

    var UITextInputMode = ObjC.classes.UITextInputMode;
    var obj = UITextInputMode.currentInputMode();
    console.log("UITextInputMode.primaryLanguage", obj.displayName(), obj.extendedDisplayName(),
        obj.identifier(), obj.identifierWithLayouts(), obj.languageWithRegion(), obj.normalizedIdentifier(),
        obj.primaryLanguage());
    var tinputmodes = UITextInputMode.activeInputModes();
    for (var i = 0; i < tinputmodes.count(); i++) {
        var obj = tinputmodes.objectAtIndex_(i);
        console.log("UITextInputMode.activeInputModes", obj.displayName(), obj.extendedDisplayName(),
            obj.identifier(), obj.identifierWithLayouts(), obj.languageWithRegion(), obj.normalizedIdentifier(),
            obj.primaryLanguage());
    }

    var key = ObjC.classes.UIKeyboardInputModeController.sharedInputModeController();
    var obj = key.currentInputMode();
    console.log("UIKeyboardInputMode.currentInputMode", obj.displayName(), obj.extendedDisplayName(),
        obj.identifier(), obj.identifierWithLayouts(), obj.languageWithRegion(), obj.normalizedIdentifier(),
        obj.primaryLanguage());
    var kinputmods = key.extensionInputModes();
    for (var i = 0; i < kinputmods.count(); i++) {
        var obj = tinputmodes.objectAtIndex_(i);
        console.log("UIKeyboardInputMode.extensionInputModes", obj.displayName(), obj.extendedDisplayName(),
            obj.identifier(), obj.identifierWithLayouts(), obj.languageWithRegion(), obj.normalizedIdentifier(),
            obj.primaryLanguage());
    }
  
    var NSTimeZone = ObjC.classes.NSTimeZone;
    console.log("systemTimeZone", NSTimeZone.systemTimeZone().name());
    console.log("defaultTimeZone", NSTimeZone.defaultTimeZone().name());
    console.log("localTimeZone", NSTimeZone.localTimeZone().name());

    var UIDevice = ObjC.classes.UIDevice.currentDevice();
    console.log("UIDevice.batteryMonitoringEnabled", UIDevice.isBatteryMonitoringEnabled());
    UIDevice.setBatteryMonitoringEnabled_(1);
    console.log("UIDevice.batteryState", UIDevice.batteryState());
    console.log("UIDevice.batteryLevel", UIDevice.batteryLevel());

    var NSDocumentDirectory = 9;
    var NSUserDomainMask = 1;
    var error = Memory.alloc(4);
    
    var NSSearchPathForDirectoriesInDomains = getExportFunction("f", "NSSearchPathForDirectoriesInDomains",
        "pointer", ["int", "int", "int"]);
    var docpaths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, 1);
    var docpath = ObjC.Object(docpaths).lastObject();
    var attrs = NSFileManager.defaultManager().attributesOfFileSystemForPath_error_(docpath, error);
    console.log("NSFileManager.NSFileSystemSize", attrs.objectForKey_(nsstr("NSFileSystemSize")));
    console.log("NSFileManager.NSFileSystemFreeSize", attrs.objectForKey_(nsstr("NSFileSystemFreeSize")));
    console.log("NSFileManager.NSFileCreationDate", attrs.objectForKey_(nsstr("NSFileCreationDate")));
    console.log("NSFileManager.NSFileModificationDate", attrs.objectForKey_(nsstr("NSFileModificationDate")));

    var useragent = '';
    var waitforstart = 5;
    ObjC.schedule(ObjC.mainQueue, function() {
        var UIWebView = ObjC.classes.UIWebView.alloc().init();
        useragent = UIWebView.stringByEvaluatingJavaScriptFromString_(nsstr("navigator.userAgent"));
        waitforstart = 0;
    })
    while (waitforstart-- > 0) {
        sleep(1);
    }
    console.log("UserAgent", useragent);

    var UIScreen = ObjC.classes.UIScreen.mainScreen();
    var UIApplication = ObjC.classes.UIApplication.sharedApplication();
    console.log("UIScreen.bounds", UIScreen.bounds());
    console.log("UIScreen.nativeBounds", UIScreen.nativeBounds());
    console.log("UIScreen.brightness", UIScreen.brightness());
    console.log("UIApplication.idleTimerDisabled", UIApplication.isIdleTimerDisabled());

    var AVAudioSession = ObjC.classes.AVAudioSession.sharedInstance();
    console.log("AVAudioSession.outputVolume", AVAudioSession.outputVolume());
    console.log("AVAudioSession.inputLatency", AVAudioSession.inputLatency());
    console.log("AVAudioSession.outputLatency", AVAudioSession.outputLatency());
    console.log("AVAudioSession.IOBufferDuration", AVAudioSession.IOBufferDuration());
    console.log("AVAudioSession.Headphones", AVAudioSession.currentRoute().outputs().lastObject().portType());
}```
wxsxtat
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
iOS逆向之hook框架frida的安装和使用
╰つ栺尖篴夢ゞ
10-23 4万+
一、Frida Frida 是一款基于 Python + javascript 的 hook 框架,通杀 android\iOS\linux\win\osx 各平台。Frida 原理是手机端安装一个 server 程序把手机端的端口转到 PC 端写的 python 脚本进行通信,而 Python 脚本中采用 javascript 语言编写 hook 代码。 ① install frida on device Start Cydia and add Frida’s repository by navig
frida ios下批量hook类方法
聊技术、交朋友、喝小酒
07-16 629
frida ios下批量hook类方法
jnitrace、frida-trace、Stalker、sktrace、Frida Native Trace、r0tracer、strace、IDA trace、Unidbg Trace
freeking101的博客
03-19 4982
一个基于 frida 的工具,用来追踪安卓应用的 JNI API。jnitrace 是一个动态分析追踪工具,类似与 frida-trace 和 strace,但是jnitrace 只针对 JNI。
安卓逆向|菜鸟的FRIDA学习笔记:内存读写
Python3 爬虫实战 1:应对特殊字体,爬取猫眼电影实时排行榜
07-12 6802
这是我自己的学习笔记,比较水,大佬勿喷。假设你的手机已经root,并已开启frida服务,电脑端已安装好Python,frida,IDA,GDA。样本地址:链接: https://pan...
181203 逆向-基于Frida的VM_log工具
whklhhhh的博客
12-03 1537
做CTF中的VM题一直都是在python中手写一遍所有的handler来模拟执行VM,然后打log并结合代码来猜测逻辑 然后慢慢地产生一个想法、本身程序也有在执行这个VM,何苦还要再手写VM呢,反正大多数情况下需要的只是log–再具体说的话就只是程序的reg和data而已 通过在VM的每次loop之间插桩拿到data,也同样可以打出log 由于CTF中的VM大多数情况下都不会很复杂,因此完全可以通...
Frida Hook IOS native修改值或读取值的例子
u012283756的博客
04-14 149
基本上frida hook ios的打印于替换修改返回值或参数的方法,都在这里了。
Frida hook/invoke iOS以及内存搜刮和黑盒调用
大数据安全技术学习
07-27 2万+
终于学到了Frida的部分,在本篇中我们将从objection这款自动化hook框架的源码出发,学习使用Frida内置的ApiResolver搜刮器来枚举内存中的所有符号,包括所有类/所有方法/所有重载,再对其进行hook后输出参数调用栈返回值,并且对参数与返回值进行修改,以实现修改函数逻辑的目的。
frida Hook对象参数函数
dengfeng1638205133的博客
06-25 1347
import frida, sys jscode = """ Java.perform(function () { var utils = Java.use('com.xiaojianbang.app.Utils'); var money = Java.use('com.xiaojianbang.app.Money'); utils.test.overload('com.xiaojianbang.app.Money').implementation = function (ob.
Frida Hook 登录校验
热门推荐
赵航的博客
01-25 2万+
本文简单介绍下firda 如何绕过简单的登录检验.
frida-ios-hook:一个脚本,可帮助您在iOS平台上跟踪类,函数和修改方法的返回值
04-27
Frida iOS挂钩一个脚本,可帮助您在iOS平台上跟踪类,函数和修改方法的返回值。 对于Android平台: : 环保操作系统支持作业系统支持的著名的苹果系统 :check_mark_button: 主要的Linux :check_mark_button: 子视窗 ...
frida-script:储存自己的FRIDA HOOK脚本
07-24
由于其支持多种操作系统和架构,如Windows、Linux、macOSiOS、Android等,Frida成为安全研究人员、逆向工程师和软件开发者手中的利器。它不仅可以用于调试,还常用于动态分析、API拦截、注入代码、修改内存等高级...
frida-ios-dump-master.zip
09-21
frida-ios-dump-master.zip
Frida_Windows_Hook
04-13
Frida_Windows_Hook Frida_Windows_Hook是一个开源工具,主要针对渗透测试人员和开发人员。 Frida_Windows_Hook正在使用Windows渗透。 用法 如何: usage: Frida_Windows_Hook_v0.1.py 先决条件 要使用Web_Brute_...
Android逆向-frida hook 脚本- hook webview
08-17
Android逆向-frida hook 脚本- hook webview。 frida hook webview的loadurl方法,获取加载的地址和调用链。 Java.choose 获取到webview的对象,可以主动调用webview的方法。
uniapp,uview:inputnumber或者input,当type为number的时候,在ios里输入不了小数的问题
bittingCat的博客
08-26 166
在做uniapp的H5页面时,有个需求是要输入框要能支持可以保留两位小数输入,不能输入负数和其他字符。心想这简单,直接用uview的inputnumber组件这不就好了,结果测试提bug说不能输入小数点,我心想我的发,自己的不是可以吗,结果去试了一下,确实不能输入。ios里只能弹出自带的数字键盘,而且还是没有小数点的`于是按照惯例,百度开发工程师开始了,开始百度搜索问题:搜到是说type不能为number,把number设置成digit就好了,官方图如下嗯哼,改了之后,自己手机试了一下。
IOS 15 实现Toast和小菊花Loading提示
最新发布
sziitjin的博客
08-26 169
/// 提示/////// 显示提示//背景颜色//标题文字颜色//显示到屏幕顶部//因为显示到中心有点遮挡内容/// 加载提示//菊花颜色//最小尺寸//背景半透明//背景颜色//标题文字颜色//显示对话框//设置对话框文字//详细文字.detailsLabel.text = "请耐心等待"/// 隐藏提示。
CocosCreator3.8 IOS 构建插屏无法去除的解决方案
w风雨无阻w的专栏
08-22 481
将 “useSplashScreen”: true 修改为 “useSplashScreen”: false。在实际项目开发过程中,我们通常无需CocosCreator 自带的插屏,一般采用自定义加载页面。CocosCreator3.8 IOS 构建插屏无法去除的解决方案。其实很简单,只需要先导出发布配置,手动修改插屏配置选项,再导入即可。打开项目配置工程,点击右上角 导出按钮。那我们应该怎么解决这个问题呢?修改完成后,保存配置文件。
iOS profiles文件过期如何更新
weixin_40803490的博客
08-21 745
,该p12文件类似Certificates的副本,不用将Certificates直接提供给其他人,其他人可直接安装p12文件就可以在不同电脑上运行同一个bundleId的应用。Mac快捷键【command+空格】,输入“钥匙串访问”回车——打开以下界面。进入profiles界面,进入对应的profile文件,点击【上传一个csr文件,点击continue后会得到一个【根据实际输入对应的信息后,得到一个【在钥匙串界面中,选择上面导入的证书【】文件, 简称csr文件。】, 开发者证书选择【
IOS 14 封装网络请求框架
sziitjin的博客
08-26 286
本文基于,对网络请求框架Moya的二次封装,并实现JSON对象解析等。
frida hook脚本
05-27
Frida是一款强大的动态分析工具,可以用来hook各种应用程序,包括Android和iOS应用程序。Frida的JavaScript API提供了一种简单而强大的方式来hook应用程序中的函数。Frida hook脚本的编写通常包括以下步骤: 1. 选择要hook的函数或方法。 2. 编写JavaScript代码来hook函数或方法。 3. 运行脚本并测试hook是否成功。 具体来说,Frida hook脚本的编写可以分为以下几个步骤: 1. 选择要hook的函数或方法。可以使用Frida提供的工具来查找应用程序中的函数或方法。 2. 编写JavaScript代码来hook函数或方法。可以使用Frida提供的JavaScript API来hook函数或方法,例如使用Interceptor.attach()函数来hook函数。 3. 运行脚本并测试hook是否成功。可以使用Frida提供的命令行工具或者GUI工具来运行脚本,并测试hook是否成功。 举个例子,如果我们想要hook一个Android应用程序中的getString()函数,可以按照以下步骤进行: 1. 使用Frida提供的工具来查找应用程序中的getString()函数。 2. 编写JavaScript代码来hook getString()函数,例如使用Interceptor.attach()函数来hook getString()函数。 3. 运行脚本并测试hook是否成功,例如运行应用程序并查看getString()函数的输出是否被修改。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值