frida hook java代码
上传frida-server到手机并启动
adb push Frida-server /data/local/tmp/
adb shell "chmod 755 /data/local/tmp/Frida-server"
adb shell "/data/local/tmp/Frida-server &"
查看手机运行进程
frida-ps -U
端口转发
adb forward tcp:27042 tcp:27042
编写代码
# coding=utf-8
import frida
import sys
session = frida.get_remote_device().attach("com.droider.crackme0201")
# print session.enumerate_modules()
jscode = """
Java.perform(function () {
var check = Java.use('com.droider.crackme0201.MainActivity');
check.checkSN.implementation = function (a,b) {
console.log('用户名:',a);
console.log("注册码:",b)
return true;
}
});
"""
def on_message(message, data):
print(message)
script = session.create_script(jscode)
script.on('message', on_message)
script.load()
sys.stdin.read()
- 需要先启动手机上的进程,然后运行代码,否则会attach不到进程
- 运行显示注册成功
- 所需app:下载地址