hook手法
环境搭建
hook环境搭建参考下边的文章
Frida 环境部署及使用 - Rannie` - 博客园 (cnblogs.com)
hook关键步骤
hook固定模板代码
# -*- coding:UTF-8 -*- #
"""
@filename:hook3.py
@auther:故里
@time:2024--16
./frida-server -l 0.0.0.0:27043
./fr -l 0.0.0.0:27043
adb forward tcp:27043 tcp:27043
"""
import frida
import sys
def on_message(message, data):
print("[*] Message:", message)
def main():
# 定义目标应用和独立的JavaScript脚本文件路径
target_package = "xxx"
# target_package就填apk文件名就行
script_path = "dump.js"
# script_path才是关键的hook代码
# 读取JavaScript脚本内容
with open(script_path, "r", encoding="utf-8") as script_file:
script_code = script_file.read()
# 连接到指定的远程设备端口
device_manager = frida.get_device_manager()
remote_dev = device_manager.add_remote_device("127.0.0.1:27043")
process = remote_dev.attach(target_package)
# 加载并编译脚本
script = process.create_script(script_code)
script.on("message", on_message)
script.load()
# 执行脚本
sys.stdin.read()
# 结束会话
script.unload()
if __name__ == '__main__':
main()
dump.js根据题目实际情况来写,jadx可以直接生成hook代码
frida启动
x1q:/ # su
:/ # cd /data/local/tmp
:/data/local/tmp # ls
frida-server
:/data/local/tmp # chmod 777 frida-server
:/data/local/tmp #
./frida-server -l 0.0.0.0:27043
adb forward tcp:27042 tcp:27042
adb push /data/local/tmp C:\soft\Nox\bin\fs
把模拟器文件内容拖到本地
adb pull C:\soft\Nox\bin\fs /data/local/tmp
把本地文件内容拖到模拟器
注
因为是hook代码是js代码,所以输出东西是用console.log