mobile-hook手法 | 风尘孤狼
0%

mobile-hook手法

hook手法

环境搭建

hook环境搭建参考下边的文章

Frida 环境部署及使用 - Rannie` - 博客园 (cnblogs.com)

hook关键步骤

hook固定模板代码

# -*- coding:UTF-8 -*- #
"""
@filename:hook3.py
@auther:故里
@time:2024--16
 ./frida-server -l 0.0.0.0:27043
  ./fr -l 0.0.0.0:27043
adb forward tcp:27043 tcp:27043
"""

import frida
import sys
def on_message(message, data):
    print("[*] Message:", message)

def main():
    # 定义目标应用和独立的JavaScript脚本文件路径
    target_package = "xxx"  
    # target_package就填apk文件名就行
    
    script_path = "dump.js"
   # script_path才是关键的hook代码

    # 读取JavaScript脚本内容

    with open(script_path, "r", encoding="utf-8") as script_file:
        script_code = script_file.read()

    # 连接到指定的远程设备端口
    device_manager = frida.get_device_manager()
    remote_dev = device_manager.add_remote_device("127.0.0.1:27043")
    process = remote_dev.attach(target_package)

    # 加载并编译脚本
    script = process.create_script(script_code)
    script.on("message", on_message)
    script.load()

    # 执行脚本
    sys.stdin.read()
    # 结束会话
    script.unload()


if __name__ == '__main__':
    main()

dump.js根据题目实际情况来写,jadx可以直接生成hook代码

frida启动

x1q:/ # su
:/ # cd /data/local/tmp
:/data/local/tmp # ls
frida-server
:/data/local/tmp # chmod 777 frida-server
:/data/local/tmp #
./frida-server -l 0.0.0.0:27043
adb forward tcp:27042 tcp:27042
adb push /data/local/tmp C:\soft\Nox\bin\fs 
把模拟器文件内容拖到本地
adb pull C:\soft\Nox\bin\fs /data/local/tmp
把本地文件内容拖到模拟器

因为是hook代码是js代码,所以输出东西是用console.log

制作不易,如若感觉写的不错,欢迎打赏