安卓
安装&运行服务器
// 推送到手机
adb push ns /data/local/tmp/
// 设置权限
adb shell "chmod 755 /data/local/tmp/ns"
// 运行
adb shell "/data/local/tmp/ns &"
转发端口
adb forward tcp:8080 tcp:8080
查看进程
frida-ps -U
// 更改端口时
frida-ps -H 127.0.0.1:8080
加载脚本
frida -H 127.0.0.1:8080 com.jingdong.app.mall -l D:\PythonProjects\jd.js
过检测
- 修改服务器进程名,默认为frida-server,改为其他名字(如:ns)
- 修改默认启动端口,默认端口为27042,改为其他端口(如:
./ns -l 127.0.0.1:8080)
python代码
import frida
import codecs
def on_message(message, data):
if message['type'] == 'send':
print(message['payload'])
elif message['type'] == 'error':
print(message['stack'])
with codecs.open('./jd.js', 'r', 'utf-8') as f:
source = f.read()
package = 'com.jingdong.app.mall'
session = frida.get_device_manager().add_remote_device("127.0.0.1:8080").attach(package)
script = session.create_script(source)
script.on("message", on_message)
script.load()
js代码
Java.perform(function () {
var BitmapkitUtils = Java.use("com.jingdong.common.utils.BitmapkitUtils");
BitmapkitUtils.getSignFromJni.implementation = function (a, b, c, d, e, f) {
var result = this.getSignFromJni(a, b, c, d, e, f);
console.log(">>> 参数: " + b + ' / ' + c + ' / ' + d + ' / ' + d + ' / ' + f);
console.log(">>> Sign: " + result);
return result;
}
})