app逆向-frida hook so层

案例:

import frida
import sys

hook_code = """
Java.perform(
    function(){
        var aes_decrypt_cbc = Module.getExportByName('libnative.so', '_Z15aes_decrypt_cbcPKhjPhPKjiS0_');
        Interceptor.attach(aes_decrypt_cbc, {
            onEnter:function(args){
                console.log('1:')
                console.log('0:',args[0].readByteArray(16))
                console.log('1:',args[1].toInt32())
                console.log('2:',args[2].readByteArray(16))
                console.log('3:',args[3].readByteArray(16))
                console.log('4:',args[4].toInt32())
                console.log('5:',args[5].readByteArray(16))
            },
            onLeave:function(retval){

            }
        })

        var aes_key_setup = Module.getExportByName('libnative.so', '_Z13aes_key_setupPKhPji');
        Interceptor.attach(aes_key_setup, {
            onEnter:function(args){
                console.log('2:')
                console.log('0:',args[0].readByteArray(16))
                console.log('2:',args[1].readByteArray(16))
                console.log('1:',args[2].toInt32())
            },
            onLeave:function(retval){

            }
        })
    }
)

function printstack() {
    send(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
}
"""


def test_hook():
    process = frida.get_usb_device(-1).attach('com.shjt.xxxxxx')
    script = process.create_script(hook_code)
    script.load()
    sys.stdin.read()


if __name__ == "__main__":
    test_hook()

你可能感兴趣的:(app逆向随笔,前端,javascript,开发语言)