send

  1. # -*- coding: UTF-8 -*-
  2. import frida
  3. import sys
  5. jsCode = """
  6.     Java.perform(function(){
  7.         var RequestUtil = Java.use('com.dodonew.online.http.RequestUtil');
  8.         RequestUtil.encodeDesMap.overload('java.lang.String', 'java.lang.String', 'java.lang.String').implementation = function(a, b, c){
  9.             console.log('data: ', a);
  10.             console.log('desKey: ', b);
  11.             console.log('desIV: ', c);
  12.             var retval = this.encodeDesMap(a, b, c);
  13.             send( retval);
  14.             return retval;
  15.         }
  16.         var Utils = Java.use('com.dodonew.online.util.Utils');
  17.         Utils.md5.implementation = function(a){
  18.             console.log('MD5 string: ', a);
  19.             var retval = this.md5(a);
  20.             send( retval);
  21.             return retval;
  22.         }
  23.     });
  24. """
  27. def message_1(message, data):
  28.     print(message)
  29.     if message["type"] == 'send':
  30.         print(u"[*] {0}".format(message['payload']))
  31.     else:
  32.         print(message)
  35. process = frida.get_device_manager().add_remote_device('IP:8888').attach('com.dodonew.online')
  36. script = process.create_script(jsCode)
  37. script.load()
  38. print("开始运行")
  39. script.on('message', message_1)
  40. sys.stdin.read()

send的作用就是把js的处理结果发送回Python端,实现交互;
注意,send传入的参数只能是一个;

post/recv

这两个的作用就是把Python的处理结果发送给js,实现交互;

  1. # -*- coding: UTF-8 -*-
  2. import frida
  3. import sys
  5. jsCode = """
  6.     Java.perform(function(){
  7.         var RequestUtil = Java.use('com.dodonew.online.http.RequestUtil');
  8.         RequestUtil.encodeDesMap.overload('java.lang.String', 'java.lang.String', 'java.lang.String').implementation = function(a, b, c){
  9.             console.log('data: ', a);
  10.             console.log('desKey: ', b);
  11.             console.log('desIV: ', c);
  12.             var retval = this.encodeDesMap(a, b, c);
  13.             send( retval);
  14.             return retval;
  15.         }
  16.         var Utils = Java.use('com.dodonew.online.util.Utils');
  17.         Utils.md5.implementation = function(a){
  18.             console.log('MD5 string: ', a);
  19.             var retval = this.md5(a);
  20.             send( retval);
  21.             recv(function(obj){retval =obj.data}).wait();
  22.             return retval;
  23.         }
  24.     });
  25. """
  26. def message_1(message, data):
  27.     print(message)
  28.     if message["type"] == 'send':
  29.         print(u"[*] {0}".format(message['payload']))
  30.         script.post({'data': "测试文本"})
  31.     else:
  32.         print(message)
  34. process =frida.get_usb_device().attach('com.dodonew.online')
  35. script = process.create_script(jsCode)
  36. script.load()
  37. script.on('message', message_1)
  38. print("开始运行")
  39. sys.stdin.read()

这里1我们把 “测试文本”四个字作为sign的返回值拿给js处理,成功的实现了交互image.png