一.js代碼講解
rpc.exports = { //固定寫法
myfunction: function (data){ //自定義方法名 myfunction ,入參
function byte_ToHexString(uint8arr) { //busr數組轉16進制
var hexStr = String();
for (var i = 0; i < uint8arr.length; i++) {
var hex = (uint8arr[i] & 0xff).toString(16);
hex = (hex.length === 1) ? '0' + hex : hex;
hexStr += hex;
}
return hexStr.toUpperCase();
}
Java.perform(function () {
var Gorgon = Java.use("xx.xxx.xxx"); //hook類名
result = Gorgon.leviathan(data); //leviathan為方法名
result = {"code": 0, "value": byte_ToHexString(result)}; // 返回給py端內容
});
return result
}
}
二.python代碼以及注釋
# -*- coding: utf-8 -*-
# @Time : 2021/3/24 15:34
import logging
import frida
import sys
logging.basicConfig(level=logging.DEBUG)
def on_message(message, data):
print(message)
def frida_rpc(session):
#hook相關js代碼
rpc_hook_js = """
上述展示代碼
"""
#固定寫法
script = session.create_script(rpc_hook_js)
script.on('message', on_message)
script.load()
return script
rdev = frida.get_usb_device(10)
processes = rdev.enumerate_processes() # 安卓手機中的所有進程
session = rdev.attach("com.ss.android.ugc.aweme") #hook的包名
script = frida_rpc(session)
#調用
user_info1 = script.exports.douyingorgon(_data)
print(user_info1)
