Frida 环境相关

发布时间: 2021-01-09 20:12:54

安装相关工具

frida工具安装

  • pip install frida
  • pip install frida-tools

安装frida-server

https://github.com/frida/frida/releases找到自己对应server下载之后,放入到模拟器或者有root权限的手机当中,然后执行./frida-server

使用流程

如果是使用模拟器的话比如雷电模拟器首先需要adb connect 127.0.0.1:62001 连接到模拟器。

启动frida-server

  • adb shell
  • cd /data/local/
  • ./frida-server

测试是否连接成功

  • frida-ps -U|grep com

编写hook代码

常用模板代码

import frida, sys




"""
var string_class = Java.use("java.lang.String")
var my_string = string_class.$new("My TeSt String#####"); 
"""

choose_code ="""
Java.choose("com.yaotong.crackme" , {
  onMatch : function(instance){ //This function will be called for every instance found by frida
    console.log("Found instance: "+instance);
    console.log("Result of secret func: " + instance.securityCheck());
  },
  onComplete:function(){}

});

"""

js_code = """
Java.perform(function () {


    var mac = Java.use('com.yaotong.crackme.MainActivity')
    if(mac == null){
        console.log('未找到',mac)

    }

    mac.securityCheck.overload("java.lang.String").implementation = function(x){
        send('crack successful')
        console.log(x)
        return true;
    }

});
"""

process = frida.get_remote_device().attach('com.yaotong.crackme')
script = process.create_script(js_code)
def on_message(message, data):
    if message['type'] == 'send':
        print("[*] {0}".format(message['payload']))
    else:
        print(message)
script.on('message', on_message)
print('开始hook')
script.load()
sys.stdin.read()

端口转发

adb forward tcp:27042 tcp:27042 目的是python程序的hook代码与frida-server进行通信

adb 语句相关

adb shell dumpsys activity |grep findstr "Fouces"