一.js代码讲解
rpc.exports = { //固定写法
myfunction: function (data){ //自定义方法名 myfunction ,入参
function byte_ToHexString(uint8arr) { //busr数组转16进制
var hexStr = String();
for (var i = 0; i < uint8arr.length; i++) {
var hex = (uint8arr[i] & 0xff).toString(16);
hex = (hex.length === 1) ? '0' + hex : hex;
hexStr += hex;
}
return hexStr.toUpperCase();
}
Java.perform(function () {
var Gorgon = Java.use("xx.xxx.xxx"); //hook类名
result = Gorgon.leviathan(data); //leviathan为方法名
result = {"code": 0, "value": byte_ToHexString(result)}; // 返回给py端内容
});
return result
}
}
二.python代码以及注释
# -*- coding: utf-8 -*-
# @Time : 2021/3/24 15:34
import logging
import frida
import sys
logging.basicConfig(level=logging.DEBUG)
def on_message(message, data):
print(message)
def frida_rpc(session):
#hook相关js代码
rpc_hook_js = """
上述展示代码
"""
#固定写法
script = session.create_script(rpc_hook_js)
script.on('message', on_message)
script.load()
return script
rdev = frida.get_usb_device(10)
processes = rdev.enumerate_processes() # 安卓手机中的所有进程
session = rdev.attach("com.ss.android.ugc.aweme") #hook的包名
script = frida_rpc(session)
#调用
user_info1 = script.exports.douyingorgon(_data)
print(user_info1)