如何使用frida获取“密钥”的值? (或paramString1(与键相同)使用EncryptDir函数的第一个参数)
我尝试了这个python代码,但是没有用。 我不在乎获取“密钥”值或记录加密功能。 我想获取AES加密的密钥值。
import frida, sys
def on_message(message, data):
if message['type'] == 'send':
print("[*] {0}".format(message['payload']))
else:
print(message)
PACKAGE_NAME = "com.ins.screensaver"
jscode= """
console.log("[*] Starting script");
Java.perform(function() {
console.log("[*] Hooking key");
var Activity = Java.use("com.ins.screensaver.LockActivity");
Activity.key.overload().implementation = function(){
var mm = this.key;
console.log(mm);
}
});
"""
try:
process = frida.get_usb_device().attach(PACKAGE_NAME)
script = process.create_script(jscode)
script.on('message', on_message)
print('[*] Running Hook')
script.load()
sys.stdin.read()
except Exception as e:
print(e)
package com.ins.screensaver;
public class LockActivity
extends AppCompatActivity
{
final String[] ***key*** = new String[1];
[[[[[[[[skip...]]]]]]]]]
# paramString1 == key
private void encryptDir(final String ***paramString1***, String paramString2)
{
byte[] arrayOfByte = Utils.hexStringToByteArray(paramString1);
paramString2 = new File(paramString2).listFiles();
int i = 0;
int j = paramString2.length;
while (i < j)
{
final File localFile = paramString2[i];
try
{
if (localFile.isDirectory())
{
new Thread(new Runnable()
{
public void run()
{
LockActivity.this.encryptDir(paramString1, localFile.getAbsolutePath());
}
}).start();
}