如何使用Frida

时间:2019-05-08 02:00:14

标签: java android hook frida

如何使用frida获取“密钥”的值? (或paramString1(与键相同)使用EncryptDir函数的第一个参数)

我尝试了这个python代码,但是没有用。 我不在乎获取“密钥”值或记录加密功能。 我想获取AES加密的密钥值。

import frida, sys

def on_message(message, data):
    if message['type'] == 'send':
        print("[*] {0}".format(message['payload']))
    else:
        print(message)


PACKAGE_NAME = "com.ins.screensaver"


jscode= """
console.log("[*] Starting script");
    Java.perform(function() {

        console.log("[*] Hooking key");
        var Activity = Java.use("com.ins.screensaver.LockActivity");
        Activity.key.overload().implementation = function(){
            var mm = this.key;
            console.log(mm);
        }



    });
"""
try:
    process = frida.get_usb_device().attach(PACKAGE_NAME)
    script = process.create_script(jscode)
    script.on('message', on_message)
    print('[*] Running Hook')
    script.load()
    sys.stdin.read()
except Exception as e:
    print(e)

package com.ins.screensaver;

public class LockActivity
  extends AppCompatActivity
{
  final String[] ***key*** = new String[1];


[[[[[[[[skip...]]]]]]]]]


# paramString1 == key
private void encryptDir(final String ***paramString1***, String paramString2)
  {
    byte[] arrayOfByte = Utils.hexStringToByteArray(paramString1);
    paramString2 = new File(paramString2).listFiles();
    int i = 0;
    int j = paramString2.length;
    while (i < j)
    {
      final File localFile = paramString2[i];
      try
      {
        if (localFile.isDirectory())
        {
          new Thread(new Runnable()
          {
            public void run()
            {
              LockActivity.this.encryptDir(paramString1, localFile.getAbsolutePath());
            }
          }).start();
        }

0 个答案:

没有答案