sh自留地 HomeArchivesTagsCategories
frida常用js

7777

执行

1
frida -U -f com.example.android -l script.js

通过python执行

1
2
3
4
5
6
7
8
9
10
11
12
import time
import frida

device8 = frida.get_device_manager().add_remote_device("192.168.0.9:8888")
pid = device8.spawn("com.android.settings")
device8.resume(pid)
time.sleep(1)
session = device8.attach(pid)
with open("script.js") as f:
    script = session.create_script(f.read())
script.load()
input() #等待输入

JS

测试

1
2
3
4
5
6
function main() {
    Java.perform(function x() {
        console.log("sakura")
    })
}
setImmediate(main)

调用页面,劫持fun函数,参数类型为java.lang.String

notice 新版的jadx-gui可以直接右键复制为frida/xposed代码片段

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
function main() {
    console.log("Enter the Script!");
    Java.perform(function x() {
        console.log("Inside Java perform");
        var MainActivity = Java.use("myapplication.example.com.frida_demo.MainActivity");
        // 重载找到指定的函数
        MainActivity.fun.overload('java.lang.String').implementation = function (str) {
            //打印参数
            console.log("original call : str:" + str);
            //修改结果
            var ret_value = "sakura";
            return ret_value;
        };
    })
}
setImmediate(main);

一些类型

1
2
3
4
5
Map<String,List<String>> map
java.util.Map

List<? extends List<String>> list
java.util.List
Author: hundan
Link: https://hundan.org/2022/10/16/frida常用js/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.
fridajs