Bug bounty tip: jiandikishe kwa Intigriti, jukwaa la bug bounty la premium lililotengenezwa na hackers, kwa hackers! Jiunge nasi kwenye https://go.intigriti.com/hacktricks leo, na uanze kupata zawadi hadi $100,000!
Sehemu zingine za msimbo wa asili hazifanyi kazi na zimebadilishwa hapa.
Part 2
Hapa unaweza kuona mfano wa jinsi ya kuhook kazi 2 zenye jina sawa lakini parameta tofauti.
Pia, utaweza kujifunza jinsi ya kuita kazi kwa parameta zako mwenyewe.
Na hatimaye, kuna mfano wa jinsi ya kupata mfano wa darasa na kufanya liite kazi.
//s2.jsconsole.log("Script loaded successfully ");Java.perform(functionx() {console.log("Inside java perform function");var my_class =Java.use("com.example.a11x256.frida_test.my_activity");//Hook "fun" with parameters (int, int)my_class.fun.overload("int","int").implementation=function (x, y) { //hooking the old functionconsole.log("original call: fun("+ x +", "+ y +")");var ret_value =this.fun(2,5);return ret_value;};//Hook "fun" with paramater(String)var string_class =Java.use("java.lang.String");my_class.fun.overload("java.lang.String").implementation=function (x) { //hooking the new functionconsole.log("*")//Create a new String and call the function with your input.var my_string =string_class.$new("My TeSt String#####");console.log("Original arg: "+ x);var ret =this.fun(my_string);console.log("Return value: "+ ret);console.log("*")return ret;};//Find an instance of the class and call "secret" function.Java.choose("com.example.a11x256.frida_test.my_activity", {onMatch:function (instance) {console.log(tring, and the it has"Found instance: "+ instance);console.log("Result of secret func: "+instance.secret());},onComplete:function () { }});});
Unaweza kuona kwamba ili kuunda String kwanza imejielekeza kwenye darasa java.lang.String na kisha imeunda kitu $new cha darasa hilo chenye String kama maudhui. Hii ndiyo njia sahihi ya kuunda kitu kipya cha darasa. Lakini, katika kesi hii, unaweza tu kupitisha kwa this.fun() String yoyote kama: this.fun("hey there!")
Python
//loader.pyimport fridaimport timedevice = frida.get_usb_device()pid = device.spawn(["com.example.a11x256.frida_test"])device.resume(pid)time.sleep(1)#Without it Java.perform silently failssession = device.attach(pid)script = session.create_script(open("s2.js").read())script.load()#prevent the python script from terminatingraw_input()
python loader.py
Sehemu ya 3
Python
Sasa utaona jinsi ya kutuma amri kwa programu iliyounganishwa kupitia Python ili kuita kazi:
The command "1" itatoa, the command "2" itapata na mfano wa darasa na kuita kazi ya faraghasecret() na command "3" it hook kazi secret() ili irejeshenyota tofauti.
Hivyo, ukitaja "2" utapata siri halisi, lakini ukitaja "3" na kisha "2" utapata siri bandia.
JS
console.log("Script loaded successfully ");var instances_array = [];functioncallSecretFun() {Java.perform(function () {if (instances_array.length==0) { // if array is emptyJava.choose("com.example.a11x256.frida_test.my_activity", {onMatch:function (instance) {console.log("Found instance: "+ instance);instances_array.push(instance)console.log("Result of secret func: "+instance.secret());},onComplete:function () { }});}else {//else if the array has some valuesconsole.log("Result of secret func: "+ instances_array[0].secret());}});}functionhookSecret() {Java.perform(function () {var my_class =Java.use("com.example.a11x256.frida_test.my_activity");var string_class =Java.use("java.lang.String");my_class.secret.overload().implementation=function(){var my_string =string_class.$new("TE ENGANNNNEEE");return my_string;}});}rpc.exports = {callsecretfunction: callSecretFun,hooksecretfunction: hookSecret};
Part 4
Hapa utaona jinsi ya kufanya Python na JS kuingiliana kwa kutumia vitu vya JSON. JS inatumia kazi ya send() kutuma data kwa mteja wa python, na Python inatumia kazi za post() kutuma data kwa skripti ya JS. JS itazuia utekelezaji hadi ipokee jibu kutoka kwa Python.
Bug bounty tip: jiandikishe kwa Intigriti, jukwaa la bug bounty la kiwango cha juu lililotengenezwa na hackers, kwa hackers! Jiunge nasi kwenye https://go.intigriti.com/hacktricks leo, na uanze kupata zawadi hadi $100,000!