Je, unafanya kazi katika kampuni ya usalama wa mtandao? Unataka kuona kampuni yako ikitangazwa kwenye HackTricks? au unataka kupata upatikanaji wa toleo jipya la PEASS au kupakua HackTricks kwa PDF? Angalia MIPANGO YA KUJIUNGA!
Siri ya tuzo ya mdudu: jiandikishe kwa Intigriti, jukwaa la mdudu la malipo lililoundwa na wakora! Jiunge nasi kwenye https://go.intigriti.com/hacktricks leo, na anza kupata tuzo hadi $100,000!
Baadhi ya sehemu za msimbo asilia hazifanyi kazi na zimebadilishwa hapa.
Sehemu 2
Hapa unaweza kuona mfano wa jinsi ya kufunga 2 kazi zenye jina moja lakini parameta tofauti.
Pia, utajifunza jinsi ya kuita kazi na parameta zako mwenyewe.
Na mwishowe, kuna mfano wa jinsi ya kupata kifungu cha darasa na kufanya kiite kazi.
//s2.jsconsole.log("Script loaded successfully ");Java.perform(functionx() {console.log("Inside java perform function");var my_class =Java.use("com.example.a11x256.frida_test.my_activity");//Hook "fun" with parameters (int, int)my_class.fun.overload("int","int").implementation=function (x, y) { //hooking the old functionconsole.log("original call: fun("+ x +", "+ y +")");var ret_value =this.fun(2,5);return ret_value;};//Hook "fun" with paramater(String)var string_class =Java.use("java.lang.String");my_class.fun.overload("java.lang.String").implementation=function (x) { //hooking the new functionconsole.log("*")//Create a new String and call the function with your input.var my_string =string_class.$new("My TeSt String#####");console.log("Original arg: "+ x);var ret =this.fun(my_string);console.log("Return value: "+ ret);console.log("*")return ret;};//Find an instance of the class and call "secret" function.Java.choose("com.example.a11x256.frida_test.my_activity", {onMatch:function (instance) {console.log(tring, and the it has"Found instance: "+ instance);console.log("Result of secret func: "+instance.secret());},onComplete:function () { }});});
Unaweza kuona kwamba ili kuunda String kwanza imekuwa ikirejelea darasa java.lang.String na kisha imeunda kitu cha $new cha darasa hilo na String kama maudhui. Hii ndio njia sahihi ya kuunda kitu kipya cha darasa. Lakini, katika kesi hii, unaweza tu kupitisha kwa this.fun() String yoyote kama: this.fun("hey there!")
Python
//loader.pyimport fridaimport timedevice = frida.get_usb_device()pid = device.spawn(["com.example.a11x256.frida_test"])device.resume(pid)time.sleep(1)#Without it Java.perform silently failssession = device.attach(pid)script = session.create_script(open("s2.js").read())script.load()#prevent the python script from terminatingraw_input()
python loader.py
Sehemu 3
Python
Sasa utaona jinsi ya kutuma amri kwa programu iliyefungwa kupitia Python ili kuita kazi:
Amri "1" itatoka, amri "2" itapata na instance ya class na kuita function ya kibinafsisecret() na amri "3" itahook function secret() ili irudishestring tofauti.
Kisha, ukitoa "2" utapata siri halisi, lakini ukitoa "3" na kisha "2" utapata siri bandia.
JS
console.log("Script loaded successfully ");var instances_array = [];functioncallSecretFun() {Java.perform(function () {if (instances_array.length==0) { // if array is emptyJava.choose("com.example.a11x256.frida_test.my_activity", {onMatch:function (instance) {console.log("Found instance: "+ instance);instances_array.push(instance)console.log("Result of secret func: "+instance.secret());},onComplete:function () { }});}else {//else if the array has some valuesconsole.log("Result of secret func: "+ instances_array[0].secret());}});}functionhookSecret() {Java.perform(function () {var my_class =Java.use("com.example.a11x256.frida_test.my_activity");var string_class =Java.use("java.lang.String");my_class.secret.overload().implementation=function(){var my_string =string_class.$new("TE ENGANNNNEEE");return my_string;}});}rpc.exports = {callsecretfunction: callSecretFun,hooksecretfunction: hookSecret};
Sehemu ya 4
Hapa utaona jinsi ya kufanya Python na JS kuingiliana kutumia vitu vya JSON. JS hutumia kazi ya send() kutuma data kwa mteja wa python, na Python hutumia kazi ya post() kutuma data kwa skripti ya JS. JS itazuia utekelezaji mpaka ipokee jibu kutoka kwa Python.
Mwongozo wa tuzo ya mdudu: Jisajili kwa Intigriti, jukwaa la tuzo za mdudu la malipo lililoanzishwa na wadukuzi, kwa wadukuzi! Jiunge nasi kwenye https://go.intigriti.com/hacktricks leo, na anza kupata tuzo hadi $100,000!
Je, unafanya kazi katika kampuni ya usalama wa mtandao? Je, unataka kuona kampuni yako ikitangazwa kwenye HackTricks? au unataka kupata ufikiaji wa toleo jipya la PEASS au kupakua HackTricks kwa PDF? Angalia MIPANGO YA KUJIUNGA!