frida hook java原生算法同时打印调用堆栈

# -*- coding: UTF-8 -*-
import frida, sys

jsCode = """

    function showStacks() {
        Java.perform(function () {
            send(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
        });
    }

(function () {
    var base64EncodeChars = ‘ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/‘,
    base64DecodeChars = new Array((-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), 62, (-1), (-1), (-1), 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, (-1), (-1), (-1), (-1), (-1), (-1), (-1), 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, (-1), (-1), (-1), (-1), (-1), (-1), 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, (-1), (-1), (-1), (-1), (-1));
    this.stringToBase64 = function (e) {
        var r,a,c,h,o,t;
        for (c = e.length, a = 0, r = ‘‘; a < c; ) {
            if (h = 255 & e.charCodeAt(a++), a == c) {
                r += base64EncodeChars.charAt(h >> 2),
                r += base64EncodeChars.charAt((3 & h) << 4),
                r += ‘==‘;
                break
            }
            if (o = e.charCodeAt(a++), a == c) {
                r += base64EncodeChars.charAt(h >> 2),
                r += base64EncodeChars.charAt((3 & h) << 4 | (240 & o) >> 4),
                r += base64EncodeChars.charAt((15 & o) << 2),
                r += ‘=‘;
                break
            }
            t = e.charCodeAt(a++),
            r += base64EncodeChars.charAt(h >> 2),
            r += base64EncodeChars.charAt((3 & h) << 4 | (240 & o) >> 4),
            r += base64EncodeChars.charAt((15 & o) << 2 | (192 & t) >> 6),
            r += base64EncodeChars.charAt(63 & t)
        }
        return r
    }
    this.base64ToString = function (e) {
        var r,a,c,h,o,t,d;
        for (t = e.length, o = 0, d = ‘‘; o < t; ) {
            do
                r = base64DecodeChars[255 & e.charCodeAt(o++)];
            while (o < t && r == -1);
            if (r == -1)
                break;
            do
                a = base64DecodeChars[255 & e.charCodeAt(o++)];
            while (o < t && a == -1);
            if (a == -1)
                break;
            d += String.fromCharCode(r << 2 | (48 & a) >> 4);
            do {
                if (c = 255 & e.charCodeAt(o++), 61 == c)
                    return d;
                c = base64DecodeChars[c]
            } while (o < t && c == -1);
            if (c == -1)
                break;
            d += String.fromCharCode((15 & a) << 4 | (60 & c) >> 2);
            do {
                if (h = 255 & e.charCodeAt(o++), 61 == h)
                    return d;
                h = base64DecodeChars[h]
            } while (o < t && h == -1);
            if (h == -1)
                break;
            d += String.fromCharCode((3 & c) << 6 | h)
        }
        return d
    }
    this.hexToBase64 = function (str) {
        return base64Encode(String.fromCharCode.apply(null, str.replace(/\r|\n/g, "").replace(/([\da-fA-F]{2}) ?/g, "0x$1 ").replace(/ +$/, "").split(" ")));
    }
    this.base64ToHex = function (str) {
        for (var i = 0, bin = base64Decode(str.replace(/[ \r\n]+$/, "")), hex = []; i < bin.length; ++i) {
            var tmp = bin.charCodeAt(i).toString(16);
            if (tmp.length === 1)
                tmp = "0" + tmp;
            hex[hex.length] = tmp;
        }
        return hex.join("");
    }
    this.hexToBytes = function (str) {
        var pos = 0;
        var len = str.length;
        if (len % 2 != 0) {
            return null;
        }
        len /= 2;
        var hexA = new Array();
        for (var i = 0; i < len; i++) {
            var s = str.substr(pos, 2);
            var v = parseInt(s, 16);
            hexA.push(v);
            pos += 2;
        }
        return hexA;
    }
    this.bytesToHex = function (arr) {
        var str = ‘‘;
        var k,j;
        for(var i = 0; i<arr.length; i++) {
            k = arr[i];
            j = k;
            if (k < 0) {
                j = k + 256;
            }
            if (j < 16) {
                str += "0";
            }
            str += j.toString(16);
        }
        return str;
    }
    this.stringToHex = function (str) {
        var val = "";
        for (var i = 0; i < str.length; i++) {
            if (val == "")
                val = str.charCodeAt(i).toString(16);
            else
                val += str.charCodeAt(i).toString(16);
        }
        return val
    }
    this.stringToBytes = function (str) {
        var ch, st, re = [];
        for (var i = 0; i < str.length; i++ ) {
            ch = str.charCodeAt(i);
            st = [];                 

           do {
                st.push( ch & 0xFF );
                ch = ch >> 8;
            }
            while ( ch );
            re = re.concat( st.reverse() );
        }
        return re;
    }
    //将byte[]转成String的方法
    this.bytesToString = function (arr) {
        var str = ‘‘;
        arr = new Uint8Array(arr);
        for(i in arr){
            str += String.fromCharCode(arr[i]);
        }
        return str;
    }
    this.bytesToBase64=function(e){
        var r,a,c,h,o,t;
        for (c = e.length, a = 0, r = ‘‘; a < c; ) {
            if (h = 255 & e[a++], a == c) {
                r += base64EncodeChars.charAt(h >> 2),
                r += base64EncodeChars.charAt((3 & h) << 4),
                r += ‘==‘;
                break
            }
            if (o = e[a++], a == c) {
                r += base64EncodeChars.charAt(h >> 2),
                r += base64EncodeChars.charAt((3 & h) << 4 | (240 & o) >> 4),
                r += base64EncodeChars.charAt((15 & o) << 2),
                r += ‘=‘;
                break
            }
            t = e[a++],
            r += base64EncodeChars.charAt(h >> 2),
            r += base64EncodeChars.charAt((3 & h) << 4 | (240 & o) >> 4),
            r += base64EncodeChars.charAt((15 & o) << 2 | (192 & t) >> 6),
            r += base64EncodeChars.charAt(63 & t)
        }
        return r
    }
    this.base64ToBytes=function(e){
        var r,a,c,h,o,t,d;
        for (t = e.length, o = 0, d = []; o < t; ) {
            do
                r = base64DecodeChars[255 & e.charCodeAt(o++)];
            while (o < t && r == -1);
            if (r == -1)
                break;
            do
                a = base64DecodeChars[255 & e.charCodeAt(o++)];
            while (o < t && a == -1);
            if (a == -1)
                break;
            d.push(r << 2 | (48 & a) >> 4);
            do {
                if (c = 255 & e.charCodeAt(o++), 61 == c)
                    return d;
                c = base64DecodeChars[c]
            } while (o < t && c == -1);
            if (c == -1)
                break;
            d.push((15 & a) << 4 | (60 & c) >> 2);
            do {
                if (h = 255 & e.charCodeAt(o++), 61 == h)
                    return d;
                h = base64DecodeChars[h]
            } while (o < t && h == -1);
            if (h == -1)
                break;
            d.push((3 & c) << 6 | h)
        }
        return d
    }
})();
//stringToBase64 stringToHex stringToBytes
//base64ToString base64ToHex base64ToBytes
//               hexToBase64  hexToBytes
// bytesToBase64 bytesToHex bytesToString

Java.perform(function () {

    var secretKeySpec = Java.use(‘javax.crypto.spec.SecretKeySpec‘);
    secretKeySpec.$init.overload(‘[B‘,‘java.lang.String‘).implementation = function (a,b) {
        showStacks();
        var result = this.$init(a, b);
        send("======================================");
        send("算法名:" + b + "|Dec密钥:" + bytesToString(a));
        send("算法名:" + b + "|Hex密钥:" + bytesToHex(a));
        return result;
    }

    var mac = Java.use(‘javax.crypto.Mac‘);
    mac.getInstance.overload(‘java.lang.String‘).implementation = function (a) {
        showStacks();
        var result = this.getInstance(a);
        send("======================================");
        send("算法名:" + a);
        return result;
    }

    mac.update.overload(‘[B‘).implementation = function (a) {
        showStacks();
        this.update(a);
        send("======================================");
        send("update:" + bytesToString(a))
    }
    mac.update.overload(‘[B‘,‘int‘,‘int‘).implementation = function (a,b,c) {
        showStacks();
        this.update(a,b,c)
        send("======================================");
        send("update:" + bytesToString(a) + "|" + b + "|" + c);
    }

    mac.doFinal.overload().implementation = function () {
        showStacks();
        var result = this.doFinal();
        send("======================================");
        send("doFinal结果:" + bytesToHex(result));
        send("doFinal结果:" + bytesToBase64(result));
        return result;
    }
    mac.doFinal.overload(‘[B‘).implementation = function (a) {
        showStacks();
        var result = this.doFinal(a);
        send("======================================");
        send("doFinal参数:" + bytesToString(a));
        send("doFinal结果:" + bytesToHex(result));
        send("doFinal结果:" + bytesToBase64(result));
        return result;
    }

        var md = Java.use(‘java.security.MessageDigest‘);

    md.getInstance.overload(‘java.lang.String‘,‘java.lang.String‘).implementation = function (a,b) {
        showStacks();
        send("======================================");
        send("算法名:" + a);
        return this.getInstance(a, b);
    }
    md.getInstance.overload(‘java.lang.String‘).implementation = function (a) {
        showStacks();
        send("======================================");
        send("算法名:" + a);
        return this.getInstance(a);
    }

    md.update.overload(‘[B‘).implementation = function (a) {
        showStacks();
        send("======================================");
        send("update:" + bytesToString(a))
        return this.update(a);
    }
    md.update.overload(‘[B‘,‘int‘,‘int‘).implementation = function (a,b,c) {
        showStacks();
        send("======================================");
        send("update:" + bytesToString(a) + "|" + b + "|" + c);
        return this.update(a,b,c);
    }

    md.digest.overload().implementation = function () {
        showStacks();
        send("======================================");
        var result = this.digest();
        send("digest结果:" + bytesToHex(result));
        send("digest结果:" + bytesToBase64(result));
        return result;
    }
    md.digest.overload(‘[B‘).implementation = function (a) {
        showStacks();
        send("======================================");
        send("digest参数:" + bytesToString(a));
        var result = this.digest(a);
        send("digest结果:" + bytesToHex(result));
        send("digest结果:" + bytesToBase64(result));
        return result;
    }

        var ivParameterSpec = Java.use(‘javax.crypto.spec.IvParameterSpec‘);
    ivParameterSpec.$init.overload(‘[B‘).implementation = function (a) {
        showStacks();
        var result = this.$init(a);
        send("======================================");
        send("iv向量:" + bytesToString(a));
        send("iv向量:" + bytesToHex(a));
        return result;
    }

    var cipher = Java.use(‘javax.crypto.Cipher‘);
    cipher.getInstance.overload(‘java.lang.String‘).implementation = function (a) {
        showStacks();
        var result = this.getInstance(a);
        send("======================================");
        send("模式填充:" + a);
        return result;
    }

    cipher.update.overload(‘[B‘).implementation = function (a) {
        showStacks();
        var result = this.update(a);
        send("======================================");
        send("update:" + bytesToString(a));
        return result;
    }
    cipher.update.overload(‘[B‘,‘int‘,‘int‘).implementation = function (a,b,c) {
        showStacks();
        var result = this.update(a,b,c);
        send("======================================");
        send("update:" + bytesToString(a) + "|" + b + "|" + c);
        return result;
    }

    cipher.doFinal.overload().implementation = function () {
        showStacks();
        var result = this.doFinal();
        send("======================================");
        send("doFinal结果:" + bytesToHex(result));
        send("doFinal结果:" + bytesToBase64(result));
        return result;
    }
    cipher.doFinal.overload(‘[B‘).implementation = function (a) {
        showStacks();
        var result = this.doFinal(a);
        send("======================================");
        send("doFinal参数:" + bytesToString(a));
        send("doFinal结果:" + bytesToHex(result));
        send("doFinal结果:" + bytesToBase64(result));
        return result;
    }

    var x509EncodedKeySpec = Java.use(‘java.security.spec.X509EncodedKeySpec‘);
    x509EncodedKeySpec.$init.overload(‘[B‘).implementation = function (a) {
        showStacks();
        var result = this.$init(a);
        send("======================================");
        send("RSA密钥:" + bytesToBase64(a));
        return result;
    }

    var rSAPublicKeySpec = Java.use(‘java.security.spec.RSAPublicKeySpec‘);
    rSAPublicKeySpec.$init.overload(‘java.math.BigInteger‘,‘java.math.BigInteger‘).implementation = function (a,b) {
        showStacks();
        var result = this.$init(a,b);
        send("======================================");
        //send("RSA密钥:" + bytesToBase64(a));
        send("RSA密钥N:" + a.toString(16));
        send("RSA密钥E:" + b.toString(16));
        return result;
    }

});
""";

fw = open(sys.argv[1],‘w+‘,encoding=‘utf-8‘)

def message(message, data):
    if message["type"] == ‘send‘:
        print(u"[*] {0}".format(message[‘payload‘]))
        fw.write(u"[*] {0}\n".format(message[‘payload‘]))
        fw.flush()
    else:
        print(message)

process = frida.get_remote_device().attach(sys.argv[1])
script= process.create_script(jsCode)
script.on("message", message)
script.load()
sys.stdin.read()

原文地址:https://blog.51cto.com/haidragon/2398198

时间: 2024-10-08 08:40:56

frida hook java原生算法同时打印调用堆栈的相关文章

android native HAL程序 java程序 linux kernel打印调用栈的方法

android native HAL程序 java程序 linux kernel打印调用栈的方法 关于android java打出调用栈的方法 1)方法一:refs:frameworks/base/services/java/com/android/server/ActivityManagerService.javastartProcessLocked(){Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "amProcessStart&quo

VC++ 崩溃处理以及打印调用堆栈

title: VC++ 崩溃处理以及打印调用堆栈 tags: [VC++, 结构化异常处理, 崩溃日志记录] date: 2018-08-28 20:59:54 categories: windows 高级编程 keywords: VC++, 结构化异常处理SEH, 崩溃日志记录 --- 我们在程序发布后总会面临崩溃的情况,这个时候一般很难重现或者很难定位到程序崩溃的位置,之前有方法在程序崩溃的时候记录dump文件然后通过windbg来分析.那种方法对开发人员的要求较高,它需要程序员理解内存.寄

Linux程序异常退出打印调用堆栈

/* * 程序异常终止时打印异常程序调用堆栈 * gcc -g -rdynamic BackTraceTest.c -o BackTraceTest * * 运行程序出现错误: * System error, Stack trace: * 0 ./BackTraceTest(SystemErrorHandler+0x77) [0x40095b] * 1 /lib64/libc.so.6() [0x3a4fe326b0] * 2 ./BackTraceTest(Fun1+0x10) [0x400a

android 打印调用堆栈的函数

有时候,我们跟踪某个函数的时候,不知道这个函数是哪个函数调用的,当然对代码比较熟悉的话,直接看代码就可以了,但如果不熟悉,则可以使用2个方法: 1.使用traceview来查看,但使用过程中,有些机器无法列出当前运行的进程,无法跟踪 2.在该函数添加打印堆栈的log,可以直接打印出调用关系. Log.e("TAG", Log.getStackTraceString(new Exception()));

delphi xe6 调用java原生GPS的方法

如果用xe6自带的LocationSensor控件,默认优先使用网络位置,为了直接使用GPS位置,在网上搜到了以下代码,经实测证实是可用的. uses Androidapi.JNI.Location, Androidapi.JNIBridge, Androidapi.JNI.JavaTypes, Androidapi.JNI.Os,FMX.Helpers.Android,Androidapi.JNI.GraphicsContentViewText; type TLocationListener

使用Java原生代理实现AOP

本文由博主林小柒原创,转载请注明出处完整源码下载地址 https://github.com/MatrixSeven/JavaAOP 出处:http://www.zhaoguilin.com一说到AOP,大家一定会想到Spring,因为这东西实在是太强大了.但是大家一定要清楚,AOP是一只编程思想,而Spring仅仅是AOP的一种实现罢了. 首先百度下: 在软件业,AOP为Aspect Oriented Programming的缩写,意为:面向切面编程,通过预编译方式和运行期动态代理实现程序功能的

Java经典算法案例

笔试中的编程题3 JAVA经典算法40例[程序1] 题目:古典问题:有一对兔子,从出生后第3个月起每个月都生一对兔子,小兔子长到第四个月后每个月又生一对兔子,假如兔子都不死,问每个月的兔子总数为多少? 1.程序分析: 兔子的规律为数列1,1,2,3,5,8,13,21.... public class exp2{public static void main(String args[]){int i=0;for(i=1;i<=20;i++)System.out.println(f(i));}pu

android 学习随笔二十七(JNI:Java Native Interface,JAVA原生接口 )

JNI(Java Native Interface,JAVA原生接口) 使用JNI可以使Java代码和其他语言写的代码(如C/C++代码)进行交互. 问:为什么要进行交互? 首先,Java语言提供的类库无法满足要求,且在数学运算,实时渲染的游戏上,音视频处理等方面上与C/C++相比效率稍低. 然后,Java语言无法直接操作硬件,C/C++代码不仅能操作硬件而且还能发挥硬件最佳性能. 接着,使用Java调用本地的C/C++代码所写的库,省去了重复开发的麻烦,并且可以利用很多开源的库提高程序效率.

java常见算法题目

1: JAVA经典算法40题 2: [程序1] 题目:古典问题:有一对兔子,从出生后第3个月起每个月都生一对兔子,小兔子长到第四个月后每个月又生一对兔子,假如兔子都不死,问每个月的兔子总数为多少? 3: 1.程序分析: 兔子的规律为数列1,1,2,3,5,8,13,21.... 4: public class exp2{ 5: public static void main(String args[]){ 6: int i=0; 7: for(i=1;i<=20;i++) 8: System.o