Frida javascript hook 检测设备信息获取等

在这里插入图片描述

对 Android 应用进行 hook 常见的有 Xposed、Frida 等,Xposed 有时候可能不尽人意,或许您可以试试 Frida ~

frida -U -f com.primer.gamecerter -l hookStartActivity.js

TODO

  • 后续是否可以对检测数据(堆栈、类名、方法名、参数、返回值)进行收集和统计,数据经过进一步处理后格式化输出更好~
/*** 时间:2024年2月22日12:17:44* 作者:村长* 描述:合规检测 hook* * * 如何使用:*      1、确保设备启动 frida-service*          adb shell*          su                                      需要 root 设备*          cd data/local/tmp/                      firda-service 可执行文件存放位置*          ./frida-service*** &                    后台运行*          frida -U -f 【包名】 -l 【脚本路径】      注入脚本启动应用 * *///全局配置
var runConfig = {"permission": false,"startActivity": false,"deviceId": true,"file": false,"ipAddress": false,"location": false,"other": false,"systemProperties": false,"packageList": false,"enablePrintStackTrace": false,
}Java.perform(function x() {console.log(" --------- 启动检测 ----------");if (runConfig.permission) {checkPermission();}if (runConfig.startActivity) {checkStartActivity();}if (runConfig.deviceId) {checkAndroidId();checkIMEI();checkOtherId()}if (runConfig.file) {checkExternalFileRW();}if (runConfig.ipAddress) {checkIPAddress();}if (runConfig.location) {checkLocation();}if (runConfig.other) {checkOther();}if (runConfig.systemProperties) {checkSystemProperties();}if (runConfig.packageList) {checkPackageList();}console.log(" --------- 结束检测 ----------");
})///function log() {if (runConfig.enablePrintStackTrace) {console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Throwable").$new()));}
}function checkPackageList() {console.log("----------- 应用安装列表检查 -----------")var ApplicationPackageManager = Java.use("android.app.ApplicationPackageManager")ApplicationPackageManager.getInstalledPackages.implementation = function (flags) {var list = this.getInstalledPackages(flags)console.log("ApplicationPackageManager 获取安装列表 " + list)log();return list;}ApplicationPackageManager.getPackageInfo.overload('java.lang.String', 'int').implementation = function (pkg, flags) {var info = this.getPackageInfo(pkg, flags)console.log("ApplicationPackageManager 获取包名信息 " + info)log();return info;}ApplicationPackageManager.getPackageInfo.overload('android.content.pm.VersionedPackage', 'int').implementation = function (pkg, flags) {var info = this.getPackageInfo(pkg, flags)console.log("ApplicationPackageManager 获取包名信息 " + info)log();return info;}ApplicationPackageManager.getLaunchIntentForPackage.implementation = function (pkg) {var intent = this.getLaunchIntentForPackage(pkg)console.log("ApplicationPackageManager 获取启动 intent: " + intent)log();return intent;}
}function checkSystemProperties() {console.log("----------- 系统属性检查 -----------")var SystemProperties = Java.use("android.os.SystemProperties")SystemProperties.get.overload('java.lang.String').implementation = function (key) {var val = this.get(key)console.log("SystemProperties 获取系统属性 " + key + " -> " + val)log();return val;}SystemProperties.get.overload('java.lang.String', 'java.lang.String').implementation = function (key, def) {var val = this.get(key, def)console.log("SystemProperties 获取系统属性 " + key + " -> " + val + " " + def)log();return val;}
}function checkOther() {console.log("----------- 剪切板检查 -----------")var ClipboardManager = Java.use("android.content.ClipboardManager")ClipboardManager.getPrimaryClip.implementation = function () {var val = this.getPrimaryClip()console.log("ClipboardManager 1 获取短信 " + val)log();return val;}ClipboardManager.getPrimaryClipDescription.implementation = function () {var val = this.getPrimaryClipDescription()console.log("ClipboardManager 1 获取短信 " + val)log();return val;}console.log("----------- 网络信息检查 -----------")var ConnectivityManager = Java.use("android.net.ConnectivityManager")ConnectivityManager.getActiveNetworkInfo.implementation = function () {var val = this.getActiveNetworkInfo()console.log("ConnectivityManager 获取网络信息 " + val)log();return val;}
}/**
* 未完善,需要解析 content 判断属于哪一种类型
*/
function checkContentResolve() {var ContentResolver = Java.use("android.content.ContentResolver")ContentResolver.query.overload('android.net.Uri', '[Ljava.lang.String;', 'android.os.Bundle', 'android.os.CancellationSignal').implementation = function (uri, strs, bundle, signal) {var val = this.query(uri, strs, bundle, signal)console.log("ContentResolver 1 获取短信 " + val)log();return val;}ContentResolver.query.overload('android.net.Uri', '[Ljava.lang.String;', 'java.lang.String', '[Ljava.lang.String;', 'java.lang.String').implementation = function (uri, strs, str1, strs2, str3) {var val = this.query(uri, strs, str1, strs2, str3)console.log("ContentResolver 2  获取短信 " + val)log();return val;}ContentResolver.query.overload('android.net.Uri', '[Ljava.lang.String;', 'java.lang.String', '[Ljava.lang.String;', 'java.lang.String', 'android.os.CancellationSignal').implementation = function (uri, strs1, str2, strs3, str4, signal) {var val = this.query(uri, strs1, str2, strs3, str4, signal)console.log("ContentResolver 3 获取短信 " + val)log();return val;}
}function checkLocation() {console.log("----------- 定位检查 -----------")var LocationManager = Java.use("android.location.LocationManager")LocationManager.getLastLocation.implementation = function () {var location = this.getLastLocation()console.log("LocationManager 获取定位 " + location)log();return location;}LocationManager.getLastKnownLocation.implementation = function () {var location = this.getLastKnownLocation()console.log("LocationManager 获取定位 " + location)log();return location;}
}function checkIPAddress() {console.log("----------- IP 地址检查 -----------")var NetworkInterface = Java.use("java.net.NetworkInterface")NetworkInterface.getInterfaceAddresses.implementation = function () {var addessList = this.getInterfaceAddresses()console.log("NetworkInterface 获取 IP 地址 " + addessList)log();return addessList;}var Inet4Address = Java.use("java.net.Inet4Address")Inet4Address.getHostAddress.implementation = function () {var address = this.getHostAddress()console.log("Inet4Address 获取主机地址 " + address)log();return address;}var Inet6Address = Java.use("java.net.Inet6Address")Inet6Address.getHostAddress.implementation = function () {var address = this.getHostAddress()console.log("Inet6Address 获取主机地址 " + address)log();return address;}
}function checkExternalFileRW() {console.log("----------- 外部文件读写检查 -----------")var ContextImpl = Java.use("android.app.ContextImpl")ContextImpl.getExternalFilesDirs.implementation = function (type) {var files = this.getExternalFilesDirs(type)console.log("ContextImpl 获取外部文件目录 " + type)log();return files;}ContextImpl.getExternalMediaDirs.implementation = function () {var files = this.getExternalMediaDirs()console.log("ContextImpl 获取媒体文件目录")log();return files;}ContextImpl.getExternalCacheDirs.implementation = function () {var files = this.getExternalCacheDirs()console.log("ContextImpl 获取缓存目录")log();return files;}var Environment = Java.use("android.os.Environment")Environment.getExternalStorageDirectory.implementation = function () {var file = this.getExternalStorageDirectory()console.log("ContextImpl 获取外部存储目录")log();return file;}}function checkIMEI() {console.log("----------- imei 检查 -----------")var TelephonyManager = Java.use("android.telephony.TelephonyManager")//getDeviceId    TelephonyManager.getDeviceId.overload("int").implementation = function (slotIndex) {var iemi = this.getDeviceId(slotIndex)console.log("TelephonyManager 获取 IMEI getDeviceId slotIndex = " + slotIndex + "  iemi = " + iemi)log();return iemi;}TelephonyManager.getDeviceId.overload().implementation = function () {var iemi = this.getDeviceId()console.log("TelephonyManager 获取 getDeviceId IMEI = " + iemi)log();return iemi;}//getMeidTelephonyManager.getMeid.overload("int").implementation = function (slotIndex) {var iemi = this.getMeid(slotIndex)console.log("TelephonyManager 获取 IMEI getMeid slotIndex = " + slotIndex + "  iemi = " + iemi)log();return iemi;}TelephonyManager.getMeid.overload().implementation = function () {var iemi = this.getMeid()console.log("TelephonyManager 获取 getMeid IMEI = " + iemi)log();return iemi;}//getImeiTelephonyManager.getImei.overload("int").implementation = function (slotIndex) {var iemi = this.getImei(slotIndex)console.log("TelephonyManager 获取 IMEI getImei slotIndex = " + slotIndex + "  iemi = " + iemi)log();return iemi;}TelephonyManager.getImei.overload().implementation = function () {var iemi = this.getImei()console.log("TelephonyManager 获取 getImei IMEI = " + iemi)log();return iemi;}}function checkOtherId() {console.log("----------- mac 检查 -----------")var NetworkInterface = Java.use("java.net.NetworkInterface")NetworkInterface.getHardwareAddress.implementation = function () {var mac = this.getHardwareAddress()console.log("NetworkInterface 获取 MAC = " + mac)log();return mac;}var WifiInfo = Java.use("android.net.wifi.WifiInfo")WifiInfo.getMacAddress.implementation = function () {var mac = this.getMacAddress()console.log("WifiInfo 获取 MAC = " + mac)log();return mac;}console.log("----------- SSID 检查 -----------")WifiInfo.getSSID.implementation = function () {var ssid = this.getSSID()console.log("WifiInfo 获取 ssid = " + ssid)log();return ssid;}console.log("----------- oaid 检查 -----------")var OAID_LIST = ["com.bun.supplier.IdSupplier","com.bun.miitmdid.provider.DefaultProvider","com.bun.miitmdid.supplier.IdSupplier","com.bun.miitmdid.interfaces.IdSupplier"]for (let index in OAID_LIST) {try {var oaid = Java.use(OAID_LIST[index])oaid.getOAID.implementation = function () {var result = this.getOAID()console.log('获取 oaid   = ' + result);log();return result}} catch (e) {}}console.log("----------- IMSI 检查 -----------")var TelephonyManager = Java.use("android.telephony.TelephonyManager")TelephonyManager.getSubscriberId.overload().implementation = function () {var imsi = this.getSubscriberId()console.log("TelephonyManager 获取 imsi = " + imsi)log();return imsi;}TelephonyManager.getSubscriberId.overload('int').implementation = function (index) {var imsi = this.getSubscriberId(index)console.log("TelephonyManager 获取 1 imsi = " + imsi)log();return imsi;}console.log("----------- SN 检查 -----------")var Build = Java.use("android.os.Build")Build.getSerial.implementation = function () {var sn = this.getSerial()console.log("TelephonyManager 获取 sn = " + sn)log();return sn;}
}function checkAndroidId() {console.log("----------- android id检查 -----------")var ANDROID_ID = "android_id"var Secure = Java.use("android.provider.Settings$Secure")Secure.getString.implementation = function (resolver, name) {var result = this.getString(resolver, name);console.log("getString  name = " + name + " val =" + result)if (ANDROID_ID == name) {console.log("getString 获取 androidID")log();}return result;}Secure.getStringForUser.implementation = function (resolver, name, userHandle) {var result = this.getStringForUser(resolver, name, userHandle);console.log("getStringForUser  name = " + name + " val =" + result)if (ANDROID_ID == name) {console.log("Secure getStringForUser 获取 androidID")log();}return result;}var SecureSystem = Java.use("android.provider.Settings$System")SecureSystem.getStringForUser.implementation = function (resolver, name, userHandle) {var result = this.getStringForUser(resolver, name, userHandle);console.log("System getStringForUser  name = " + name + " val =" + result)if (ANDROID_ID == name) {console.log("System getStringForUser 获取 androidID")log();}return result;}
}function checkPermission() {console.log("----------- 权限检查 -----------")var ActivityCompat = Java.use("android.app.Activity")ActivityCompat.requestPermissions.overload("[Ljava.lang.String;", "int").implementation = function (permissions, requestCode) {console.log("requestPermissions 2 requestCode = " + requestCode + "  permissions = " + permissions)log();this.requestPermissions(permissions, requestCode)}var Fragment = Java.use("android.app.Fragment")Fragment.requestPermissions.implementation = function (permissions, code) {console.log('权限申请  android permissions = ' + permissions + "  code = " + code);log();this.requestPermissions(permissions, code)}var Fragmentx = Java.use("androidx.fragment.app.Fragment")Fragmentx.requestPermissions.implementation = function (permissions, code) {console.log('权限申请 androidx permissions = ' + permissions + "  code = " + code);log();this.requestPermissions(permissions, code)}
}function checkStartActivity() {console.log("----------- startActivity 检查 -----------")var Instrumentation = Java.use('android.app.Instrumentation');Instrumentation.execStartActivity.overload('android.content.Context','android.os.IBinder','android.os.IBinder','android.app.Activity','android.content.Intent','int','android.os.Bundle').implementation =function (who, contextThread, token, target, intent, requestCode, options) {console.log('【当前应用 1   Instrumentation】 启动 execStartActivity  intent = ' +intent);var pkg = intent.getPackage()console.log('pkg = ' + pkg)if (pkg != undefined && pkg != NULL && pkg == 'com.xiaomi.market') {intent.setPackage('com.heytap.market')}log();return this.execStartActivity(who, contextThread, token, target, intent, requestCode, options);}Instrumentation.execStartActivity.overload('android.content.Context','android.os.IBinder','android.os.IBinder',"java.lang.String",'android.content.Intent','int','android.os.Bundle').implementation =function (who, contextThread, token, target, intent, requestCode, options) {console.log('【当前应用 2   Instrumentation】 启动 execStartActivity  intent = ' +intent);var pkg = intent.getPackage()console.log('pkg = ' + pkg)if (pkg != undefined && pkg != NULL && pkg == 'com.xiaomi.market') {intent.setPackage('com.heytap.market')}log();return this.execStartActivity(who, contextThread, token, target, intent, requestCode, options);}Instrumentation.execStartActivity.overload('android.content.Context','android.os.IBinder','android.os.IBinder',"java.lang.String",'android.content.Intent','int','android.os.Bundle',"android.os.UserHandle").implementation =function (who, contextThread, token, resultWho, intent, requestCode, options, user) {console.log('【当前应用 3   Instrumentation】 启动 execStartActivity  intent = ' +intent);var pkg = intent.getPackage()console.log('pkg = ' + pkg)if (pkg != undefined && pkg != NULL && pkg == 'com.xiaomi.market') {intent.setPackage('com.heytap.market')}log();return this.execStartActivity(who, contextThread, token, resultWho, intent, requestCode, options, user)}Instrumentation.checkStartActivityResult.implementation = function (res, intent) {console.log('【checkStartActivityResult 启动  intent = ' + intent);log();return this.checkStartActivityResult(res, intent)}
}

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.rhkb.cn/news/262052.html

如若内容造成侵权/违法违规/事实不符,请联系长河编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

软件测试需要学习什么?好就业吗?

软件测试需要学习什么?好就业吗?

目前来说的话,整个it 都不太好!但是既然你问了,我也就告诉你吧! 1功能测试 :前端和后端,前端就是简单的页面,你需要考虑的是:必填项,边界值,组合&#xff0c…
阅读更多...
python专业版破解激活(超详细)

python专业版破解激活(超详细)

python专业版破解激活 1.下载pycharm应用程序 这里我使用的版本是pycharm-professional-2023.3.2 下载pycharm程序的连接为: 百度网盘 请输入提取码 提取码为:nym0 2.安装 选择安装路径 下一步 这里全选 下一步 这里直接点击安装就可,其…
阅读更多...
【elementUi-table表格】 滚动条 新增监听事件; 滚动条滑动到指定位置;

【elementUi-table表格】 滚动条 新增监听事件; 滚动条滑动到指定位置;

1、给滚动条增加监听 this.dom this.$refs.tableRef.bodyWrapperthis.dom.scrollTop 0let _that thisthis.dom.addEventListener(scroll, () > {//获取元素的滚动距离let scrollTop _that.dom.scrollTop//获取元素可视区域的高度let clientHeight this.dom.clientHeigh…
阅读更多...
自养号测评低成本高效率推广,安全可控

自养号测评低成本高效率推广,安全可控

测评的作用在于让用户更真实、清晰、快捷地了解产品以及产品的使用方法和体验。通过买家对产品的测评,也可以帮助厂商和卖家优化产品缺陷,提高用户的使用体验。这进而帮助他们获得更好的销量,并更深入地了解市场需求。因此,测评在…
阅读更多...
ncnn之三(补充):window环境下vs2022安装ncnn+protobuf

ncnn之三(补充):window环境下vs2022安装ncnn+protobuf

启动VS2022 下面的 x64 Native Tools Command Prompt for VS2022 protobuf git clone gitgithub.com:protocolbuffers/protobuf.git# 或者 下载 https://github.com/google/protobuf/archive/v3.11.2.zip cmake -G"NMake Makefiles" -DCMAKE_BUILD_TYPERelease -D…
阅读更多...
美团优惠券平台的探索设计与实现

美团优惠券平台的探索设计与实现

随着电子商务的不断发展,优惠券已经成为吸引用户、促进消费的重要手段之一。美团作为中国领先的生活服务平台,也推出了优惠券平台,为用户提供更多实惠和便捷。本文将探讨美团优惠券平台的设计与实现,以及其在用户消费中的作用和未…
阅读更多...
Python 内存管理和优化之循环引用详解

Python 内存管理和优化之循环引用详解

概要 Python 是一种高级动态编程语言,其内存管理由解释器自动完成。在大多数情况下,Python 的内存管理是透明的,开发者不需要过多地关注。然而,在处理大型数据结构或长时间运行的应用程序时,了解 Python 内存管理的工…
阅读更多...
java集合解析-Collection 类型

java集合解析-Collection 类型

Java 集合概览 Java 集合, 也叫作容器,主要是由两大接口派生而来: 一个是 Collection接口,主要用于存放单一元素; 另一个是 Map 接口,主要用于存放键值对。对于Collection 接口,下面又有三个…
阅读更多...
二.西瓜书——线性模型、决策树

二.西瓜书——线性模型、决策树

第三章 线性模型 1.线性回归 “线性回归”(linear regression)试图学得一个线性模型以尽可能准确地预测实值输出标记. 2.对数几率回归 假设我们认为示例所对应的输出标记是在指数尺度上变化,那就可将输出标记的对数作为线性模型逼近的目标,即 由此&…
阅读更多...
Sora横空出世!AI将如何撬动未来?

Sora横空出世!AI将如何撬动未来?

近日,OpenAI 发布首个视频生成“Sora”模型,该模型通过接收文字指令,即可生成60秒的短视频。 而在2022年末,同样是OpenAI发布的AI语言模型ChatGPT,简化了文本撰写、创意构思以及代码校验等任务。用户仅需输入一个指令&…
阅读更多...
基于Java+SpringBoot+Vue前后端分离婚纱影楼管理系统设计和实现

基于Java+SpringBoot+Vue前后端分离婚纱影楼管理系统设计和实现

博主介绍:✌全网粉丝30W,csdn特邀作者、博客专家、CSDN新星计划导师、Java领域优质创作者,博客之星、掘金/华为云/阿里云/InfoQ等平台优质作者、专注于Java技术领域和学生毕业项目实战,高校老师/讲师/同行交流合作✌ 主要内容:SpringBoot、Vue、SSM、HLM…
阅读更多...
Linux常见的指令

Linux常见的指令

目录 01. ls 指令02. pwd命令03. cd 指令04. touch指令05.mkdir指令(重要):06.rmdir指令 && rm 指令(重要):07.man指令(重要):08.cp指令(重要&#x…
阅读更多...
vscode突然连不上服务器了,以前都可以的,并且ssh等其它方式是可以连接到服务器的

vscode突然连不上服务器了,以前都可以的,并且ssh等其它方式是可以连接到服务器的

过完年回来准备开工干活,突然发现vscode连不上服务器了,奇了怪了,年前都可以的,看了一下报错,如下, 以为是服务器挂了,结果执行ssh xxxxxx 发现是可以远程连接的,看来服务器没有问题…
阅读更多...
中国网络安全报告2023

中国网络安全报告2023

阅读更多...
【selenium】执行 Javascript 脚本 滚动、元素的特殊操作等

【selenium】执行 Javascript 脚本 滚动、元素的特殊操作等

某些特殊情况下,使用selenium的api无法操作页面元素,点击、滚动实现的某些功能,可以考虑通过执行js来完成。 为什么不用js写自动化?——selenium第一版是js写的,但js兼容性存在问题,所以引入webdriver 现在…
阅读更多...
【GPTs分享】每日GPTs分享之Canva

【GPTs分享】每日GPTs分享之Canva

简介 Canva,旨在帮助用户通过Canva的用户友好设计平台释放用户的创造力。无论用户是想设计海报、社交媒体帖子还是商业名片,Canva都在这里协助用户将创意转化为现实。 主要功能 设计生成:根据用户的描述和创意需求,生成定制的设…
阅读更多...
PDF转excel各种方案优劣对比、选择技巧

PDF转excel各种方案优劣对比、选择技巧

随着数字化时代的到来,PDF文档已经成为我们日常工作中常见的一种文件格式。然而,有时候我们需要将PDF文档中的数据导入Excel表格中进行处理和分析。手动复制粘贴不仅效率低下,还容易出错。那么,如何快速将PDF文档转换为Excel表格呢…
阅读更多...
jquery 简介与解析

jquery 简介与解析

jQuery是一个快速、小巧且功能丰富的JavaScript库。它简化了诸如HTML文档遍历和操作、事件处理、动画以及Ajax操作等任务。jQuery的设计理念是“写得更少,做得更多”,这意味着通过jQuery,可以用更少的代码完成更多的工作。 主要特点&#xff…
阅读更多...
用html编写的招聘简历

用html编写的招聘简历

用html编写的招聘简历 相关代码 <!DOCTYPE html> <html lang"en"> <head><meta charset"UTF-8"><meta name"viewport" content"widthdevice-width, initial-scale1.0"><title>Document</tit…
阅读更多...
低代码平台智能化

低代码平台智能化

前言 为提升人效&#xff0c;我们组自研了一个低代码平台&#xff0c;说是自研但其实还是amis为核心的低代码平台&#xff0c;众所周知&#xff0c;低代码平台使用起来都会有一定的学习成本&#xff0c;尤其是在用户体量上来之后&#xff0c;经常会有人来问我如何使用或者让我…
阅读更多...
最新文章
推荐文章

Copyright @ 2022~2023