原生安卓開發app的框架frida自吐算法開發

由 CDA數據分析師 發表于 軟件

作者:Python進階者

來源:Python爬蟲與數據挖掘

前言

大家好,我是碼農星期八,上次有一篇密碼學的文章,裏面大概說了一下常用的安卓加密。

本次來搞一下Java層的自吐算法。

前置工作

因爲加密算法最終的格式都需要轉成base64或者hex,所以需要把這些函數先定義一下

//打印堆棧function showStacks() { console.log( Java.use("android.util.Log") .getStackTraceString( Java.use("java.lang.Throwable").$new() ) );}var ByteString = Java.use("com.android.okhttp.okio.ByteString");//輸出base64格式數據function toBase64(tag, data) { console.log(tag + " Base64: ", ByteString.of(data).base64());}//輸出hex格式數據function toHex(tag, data) { console.log(tag + " Hex: ", ByteString.of(data).hex());}//輸出10格式數據function toUtf8(tag, data) { console.log(tag + " Utf8: ", ByteString.of(data).utf8());}什麽是自吐算法

我們在進行安卓開發的時候,如果想使用Java層的加密函數進行加密,那必定是要觸發相關函數的。

並且即使是字符串混淆,這些系統的關鍵字是不能混淆的。

比如MD5是由MessageDigest這個類生成的。

原生安卓開發app的框架frida自吐算法開發

所以如果我們整理一下,hook了相關的關鍵字,如果調用了相關加密庫,必定是要經過我們的hook。

這樣,嘿嘿嘿,似乎又方便了一步。

MD5和SHA1自吐

MD5加密主要邏輯

原生安卓開發app的框架frida自吐算法開發

SHA加密主要邏輯

原生安卓開發app的框架frida自吐算法開發

其實可以發現,MD5和SHA1的流程基本是一樣的,除了後面寫入的算法名不同。

所以這倆是可以用一個的。

根據整理,需要hook updatedigest即可。

  • update拿到的是壓入的數據。
  • digest可以拿到壓入的數據和返回的加密數據。

代碼var messageDigest = Java.use("java.security.MessageDigest");messageDigest.update.overload('byte').implementation = function (data) { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("MessageDigest.update('byte') is called!"); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return this.update(data);}messageDigest.update.overload('java.nio.ByteBuffer').implementation = function (data) { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("MessageDigest.update('java.nio.ByteBuffer') is called!"); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return this.update(data);}messageDigest.update.overload('[B').implementation = function (data) { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("MessageDigest.update('[B') is called!"); var algorithm = this.getAlgorithm(); var tag = algorithm + " update data"; toUtf8(tag, data); toHex(tag, data); toBase64(tag, data); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return this.update(data);}messageDigest.update.overload('[B', 'int', 'int').implementation = function (data, start, length) { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("MessageDigest.update('[B', 'int', 'int') is called!"); var algorithm = this.getAlgorithm(); var tag = algorithm + " update data"; toUtf8(tag, data); toHex(tag, data); toBase64(tag, data); console.log("start:", start); console.log("length:", length); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return this.update(data, start, length);}messageDigest.digest.overload().implementation = function () { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("MessageDigest.digest() is called!"); var result = this.digest(); var algorithm = this.getAlgorithm(); var tag = algorithm + " digest result"; toHex(tag, result); toBase64(tag, result); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return result;}messageDigest.digest.overload('[B').implementation = function (data) { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("MessageDigest.digest('[B') is called!"); var algorithm = this.getAlgorithm(); var tag = algorithm + " digest data"; toUtf8(tag, data); toHex(tag, data); toBase64(tag, data); var result = this.digest(data); var tags = algorithm + " digest result"; toHex(tags, result); toBase64(tags, result); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return result;}messageDigest.digest.overload('[B', 'int', 'int').implementation = function (data, start, length) { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("MessageDigest.digest('[B', 'int', 'int') is called!"); var algorithm = this.getAlgorithm(); var tag = algorithm + " digest data"; toUtf8(tag, data); toHex(tag, data); toBase64(tag, data); var result = this.digest(data, start, length); var tags = algorithm + " digest result"; toHex(tags, result); toBase64(tags, result); console.log("start:", start); console.log("length:", length); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return result;}效果

原生安卓開發app的框架frida自吐算法開發

MAC自吐

MAC加密主要邏輯

原生安卓開發app的框架frida自吐算法開發

MAC主要是需要一個密鑰。壓入數據用的是update。獲取數據用的是doFinal

所以需要hook initupdatedoFinal

代碼var mac = Java.use("javax.crypto.Mac");mac.init.overload('java.security.Key', 'java.security.spec.AlgorithmParameterSpec').implementation = function (key, AlgorithmParameterSpec) { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("Mac.init('java.security.Key', 'java.security.spec.AlgorithmParameterSpec') is called!"); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return this.init(key, AlgorithmParameterSpec);}mac.init.overload('java.security.Key').implementation = function (key) { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("Mac.init('java.security.Key') is called!"); var algorithm = this.getAlgorithm(); var tag = algorithm + " init Key"; var keyBytes = key.getEncoded(); toUtf8(tag, keyBytes); toHex(tag, keyBytes); toBase64(tag, keyBytes); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return this.init(key);}mac.update.overload('byte').implementation = function (data) { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("Mac.update('byte') is called!"); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return this.update(data);}mac.update.overload('java.nio.ByteBuffer').implementation = function (data) { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("Mac.update('java.nio.ByteBuffer') is called!"); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return this.update(data);}mac.update.overload('[B').implementation = function (data) { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("Mac.update('[B') is called!"); var algorithm = this.getAlgorithm(); var tag = algorithm + " update data"; toUtf8(tag, data); toHex(tag, data); toBase64(tag, data); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return this.update(data);}mac.update.overload('[B', 'int', 'int').implementation = function (data, start, length) { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("Mac.update('[B', 'int', 'int') is called!"); var algorithm = this.getAlgorithm(); var tag = algorithm + " update data"; toUtf8(tag, data); toHex(tag, data); toBase64(tag, data); console.log("start:", start); console.log("length:", length); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return this.update(data, start, length);}mac.doFinal.overload().implementation = function () { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("Mac.doFinal() is called!"); var result = this.doFinal(); var algorithm = this.getAlgorithm(); var tag = algorithm + " doFinal result"; toHex(tag, result); toBase64(tag, result); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return result;}示例

原生安卓開發app的框架frida自吐算法開發

DES/DESede/AES/RSA

DES/DESede/AES/RSA這幾個加密。都是通過Cipher來進行實例化的。

基本加密邏輯一樣

  • init壓入key。
  • 因爲DES/DESede/AES/RSAupdate壓入有問題,所以直接hook doFinal就好了。
  • ,所以直接hook doFinal就好了。
原生安卓開發app的框架frida自吐算法開發

代碼// DES/DESede/AES/RSA
var cipher = Java.use("javax.crypto.Cipher");
cipher.init.overload('int', 'java.security.cert.Certificate').implementation = function () {
console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓");
console.log("Cipher.init('int', 'java.security.cert.Certificate') is called!");
showStacks();
console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑");
return this.init.apply(this, arguments);
}
cipher.init.overload('int', 'java.security.Key', 'java.security.SecureRandom').implementation = function () {
console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓");
console.log("Cipher.init('int', 'java.security.Key', 'java.security.SecureRandom') is called!");
showStacks();
console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑");
return this.init.apply(this, arguments);
}
cipher.init.overload('int', 'java.security.cert.Certificate', 'java.security.SecureRandom').implementation = function () {
console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓");
console.log("Cipher.init('int', 'java.security.cert.Certificate', 'java.security.SecureRandom') is called!");
showStacks();
console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑");
return this.init.apply(this, arguments);
}
cipher.init.overload('int', 'java.security.Key', 'java.security.AlgorithmParameters', 'java.security.SecureRandom').implementation = function () {
console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓");
console.log("Cipher.init('int', 'java.security.Key', 'java.security.AlgorithmParameters', 'java.security.SecureRandom') is called!");
showStacks();
console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑");
return this.init.apply(this, arguments);
}
cipher.init.overload('int', 'java.security.Key', 'java.security.spec.AlgorithmParameterSpec', 'java.security.SecureRandom').implementation = function () {
console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓");
console.log("Cipher.init('int', 'java.security.Key', 'java.security.spec.AlgorithmParameterSpec', 'java.security.SecureRandom') is called!");
showStacks();
console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑");
return this.init.apply(this, arguments);
}
cipher.init.overload('int', 'java.security.Key', 'java.security.AlgorithmParameters').implementation = function () {
console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓");
console.log("Cipher.init('int', 'java.security.Key', 'java.security.AlgorithmParameters') is called!");
showStacks();
console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑");
return this.init.apply(this, arguments);
}

cipher.init.overload('int', 'java.security.Key').implementation = function () {
console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓");
console.log("Cipher.init('int', 'java.security.Key') is called!");
var algorithm = this.getAlgorithm();
var tag = algorithm + " init Key";
var className = JSON.stringify(arguments[1]);
if (className.indexOf("OpenSSLRSAPrivateKey") === -1) {
var keyBytes = arguments[1].getEncoded();
toUtf8(tag, keyBytes);
toHex(tag, keyBytes);
toBase64(tag, keyBytes);
}
showStacks();
console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑");
return this.init.apply(this, arguments);
}
cipher.init.overload('int', 'java.security.Key', 'java.security.spec.AlgorithmParameterSpec').implementation = function () {
console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓");
console.log("Cipher.init('int', 'java.security.Key', 'java.security.spec.AlgorithmParameterSpec') is called!");
var algorithm = this.getAlgorithm();
var tag = algorithm + " init Key";
var keyBytes = arguments[1].getEncoded();
toUtf8(tag, keyBytes);
toHex(tag, keyBytes);
toBase64(tag, keyBytes);
var tags = algorithm + " init iv";
var iv = Java.cast(arguments[2], Java.use("javax.crypto.spec.IvParameterSpec"));
var ivBytes = iv.getIV();
toUtf8(tags, ivBytes);
toHex(tags, ivBytes);
toBase64(tags, ivBytes);
showStacks();
console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑");
return this.init.apply(this, arguments);
}

cipher.doFinal.overload('java.nio.ByteBuffer', 'java.nio.ByteBuffer').implementation = function () {
console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓");
console.log("Cipher.doFinal('java.nio.ByteBuffer', 'java.nio.ByteBuffer') is called!");
showStacks();
console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑");
return this.doFinal.apply(this, arguments);
}
cipher.doFinal.overload('[B', 'int').implementation = function () {
console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓");
console.log("Cipher.doFinal('[B', 'int') is called!");
showStacks();
console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑");
return this.doFinal.apply(this, arguments);
}
cipher.doFinal.overload('[B', 'int', 'int', '[B').implementation = function () {
console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓");
console.log("Cipher.doFinal('[B', 'int', 'int', '[B') is called!");
showStacks();
console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑");
return this.doFinal.apply(this, arguments);
}
cipher.doFinal.overload('[B', 'int', 'int', '[B', 'int').implementation = function () {
console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓");
console.log("Cipher.doFinal('[B', 'int', 'int', '[B', 'int') is called!");
showStacks();
console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑");
return this.doFinal.apply(this, arguments);
}
cipher.doFinal.overload().implementation = function () {
console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓");
console.log("Cipher.doFinal() is called!");
showStacks();
console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑");
return this.doFinal.apply(this, arguments);
}

cipher.doFinal.overload('[B').implementation = function () {
console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓");
console.log("Cipher.doFinal('[B') is called!");
var algorithm = this.getAlgorithm();
var tag = algorithm + " doFinal data";
var data = arguments[0];
toUtf8(tag, data);
toHex(tag, data);
toBase64(tag, data);
var result = this.doFinal.apply(this, arguments);
var tags = algorithm + " doFinal result";
toHex(tags, result);
toBase64(tags, result);
showStacks();
console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑");
return result;
}
cipher.doFinal.overload('[B', 'int', 'int').implementation = function () {
console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓");
console.log("Cipher.doFinal('[B', 'int', 'int') is called!");
var algorithm = this.getAlgorithm();
var tag = algorithm + " doFinal data";
var data = arguments[0];
toUtf8(tag, data);
toHex(tag, data);
toBase64(tag, data);
var result = this.doFinal.apply(this, arguments);
var tags = algorithm + " doFinal result";
toHex(tags, result);
toBase64(tags, result);
console.log("arguments[1]:", arguments[1],);
console.log("arguments[2]:", arguments[2]);
showStacks();
console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑");
return result;
}
效果

原生安卓開發app的框架frida自吐算法開發

簽名算法

簽名算法是混合算法,先記著就行。

代碼//簽名算法var signature = Java.use("java.security.Signature");signature.update.overload('byte').implementation = function (data) { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("Signature.update('byte') is called!"); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return this.update(data);}signature.update.overload('java.nio.ByteBuffer').implementation = function (data) { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("Signature.update('java.nio.ByteBuffer') is called!"); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return this.update(data);}signature.update.overload('[B', 'int', 'int').implementation = function (data, start, length) { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("Signature.update('[B', 'int', 'int') is called!"); var algorithm = this.getAlgorithm(); var tag = algorithm + " update data"; toUtf8(tag, data); toHex(tag, data); toBase64(tag, data); console.log("start:", start); console.log("length:", length); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return this.update(data, start, length);}signature.sign.overload('[B', 'int', 'int').implementation = function () { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("Signature.sign('[B', 'int', 'int') is called!"); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return this.sign.apply(this, arguments);}signature.sign.overload().implementation = function () { console.log("↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓"); console.log("Signature.sign() is called!"); var result = this.sign(); var algorithm = this.getAlgorithm(); var tag = algorithm + " sign result"; toHex(tag, result); toBase64(tag, result); showStacks(); console.log("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑"); return result;}實戰效果xx牛.apk

原生安卓開發app的框架frida自吐算法開發

只要用了Java層的加密,這個方式就能直接都hook出來。

完整代碼z_Java層自吐.js總結

可能你會想,wc,這個家夥豈不是無敵了?別想太多。自吐算法只是輔助工具罷了,並且打印出來堆棧,更方便的分析罷了。

人生沒有白走的路,加油!如果在操作過程中有任何問題,記得下面留言,我們看到會第一時間解決問題。

越努力,越幸運。我是碼農星期八,如果覺得還不錯,記得動手點贊一下哈。感謝你的觀看。

軟件