Frida从入门到放弃_2(待补充)

1
2
3
4

adb root
adb push frida-server /data/local/tmp
adb shell "chmod 755 /data/local/tmp/frida-server"
adb shell "/data/local/tmp/frida-server &"

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

frida-ps -U      #列出USB设备运行ing的进程
frida-ps -Ua     #列出运行中的应用
frida-ps -Uai    #列出已安装的应用列表
frida-ps -D xxx  #连接指定的设备
frida-ps -R

#在Safari中跟踪recv*和send* API
frida-trace -i "recv*" -i "send" Safari 
#在Safari中跟踪ObjC方法调用
frida-trace -m "-[NSView drawRect:]" Safari
#在iPhone上启动SnapChat，跟踪加密API调用
frida-trace -U -f com.app.testing -I "libcommonCrypto*"
#当程序启动时，frida跟踪所有open function
frida-trace -U -i open com.app.testing

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

import frida
import sys,os

## package name
pkg_name = "com.example.xxx"
js_hook_file = "xxx.js"

def on_message(message,data):
    if message['type'] == 'send':
        print("[*] {0}".format(message['payload']))
    else:
        print(message)
## 插入js代码 or 加载js文件
jscode = ""

script = ""
process = frida.get_usb_device().attach(pkg_name)

with open(js_hook_file,"r") as f:
    script = process.create_script(f.read())

script.on('message', on_message)

script.load()
sys.stdin.read()

1
2
3
4
5

console.log("Script loaded successfully ");
Java.perform(function x() {

    //hook代码
});

1

frida -U -l xxx.js com.example.xxx