Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-12-04 02:20:20 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md

155 lines
6.6 KiB
Markdown
Raw Normal View History

Translated ['forensics/basic-forensic-methodology/specific-software-file
2023-12-26 02:11:12 +00:00
# Frida 教程 1
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
<details>
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-01-10 06:29:36 +00:00
<summary><strong>从零开始学习 AWS 黑客攻击直到成为英雄,通过</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS 红队专家)</strong></a><strong></strong></summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-01-10 06:29:36 +00:00
支持 HackTricks 的其他方式:
* 如果您想在 **HackTricks 中看到您的公司广告****下载 HackTricks 的 PDF**,请查看 [**订阅计划**](https://github.com/sponsors/carlospolop)
* 获取 [**官方 PEASS & HackTricks 商品**](https://peass.creator-spring.com)
* 发现 [**PEASS 家族**](https://opensea.io/collection/the-peass-family),我们独家的 [**NFTs 集合**](https://opensea.io/collection/the-peass-family)
* **加入** 💬 [**Discord 群组**](https://discord.gg/hRep4RUj7f) 或 [**telegram 群组**](https://t.me/peass) 或在 **Twitter** 🐦 上 **关注** 我 [**@carlospolopm**](https://twitter.com/carlospolopm)**。**
* **通过向** [**HackTricks**](https://github.com/carlospolop/hacktricks) 和 [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github 仓库提交 PR 来分享您的黑客技巧。
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-01-10 06:29:36 +00:00
<figure><img src="../../../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
GitBook: [#3220] No subject
2022-05-24 00:07:19 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-01-10 06:29:36 +00:00
如果您对 **黑客职业** 感兴趣,并且想要黑入不可黑的系统 - **我们正在招聘!**_需要流利的波兰语书写和口语_
GitBook: [#3220] No subject
2022-05-24 00:07:19 +00:00
{% embed url="https://www.stmcyber.com/careers" %}
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['forensics/basic-forensic-methodology/specific-software-file
2023-12-26 02:11:12 +00:00
**来自**[https://medium.com/infosec-adventures/introduction-to-frida-5a3f51595ca1](https://medium.com/infosec-adventures/introduction-to-frida-5a3f51595ca1)\
Translated ['backdoors/salseo.md', 'forensics/basic-forensic-methodology
2023-08-22 10:47:40 +00:00
**APK**[https://github.com/t0thkr1s/frida-demo/releases](https://github.com/t0thkr1s/frida-demo/releases)\
**源代码**[https://github.com/t0thkr1s/frida-demo](https://github.com/t0thkr1s/frida-demo)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
GitBook: [#3220] No subject
2022-05-24 00:07:19 +00:00
## Python
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-01-10 06:29:36 +00:00
Frida 允许您在运行中的应用程序的函数内**插入 JavaScript 代码**。但您可以使用 **python** 来**调用**钩子,甚至与**钩子**进行**交互**。
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-01-10 06:29:36 +00:00
这是一个简单的 python 脚本,您可以在本教程中提出的所有示例中使用它:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```python
#hooking.py
import frida, sys
with open(sys.argv[1], 'r') as f:
Translated to Chinese
2023-08-03 19:12:22 +00:00
jscode = f.read()
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
process = frida.get_usb_device().attach('infosecadventures.fridademo')
script = process.create_script(jscode)
print('[ * ] Running Frida Demo application')
script.load()
sys.stdin.read()
```
Translated to Chinese
2023-08-03 19:12:22 +00:00
调用脚本:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```bash
python hooking.py <hookN.js>
```
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-01-10 06:29:36 +00:00
```markdown
使用 python 与 frida 配合是非常有用的,但对于这些示例,你也可以直接使用命令行 frida 工具来调用:
```
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2023-08-24 17:01:10 +00:00
```bash
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
frida -U --no-pause -l hookN.js -f infosecadventures.fridademo
```
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-01-10 06:29:36 +00:00
## Hook 1 - 布尔绕过
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['forensics/basic-forensic-methodology/specific-software-file
2023-12-26 02:11:12 +00:00
在这里,您可以看到如何从类 _infosecadventures.fridademo.utils.PinUtil_ 中**挂钩**一个**布尔**方法_checkPin_
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```javascript
//hook1.js
Java.perform(function() {
Translated to Chinese
2023-08-03 19:12:22 +00:00
console.log("[ * ] Starting implementation override...")
var MainActivity = Java.use("infosecadventures.fridademo.utils.PinUtil");
MainActivity.checkPin.implementation = function(pin){
console.log("[ + ] PIN check successfully bypassed!")
return true;
}
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
});
```
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
```
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
python hooking.py hook1.js
```
Translated ['forensics/basic-forensic-methodology/specific-software-file
2023-12-26 02:11:12 +00:00
## Hook 2 - 函数暴力破解
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Chinese
2023-08-03 19:12:22 +00:00
### 非静态函数
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['forensics/basic-forensic-methodology/specific-software-file
2023-12-26 02:11:12 +00:00
如果你想调用一个类的非静态函数,你**首先需要一个该类的实例**。然后,你可以使用这个实例来调用函数。\
为此,你可以**找到一个现有的实例**并使用它:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```javascript
Java.perform(function() {
Translated to Chinese
2023-08-03 19:12:22 +00:00
console.log("[ * ] Starting PIN Brute-force, please wait...");
Java.choose("infosecadventures.fridademo.utils.PinUtil", {
onMatch: function(instance) {
console.log("[ * ] Instance found in memory: " + instance);
for(var i = 1000; i < 9999; i++){
if(instance.checkPin(i + "") == true){
console.log("[ + ] Found correct PIN: " + i);
break;
}
}
},
onComplete: function() { }
});
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
});
```
Translated to Chinese
2023-08-03 19:12:22 +00:00
### 静态函数
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Chinese
2023-08-03 19:12:22 +00:00
如果函数是静态的,你可以直接调用它:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```javascript
//hook2.js
Java.perform(function () {
Translated to Chinese
2023-08-03 19:12:22 +00:00
console.log("[ * ] Starting PIN Brute-force, please wait...")
var PinUtil = Java.use("infosecadventures.fridademo.utils.PinUtil");
for(var i=1000; i < 9999; i++)
{
if(PinUtil.checkPin(i+"") == true){
console.log("[ + ] Found correct PIN: " + i);
}
}
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
});
```
Translated to Chinese
2023-08-03 19:12:22 +00:00
## Hook 3 - 检索参数和返回值
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['forensics/basic-forensic-methodology/specific-software-file
2023-12-26 02:11:12 +00:00
您可以挂钩一个函数,并使其**打印**出**传递参数**的值和**返回值**的值:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```javascript
//hook3.js
Java.perform(function() {
Translated to Chinese
2023-08-03 19:12:22 +00:00
console.log("[ * ] Starting implementation override...")
var EncryptionUtil = Java.use("infosecadventures.fridademo.utils.EncryptionUtil");
EncryptionUtil.encrypt.implementation = function(key, value){
console.log("Key: " + key);
console.log("Value: " + value);
var encrypted_ret = this.encrypt(key, value); //Call the original function
console.log("Encrypted value: " + encrypted_ret);
return encrypted_ret;
}
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
});
```
Translated to Chinese
2023-08-03 19:12:22 +00:00
## 重要
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-01-10 06:29:36 +00:00
在本教程中,您通过方法的名称和 _.implementation_ 钩住了方法。但是,如果有**多个同名方法**,您将需要**指定您想要钩住的方法****指出参数的类型**。
Translated ['backdoors/salseo.md', 'forensics/basic-forensic-methodology
2023-08-22 10:47:40 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'forensics/basic-forensi
2023-10-05 15:48:49 +00:00
您可以在[下一个教程](frida-tutorial-2.md)中看到这一点。
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-01-10 06:29:36 +00:00
<figure><img src="../../../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
Translated ['backdoors/salseo.md', 'forensics/basic-forensic-methodology
2023-08-22 10:47:40 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-01-10 06:29:36 +00:00
如果您对**黑客职业**感兴趣,并且想要黑掉不可黑的 - **我们正在招聘!**_需要流利的波兰语书写和口语_
GitBook: [#3220] No subject
2022-05-24 00:07:19 +00:00
{% embed url="https://www.stmcyber.com/careers" %}
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
<details>
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-01-10 06:29:36 +00:00
<summary><strong>通过</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>从零开始学习AWS黑客攻击</strong></summary>
支持HackTricks的其他方式
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-01-10 06:29:36 +00:00
* 如果您想在**HackTricks中看到您的公司广告**或**下载HackTricks的PDF**,请查看[**订阅计划**](https://github.com/sponsors/carlospolop)
Translated ['forensics/basic-forensic-methodology/specific-software-file
2023-12-26 02:11:12 +00:00
* 获取[**官方的PEASS & HackTricks商品**](https://peass.creator-spring.com)
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-01-10 06:29:36 +00:00
* 发现[**PEASS家族**](https://opensea.io/collection/the-peass-family),我们独家的[**NFTs系列**](https://opensea.io/collection/the-peass-family)
* **加入** 💬 [**Discord群组**](https://discord.gg/hRep4RUj7f) 或 [**telegram群组**](https://t.me/peass) 或在 **Twitter** 🐦 上**关注**我 [**@carlospolopm**](https://twitter.com/carlospolopm)**。**
* **通过向** [**HackTricks**](https://github.com/carlospolop/hacktricks) 和 [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来**分享您的黑客技巧**。
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Reference in a new issue Copy permalink