jshook是对应用程序注入rhino/frida,你只需要会js就可以快速实现hook,并且支持java层和native层。
rhino包含了xposed的api,主要用于java层的hook;frida注入后js可以完全访问内存,支持java层和native层。
- Xposed api 82
- Android 5 - 14
![]() |
![]() |
---|
用js实现hook 支持java层和native层
Home Page: https://jshook.org
Not support frida mono api script 😔
复现:
/data/user/0/me.jsonet.jshook/jsdata/a.js
,所有者与用户组设为root,权限设为444a.js
并保存a.js
未被修改,但JsHook提示“保存成功”JsHook V1.1.9,安卓13
日志里面只显示了start hook XXXXXXXXX,没有显示hook后的console.log内容,在电脑上这段hook代码是正常的
表达感谢和钦佩之情,这样很多人都可以hook了。希望再多一些简易的教程,我再学习。
无root模式下,jshook是通过复制对应so到目标私有目录,然后调用load加载,但为什么我用Lspatch手动编写模块复刻该行为加载frida官方的gadget的so,却会闪退,于是我load jshook复制的so却可以,jshook的so是修改过的吗还是我的步骤有点问题,向请教一下。
hook the same method
hookMethod return null
hookByMethod reports it can't find the method
only hookAllMethods could work as expected
使用http模块案例,报错信息如下:JavaScript exception: JavaException: java.lang.ClassCastException: ʿʽˈˊˎʾˈ$ʻˎʻˆ cannot be cast to java.lang.Comparable
1.1.9无法启动frida server
框架显示未连接请提供下载入口或内置框架
在github最新的frida找到so文件导入后无法使用
新版本的无效,装任何脚本都无效,日志也没有,回退其他版本就没问题。
试了几个脚本注入各种应用都打印这个错误,请问这个怎么解决呢?
完整log:
[2022-10-19 16:43:05]: app: com.mimikko.mimikkoui start hook is rhino
[2022-10-19 16:43:05]: app: com.mimikko.mimikkoui get js frida简单脚本例子.js,rhino简单脚本例子.js
[2022-10-19 16:43:05]: app: com.mimikko.mimikkoui rhino run
[2022-10-19 16:43:05]: app: com.mimikko.mimikkoui rhino eroor: missing ; before statement (JsEngine#178)
这个问题可能不属于 jshook 问题。
我有个想法是在打开 ykDroid 的时候如果没开 NFC 就自动打开 NFC,代码如下:
common.hookMethod('net.pp3345.ykdroid.ChallengeResponseActivity','onCreate',['android.os.Bundle'], function(param){
}, function(param){
var ctx = common.getcontext()
var mgr = (android.nfc.NfcManager)(common.callMethod(ctx, 'getSystemService', ['nfc']))
var adapter = common.callMethod(mgr, 'getDefaultAdapter', [])
//var adapter = common.callStaticMethod('android.nfc.NfcAdapter', 'getDefaultAdapter', [common.getcontext()])
var enabled = common.callMethod(adapter, 'isEnabled', [])
if(enabled === java.lang.Boolean.valueOf('true')) {
common.log('enabled')
} else {
common.log('disabled')
//common.callMethod(adapter, 'enable', [])
var obj = common.callMethod(adapter, 'getClass', [])
var method = common.callMethod(obj, 'getDeclaredMethod', ['enable'])
common.callMethod(method, 'invoke', [adapter])
}
});
日志在打印 disabled 之后,出现的是 ...eroor:null,总是不成功,请问该如何做?
比如说调用 外部资源 替换应用内的图片文件之类的
已启用框架和勾选系统,A10,最新Lsposed
可以给一个官方例子吗 谢谢作者
Thanks.
为啥我小米安卓10系统 用自己原生frida 没问题 用你这个提示CPU 啥的不支持 推荐使用rhino
手机大部分是arm64,似乎不行呢
How to hook intent/broadcast received?
For example i want to hook android.provider.Telephony.SMS_RECEIVED
I could not get where to start?
对于某些应用lspatch注入会闪退不兼容,而太极却可以,想问一下是否支持其他框架
开启防护模块后注入直接失效了,请问这个是什么原因呢?使用的是jshook修改过的lsposed
发现怎么找到,都找不到实例,不知道怎么写这个代码?
encrypt
函数无法与decrypt
函数自洽,如下代码将会报错。const encrypt = crypto.encrypt("abcdefghijklmnop", "123", CRYPTO_AES, "AES/CBC/PKCS5Padding");
console.log(`encrypt = ${encrypt}`);
const decrypt = crypto.decrypt("abcdefghijklmnop", encrypt, CRYPTO_AES, "AES/CBC/PKCS5Padding");
console.log(`decrypt = ${decrypt}`);
encrypt = UtfTTy9RVgrhwzxMrAauQg==
JavaScript exception: JavaException: java.lang.NullPointerException: decryptAES(EncodeUtils.b…(), transformation, null) must not be null
encryptBytes
函数无法与decryptBytes
函数自洽,如下代码将会报错。const encryptBytes = crypto.encryptBytes([0x61,0x62,0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6a,0x6b,0x6c,0x6d,0x6e,0x6f,0x70], [0x31,0x32,0x33], CRYPTO_AES, "AES/CBC/PKCS5Padding");
console.log(`encryptBytes = ${encryptBytes}`);
const decryptBytes = crypto.decryptBytes([0x61,0x62,0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6a,0x6b,0x6c,0x6d,0x6e,0x6f,0x70], encryptBytes, CRYPTO_AES, "AES/CBC/PKCS5Padding");
console.log(`decryptBytes = ${decryptBytes}`);
encryptBytes = [B@56effe6
JavaScript exception: JavaException: java.lang.NullPointerException: {
Encryp…tion, null)
} must not be null
在aes和des加密时,如果使用CBC或其他需要iv的操作,为什么不需要传入iv,jshook提供的这个方法默认iv是什么,是否应当提供一个iv传参?
rc4EncryptBytes
函数无法与rc4DecryptBytes
函数自洽,如下代码无法还原数据。且测试二次加密/二次解密无法实现RC4的对合性
。是否是函数实现存在问题?
const rc4EncryptBytes = crypto.rc4EncryptBytes([0x61,0x62,0x63,0x64,0x65,0x66], [0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38]);
console.log(`rc4EncryptBytes = ${rc4EncryptBytes.map(v => v)}`);
const rc4DecryptBytes = crypto.rc4DecryptBytes([0x61,0x62,0x63,0x64,0x65,0x66], rc4EncryptBytes);
console.log(`rc4DecryptBytes = ${rc4DecryptBytes.map(v => v)}`);
const rc4EncryptBytesAgain = crypto.rc4EncryptBytes([0x61,0x62,0x63,0x64,0x65,0x66], rc4EncryptBytes); // RC4有对合性,理论上可以通过二次加密还原内容
console.log(`rc4EncryptBytesAgain = ${rc4EncryptBytesAgain.map(v => v)}`);
const rc4DecryptBytesAgain = crypto.rc4DecryptBytes([0x61,0x62,0x63,0x64,0x65,0x66], rc4DecryptBytes); // RC4有对合性,理论上可以通过二次解密还原内容
console.log(`rc4DecryptBytesAgain = ${rc4DecryptBytesAgain.map(v => v)}`);
rc4EncryptBytes = 50,32,-17,-115,31,50
rc4DecryptBytes = 34,-46,-6,44,33,-124
rc4EncryptBytesAgain = 60,-97,119,-70,94,-5
JavaScript exception: JavaException: java.lang.IllegalArgumentException: key must be between 1 and 256 bytes
例如:
common.hookAllMethods('java.security.KeyStore', 'getCertificateChain', function (param) {
common.toast(param.getResult());
});
这里返回类型为Certificate[]类型怎样接收这个数据?
多次实验发现param.getResult() -->null
但实际debug发现不为null
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.