Frida "invoke-virtual" method overload fails with "Error: expected a pointer"
Frida "invoke-virtual" method overload fails with "Error: expected a pointer"
我想重载以下通过使用 apktool 反编译 Android 应用程序找到的方法:
invoke-virtual {v0, v4, v3}, Lokhttp3/aa$a;->b(Ljava/lang/String;Ljava/lang/String;)Lokhttp3/aa$a;
这是我的 Frida 脚本:
Java.perform(function() {
var targetClass = Java.use("okhttp3.aa$a");
targetClass.b.overload("java.lang.String", "java.lang.String").implementation = function(a, b) {
console.log("str1:" + a);
console.log("str2:" + b);
return this.b(a, b);
}
});
挂钩失败:
[ERROR] Error: expected a pointer
at value (frida/runtime/core.js:170)
at At (frida/node_modules/frida-java-bridge/lib/android.js:879)
at activate (frida/node_modules/frida-java-bridge/lib/android.js:960)
at <anonymous> (frida/node_modules/frida-java-bridge/lib/android.js:740)
at forEach (native)
at St (frida/node_modules/frida-java-bridge/lib/android.js:741)
at kt (frida/node_modules/frida-java-bridge/lib/android.js:732)
at vt (frida/node_modules/frida-java-bridge/lib/android.js:696)
at replace (frida/node_modules/frida-java-bridge/lib/android.js:1011)
at set (frida/node_modules/frida-java-bridge/lib/class-factory.js:1010)
at <anonymous> (/script2.js:3)
at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:16)
at _performPendingVmOps (frida/node_modules/frida-java-bridge/index.js:238)
at <anonymous> (frida/node_modules/frida-java-bridge/index.js:213)
at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:16)
at _performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:232)
at perform (frida/node_modules/frida-java-bridge/index.js:192)
at <eval> (/script2.js:8)
如何正确重载该方法?
更新
我发现这个错误是因为我试图一次加载多个脚本。
可能吗?
import frida
import sys
package_name = "com.test.com"
def hook_okhttp_url():
hook_code = open('hook_okhttp_url.js').read()
return hook_code
def hook_cronet_header():
hook_code = open('hook_cronet_header.js').read()
return hook_code
def on_message(message, data):
if message['type'] == 'error':
print("[ERROR] " + message['stack'])
elif message['type'] == 'send':
print("[INFO] " + message['payload'])
else:
print(message)
device = frida.get_usb_device()
process = device.attach(package_name)
okhttp_script = process.create_script(hook_okhttp_url())
cronet_script = process.create_script(hook_cronet_header())
okhttp_script.on('message', on_message)
cronet_script.on('message', on_message)
print('[*] Running Hook Test ...')
okhttp_script.load()
cronet_script.load()
sys.stdin.read()
我发现这个错误是因为我试图一次加载多个脚本。
可能吗?
当涉及到重载方法时,我更喜欢以这种方式挂钩和调用方法(因为它减少了问题):
Java.perform(function() {
const targetClass = Java.use("okhttp3.aa$a");
const targetMethod = targetClass.b.overload("java.lang.String", "java.lang.String");
targetMethod.implementation = function(a, b) {
console.log("str1:" + a);
console.log("str2:" + b);
return targetMethod.call(this, a, b);
}
});
最后用我的钩子将所有 js 文件连接成一个文件。
我想重载以下通过使用 apktool 反编译 Android 应用程序找到的方法:
invoke-virtual {v0, v4, v3}, Lokhttp3/aa$a;->b(Ljava/lang/String;Ljava/lang/String;)Lokhttp3/aa$a;
这是我的 Frida 脚本:
Java.perform(function() {
var targetClass = Java.use("okhttp3.aa$a");
targetClass.b.overload("java.lang.String", "java.lang.String").implementation = function(a, b) {
console.log("str1:" + a);
console.log("str2:" + b);
return this.b(a, b);
}
});
挂钩失败:
[ERROR] Error: expected a pointer
at value (frida/runtime/core.js:170)
at At (frida/node_modules/frida-java-bridge/lib/android.js:879)
at activate (frida/node_modules/frida-java-bridge/lib/android.js:960)
at <anonymous> (frida/node_modules/frida-java-bridge/lib/android.js:740)
at forEach (native)
at St (frida/node_modules/frida-java-bridge/lib/android.js:741)
at kt (frida/node_modules/frida-java-bridge/lib/android.js:732)
at vt (frida/node_modules/frida-java-bridge/lib/android.js:696)
at replace (frida/node_modules/frida-java-bridge/lib/android.js:1011)
at set (frida/node_modules/frida-java-bridge/lib/class-factory.js:1010)
at <anonymous> (/script2.js:3)
at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:16)
at _performPendingVmOps (frida/node_modules/frida-java-bridge/index.js:238)
at <anonymous> (frida/node_modules/frida-java-bridge/index.js:213)
at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:16)
at _performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:232)
at perform (frida/node_modules/frida-java-bridge/index.js:192)
at <eval> (/script2.js:8)
如何正确重载该方法?
更新
我发现这个错误是因为我试图一次加载多个脚本。 可能吗?
import frida
import sys
package_name = "com.test.com"
def hook_okhttp_url():
hook_code = open('hook_okhttp_url.js').read()
return hook_code
def hook_cronet_header():
hook_code = open('hook_cronet_header.js').read()
return hook_code
def on_message(message, data):
if message['type'] == 'error':
print("[ERROR] " + message['stack'])
elif message['type'] == 'send':
print("[INFO] " + message['payload'])
else:
print(message)
device = frida.get_usb_device()
process = device.attach(package_name)
okhttp_script = process.create_script(hook_okhttp_url())
cronet_script = process.create_script(hook_cronet_header())
okhttp_script.on('message', on_message)
cronet_script.on('message', on_message)
print('[*] Running Hook Test ...')
okhttp_script.load()
cronet_script.load()
sys.stdin.read()
我发现这个错误是因为我试图一次加载多个脚本。 可能吗?
当涉及到重载方法时,我更喜欢以这种方式挂钩和调用方法(因为它减少了问题):
Java.perform(function() {
const targetClass = Java.use("okhttp3.aa$a");
const targetMethod = targetClass.b.overload("java.lang.String", "java.lang.String");
targetMethod.implementation = function(a, b) {
console.log("str1:" + a);
console.log("str2:" + b);
return targetMethod.call(this, a, b);
}
});
最后用我的钩子将所有 js 文件连接成一个文件。