搜集一些常用的frida脚本
frida暴力破解的时候加点延时防止程序崩溃//frida暴力破解的时候加点延时防止程序崩溃
function sleep(time) {
var timeStamp = new Date().getTime();
var endTime = timeStamp + time;
while (true) {
if (new Date().getTime() > endTime) {
return;
}
}
}
frida 打印ndk中的String[]类型,String[]在JNI中表示为jobjectArray, 需要使用en.getArrayLength()来获取数组长度,通过env.getObjectArrayElement()函数得到数组中的元素也是jstring。然后打印jstring即可
function f() {
var arr4_len = Java.vm.getEnv().getArrayLength(args[4]);
console.log("arr4_len",arr4_len);
for (var i=0; i < arr4_len; i++){
var obj = Java.vm.getEnv().getObjectArrayElement(args[4],i);
console.log(obj)
//方式一
var element = Java.cast(obj,Java.use("java.lang.String"));
//方式二
var element = Java.vm.getEnv().getStringUtfChars(obj,null).readCString();
console.log(element);
}
}
function invoke() {
Java.perform(function () {
Java.choose("com.example.yaphetshan.tencentwelcome.MainActivity", {
onMatch: function (instance) {
console.log("found insttance ", instance);
console.log("invoke instance.a ", instance.a());
}, onComplete: function () {
console.log("search completed !")
}
})
})
}
setTimeout(invoke, 2000)
/**
* frida js脚本 string字符串转换为byte[]
* @param str String
* @returns {any[]} byte[]
*/
function stringToByte(str) {
var bytes = new Array();
var len, c;
len = str.length;
for (var i = 0; i < len; i++) {
c = str.charCodeAt(i);
if (c >= 0x010000 && c <= 0x10FFFF) {
bytes.push(((c >> 18) & 0x07) | 0xF0);
bytes.push(((c >> 12) & 0x3F) | 0x80);
bytes.push(((c >> 6) & 0x3F) | 0x80);
bytes.push((c & 0x3F) | 0x80);
} else if (c >= 0x000800 && c <= 0x00FFFF) {
bytes.push(((c >> 12) & 0x0F) | 0xE0);
bytes.push(((c >> 6) & 0x3F) | 0x80);
bytes.push((c & 0x3F) | 0x80);
} else if (c >= 0x000080 && c <= 0x0007FF) {
bytes.push(((c >> 6) & 0x1F) | 0xC0);
bytes.push((c & 0x3F) | 0x80);
} else {
bytes.push(c & 0xFF);
}
}
return bytes;
}
/**
* frida js版本,byte[]数组转换为字符串
* @param arr byte[]
* @returns {string} 字符串
*/
function byteToString(arr) {
if (typeof arr === 'string') {
return arr;
}
var str = '',
_arr = arr;
for (var i = 0; i < _arr.length; i++) {
var one = _arr[i].toString(2),
v = one.match(/^1+?(?=0)/);
if (v && one.length == 8) {
var bytesLength = v[0].length;
var store = _arr[i].toString(2).slice(7 - bytesLength);
for (var st = 1; st < bytesLength; st++) {
store += _arr[st + i].toString(2).slice(2);
}
str += String.fromCharCode(parseInt(store, 2));
i += bytesLength - 1;
} else {
str += String.fromCharCode(_arr[i]);
}
}
return str;
}
/**
* byte[]转换为hex String
* @param arr byte[]
* @returns {string} String
*/
function bytesToHex(arr) {
var str = '';
var k, j;
for (var i = 0; i < arr.length; i++) {
k = arr[i];
j = k;
if (k < 0) {
j = k + 256;
}
if (j < 16) {
str += "0";
}
str += j.toString(16);
}
return str;
};
/**
* java对象转String
* @param javaObj
* @returns {*}
*/
function objectToString(javaObj) {
var gson = Java.use('com.google.gson.Gson').$new();
return gson.toJson(javaObj);
}
/**
* Map对象转String
* @param map
* @returns {string}
*/
function mapToString(map) {
var keyset = map.keySet();
var it = keyset.iterator();
var str = "{";
while (it.hasNext()) {
var keystr = it.next().toString();
var valuestr = map.get(keystr);
str += '"' + keystr + '":"' + valuestr + '",';
}
return str.trim(',') + "}";
}
/**
* byte[]进行base64编码
* @param bytes
* @returns {*}
*/
function byte2Base64(bytes) {
var jBase64 = Java.use('android.util.Base64');
return jBase64.encodeToString(bytes, 2);
}
/**
* 获取格式化时间 2022-05-10 19:17:49
* @returns {string}
*/
function getFormatDate() {
var date = new Date();
var month = date.getMonth() + 1;
var strDate = date.getDate();
var strHours = date.getHours();
var strMinutes = date.getMinutes();
var strSeconds = date.getSeconds()
if (month >= 1 && month <= 9) {
month = "0" + month;
}
if (strDate >= 0 && strDate <= 9) {
strDate = "0" + strDate;
}
if (strHours >= 0 && strHours <= 9) {
strHours = "0" + strHours;
}
if (strMinutes >= 0 && strMinutes <= 9) {
strMinutes = "0" + strMinutes;
}
if (strSeconds >= 0 && strSeconds <= 9) {
strSeconds = "0" + strSeconds;
}
var currentDate = date.getFullYear() + "-" + month + "-" + strDate
+ " " + strHours + ":" + strMinutes + ":" + strSeconds;
return currentDate;
}
/**
* 2022-05-10 19:17:49
* @param inputTime 参数是毫秒级时间戳
*
*/
function formatDate(inputTime) {
var date = new Date(inputTime);
var y = date.getFullYear();
var m = date.getMonth() + 1;
m = m < 10 ? ('0' + m) : m;
var d = date.getDate();
d = d < 10 ? ('0' + d) : d;
var h = date.getHours();
h = h < 10 ? ('0' + h) : h;
var minute = date.getMinutes();
var second = date.getSeconds();
minute = minute < 10 ? ('0' + minute) : minute;
second = second < 10 ? ('0' + second) : second;
return y + '-' + m + '-' + d + ' ' + h + ':' + minute + ':' + second;
}
console.log(getFormatDate())
console.log(formatDate(new Date().getTime()))
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)