改一下包名即可应用
import frida,sysdef on_message(message,data): if message['type'] == 'send': print("[*] {0}".format(message['payload'])) else: print(message)jscode = """//打印调用堆栈function printstack(){ send(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));}//array 转成 stringfunction array2string(array){ var buffer = Java.array('byte',array); var result = ""; for(var i = 0; i< buffer.length; ++i){ result += (String.fromCharCode(buffer[i])); } return result;}Java.perform( function(){ var MessageDigest = Java.use('java.security.MessageDigest'); MessageDigest.update.overload('[B').implementation = function(bytesarray){ send('I am here 0:'); //var String = Java.use('java.lang.String').$new(bytesarray); send("ori:"+array2string(bytesarray)); printstack(); this.update(bytesarray); }, MessageDigest.update.overload('java.nio.ByteBuffer').implementation = function(bytesarray){ send('I am here 1:'); //var String = Java.use('java.lang.String').$new(bytesarray); //send("ori:"+array2string(bytesarray)); //printstack(); this.update(bytesarray); }, MessageDigest.update.overload('byte').implementation = function(bytesarray){ send('I am here 2:'); //var String = Java.use('java.lang.String').$new(bytesarray); //send("ori:"+array2string(bytesarray)); //printstack(); this.update(bytesarray); }, MessageDigest.update.overload('[B', 'int', 'int').implementation = function(bytesarray){ send('I am here 3:'); //var String = Java.use('java.lang.String').$new(bytesarray); //send("ori:"+array2string(bytesarray)); //printstack(); this.update(bytesarray); }, //hook什么加密办法 MessageDigest.getInstance.overloads[0].implementation = function(algorithm){ send("call ->fetInstance for " + algorithm); return this.getInstance.overloads[0].apply(this,arguments); };})"""process = frida.get_usb_device(timeout=1000).attach('包名')script = process.create_script(jscode)script.on('message',on_message)print('[*] Running CTF')script.load()sys.stdin.read()