-
-
[求助] frida中Python如何向JS传递字符串
-
发表于:
2019-4-22 14:49
4905
-
[求助] frida中Python如何向JS传递字符串
在学习一个关于frida中python和JS交互的例子时没有复现成功
https://11x256.github.io/Frida-hooking-android-part-4/https://www.freebuf.com/articles/system/190565.html
原始代码见
https://github.com/11x256/frida-android-examples/tree/master/examples/4
JS传递字符串到Python是好的
PYthon传递字符串到JS中也是好的,但是这个字符串不能用在Java String使用的地方。
错误如下:
[PY-LOG] recv message={'type': 'error', 'description': "Error: <init>(): argument types do not match any of:\n\t.overload()......
错误发生在JS中这一句:
var string_to_recv = JavaString.$new(data_to_recv, "UTF-8");
这是PYthon代码
import time
import base64
import frida
def my_message_handler(message, payload):
print("[PY-LOG] recv message=%s,payload=%s" % (message,payload))
if message["type"] == "send":
data = message["payload"].split(":")[1].strip()
print("[PY-LOG] recv data=%s" % data)
data = base64.b64decode(data)
user, pwd = data.decode('ascii').split(":")
print("[PY-LOG] user=%s, pwd=%s" % (user,pwd))
print("[PY-LOG] encode user=%s, pwd=%s" % ("admin",pwd))
data = base64.b64encode(bytes("admin" + ":" + pwd, "utf-8"))
print("[PY-LOG] after b64encode data=%s" % data)
data = str(data,"utf-8")
jsonObj = {"my_data": data}
print("[PY-LOG] jsongObj="+str(jsonObj))
script.post(jsonObj) # send JSON object
print("[PY-LOG] Modified data sent")
device = frida.get_usb_device()
pid = device.spawn(["com.example.a11x256.frida_test"])
device.resume(pid)
time.sleep(1)
session = device.attach(pid)
with open("s4.js") as f:
script = session.create_script(f.read())
script.on("message", my_message_handler) # register the message handler
script.load()
input()
这个是JS代码
console.log("[JS-LOG] Script loaded successfully ");
Java.perform(function () {
var tv_class = Java.use("android.widget.TextView");
tv_class.setText.overload("java.lang.CharSequence").implementation = function (x) {
var string_to_send = x.toString();
var data_to_recv = null;
send(string_to_send); // send data to python code
recv(function (received_json_object) {
console.log("[JS-RECV] json="+received_json_object);
data_to_recv = received_json_object.my_data;
console.log("[JS-RECV] data="+data_to_recv);
}).wait(); //block execution till the message is received
var JavaString = Java.use("java.lang.String");
dumpJsObjInstProps("[JS-RECV] ", data_to_recv);
var string_to_recv = JavaString.$new(data_to_recv, "UTF-8");
console.log("[JS-LOG] setText data="+string_to_recv);
return this.setText(string_to_recv);
}
});
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
