from
pyfrida
import
pyfrida
from
pyfrida.pyfrida
import
JSObject, JSContext
import
frida
import
os
def
setup_hook(ctx: JSContext):
clz
=
ctx.Java.use(
"com.xiaomi.xms.wearable.ui.appshop.manager.AppDownloadManager"
)
clz.getAppFilePath.implementation
=
js_getfilepath
def
get_filepath(ctx: JSContext, a1: JSObject):
r
=
ctx.this.getAppFilePath(a1)
print
(
"参数: "
, a1.get_val(),
"返回值: "
, r.get_val())
os.system(
"adb pull %s 1.rpk"
%
(r.get_val(), ))
return
r
device
=
frida.get_usb_device()
fs
=
pyfrida.FridaScript()
js_setup_hook
=
fs.add_js_function(setup_hook)
js_getfilepath
=
fs.add_js_function(get_filepath)
ps
=
device.get_process(
"小米运动健康"
)
fs.attach(device, ps.pid)
fs.exec_func_in_java(js_setup_hook)
input
()