一.什么是frida rpc
rpc就是Remote Procedure Call (远程过程调用), 用数据线连手机电脑, 启动爬*虫, hook自动调用so函数, 省的分析so天书了.
二.demo讲解
包名:com.oppo.market
版本:9.0.1
过程:sign参数生成,我们发现sign由com.heytap.cdo.client.OcsTool.c方法生成
看下c方法,这是个native方法
frida支持rpc,直接把这个方法开出来:rpc_test.js
var result;
function sign(str_data, data_length) {
Java.perform(function () {
//静态方法主动调用,先找到对应的类
var OcsTool = Java.use("com.heytap.cdo.client.OcsTool");
//c 方法又两个入参,一个字符串string,一个是字符串对应的长度int
var str = Java.use("java.lang.String");
var string_data = str.$new(str_data);
result = OcsTool.c(string_data, data_length);
console.log(result);
});
return result
}
rpc.exports = {
sign: sign
};
在通过frida进行启动
import os
import frida
def on_message(message, payload):
message_type = message['type']
if message_type == 'send':
print('[* message]', message['payload'])
elif message_type == 'error':
stack = message['stack']
print('[* error]', stack)
else:
print(message)
js_code = open("rpc_test.js", "r", encoding="utf-8").read()
session = frida.get_usb_device().attach("com.oppo.market")
script = session.create_script(js_code)
script.on("message", on_message)
script.load()
def get_sign():
base_str = "asdadad"
data_length = len(base_str)
res = script.exports.sign(base_str, data_length)
print(res)
return res
get_sign()
运行流程
1.启动app 2.启动frida-server 3. 端口转发 4.运行成功:
标签:调用,sign,rpc,str,frida,message,data From: https://www.cnblogs.com/tjp40922/p/16849592.html