depau/tapo.js

## tapo.js

setTimeout(function() {
    Java.perform(function () {
      var Account = Java.use("com.tplink.libtpnetwork.cameranetwork.model.Account");
      var Request = Java.use("com.tplink.libtpnetwork.cameranetwork.model.Request");
      var Response = Java.use("com.tplink.libtpnetwork.cameranetwork.model.Response");
      var TPIoTResponse = Java.use("com.tplink.libtpnetwork.IoTNetwork.TPIoTResponse");
      var RequestInterceptor = Java.use("com.tplink.libtpnetwork.cameranetwork.c.a.a.b");
      var ByteString = Java.use("com.android.okhttp.okio.ByteString");
      var Buffer = Java.use("com.android.okhttp.okio.Buffer");
      var OkRequest = Java.use("okhttp3.Request");
      var OkBuilder = Java.use("okhttp3.Request$Builder");

      Account.$init.implementation = function(user, pass, somebool) {
        console.log("new Account(" + user + ", " + pass + ", " + somebool + ")");
        return this.$init(user, pass, somebool);
      }
      console.log("Injected Account");

//      Request.$init.overload('com.tplink.libtpnetwork.cameranetwork.model.Method', 'java.lang.Object').implementation = function(method, request) {
//        console.log("new Request(" + method + ", " + request.toString() + ")");
//        return this.$init(method, request);
//      }
//      Request.$init.overload('java.lang.String', 'java.lang.Object').implementation = function(method, request) {
//        console.log("new Request(" + method + ", " + request.toString() + ")");
//        return this.$init(method, request);
//      }
//      console.log("Injected Request");

      RequestInterceptor.intercept.implementation = function(chain) {
        var request = chain.request();
        try {
            console.log("MyInterceptor.intercept onEnter:", request, "\nrequest headers:\n", request.headers());
            var requestBody = request.body();
            var contentLength = requestBody ? requestBody.contentLength() : 0;
            if (contentLength > 0) {
                var BufferObj = Buffer.$new();
                requestBody.writeTo(BufferObj);
                try {
                    console.log("\nrequest body String:\n", BufferObj.readString(), "\n");
                } catch (error) {
                    try {
                        console.log("\nrequest body ByteString:\n", ByteString.of(BufferObj.readByteArray()).hex(), "\n");
                    } catch (error) {
                        console.log("error try read body:", error);
                    }
                }
            }
        } catch (error) {
            console.log("error first part:", error);
        }
        var response = this.intercept(chain);
//        try {
//            console.log("MyInterceptor.intercept onLeave:", response, "\nresponse headers:\n", response.headers());
//            var responseBody = response.body();
//            console.log("\nresponseBody:", responseBody, "\n");
//
//            var ContentType = response.headers().get("Content-Type");
//            console.log("ContentType:", ContentType);
//            if (ContentType.indexOf("video") == -1) {
//                if (ContentType.indexOf("application") == 0) {
//                    var source = responseBody.source();
//                    if (ContentType.indexOf("application/zip") != 0) {
//                        try {
//                            console.log("\nresponse.body StringClass\n", source.readUtf8(), "\n");
//                        } catch (error) {
//                            try {
//                                console.log("\nresponse.body ByteString\n", source.readByteString().hex(), "\n");
//                            } catch (error) {
//                                console.log("error try read resp body:", error);
//                            }
//                        }
//                    }
//                }
//            }
//
//        } catch (error) {
//            console.log("error main:", error);
//        }
        return response;
    };


//      PluginService.doCheck.implementation = function() {
//        console.log("hijacked doCheck");
//      }
//
//      var pfinit = PluginFunctions.$init.overload("com.android.tcplugins.FileSystem.PluginService", "android.app.PendingIntent");
//      pfinit.implementation = function(a, b) {
//        var ret = this.$init(a, b);
//        this.isUserDebugMode = true;
//        this.isUserExtendedDebugMode = true;
//        this.isUserDumpAllReadAccess = true;
//        return ret;
//      }
    });
}, 0);

	setTimeout(function() {
	Java.perform(function () {
	var Account = Java.use("com.tplink.libtpnetwork.cameranetwork.model.Account");
	var Request = Java.use("com.tplink.libtpnetwork.cameranetwork.model.Request");
	var Response = Java.use("com.tplink.libtpnetwork.cameranetwork.model.Response");
	var TPIoTResponse = Java.use("com.tplink.libtpnetwork.IoTNetwork.TPIoTResponse");
	var RequestInterceptor = Java.use("com.tplink.libtpnetwork.cameranetwork.c.a.a.b");
	var ByteString = Java.use("com.android.okhttp.okio.ByteString");
	var Buffer = Java.use("com.android.okhttp.okio.Buffer");
	var OkRequest = Java.use("okhttp3.Request");
	var OkBuilder = Java.use("okhttp3.Request$Builder");

	Account.$init.implementation = function(user, pass, somebool) {
	console.log("new Account(" + user + ", " + pass + ", " + somebool + ")");
	return this.$init(user, pass, somebool);
	}
	console.log("Injected Account");

	// Request.$init.overload('com.tplink.libtpnetwork.cameranetwork.model.Method', 'java.lang.Object').implementation = function(method, request) {
	// console.log("new Request(" + method + ", " + request.toString() + ")");
	// return this.$init(method, request);
	// }
	// Request.$init.overload('java.lang.String', 'java.lang.Object').implementation = function(method, request) {
	// console.log("new Request(" + method + ", " + request.toString() + ")");
	// return this.$init(method, request);
	// }
	// console.log("Injected Request");

	RequestInterceptor.intercept.implementation = function(chain) {
	var request = chain.request();
	try {
	console.log("MyInterceptor.intercept onEnter:", request, "\nrequest headers:\n", request.headers());
	var requestBody = request.body();
	var contentLength = requestBody ? requestBody.contentLength() : 0;
	if (contentLength > 0) {
	var BufferObj = Buffer.$new();
	requestBody.writeTo(BufferObj);
	try {
	console.log("\nrequest body String:\n", BufferObj.readString(), "\n");
	} catch (error) {
	try {
	console.log("\nrequest body ByteString:\n", ByteString.of(BufferObj.readByteArray()).hex(), "\n");
	} catch (error) {
	console.log("error try read body:", error);
	}
	}
	}
	} catch (error) {
	console.log("error first part:", error);
	}
	var response = this.intercept(chain);
	// try {
	// console.log("MyInterceptor.intercept onLeave:", response, "\nresponse headers:\n", response.headers());
	// var responseBody = response.body();
	// console.log("\nresponseBody:", responseBody, "\n");
	//
	// var ContentType = response.headers().get("Content-Type");
	// console.log("ContentType:", ContentType);
	// if (ContentType.indexOf("video") == -1) {
	// if (ContentType.indexOf("application") == 0) {
	// var source = responseBody.source();
	// if (ContentType.indexOf("application/zip") != 0) {
	// try {
	// console.log("\nresponse.body StringClass\n", source.readUtf8(), "\n");
	// } catch (error) {
	// try {
	// console.log("\nresponse.body ByteString\n", source.readByteString().hex(), "\n");
	// } catch (error) {
	// console.log("error try read resp body:", error);
	// }
	// }
	// }
	// }
	// }
	//
	// } catch (error) {
	// console.log("error main:", error);
	// }
	return response;
	};




	// PluginService.doCheck.implementation = function() {
	// console.log("hijacked doCheck");
	// }
	//
	// var pfinit = PluginFunctions.$init.overload("com.android.tcplugins.FileSystem.PluginService", "android.app.PendingIntent");
	// pfinit.implementation = function(a, b) {
	// var ret = this.$init(a, b);
	// this.isUserDebugMode = true;
	// this.isUserExtendedDebugMode = true;
	// this.isUserDumpAllReadAccess = true;
	// return ret;
	// }
	});
	}, 0);