Created
October 10, 2020 12:29
-
-
Save friddle/142cd63dc2479cc9f249e4384a8f68a0 to your computer and use it in GitHub Desktop.
frida-virbration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function virbration() | |
| { | |
| Java.perform(function () { | |
| var Vibrate = Java.use("android.os.Vibrator"); | |
| Java.scheduleOnMainThread(function() { | |
| var activity=Java.use("android.app.ActivityThread").currentApplication().getApplicationContext(); | |
| var wVibrate=Java.cast(activity.getSystemService('vibrator'),Vibrate) | |
| console.log(wVibrate) | |
| wVibrate.vibrate(1000) | |
| }); | |
| });} | |
| setTimeout(test,1000) |
sms
记得加短信权限
function invoke_sms(text)
{
Java.scheduleOnMainThread(function(){
var SmsManager = Java.use('android.telephony.SmsManager');
SmsManager.getDefault().sendTextMessage("18888888", null, text, null,null);
invoke_toast(text)
});
}
给网络权限打开模式
function OpenStrictMode()
{
let rStrictMode=Java.use('android.os.StrictMode')
let rStrictThreadMode=Java.use('android.os.StrictMode$ThreadPolicy$Builder')
rStrictMode.setThreadPolicy(rStrictThreadMode.$new().permitAll().build())
return
}
Retrofit2 frida-js监听接口调用:
function Retrofit_Listener() {
var rRetrofitClass = Java.use("retrofit2.Retrofit")
rRetrofitClass.loadServiceMethod.implementation=function(_method)
{
//console.log("create method by which_classes:"+_method.getName())
var invokeClass=_method.getDeclaringClass();
var invokeParams=_method.getParameters()
console.log("class_name:"+invokeClass.getName()+
"\tmethod_name:"+_method.getName()
+"\tinvoke_params:"+invokeParams.map(function(item,index){
return "index"+index.toString()+":"+item.getType().getName()
}).join(",")
)
var result=this.loadServiceMethod.call(this,_method);
return result;
}
rHttpServiceMethod.invoke.overload("[Ljava.lang.Object;").implementation=function (classes_) {
let params_text=",";
for(var s_class of classes_)
{
params_text=params_text+","+json_output(s_class)
}
var result=this.invoke.overload("[Ljava.lang.Object;").call(this,classes_)
console.log("invoke_params:"+params_text)
console.log("invoke_result"+json_output(result))
return result
};
}
Retrofit2直接调用。。。
function invokeDynamic(body) {
OpenStrictMode()
let apiName = body.apiName;
let methodName = body.methodName;
let objs = body.params;
Java.perform(function () {
var rApiObj = Java.use(apiName)
try {
let retrofit = ...;
let ApiObj = Java.cast(retrofit.create(rApiObj.class), rApiObj)
let methodObservable = ApiObj[methodName].call(ApiObj, ...objs)
result = json_output(methodObservable.blockingSingle())
return result;
} catch (e) {
console.log("error"+e)
result = "error" + e
}
})
console.log("result:result"+result)
return result
}
rHttpServiceMethod.invoke.overload("[Ljava.lang.Object;").implementation=function (classes_) {
let params_text=",";
for(var s_class of classes_)
{
params_text=params_text+","+json_output(s_class)
}
var result=this.invoke.overload("[Ljava.lang.Object;").call(this,classes_)
console.log("invoke_params:"+params_text)
console.log("invoke_result"+json_output(result))
return result
};``
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
toast