标题起的比较大,但是加了一个my。加了my不是我完全是我自己写的意思。只是自己用的感觉不错、
代码借鉴了繁华大佬的 jni hook,CydiaSubstrate hook框架等等
不知道适不适用其他手机 比如art手机 artmethod
跑过好多ollvm混淆的项目,aes加密,rsa加密的项目。能直接拿到解密算法。
发出这个项目的原因是前几天看到一个jnitrace 项目,使用了一下,不知道是我不会用还是怎么回事,发现只能监控没有加密的第三方so
代码功能:
1打印所有jni函数 比如FindClass 的参数类名和返回地址 。
比如CallObjectMethod 的method->clazz->descriptor method->name method->shorty) + 1 和各个参数
2 监控指定 so(不指定会监控所有so)
3打印 指定jni函数的调用堆栈
4完全自定义拦截某个函数改变参数改变返回值,一键式调试运行
5 其他小功能 hook_sokect send_recv_fopen hook_device
代码很简单
1hook代码
void jnihookStart(JNIEnv *env){ const struct JNINativeInterface *anInterface = env->functions; Cydia::MSHookFunction((void *) anInterface->FindClass, (void *) new_FindClass, (void **) &old_FindClass); Cydia::MSHookFunction((void *) anInterface->GetStaticMethodID, (void *) &myGetStaticMethodID, (void **) &oldGetStaticMethodID); Cydia::MSHookFunction((void *) anInterface->GetFieldID, (void *) &myGetFieldID, (void **) &oldGetFieldID); Cydia::MSHookFunction((void *) anInterface->GetStaticFieldID, (void *) &myGetStaticFieldID, (void **) &oldGetStaticFieldID); Cydia::MSHookFunction((void *) anInterface->GetMethodID, (void *) &myGetMethodID, (void **) &oldGetMethodID); Cydia::MSHookFunction((void *) anInterface->GetStringUTFChars, (void *) &myGetStringUTFChars, (void **) &oldGetStringUTFChars); Cydia::MSHookFunction((void *) anInterface->CallObjectMethodV, (void *) &myCallObjectMethodV, (void **) &oldCallObjectMethodV); Cydia::MSHookFunction((void *) anInterface->NewObjectV, (void *) &myNewObjectV, (void **) &oldNewObjectV); Cydia::MSHookFunction((void *) anInterface->NewStringUTF, (void *) &myNewStringUTF, (void **) &oldNewStringUTF); Cydia::MSHookFunction((void *) anInterface->CallVoidMethodV, (void *) &myCallVoidMethodV, (void **) &oldCallVoidMethodV); Cydia::MSHookFunction((void *) anInterface->CallBooleanMethodV, (void *) &newCallBooleanMethodV, (void **) &oldCallBooleanMethodV); Cydia::MSHookFunction((void *) anInterface->CallByteMethodV, (void *) &myCallByteMethodV, (void **) &oldCallByteMethodV); Cydia::MSHookFunction((void *) anInterface->CallCharMethodV, (void *) &myCallCharMethodV, (void **) &oldCallCharMethodV); Cydia::MSHookFunction((void *) anInterface->SetBooleanField, (void *) &mySetBooleanField, (void **) &oldSetBooleanField); Cydia::MSHookFunction((void *) anInterface->SetByteField, (void *) &mySetByteField, (void **) &oldSetByteField); Cydia::MSHookFunction((void *) anInterface->SetCharField, (void *) &mySetCharField, (void **) &oldSetCharField); Cydia::MSHookFunction((void *) anInterface->SetIntField, (void *) &mySetIntField, (void **) &oldSetIntField); Cydia::MSHookFunction((void *) anInterface->SetLongField, (void *) &mySetLongField, (void **) &oldSetLongField); Cydia::MSHookFunction((void *) anInterface->SetStaticBooleanField, (void *) &mySetStaticBooleanField, (void **) &oldSetStaticBooleanField); Cydia::MSHookFunction((void *) anInterface->SetStaticByteField, (void *) &mySetStaticByteField, (void **) &oldSetStaticByteField); Cydia::MSHookFunction((void *) anInterface->SetStaticCharField, (void *) &mySetStaticCharField, (void **) &oldSetStaticCharField); Cydia::MSHookFunction((void *) anInterface->SetStaticIntField, (void *) &mySetStaticIntField, (void **) &oldSetStaticIntField); /*Cydia::MSHookFunction((void *) anInterface->SetStaticLongField, (void *) &mySetStaticLongField, (void **) &oldSetStaticLongField); */ Cydia::MSHookFunction((void *) anInterface->CallNonvirtualObjectMethodV, (void *) &myCallNonvirtualObjectMethodV, (void **) &oldCallNonvirtualObjectMethodV); Cydia::MSHookFunction((void *) anInterface->SetStaticDoubleField, (void *) &mySetStaticDoubleField, (void **) &oldSetStaticDoubleField); Cydia::MSHookFunction((void *) anInterface->SetDoubleField, (void *) &mySetDoubleField, (void **) &oldSetDoubleField); Cydia::MSHookFunction((void *) anInterface->CallShortMethodV, (void *) &myCallShortMethodV, (void **) &oldCallShortMethodV); Cydia::MSHookFunction((void *) anInterface->CallIntMethodV, (void *) &myCallIntMethodV, (void **) &oldCallIntMethodV); Cydia::MSHookFunction((void *) anInterface->CallLongMethodV, (void *) &myCallLongMethodV, (void **) &oldCallLongMethodV); Cydia::MSHookFunction((void *) anInterface->CallFloatMethodV, (void *) &myCallFloatMethodV, (void **) &oldCallFloatMethodV); Cydia::MSHookFunction((void *) anInterface->CallDoubleMethodV, (void *) &myCallDoubleMethodV, (void **) &oldCallDoubleMethodV); Cydia::MSHookFunction((void *) anInterface->SetStaticFloatField, (void *) &mySetStaticFloatField, (void **) &oldSetStaticFloatField); Cydia::MSHookFunction((void *) anInterface->SetStaticShortField, (void *) &mySetStaticShortField, (void **) &oldSetStaticShortField); Cydia::MSHookFunction((void *) anInterface->SetStaticObjectField, (void *) &mySetStaticObjectField, (void **) &oldSetStaticObjectField); Cydia::MSHookFunction((void *) anInterface->SetFloatField, (void *) &mySetFloatField, (void **) &oldSetFloatField); Cydia::MSHookFunction((void *) anInterface->SetShortField, (void *) &mySetShortField, (void **) &oldSetShortField); Cydia::MSHookFunction((void *) anInterface->SetObjectField, (void *) &mySetObjectField, (void **) &oldSetObjectField); Cydia::MSHookFunction((void *) anInterface->CallStaticVoidMethodV, (void *) &myCallStaticVoidMethodV, (void **) &oldCallStaticVoidMethodV); Cydia::MSHookFunction((void *) anInterface->CallStaticDoubleMethodV, (void *) &myCallStaticDoubleMethodV, (void **) &oldCallStaticDoubleMethodV); Cydia::MSHookFunction((void *) anInterface->CallStaticFloatMethodV, (void *) &myCallStaticFloatMethodV, (void **) &oldCallStaticFloatMethodV); Cydia::MSHookFunction((void *) anInterface->CallStaticLongMethodV, (void *) &myCallStaticLongMethodV, (void **) &oldCallStaticLongMethodV); Cydia::MSHookFunction((void *) anInterface->CallStaticObjectMethodV, (void *) &myCallStaticObjectMethodV, (void **) &oldCallStaticObjectMethodV); Cydia::MSHookFunction((void *) anInterface->CallStaticBooleanMethodV, (void *) &myCallStaticBooleanMethodV, (void **) &oldCallStaticBooleanMethodV); Cydia::MSHookFunction((void *) anInterface->CallStaticByteMethodV, (void *) &myCallStaticByteMethodV, (void **) &oldCallStaticByteMethodV); Cydia::MSHookFunction((void *) anInterface->CallStaticCharMethodV, (void *) &myCallStaticCharMethodV, (void **) &oldCallStaticCharMethodV); Cydia::MSHookFunction((void *) anInterface->CallStaticShortMethodV, (void *) &myCallStaticShortMethodV, (void **) &oldCallStaticShortMethodV); Cydia::MSHookFunction((void *) anInterface->CallStaticIntMethodV, (void *) &myCallStaticIntMethodV, (void **) &oldCallStaticIntMethodV); Cydia::MSHookFunction((void *) anInterface->RegisterNatives, (void *) &myRegisterNatives, (void **) &oldRegisterNatives); }
解析method代码
char *MAKE_ARG_ARRAY(char *str, va_list args, Method *method) { /* LOGI("进入MAKE_ARG_ARRAY1%s",method->clazz->descriptor); LOGI("进入MAKE_ARG_ARRAY2%s", method->name); LOGI("进入MAKE_ARG_ARRAY3%s",(method->shorty) + 1); LOGI("进入MAKE_ARG_ARRAY4%c",(method->shorty)[0]); char buffer[200]; sprintf(buffer, "%s : %s%s(%s)%c ", str, method->clazz->descriptor, method->name, (method->shorty) + 1, (method->shorty)[0]); LOGI("buffer1: %s",buffer); int argc = strlen(method->shorty); // dexProtoGetParameterCount(&method->prototype); LOGI("argc: %d",argc); */ int argc=3; int i; char buffer[200]; sprintf(buffer, "%s [%x]: ", str,method); char buffer_tmp[200]; // env->NewObject(AppBindData,init,1,env->NewStringUTF("haha"),5); jvalue *argarray = (jvalue *) alloca(argc - 1 * sizeof(jvalue)); for (i = 1; i < argc; i++) { switch ('I'/*method->shorty[i]*/) { case 'Z': case 'B': case 'S': case 'C': case 'I': argarray[i].i = va_arg(args, jint); sprintf(buffer_tmp, " %d ,", argarray[i].i); break; case 'J': argarray[i].j = va_arg(args, jlong); sprintf(buffer_tmp, " %lld ,", argarray[i].j); break; case 'L': argarray[i].l = va_arg(args, jobject); sprintf(buffer_tmp, " %x ,",* argarray[i].l); break; case 'D': argarray[i].d = va_arg(args, double); sprintf(buffer_tmp, " %lf ,", argarray[i].d); break; case 'F': argarray[i].f = (float) va_arg(args, double); sprintf(buffer_tmp, " %lf ,", argarray[i].f); break; } strcat(buffer, buffer_tmp); } return buffer; /*char *str1="%s[%s]"; return str;*/ }
完整github连接
https://github.com/skyun1314/framenthook
[线下培训]《安卓高级研修班》`FART`自动脱壳机专场!作者`hanbingle`开讲手把手教!北京9月8日等你来!
最后于 6小时前 被skyun编辑 ,原因: