My J2C Killer
2019-09-04 18:20:44 Author: bbs.pediy.com(查看原文) 阅读量:261 收藏

[原创]My J2C Killer

6小时前 902

标题起的比较大,但是加了一个my。加了my不是我完全是我自己写的意思。只是自己用的感觉不错、

代码借鉴了繁华大佬的 jni hook,CydiaSubstrate hook框架等等

不知道适不适用其他手机 比如art手机 artmethod

跑过好多ollvm混淆的项目,aes加密,rsa加密的项目。能直接拿到解密算法。

发出这个项目的原因是前几天看到一个jnitrace 项目,使用了一下,不知道是我不会用还是怎么回事,发现只能监控没有加密的第三方so

 代码功能:

 1打印所有jni函数 比如FindClass 的参数类名和返回地址 。

比如CallObjectMethod 的method->clazz->descriptor   method->name    method->shorty) + 1    和各个参数

2 监控指定 so(不指定会监控所有so)

3打印 指定jni函数的调用堆栈

4完全自定义拦截某个函数改变参数改变返回值,一键式调试运行

5 其他小功能 hook_sokect send_recv_fopen  hook_device 

代码很简单

1hook代码


void jnihookStart(JNIEnv *env){
   const struct JNINativeInterface *anInterface = env->functions;
    Cydia::MSHookFunction((void *) anInterface->FindClass, (void *) new_FindClass,
                          (void **) &old_FindClass);

    Cydia::MSHookFunction((void *) anInterface->GetStaticMethodID, (void *) &myGetStaticMethodID,
                          (void **) &oldGetStaticMethodID);

   Cydia::MSHookFunction((void *) anInterface->GetFieldID, (void *) &myGetFieldID,
                          (void **) &oldGetFieldID);
    Cydia::MSHookFunction((void *) anInterface->GetStaticFieldID, (void *) &myGetStaticFieldID,
                          (void **) &oldGetStaticFieldID);
    Cydia::MSHookFunction((void *) anInterface->GetMethodID, (void *) &myGetMethodID,
                          (void **) &oldGetMethodID);
    Cydia::MSHookFunction((void *) anInterface->GetStringUTFChars, (void *) &myGetStringUTFChars,
                          (void **) &oldGetStringUTFChars);
    Cydia::MSHookFunction((void *) anInterface->CallObjectMethodV, (void *) &myCallObjectMethodV,
                          (void **) &oldCallObjectMethodV);

    Cydia::MSHookFunction((void *) anInterface->NewObjectV, (void *) &myNewObjectV,
                          (void **) &oldNewObjectV);


    Cydia::MSHookFunction((void *) anInterface->NewStringUTF, (void *) &myNewStringUTF,
                          (void **) &oldNewStringUTF);

    Cydia::MSHookFunction((void *) anInterface->CallVoidMethodV, (void *) &myCallVoidMethodV,
                          (void **) &oldCallVoidMethodV);


    Cydia::MSHookFunction((void *) anInterface->CallBooleanMethodV, (void *) &newCallBooleanMethodV,
                          (void **) &oldCallBooleanMethodV);


    Cydia::MSHookFunction((void *) anInterface->CallByteMethodV, (void *) &myCallByteMethodV,
                          (void **) &oldCallByteMethodV);


    Cydia::MSHookFunction((void *) anInterface->CallCharMethodV, (void *) &myCallCharMethodV,
                          (void **) &oldCallCharMethodV);

    Cydia::MSHookFunction((void *) anInterface->SetBooleanField, (void *) &mySetBooleanField,
                                                                             (void **) &oldSetBooleanField);

    Cydia::MSHookFunction((void *) anInterface->SetByteField, (void *) &mySetByteField,
                          (void **) &oldSetByteField);

    Cydia::MSHookFunction((void *) anInterface->SetCharField, (void *) &mySetCharField,
                          (void **) &oldSetCharField);

    Cydia::MSHookFunction((void *) anInterface->SetIntField, (void *) &mySetIntField,
                          (void **) &oldSetIntField);

    Cydia::MSHookFunction((void *) anInterface->SetLongField, (void *) &mySetLongField,
                          (void **) &oldSetLongField);



    Cydia::MSHookFunction((void *) anInterface->SetStaticBooleanField, (void *) &mySetStaticBooleanField,
                          (void **) &oldSetStaticBooleanField);

    Cydia::MSHookFunction((void *) anInterface->SetStaticByteField, (void *) &mySetStaticByteField,
                          (void **) &oldSetStaticByteField);

    Cydia::MSHookFunction((void *) anInterface->SetStaticCharField, (void *) &mySetStaticCharField,
                          (void **) &oldSetStaticCharField);

    Cydia::MSHookFunction((void *) anInterface->SetStaticIntField, (void *) &mySetStaticIntField,
                          (void **) &oldSetStaticIntField);

    /*Cydia::MSHookFunction((void *) anInterface->SetStaticLongField, (void *) &mySetStaticLongField,
                          (void **) &oldSetStaticLongField);
*/

    Cydia::MSHookFunction((void *) anInterface->CallNonvirtualObjectMethodV, (void *) &myCallNonvirtualObjectMethodV,
                          (void **) &oldCallNonvirtualObjectMethodV);


    Cydia::MSHookFunction((void *) anInterface->SetStaticDoubleField, (void *) &mySetStaticDoubleField,
                          (void **) &oldSetStaticDoubleField);

    Cydia::MSHookFunction((void *) anInterface->SetDoubleField, (void *) &mySetDoubleField,
                          (void **) &oldSetDoubleField);


    Cydia::MSHookFunction((void *) anInterface->CallShortMethodV, (void *) &myCallShortMethodV,
                          (void **) &oldCallShortMethodV);

    Cydia::MSHookFunction((void *) anInterface->CallIntMethodV, (void *) &myCallIntMethodV,
                          (void **) &oldCallIntMethodV);

    Cydia::MSHookFunction((void *) anInterface->CallLongMethodV, (void *) &myCallLongMethodV,
                          (void **) &oldCallLongMethodV);

    Cydia::MSHookFunction((void *) anInterface->CallFloatMethodV, (void *) &myCallFloatMethodV,
                          (void **) &oldCallFloatMethodV);

    Cydia::MSHookFunction((void *) anInterface->CallDoubleMethodV, (void *) &myCallDoubleMethodV,
                          (void **) &oldCallDoubleMethodV);

    Cydia::MSHookFunction((void *) anInterface->SetStaticFloatField, (void *) &mySetStaticFloatField,
                          (void **) &oldSetStaticFloatField);

    Cydia::MSHookFunction((void *) anInterface->SetStaticShortField, (void *) &mySetStaticShortField,
                          (void **) &oldSetStaticShortField);


    Cydia::MSHookFunction((void *) anInterface->SetStaticObjectField, (void *) &mySetStaticObjectField,
                          (void **) &oldSetStaticObjectField);

    Cydia::MSHookFunction((void *) anInterface->SetFloatField, (void *) &mySetFloatField,
                          (void **) &oldSetFloatField);

    Cydia::MSHookFunction((void *) anInterface->SetShortField, (void *) &mySetShortField,
                          (void **) &oldSetShortField);

    Cydia::MSHookFunction((void *) anInterface->SetObjectField, (void *) &mySetObjectField,
                          (void **) &oldSetObjectField);

    Cydia::MSHookFunction((void *) anInterface->CallStaticVoidMethodV, (void *) &myCallStaticVoidMethodV,
                          (void **) &oldCallStaticVoidMethodV);

    Cydia::MSHookFunction((void *) anInterface->CallStaticDoubleMethodV, (void *) &myCallStaticDoubleMethodV,
                          (void **) &oldCallStaticDoubleMethodV);

    Cydia::MSHookFunction((void *) anInterface->CallStaticFloatMethodV, (void *) &myCallStaticFloatMethodV,
                          (void **) &oldCallStaticFloatMethodV);

    Cydia::MSHookFunction((void *) anInterface->CallStaticLongMethodV, (void *) &myCallStaticLongMethodV,
                          (void **) &oldCallStaticLongMethodV);

    Cydia::MSHookFunction((void *) anInterface->CallStaticObjectMethodV, (void *) &myCallStaticObjectMethodV,
                          (void **) &oldCallStaticObjectMethodV);

    Cydia::MSHookFunction((void *) anInterface->CallStaticBooleanMethodV, (void *) &myCallStaticBooleanMethodV,
                          (void **) &oldCallStaticBooleanMethodV);

    Cydia::MSHookFunction((void *) anInterface->CallStaticByteMethodV, (void *) &myCallStaticByteMethodV,
                          (void **) &oldCallStaticByteMethodV);

    Cydia::MSHookFunction((void *) anInterface->CallStaticCharMethodV, (void *) &myCallStaticCharMethodV,
                          (void **) &oldCallStaticCharMethodV);

    Cydia::MSHookFunction((void *) anInterface->CallStaticShortMethodV, (void *) &myCallStaticShortMethodV,
                          (void **) &oldCallStaticShortMethodV);

    Cydia::MSHookFunction((void *) anInterface->CallStaticIntMethodV, (void *) &myCallStaticIntMethodV,
                          (void **) &oldCallStaticIntMethodV);

    Cydia::MSHookFunction((void *) anInterface->RegisterNatives, (void *) &myRegisterNatives,
                          (void **) &oldRegisterNatives);

}

解析method代码

char *MAKE_ARG_ARRAY(char *str, va_list args, Method *method) {
   /* LOGI("进入MAKE_ARG_ARRAY1%s",method->clazz->descriptor);
    LOGI("进入MAKE_ARG_ARRAY2%s", method->name);
    LOGI("进入MAKE_ARG_ARRAY3%s",(method->shorty) + 1);
    LOGI("进入MAKE_ARG_ARRAY4%c",(method->shorty)[0]);
    char buffer[200];
    sprintf(buffer, "%s : %s%s(%s)%c   ", str, method->clazz->descriptor, method->name, (method->shorty) + 1, (method->shorty)[0]);
    LOGI("buffer1: %s",buffer);
    int argc = strlen(method->shorty); // dexProtoGetParameterCount(&method->prototype);
    LOGI("argc: %d",argc);
    */
    int argc=3;
    int i;
    char buffer[200];
    sprintf(buffer, "%s [%x]: ", str,method);
    char buffer_tmp[200];
// env->NewObject(AppBindData,init,1,env->NewStringUTF("haha"),5);
    jvalue *argarray = (jvalue *) alloca(argc - 1 * sizeof(jvalue));
    for (i = 1; i < argc; i++) {

        switch ('I'/*method->shorty[i]*/) {
            case 'Z':

            case 'B':

            case 'S':

            case 'C':

            case 'I':
                argarray[i].i = va_arg(args, jint);
                sprintf(buffer_tmp, " %d ,", argarray[i].i);

                break;
            case 'J':
                argarray[i].j = va_arg(args, jlong);
                sprintf(buffer_tmp, " %lld ,", argarray[i].j);
                break;
            case 'L':
                argarray[i].l = va_arg(args, jobject);
                sprintf(buffer_tmp, " %x ,",* argarray[i].l);
                break;
            case 'D':
                argarray[i].d = va_arg(args, double);
                sprintf(buffer_tmp, " %lf ,", argarray[i].d);
                break;
            case 'F':
                argarray[i].f = (float) va_arg(args, double);
                sprintf(buffer_tmp, " %lf ,", argarray[i].f);
                break;
        }
        strcat(buffer, buffer_tmp);
    }

    return buffer;
    /*char *str1="%s[%s]";
    return str;*/
}

完整github连接

https://github.com/skyun1314/framenthook

[线下培训]《安卓高级研修班》`FART`自动脱壳机专场!作者`hanbingle`开讲手把手教!北京9月8日等你来!

最后于 6小时前 被skyun编辑 ,原因:


文章来源: https://bbs.pediy.com/thread-254270.htm
如有侵权请联系:admin#unsafe.sh