基本指令
frida -U -f <AppName> -l <ScriptName.js>
| 選項 | 含意 | 參數 |
|---|
| -f | 以 spawn 模式啟動 | package name |
| -U | adb 連接的外部裝置作為目標 | |
| -p | 用 PID 尋找現有 process | PID |
| -n | 用程式名稱尋找程式 | process name |
| -l | 指定載入腳本 | script name |
腳本範例
hook method
Java.perform(function() {
var target = Java.use("com.cheesege.class1")
target.method.implementation = function(a,b){
return true;
}
});
hook overload method
Java.perform(function() {
var target = Java.use("com.cheesege.class1")
target.method.overload('int').implementation = function(a){
return true;
}
target.method.overload('char').implementation = function(a){
return false;
}
});
call static method
Java.perform(function() {
var target = Java.use("com.cheesege.class1")
var a = target.method(a,b);
});
call non-static method
Java.perform(function() {
let firstTimeAdInstance = null
Java.choose("com.cheesege.adeater.FirstTimeAd", {
onMatch: function(instance) {
firstTimeAdInstance = instance;
},
onComplete: function() {}
});
if (firstTimeAdInstance) {
const countDownTimer = firstTimeAdInstance.A.value;
if (countDownTimer) {
Java.scheduleOnMainThread(function() {
countDownTimer.onFinish();
});
}
}
});
衍生工具
Objection