具体代码如下:
# -*- coding: UTF-8 -*-
from·fastapi import FastAPI
import uvicorn
import frida
jsCode = """
function hookTest(username, passward){
var result;
Java.perform(function(){
var time = new Date().getTime();
time = '1597582774344';
var string = Java.use('java.lang.String');
var signData = string.$new('equtype=ANDROID&loginImei=Android352689082129358&timeStamp=' +
time + '&userPwd=' + passward + '&username=' + username + '&key=sdlkjsdljf0j2fsjk');
var Utils = Java.use('com.dodonew.online.util.Utils');
var sign = Utils.md5(signData).toUpperCase();
console.log('sign: ', sign);
var encryptData = '{"equtype":"ANDROID","loginImei":"Android352689082129358","sign":"'+
sign +'","timeStamp":"'+ time +'","userPwd":"' + passward + '","username":"' + username + '"}';
var RequestUtil = Java.use('com.dodonew.online.http.RequestUtil');
var Encrypt = RequestUtil.encodeDesMap(encryptData, '65102933', '32028092');
console.log('Encrypt: ', Encrypt);
result = Encrypt;
});
return result;
}
rpc.exports = {
xiaobai: hookTest
};
""";
#调用frida脚本 链接多个设备
process = frida.get_device_manager().add_remote_device('192.168.1.11:27042').attach("com.dodonew.online")
script = process.create_script(jsCode)
print('[*] Running 小白')
script.load()
app = FastAPI()
@app.get("/get") #注意这里url上没有定义参数
async def getEchoApi(item_id, item_user, item_pass):
#fastapi会聪明的发现它不是URL参数,然后自动将他识别为param参数
#RPC远程调用
result = script.exports.xiaobai(item_user, item_pass)
return {"item_id": item_id, "item_retval": result}
if __name__ == '__main__':
uvicorn.run(app, port = 8080)
from·fastapi import FastAPI
import uvicorn
import frida
jsCode = """
function hookTest(username, passward){
var result;
Java.perform(function(){
var time = new Date().getTime();
time = '1597582774344';
var string = Java.use('java.lang.String');
var signData = string.$new('equtype=ANDROID&loginImei=Android352689082129358&timeStamp=' +
time + '&userPwd=' + passward + '&username=' + username + '&key=sdlkjsdljf0j2fsjk');
var Utils = Java.use('com.dodonew.online.util.Utils');
var sign = Utils.md5(signData).toUpperCase();
console.log('sign: ', sign);
var encryptData = '{"equtype":"ANDROID","loginImei":"Android352689082129358","sign":"'+
sign +'","timeStamp":"'+ time +'","userPwd":"' + passward + '","username":"' + username + '"}';
var RequestUtil = Java.use('com.dodonew.online.http.RequestUtil');
var Encrypt = RequestUtil.encodeDesMap(encryptData, '65102933', '32028092');
console.log('Encrypt: ', Encrypt);
result = Encrypt;
});
return result;
}
rpc.exports = {
xiaobai: hookTest
};
""";
#调用frida脚本 链接多个设备
process = frida.get_device_manager().add_remote_device('192.168.1.11:27042').attach("com.dodonew.online")
script = process.create_script(jsCode)
print('[*] Running 小白')
script.load()
app = FastAPI()
@app.get("/get") #注意这里url上没有定义参数
async def getEchoApi(item_id, item_user, item_pass):
#fastapi会聪明的发现它不是URL参数,然后自动将他识别为param参数
#RPC远程调用
result = script.exports.xiaobai(item_user, item_pass)
return {"item_id": item_id, "item_retval": result}
if __name__ == '__main__':
uvicorn.run(app, port = 8080)
原文链接:http://baipiaozhong.shop/272/,转载请注明出处。
评论0