当前位置: 首页 > news >正文

Frida Hook 算法

news 2025/9/2 8:01:26

hook 摘要算法 (MD5…)

function HookMessageDigest(){var digest = Java.use("java.security.MessageDigest");//getInstancedigest.getInstance.overload('java.lang.String').implementation = function (arg){console.log("Digest name ('java.lang.String') --->>", arg);return this.getInstance(arg);}digest.getInstance.overload('java.lang.String', 'java.lang.String').implementation = function (arg1, arg2){console.log("Digest name ('java.lang.String', 'java.lang.String') --->>", arg1, arg2);return this.getInstance(arg1, arg2);}digest.getInstance.overload('java.lang.String', 'java.security.Provider').implementation = function (arg1, arg2){console.log("Digest name ('java.lang.String', 'java.security.Provider') --->>", arg1, arg2);return this.getInstance(arg, arg2);}//updatedigest.update.overload('byte').implementation = function (arg){console.log("Digest update('byte') 入参--->>", arg);var result = this.update(arg);// console.log("Digest update('byte') return : ", result);return result;}digest.update.overload('java.nio.ByteBuffer').implementation = function (arg){console.log("Digest update('java.nio.ByteBuffer') 入参(hex)--->>", bytesToHex(arg));if( log_str ) console.log("Digest update('java.nio.ByteBuffer') 入参(str)--->>", bytesToString(arg));var resutl = this.update(arg);// console.log("Digest update('java.nio.ByteBuffer') return : ", result);return result;}digest.update.overload('[B').implementation = function (arg){console.log("Digest update('[B') 入参(hex)--->>", bytesToHex(arg));if( log_str ) console.log("Digest update('[B') 入参(str)--->>", bytesToString(arg));var result = this.update(arg);return result;}digest.update.overload('[B', 'int', 'int').implementation = function (arg1, arg2, arg3){console.log("Digest update('[B', 'int', 'int') 入参(hex)--->>", bytesToHex(arg1), arg2, arg3);if( log_str ) console.log("Digest update('[B', 'int', 'int') 入参(str)--->>", bytesToString(arg1), arg2, arg3);return this.update(arg1, arg2, arg3);}//digestdigest.digest.overload().implementation = function (){var result = this.digest();console.log("Digest digest('') retufn result: ", bytesToHex(result));return result;}digest.digest.overload('[B').implementation = function (arg){console.log("Digest digest('[B') 入参(hex)--->>", bytesToHex(arg));if( log_str ) console.log("Digest digest('[B') 入参(str)--->>", bytesToString(arg));var result = this.digest(arg);console.log("Digest digest('[B') retufn result: ", bytesToHex(result));return result;}digest.digest.overload('[B', 'int', 'int').implementation = function (arg1, arg2, arg3){console.log("Digest digest('[B', 'int', 'int') 入参(hex)--->>", bytesToHex(arg1), arg2, arg3);if( log_str ) console.log("Digest digest('[B', 'int', 'int') 入参(str)--->>", bytesToString(arg1), arg2, arg3);var result = this.digest(arg1, arg2, arg3);console.log("Digest digest('[B', 'int', 'int') retufn result: ", bytesToHex(result));return result;}
}

hook Hmac摘要算法 (HmacMD5…)

function HookHmacMessageDigest(){var hmac = Java.use('javax.crypto.Mac');//getInstancehmac.getInstance.overload('java.lang.String').implementation = function (arg){console.log("HmacDigest name ('java.lang.String') --->>", arg);return this.getInstance(arg);}hmac.getInstance.overload('java.lang.String', 'java.lang.String').implementation = function (arg1, arg2){console.log("HmacDigest name ('java.lang.String', 'java.lang.String') --->>", arg1, arg2);return this.getInstance(arg);}hmac.getInstance.overload('java.lang.String', 'java.security.Provider').implementation = function (arg1, arg2){console.log("HmacDigest name ('java.lang.String', 'java.security.Provider') --->>", arg1, arg2);return this.getInstance(arg);}//inithmac.init.overload('java.security.Key').implementation = function (arg){console.log("HmacDigest init ('java.security.Key') --->>", arg);return this.init(arg);}hmac.init.overload('java.security.Key', 'java.security.spec.AlgorithmParameterSpec').implementation = function (arg1, arg2){console.log("HmacDigest init ('java.security.Key', 'java.security.spec.AlgorithmParameterSpec') --->>", arg1, arg2);return this.init(arg);}//updatehmac.update.overload('byte').implementation = function (arg){console.log("HmacDigest update('byte') --->>", arg);return this.update(arg);}hmac.update.overload('java.nio.ByteBuffer').implementation = function (arg){console.log("HmacDigest update('java.nio.ByteBuffer') --->>", arg);return this.update(arg);}hmac.update.overload('[B').implementation = function (arg){console.log("HmacDigest update('[B') --->>", arg);console.log("HmacDigest update('[B') hex--->>", bytesToHex(arg));console.log("HmacDigest update('[B') str--->>", bytesToString(arg));return this.update(arg);}hmac.update.overload('[B', 'int', 'int').implementation = function (arg1, arg2, arg3){console.log("HmacDigest update('[B', 'int', 'int') --->>", arg1, arg2, arg3);console.log("HmacDigest update('[B', 'int', 'int') hex--->>", bytesToHex(arg1), arg2, arg3);console.log("HmacDigest update('[B', 'int', 'int') str--->>", bytesToString(arg1), arg2, arg3);return this.update(arg1, arg2, arg3);}//doFinalhmac.doFinal.overload().implementation = function (){var value = this.doFinal();console.log("HmacDigest doFinal return: ", bytesToHex(value));return value;}hmac.doFinal.overload('[B').implementation = function (arg){console.log("HmacDigest doFinal('[B') --->>", arg);console.log("HmacDigest doFinal('[B') hex--->>", bytesToHex(arg));console.log("HmacDigest doFinal('[B') str--->>", bytesToString(arg));var value = this.doFinal(arg);console.log("HmacDigest doFinal return: ", bytesToHex(value));return value;}hmac.doFinal.overload('[B', 'int').implementation = function (arg1, arg2){console.log("HmacDigest doFinal('[B', 'int') --->>", arg1, arg2);console.log("HmacDigest doFinal('[B', 'int') hex--->>", arg1, arg2);console.log("HmacDigest doFinal('[B', 'int') str--->>", arg1, arg2);var value = this.doFinal(arg1, arg2);console.log("HmacDigest doFinal return: ", bytesToHex(value));return value;}
}

Hook DES AES RSA

function Hook_DES_AES_RSA(){var DES = Java.use("javax.crypto.SecretKeyFactory");DES.getInstance.overload('java.lang.String').implementation = function (arg){console.log("对称算法 name ('') --->>", arg);return this.getInstance(arg);}DES.getInstance.overload('java.lang.String', 'java.lang.String').implementation = function (arg1, arg2){console.log("对称算法 name ('java.lang.String', 'java.lang.String') --->>", arg1, arg2);return this.getInstance(arg);}DES.getInstance.overload('java.lang.String', 'java.security.Provider').implementation = function (arg1, arg2){console.log("对称算法 name ('java.lang.String', 'java.security.Provider') --->>", arg1, arg2);return this.getInstance(arg);}var AES = Java.use("javax.crypto.spec.SecretKeySpec");AES.$init.overload('[B', 'java.lang.String') .implementation = function (arg1, arg2){console.log("对称算法 name ('[B', 'java.lang.String') --->>", bytesToHex(arg1), arg2);return this.$init(arg1, arg2);}AES.$init.overload('[B', 'int', 'int', 'java.lang.String') .implementation = function (arg1, arg2, arg3){console.log("对称算法 name ('[B', 'int', 'int', 'java.lang.String') --->>", bytesToHex(arg1), arg2, bytesToString(arg3));return this.$init(arg1, arg2);}var RSApublicKey = Java.use("java.security.spec.X509EncodedKeySpec");RSApublicKey.$init.overload('[B').implementation = function (arg){console.log("RSA-PublicKey init('[B')  密钥参数-->" + bytesToBase64(arg))return this.$init(arg)}// var RSAprivateKey = Java.use("java.security.spec.PKCS8EncodedKeySpec");// RSAprivateKey.$init.implementation = function (arg){//     console.log("RSA-PrivateKey init('[B')  密钥参数-->" + bytesToBase64(arg))//     return this.$init(arg)// }// AES DES 一下通用//generateSecretvar generateSecret = Java.use("javax.crypto.spec.DESKeySpec");generateSecret.$init.overload('[B').implementation = function (arg){console.log("generateSecret.init('[B') 参数-->: ", bytesToHex(arg));return this.$init(arg);}generateSecret.$init.overload('[B', 'int').implementation = function (arg1, arg2){console.log("generateSecret.init('[B', 'int') 参数-->: ", bytesToHex(arg1), arg2);return this.$init(arg1, arg2);}// IVvar ivParams  = Java.use("javax.crypto.spec.IvParameterSpec");ivParams.$init.overload('[B').implementation = function (arg) {console.log("ivParams.init('[B') 参数-->: ", bytesToHex(arg));return this.$init(arg);};ivParams.$init.overload('[B', 'int', 'int').implementation = function (arg1, arg2, arg3) {console.log("ivParams.init('[B', 'int', 'int') 参数-->: ", bytesToHex(arg1), arg2, arg3);return this.$init(arg1, arg2, arg3);}var cipher = Java.use("javax.crypto.Cipher");cipher.getInstance.overload('java.lang.String').implementation = function (arg){console.log("cipher.getInstance('java.lang.String') 参数--->", bytesToString(arg));return this.getInstance(arg);}cipher.getInstance.overload('java.lang.String', 'java.lang.String').implementation = function (arg1, arg2){console.log("cipher.getInstance('java.lang.String', 'java.lang.String') 参数--->", bytesToString(arg1), bytesToString(arg2));return this.getInstance(arg1, arg2);}cipher.getInstance.overload('java.lang.String', 'java.security.Provider').implementation = function (arg1, arg2){console.log("cipher.getInstance('java.lang.String', 'java.security.Provider') 参数--->", bytesToString(arg1), arg2);return this.getInstance(arg1, arg2);}cipher.update.overload('[B').implementation = function (arg){console.log("cipher.update('[B') 参数--->", bytesToHex(arg));return this.update(arg);}cipher.update.overload('java.nio.ByteBuffer', 'java.nio.ByteBuffer').implementation = function (arg1, arg2){console.log("cipher.update('java.nio.ByteBuffer', 'java.nio.ByteBuffer') 参数--->", bytesToHex(arg1));return this.update(arg1, arg2);}cipher.update.overload('[B', 'int', 'int').implementation = function (arg1, arg2, arg3){console.log("cipher.update('[B', 'int', 'int') 参数--->", bytesToHex(arg));return this.update(arg1, arg2, arg3);}cipher.update.overload('[B', 'int', 'int', '[B').implementation = function (arg1, arg2, arg3, arg4){console.log("cipher.update('[B', 'int', 'int', '[B') 参数--->", bytesToHex(arg));return this.update(arg1, arg2, arg3, arg4);}cipher.update.overload('[B', 'int', 'int', '[B', 'int').implementation = function (arg1, arg2, arg3, arg4, arg5){console.log("cipher.update('[B', 'int', 'int', '[B', 'int') 参数--->", bytesToHex(arg));return this.update(arg1, arg2, arg3, arg4, arg5);}cipher.doFinal.overload().implementation = function (){var result = this.doFinal();console.log("cipher doFinal() return: ", bytesToHex(result));return result;}cipher.doFinal.overload('[B').implementation = function (arg){console.log("cipher doFinal('[B') 参数(hex)--->>", bytesToHex(arg));var result = this.doFinal(arg);console.log("cipher doFinal('[B') return: ", bytesToHex(result));return result;}cipher.doFinal.overload('java.nio.ByteBuffer', 'java.nio.ByteBuffer').implementation = function (arg1, arg2){console.log("cipher doFinal('java.nio.ByteBuffer', 'java.nio.ByteBuffer') 参数(hex)--->>", bytesToHex(arg1), bytesToHex(arg2));var result = this.doFinal(arg1, arg2);console.log("cipher doFinal('java.nio.ByteBuffer', 'java.nio.ByteBuffer') return: ", bytesToHex(result));return result;}cipher.doFinal.overload('[B', 'int').implementation = function (arg1, arg2){console.log("cipher doFinal('[B', 'int') 参数(hex)--->>", bytesToHex(arg1), arg2);var result = this.doFinal(arg1, arg2);console.log("cipher doFinal('[B', 'int') return: ", bytesToHex(result));return result;}cipher.doFinal.overload('[B', 'int', 'int').implementation = function (arg1, arg2, arg3){console.log("cipher doFinal('[B', 'int', 'int') 参数(hex)--->>", bytesToHex(arg1), arg2, arg3);var result = this.doFinal(arg1, arg2, arg3);console.log("cipher doFinal('[B', 'int', 'int') return: ", bytesToHex(result));return result;}cipher.doFinal.overload('[B', 'int', 'int', '[B').implementation = function (arg1, arg2, arg3, arg4){console.log("cipher doFinal('[B', 'int', 'int', '[B') 参数(hex)--->>", bytesToHex(arg1), arg2, arg3, bytesToHex(arg4));var result = this.doFinal(arg1, arg2, arg3, arg4);console.log("cipher doFinal('[B', 'int', 'int', '[B') return: ", bytesToHex(result));return result;}cipher.doFinal.overload('[B', 'int', 'int', '[B', 'int').implementation = function (arg1, arg2, arg3, arg4, arg5){console.log("cipher doFinal('[B', 'int', 'int', '[B', 'int') 参数(hex)--->>", bytesToHex(arg1), arg2, arg3, bytesToHex(arg4), arg5);var result = this.doFinal(arg1, arg2, arg3, arg4, arg5);console.log("cipher doFinal('[B', 'int', 'int', '[B', 'int') return: ", bytesToHex(result));return result;}
}
http://www.dtcms.com/a/361491.html

相关文章:

  • 音频数据集采样率选择建议
  • 从网络层接入控制过渡到应用层身份认证的过程
  • 电源相关零碎知识总结
  • 如何把指定阿里云文件夹下的所有文件移动到另一个文件夹下,移动文件时把文件名称(不包括文件后缀)进行md5编码
  • @Autowired注入底层原理
  • 吴恩达机器学习补充:决策树和随机森林
  • AUTOSAR AP R24-11 Log and Trace 文档总结
  • 贪心算法解决钱币找零问题(二)
  • CentOS10安装RabbitMQ
  • [特殊字符]【C语言】超全C语言字符串处理函数指南:从原理到实战
  • ARM的编程模型
  • TikTok Shop 物流拖后腿?海外仓系统破解物流困局
  • nginx是什么?
  • MQ使用场景分析
  • OpenHarmony 分布式感知中枢深度拆解:MSDP 框架从 0 到 1 的实战指南
  • 2025年- H104-Lc212--455.分发饼干(贪心)--Java版
  • 电动自行车淋水安全测试的关键利器:整车淋水性能测试装置的技术分析
  • 零基础深度学习技术学习指南:从入门到实践的完整路径
  • 大语言模型对齐
  • 中宇联SASE解决方案荣获最佳实践奖,助力国际零售企业数字化转型
  • 像信号处理一样理解中断:STM32与RK3399中断机制对比及 Linux 驱动开发实战
  • Kali自带的录屏工具:recordmydesktop
  • 响应式编程框架Reactor【8】
  • LINUX 91 SHELL:删除空文件夹 计数
  • 【C++】内存管理机制:从new到delete全解析
  • 如何对嵌入式软件进行单元测试
  • 增强现实—Gated-attention architectures for task-oriented language grounding
  • 8K4K图像评估平台
  • Shader开发(十九)统一变量纹理亮度调节
  • 永磁同步电机无速度算法--高频脉振方波注入法(新型位置跟踪策略)