frida hook java层全部aes代码
时间: 2023-10-02 10:09:53 浏览: 48
以下是使用Frida hook Java层全部AES加密函数的JavaScript代码示例:
```javascript
Java.perform(function() {
// 找到所有的AES加密函数
var cipherClasses = [
"javax.crypto.Cipher",
"javax.crypto.CipherInputStream",
"javax.crypto.CipherOutputStream",
"javax.crypto.NullCipher"
];
var aesFunctions = [
"AES/CBC/NoPadding",
"AES/CBC/PKCS5Padding",
"AES/CFB/NoPadding",
"AES/CFB/PKCS5Padding",
"AES/ECB/NoPadding",
"AES/ECB/PKCS5Padding",
"AES/OFB/NoPadding",
"AES/OFB/PKCS5Padding"
];
// hook所有的AES加密函数
for (var i = 0; i < cipherClasses.length; i++) {
var cipherClass = Java.use(cipherClasses[i]);
for (var j = 0; j < aesFunctions.length; j++) {
var aesFunction = aesFunctions[j];
var cipherFunc = aesFunction.split("/")[0];
var paddingFunc = aesFunction.split("/")[1];
try {
// hook encrypt函数
cipherClass['getInstance'].overload('java.lang.String').implementation = function(mode) {
var instance = this.getInstance(mode);
if (mode.indexOf(cipherFunc) != -1 && mode.indexOf(paddingFunc) != -1) {
instance.encryptImpl = instance.doFinal.overload().implementation;
instance.doFinal.overload('[B').implementation = function(data) {
// 打印参数
console.log("[*] Cipher Mode: " + mode);
console.log("[*] Cipher Function: " + cipherFunc);
console.log("[*] Padding Function: " + paddingFunc);
console.log("[*] Data: " + data);
// 调用原始函数
var result = this.encryptImpl();
// 打印返回值
console.log("[*] Encrypted Data: " + result);
// 返回真正的返回值
return result;
};
}
return instance;
};
// hook decrypt函数
cipherClass['getInstance'].overload('java.lang.String').implementation = function(mode) {
var instance = this.getInstance(mode);
if (mode.indexOf(cipherFunc) != -1 && mode.indexOf(paddingFunc) != -1) {
instance.decryptImpl = instance.doFinal.overload().implementation;
instance.doFinal.overload('[B').implementation = function(data) {
// 打印参数
console.log("[*] Cipher Mode: " + mode);
console.log("[*] Cipher Function: " + cipherFunc);
console.log("[*] Padding Function: " + paddingFunc);
console.log("[*] Data: " + data);
// 调用原始函数
var result = this.decryptImpl();
// 打印返回值
console.log("[*] Decrypted Data: " + result);
// 返回真正的返回值
return result;
};
}
return instance;
};
} catch (e) {
console.log(e);
}
}
}
});
```
以上代码示例是使用Frida hook Java层全部AES加密函数,并在函数执行前后打印函数参数和返回值。如果需要修改加密算法,可以在hook函数中修改参数或者返回值。注意,这个示例代码可能会hook到一些不需要的函数,需要根据具体情况进行修改。