# -*- coding: utf-8 -*
import frida, sys, os
"""
adb forward tcp:27042 tcp:27042
adb forward tcp:27043 tcp:27043
"""
package_id = 'xx' # 隐去
dev = frida.get_remote_device()
process = dev.attach(package_id)
# luaL_loadbuffer
src = '''
var addr = Module.findExportByName(
null,
'luaL_loadbuffer'
);
Interceptor.attach(addr, {
onEnter: function(args) {
var name = Memory.readUtf8String(args[3]);
var obj = {}
obj.size = args[2].toInt32()
obj.name = name;
obj.content = Memory.readCString(args[1], obj.size);
send(obj);
}
} )
'''
def write(path, content):
print('write:', path)
folder = os.path.dirname(path)
if not os.path.exists(folder):
os.makedirs(folder)
open(path, 'w').write(content)
script = process.create_script(src)
def on_message(message, data):
# print 'message:',message
name = message['payload']['name']
content = message['payload']['content'].encode('utf-8')
if name.endswith('.lua'):
write(name, content)
script.on('message', on_message)
script.load()
sys.stdin.read()
居然,能看见 lua 的代码!!
网友评论