在 Frida 中调用作为参数传递给挂钩函数的 Java 对象的方法
Calling a method of a Java object passed as argument to hooked function in Frida
我正在尝试获取传递给 decryptAesCipherText 函数的 SecretKey。我挂钩了 Frida 中的函数以尝试在调用该方法时打印出参数,但由于 SecretKey 是一个对象,因此所有打印它的尝试都将输出为 [object Object]。然而,SecretKey 对象有一个方法 getEncoded() ,它将 return 一个可以以十六进制格式打印出来的字节数组。我怎样才能从 Frida 调用这个方法并得到结果?
java 函数,我挂钩到下面给出
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
private byte[] decryptAesCipherText(SecretKey secretKey, byte[] bArr) {
Cipher instance = Cipher.getInstance("AES/ECB/PKCS5Padding");
instance.init(2, secretKey);
return decryptCipherText(instance, bArr);
}
java挂钩函数的脚本片段(不完整)
var target_class = Java.use('com.reactlibrary.securekeystore.RNSecureKeyStoreModule');
target_class.decryptAesCipherText.overload('javax.crypto.SecretKey','[B').implementation = function(key, array){
console.log("Inside decrypt aes");
//Call getEncoded method on key to get byte array
var ret = my_class.decryptAesCipherText.overload('javax.crypto.SecretKey','[B').call(this, key, array);
return ret;
}
好像不能在javax.crypto.SecretKey接口上调用getEncoded
通常 SecretKey 参数是 javax.crypto.spec.SecretKeySpec 类型,如果您键入将 key 参数转换为 SecretKeySpec 您可以调用 getEncoded() 并打印使用的密钥:
function encodeHex(byteArray) {
const HexClass = Java.use('org.apache.commons.codec.binary.Hex');
const StringClass = Java.use('java.lang.String');
const hexChars = HexClass.encodeHex(byteArray);
return StringClass.$new(hexChars).toString();
}
Java.perform(function x() {
const target_class = Java.use('com.example.myapplication.MainActivity');
target_class.decryptAesCipherText.overload('javax.crypto.SecretKey', '[B').implementation = function (key, array) {
console.log("Inside decrypt aes");
const secretKeySpec = Java.cast(key, Java.use('javax.crypto.spec.SecretKeySpec'));
const encodedKey = secretKeySpec.getEncoded();
// print the key bytes as hex value
console.log("KEY: " + encodeHex(encodedKey));
var ret = my_class.decryptAesCipherText.overload('javax.crypto.SecretKey', '[B').call(this, key, array);
return ret;
}
});
我正在尝试获取传递给 decryptAesCipherText 函数的 SecretKey。我挂钩了 Frida 中的函数以尝试在调用该方法时打印出参数,但由于 SecretKey 是一个对象,因此所有打印它的尝试都将输出为 [object Object]。然而,SecretKey 对象有一个方法 getEncoded() ,它将 return 一个可以以十六进制格式打印出来的字节数组。我怎样才能从 Frida 调用这个方法并得到结果?
java 函数,我挂钩到下面给出
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
private byte[] decryptAesCipherText(SecretKey secretKey, byte[] bArr) {
Cipher instance = Cipher.getInstance("AES/ECB/PKCS5Padding");
instance.init(2, secretKey);
return decryptCipherText(instance, bArr);
}
java挂钩函数的脚本片段(不完整)
var target_class = Java.use('com.reactlibrary.securekeystore.RNSecureKeyStoreModule');
target_class.decryptAesCipherText.overload('javax.crypto.SecretKey','[B').implementation = function(key, array){
console.log("Inside decrypt aes");
//Call getEncoded method on key to get byte array
var ret = my_class.decryptAesCipherText.overload('javax.crypto.SecretKey','[B').call(this, key, array);
return ret;
}
好像不能在javax.crypto.SecretKey接口上调用getEncoded
通常 SecretKey 参数是 javax.crypto.spec.SecretKeySpec 类型,如果您键入将 key 参数转换为 SecretKeySpec 您可以调用 getEncoded() 并打印使用的密钥:
function encodeHex(byteArray) {
const HexClass = Java.use('org.apache.commons.codec.binary.Hex');
const StringClass = Java.use('java.lang.String');
const hexChars = HexClass.encodeHex(byteArray);
return StringClass.$new(hexChars).toString();
}
Java.perform(function x() {
const target_class = Java.use('com.example.myapplication.MainActivity');
target_class.decryptAesCipherText.overload('javax.crypto.SecretKey', '[B').implementation = function (key, array) {
console.log("Inside decrypt aes");
const secretKeySpec = Java.cast(key, Java.use('javax.crypto.spec.SecretKeySpec'));
const encodedKey = secretKeySpec.getEncoded();
// print the key bytes as hex value
console.log("KEY: " + encodeHex(encodedKey));
var ret = my_class.decryptAesCipherText.overload('javax.crypto.SecretKey', '[B').call(this, key, array);
return ret;
}
});