JavajavaTutorialSteps to reverse WhatsApp using a combination of dynamic and static methods in Java
Dynamic and static combination of reverse WhatsApp
All overloads of the 0x01.hook method
In an article that takes you to understand the essence of Frida, we have learned how to overload To process, let's review the code first:
my_class.fun.overload("int" , "int").implementation = function(x,y){
my_class.fun.overload("java.lang.String").implementation = function(x){
That is to say, we need to construct an overloaded array and print out each overload. Let's go directly to the code:
//目标类
var hook = Java.use(targetClass);
//重载次数
var overloadCount = hook[targetMethod].overloads.length;
//打印日志:追踪的方法有多少个重载
console.log("Tracing " + targetClassMethod + " [" + overloadCount + " overload(s)]");
//每个重载都进入一次
for (var i = 0; i <p> In this way, we have processed all overloads of the method, and then enumerate all methods. </p><h4 id="All-methods-of-the-x-hook-class">All methods of the 0x02.hook class</h4><p>still go directly to the code:</p><pre class="brush:php;toolbar:false">function traceClass(targetClass)
{
//Java.use是新建一个对象哈,大家还记得么?
var hook = Java.use(targetClass);
//利用反射的方式,拿到当前类的所有方法
var methods = hook.class.getDeclaredMethods();
//建完对象之后记得将对象释放掉哈
hook.$dispose;
//将方法名保存到数组中
var parsedMethods = [];
methods.forEach(function(method) {
parsedMethods.push(method.toString().replace(targetClass + ".", "TOKEN").match(/\sTOKEN(.*)\(/)[1]);
});
//去掉一些重复的值
var targets = uniqBy(parsedMethods, JSON.stringify);
//对数组中所有的方法进行hook,traceMethod也就是第一小节的内容
targets.forEach(function(targetMethod) {
traceMethod(targetClass + "." + targetMethod);
});
}All subclasses of the 0x03.hook class
still go to the core part Code:
//枚举所有已经加载的类
Java.enumerateLoadedClasses({
onMatch: function(aClass) {
//迭代和判断
if (aClass.match(pattern)) {
//做一些更多的判断,适配更多的pattern
var className = aClass.match(/[L]?(.*);?/)[1].replace(/\//g, ".");
//进入到traceClass里去
traceClass(className);
}
},
onComplete: function() {}
});0x04.hook the export function of the local library
// 追踪本地库函数
function traceModule(impl, name)
{
console.log("Tracing " + name);
//frida的Interceptor
Interceptor.attach(impl, {
onEnter: function(args) {
console.warn("\n*** entered " + name);
//打印调用栈
console.log("\nBacktrace:\n" + Thread.backtrace(this.context, Backtracer.ACCURATE)
.map(DebugSymbol.fromAddress).join("\n"));
},
onLeave: function(retval) {
//打印返回值
console.log("\nretval: " + retval);
console.warn("\n*** exiting " + name);
}
});
}0x05. Dynamic and static combination of reverse WhatsApp
Finally it’s time for actual combat, splicing the above codes together to form A script. In fact, this script is also introduced in awesome-frida. The code is here, but it has a small bug. After being modified by Calabash, it can finally be used.
Let’s try some of its main functions. The first is the export function of the local library.
setTimeout(function() {
Java.perform(function() {
trace("exports:*!open*");
//trace("exports:*!write*");
//trace("exports:*!malloc*");
//trace("exports:*!free*");
});
}, 0);Our hook is the open() function, run it and see the effect:
$ frida -U -f com.whatsapp -l raptor_frida_android_trace_fixed.js --no-pause
As shown in the figure, *!open* matches exported functions such as openlog and open64 according to regular rules, hooks all these functions, and prints out their parameters and return value.
Which part you want to see next, just throw it into jadx, statically "analyze" it, browse it by yourself, or search it based on the string.
For example, if we want to see the contents of the com.whatsapp.app.protocol package in the picture above, we can set trace ("com.whatsapp.app.protocol").
You can see that all functions and methods in the package, including overloads, parameters and return values, are printed. This is the charm of fridascript.
Of course, the script is just a tool after all. Your understanding of Java, Android App, and your creativity are crucial.
Next, you can use Xposed module to see which modules others have made for whatsapp, which functions of hook, what functions are implemented, and learn to write them yourself .
Of course, I would like to emphasize again that cheating is illegal. Do not make and distribute any App cheats, otherwise you will only be punished by the law.
The above is the detailed content of Steps to reverse WhatsApp using a combination of dynamic and static methods in Java. For more information, please follow other related articles on the PHP Chinese website!
带你搞懂Java结构化数据处理开源库SPLMay 24, 2022 pm 01:34 PM本篇文章给大家带来了关于java的相关知识,其中主要介绍了关于结构化数据处理开源库SPL的相关问题,下面就一起来看一下java下理想的结构化数据处理类库,希望对大家有帮助。
Java集合框架之PriorityQueue优先级队列Jun 09, 2022 am 11:47 AM本篇文章给大家带来了关于java的相关知识,其中主要介绍了关于PriorityQueue优先级队列的相关知识,Java集合框架中提供了PriorityQueue和PriorityBlockingQueue两种类型的优先级队列,PriorityQueue是线程不安全的,PriorityBlockingQueue是线程安全的,下面一起来看一下,希望对大家有帮助。
完全掌握Java锁(图文解析)Jun 14, 2022 am 11:47 AM本篇文章给大家带来了关于java的相关知识,其中主要介绍了关于java锁的相关问题,包括了独占锁、悲观锁、乐观锁、共享锁等等内容,下面一起来看一下,希望对大家有帮助。
一起聊聊Java多线程之线程安全问题Apr 21, 2022 pm 06:17 PM本篇文章给大家带来了关于java的相关知识,其中主要介绍了关于多线程的相关问题,包括了线程安装、线程加锁与线程不安全的原因、线程安全的标准类等等内容,希望对大家有帮助。
详细解析Java的this和super关键字Apr 30, 2022 am 09:00 AM本篇文章给大家带来了关于Java的相关知识,其中主要介绍了关于关键字中this和super的相关问题,以及他们的一些区别,下面一起来看一下,希望对大家有帮助。
Java基础归纳之枚举May 26, 2022 am 11:50 AM本篇文章给大家带来了关于java的相关知识,其中主要介绍了关于枚举的相关问题,包括了枚举的基本操作、集合类对枚举的支持等等内容,下面一起来看一下,希望对大家有帮助。
java中封装是什么May 16, 2019 pm 06:08 PM封装是一种信息隐藏技术,是指一种将抽象性函式接口的实现细节部分包装、隐藏起来的方法;封装可以被认为是一个保护屏障,防止指定类的代码和数据被外部类定义的代码随机访问。封装可以通过关键字private,protected和public实现。
归纳整理JAVA装饰器模式(实例详解)May 05, 2022 pm 06:48 PM本篇文章给大家带来了关于java的相关知识,其中主要介绍了关于设计模式的相关问题,主要将装饰器模式的相关内容,指在不改变现有对象结构的情况下,动态地给该对象增加一些职责的模式,希望对大家有帮助。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Zend Studio 13.0.1
Powerful PHP integrated development environment
Notepad++7.3.1
Easy-to-use and free code editor
Atom editor mac version download
The most popular open source editor
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
