JavajavaTutorialSteps to reverse WhatsApp using a combination of dynamic and static methods in JavaSteps to reverse WhatsApp using a combination of dynamic and static methods in Java
Dynamic and static combination of reverse WhatsApp
All overloads of the 0x01.hook method
In an article that takes you to understand the essence of Frida, we have learned how to overload To process, let's review the code first:
my_class.fun.overload("int" , "int").implementation = function(x,y){
my_class.fun.overload("java.lang.String").implementation = function(x){
That is to say, we need to construct an overloaded array and print out each overload. Let's go directly to the code:
//目标类
var hook = Java.use(targetClass);
//重载次数
var overloadCount = hook[targetMethod].overloads.length;
//打印日志:追踪的方法有多少个重载
console.log("Tracing " + targetClassMethod + " [" + overloadCount + " overload(s)]");
//每个重载都进入一次
for (var i = 0; i <p> In this way, we have processed all overloads of the method, and then enumerate all methods. </p><h4 id="All-methods-of-the-x-hook-class">All methods of the 0x02.hook class</h4><p>still go directly to the code:</p><pre class="brush:php;toolbar:false">function traceClass(targetClass)
{
//Java.use是新建一个对象哈,大家还记得么?
var hook = Java.use(targetClass);
//利用反射的方式,拿到当前类的所有方法
var methods = hook.class.getDeclaredMethods();
//建完对象之后记得将对象释放掉哈
hook.$dispose;
//将方法名保存到数组中
var parsedMethods = [];
methods.forEach(function(method) {
parsedMethods.push(method.toString().replace(targetClass + ".", "TOKEN").match(/\sTOKEN(.*)\(/)[1]);
});
//去掉一些重复的值
var targets = uniqBy(parsedMethods, JSON.stringify);
//对数组中所有的方法进行hook,traceMethod也就是第一小节的内容
targets.forEach(function(targetMethod) {
traceMethod(targetClass + "." + targetMethod);
});
}All subclasses of the 0x03.hook class
still go to the core part Code:
//枚举所有已经加载的类
Java.enumerateLoadedClasses({
onMatch: function(aClass) {
//迭代和判断
if (aClass.match(pattern)) {
//做一些更多的判断,适配更多的pattern
var className = aClass.match(/[L]?(.*);?/)[1].replace(/\//g, ".");
//进入到traceClass里去
traceClass(className);
}
},
onComplete: function() {}
});0x04.hook the export function of the local library
// 追踪本地库函数
function traceModule(impl, name)
{
console.log("Tracing " + name);
//frida的Interceptor
Interceptor.attach(impl, {
onEnter: function(args) {
console.warn("\n*** entered " + name);
//打印调用栈
console.log("\nBacktrace:\n" + Thread.backtrace(this.context, Backtracer.ACCURATE)
.map(DebugSymbol.fromAddress).join("\n"));
},
onLeave: function(retval) {
//打印返回值
console.log("\nretval: " + retval);
console.warn("\n*** exiting " + name);
}
});
}0x05. Dynamic and static combination of reverse WhatsApp
Finally it’s time for actual combat, splicing the above codes together to form A script. In fact, this script is also introduced in awesome-frida. The code is here, but it has a small bug. After being modified by Calabash, it can finally be used.
Let’s try some of its main functions. The first is the export function of the local library.
setTimeout(function() {
Java.perform(function() {
trace("exports:*!open*");
//trace("exports:*!write*");
//trace("exports:*!malloc*");
//trace("exports:*!free*");
});
}, 0);Our hook is the open() function, run it and see the effect:
$ frida -U -f com.whatsapp -l raptor_frida_android_trace_fixed.js --no-pause
As shown in the figure, *!open* matches exported functions such as openlog and open64 according to regular rules, hooks all these functions, and prints out their parameters and return value.
Which part you want to see next, just throw it into jadx, statically "analyze" it, browse it by yourself, or search it based on the string.
For example, if we want to see the contents of the com.whatsapp.app.protocol package in the picture above, we can set trace ("com.whatsapp.app.protocol").
You can see that all functions and methods in the package, including overloads, parameters and return values, are printed. This is the charm of fridascript.
Of course, the script is just a tool after all. Your understanding of Java, Android App, and your creativity are crucial.
Next, you can use Xposed module to see which modules others have made for whatsapp, which functions of hook, what functions are implemented, and learn to write them yourself .
Of course, I would like to emphasize again that cheating is illegal. Do not make and distribute any App cheats, otherwise you will only be punished by the law.
The above is the detailed content of Steps to reverse WhatsApp using a combination of dynamic and static methods in Java. For more information, please follow other related articles on the PHP Chinese website!
How does the JVM manage garbage collection across different platforms?Apr 28, 2025 am 12:23 AMJVMmanagesgarbagecollectionacrossplatformseffectivelybyusingagenerationalapproachandadaptingtoOSandhardwaredifferences.ItemploysvariouscollectorslikeSerial,Parallel,CMS,andG1,eachsuitedfordifferentscenarios.Performancecanbetunedwithflagslike-XX:NewRa
Why can Java code run on different operating systems without modification?Apr 28, 2025 am 12:14 AMJava code can run on different operating systems without modification, because Java's "write once, run everywhere" philosophy is implemented by Java virtual machine (JVM). As the intermediary between the compiled Java bytecode and the operating system, the JVM translates the bytecode into specific machine instructions to ensure that the program can run independently on any platform with JVM installed.
Describe the process of compiling and executing a Java program, highlighting platform independence.Apr 28, 2025 am 12:08 AMThe compilation and execution of Java programs achieve platform independence through bytecode and JVM. 1) Write Java source code and compile it into bytecode. 2) Use JVM to execute bytecode on any platform to ensure the code runs across platforms.
How does the underlying hardware architecture affect Java's performance?Apr 28, 2025 am 12:05 AMJava performance is closely related to hardware architecture, and understanding this relationship can significantly improve programming capabilities. 1) The JVM converts Java bytecode into machine instructions through JIT compilation, which is affected by the CPU architecture. 2) Memory management and garbage collection are affected by RAM and memory bus speed. 3) Cache and branch prediction optimize Java code execution. 4) Multi-threading and parallel processing improve performance on multi-core systems.
Explain why native libraries can break Java's platform independence.Apr 28, 2025 am 12:02 AMUsing native libraries will destroy Java's platform independence, because these libraries need to be compiled separately for each operating system. 1) The native library interacts with Java through JNI, providing functions that cannot be directly implemented by Java. 2) Using native libraries increases project complexity and requires managing library files for different platforms. 3) Although native libraries can improve performance, they should be used with caution and conducted cross-platform testing.
How does the JVM handle differences in operating system APIs?Apr 27, 2025 am 12:18 AMJVM handles operating system API differences through JavaNativeInterface (JNI) and Java standard library: 1. JNI allows Java code to call local code and directly interact with the operating system API. 2. The Java standard library provides a unified API, which is internally mapped to different operating system APIs to ensure that the code runs across platforms.
How does the modularity introduced in Java 9 impact platform independence?Apr 27, 2025 am 12:15 AMmodularitydoesnotdirectlyaffectJava'splatformindependence.Java'splatformindependenceismaintainedbytheJVM,butmodularityinfluencesapplicationstructureandmanagement,indirectlyimpactingplatformindependence.1)Deploymentanddistributionbecomemoreefficientwi
What is bytecode, and how does it relate to Java's platform independence?Apr 27, 2025 am 12:06 AMBytecodeinJavaistheintermediaterepresentationthatenablesplatformindependence.1)Javacodeiscompiledintobytecodestoredin.classfiles.2)TheJVMinterpretsorcompilesthisbytecodeintomachinecodeatruntime,allowingthesamebytecodetorunonanydevicewithaJVM,thusfulf
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
WebStorm Mac version
Useful JavaScript development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Zend Studio 13.0.1
Powerful PHP integrated development environment
