-
-
[求助] frida中Python如何向JS传递字符串
-
发表于:
2019-4-22 14:49
5094
-
[求助] frida中Python如何向JS传递字符串
在学习一个关于frida中python和JS交互的例子时没有复现成功
1b8K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1j5I4x3i4R3J5y4e0k6Q4x3X3g2Y4K9i4c8Z5N6h3u0Q4x3X3g2A6L8#2)9J5c8V1k6J5K9h3c8S2i4K6u0V1K9r3!0G2K9$3W2F1k6#2)9J5k6r3q4F1k6s2u0G2K9h3c8Q4x3X3c8H3j5i4u0@1i4K6u0V1y4q4)9J5c8R3`.`.2a8K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2X3M7X3g2W2j5Y4g2X3i4K6u0W2j5$3!0E0i4K6u0r3j5i4u0@1K9h3y4D9k6i4y4Q4x3V1k6K6P5i4y4@1k6h3#2Q4x3V1j5I4z5e0l9#2y4U0g2Q4x3X3g2Z5N6r3#2D9
原始代码见
d9aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1j5I4x3i4R3J5y4e0k6Q4x3V1k6X3M7X3W2V1j5g2)9J5k6r3q4F1k6s2u0G2K9h3c8Q4x3X3c8W2P5r3q4E0M7r3I4W2M7#2)9J5c8Y4c8J5k6h3g2Q4x3V1k6E0j5i4y4@1k6i4u0Q4x3V1k6W2P5r3q4E0M7r3I4W2M7#2)9J5c8U0b7`.
JS传递字符串到Python是好的
PYthon传递字符串到JS中也是好的,但是这个字符串不能用在Java String使用的地方。
错误如下:
[PY-LOG] recv message={'type': 'error', 'description': "Error: <init>(): argument types do not match any of:\n\t.overload()......
错误发生在JS中这一句:
var string_to_recv = JavaString.$new(data_to_recv, "UTF-8");
这是PYthon代码
import time
import base64
import frida
def my_message_handler(message, payload):
print("[PY-LOG] recv message=%s,payload=%s" % (message,payload))
if message["type"] == "send":
data = message["payload"].split(":")[1].strip()
print("[PY-LOG] recv data=%s" % data)
data = base64.b64decode(data)
user, pwd = data.decode('ascii').split(":")
print("[PY-LOG] user=%s, pwd=%s" % (user,pwd))
print("[PY-LOG] encode user=%s, pwd=%s" % ("admin",pwd))
data = base64.b64encode(bytes("admin" + ":" + pwd, "utf-8"))
print("[PY-LOG] after b64encode data=%s" % data)
data = str(data,"utf-8")
jsonObj = {"my_data": data}
print("[PY-LOG] jsongObj="+str(jsonObj))
script.post(jsonObj) # send JSON object
print("[PY-LOG] Modified data sent")
device = frida.get_usb_device()
pid = device.spawn(["com.example.a11x256.frida_test"])
device.resume(pid)
time.sleep(1)
session = device.attach(pid)
with open("s4.js") as f:
script = session.create_script(f.read())
script.on("message", my_message_handler) # register the message handler
script.load()
input()
这个是JS代码
console.log("[JS-LOG] Script loaded successfully ");
Java.perform(function () {
var tv_class = Java.use("android.widget.TextView");
tv_class.setText.overload("java.lang.CharSequence").implementation = function (x) {
var string_to_send = x.toString();
var data_to_recv = null;
send(string_to_send); // send data to python code
recv(function (received_json_object) {
console.log("[JS-RECV] json="+received_json_object);
data_to_recv = received_json_object.my_data;
console.log("[JS-RECV] data="+data_to_recv);
}).wait(); //block execution till the message is received
var JavaString = Java.use("java.lang.String");
dumpJsObjInstProps("[JS-RECV] ", data_to_recv);
var string_to_recv = JavaString.$new(data_to_recv, "UTF-8");
console.log("[JS-LOG] setText data="+string_to_recv);
return this.setText(string_to_recv);
}
});
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
