[英]Calling a method of a Java object passed as argument to hooked function in Frida
我正在尝试获取传递给decryptAesCipherText
function 的SecretKey
。 I hooked the function in Frida to try to print out the arguments when the method is called but since SecretKey
is an object, all attempts to print it out give output as [object Object]
. 然而,SecretKey object 有一个 getEncoded() 方法,它将返回一个字节数组,可以以十六进制格式打印出来。 如何从 Frida 调用此方法并获得结果?
java function,我在下面给出
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
private byte[] decryptAesCipherText(SecretKey secretKey, byte[] bArr) {
Cipher instance = Cipher.getInstance("AES/ECB/PKCS5Padding");
instance.init(2, secretKey);
return decryptCipherText(instance, bArr);
}
javascript 片段(不完整)挂钩 function
var target_class = Java.use('com.reactlibrary.securekeystore.RNSecureKeyStoreModule');
target_class.decryptAesCipherText.overload('javax.crypto.SecretKey','[B').implementation = function(key, array){
console.log("Inside decrypt aes");
//Call getEncoded method on key to get byte array
var ret = my_class.decryptAesCipherText.overload('javax.crypto.SecretKey','[B').call(this, key, array);
return ret;
}
似乎您无法在javax.crypto.SecretKey
接口上调用getEncoded
。
通常SecretKey
参数的类型是javax.crypto.spec.SecretKeySpec
,如果您将密钥参数类型转换为SecretKeySpec
您可以调用getEncoded()
并打印使用的密钥:
function encodeHex(byteArray) {
const HexClass = Java.use('org.apache.commons.codec.binary.Hex');
const StringClass = Java.use('java.lang.String');
const hexChars = HexClass.encodeHex(byteArray);
return StringClass.$new(hexChars).toString();
}
Java.perform(function x() {
const target_class = Java.use('com.example.myapplication.MainActivity');
target_class.decryptAesCipherText.overload('javax.crypto.SecretKey', '[B').implementation = function (key, array) {
console.log("Inside decrypt aes");
const secretKeySpec = Java.cast(key, Java.use('javax.crypto.spec.SecretKeySpec'));
const encodedKey = secretKeySpec.getEncoded();
// print the key bytes as hex value
console.log("KEY: " + encodeHex(encodedKey));
var ret = my_class.decryptAesCipherText.overload('javax.crypto.SecretKey', '[B').call(this, key, array);
return ret;
}
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.