[英]Calling a method of a Java object passed as argument to hooked function in Frida
我正在嘗試獲取傳遞給decryptAesCipherText
function 的SecretKey
。 I hooked the function in Frida to try to print out the arguments when the method is called but since SecretKey
is an object, all attempts to print it out give output as [object Object]
. 然而,SecretKey object 有一個 getEncoded() 方法,它將返回一個字節數組,可以以十六進制格式打印出來。 如何從 Frida 調用此方法並獲得結果?
java function,我在下面給出
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
private byte[] decryptAesCipherText(SecretKey secretKey, byte[] bArr) {
Cipher instance = Cipher.getInstance("AES/ECB/PKCS5Padding");
instance.init(2, secretKey);
return decryptCipherText(instance, bArr);
}
javascript 片段(不完整)掛鈎 function
var target_class = Java.use('com.reactlibrary.securekeystore.RNSecureKeyStoreModule');
target_class.decryptAesCipherText.overload('javax.crypto.SecretKey','[B').implementation = function(key, array){
console.log("Inside decrypt aes");
//Call getEncoded method on key to get byte array
var ret = my_class.decryptAesCipherText.overload('javax.crypto.SecretKey','[B').call(this, key, array);
return ret;
}
似乎您無法在javax.crypto.SecretKey
接口上調用getEncoded
。
通常SecretKey
參數的類型是javax.crypto.spec.SecretKeySpec
,如果您將密鑰參數類型轉換為SecretKeySpec
您可以調用getEncoded()
並打印使用的密鑰:
function encodeHex(byteArray) {
const HexClass = Java.use('org.apache.commons.codec.binary.Hex');
const StringClass = Java.use('java.lang.String');
const hexChars = HexClass.encodeHex(byteArray);
return StringClass.$new(hexChars).toString();
}
Java.perform(function x() {
const target_class = Java.use('com.example.myapplication.MainActivity');
target_class.decryptAesCipherText.overload('javax.crypto.SecretKey', '[B').implementation = function (key, array) {
console.log("Inside decrypt aes");
const secretKeySpec = Java.cast(key, Java.use('javax.crypto.spec.SecretKeySpec'));
const encodedKey = secretKeySpec.getEncoded();
// print the key bytes as hex value
console.log("KEY: " + encodeHex(encodedKey));
var ret = my_class.decryptAesCipherText.overload('javax.crypto.SecretKey', '[B').call(this, key, array);
return ret;
}
});
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.