Frida Hook 算法

hook 摘要算法 (MD5…)

function HookMessageDigest(){
    var digest = Java.use("java.security.MessageDigest");
    //getInstance
    digest.getInstance.overload('java.lang.String').implementation = function (arg){
        console.log("Digest name ('java.lang.String') --->>", arg);
        return this.getInstance(arg);
    }
    digest.getInstance.overload('java.lang.String', 'java.lang.String').implementation = function (arg1, arg2){
        console.log("Digest name ('java.lang.String', 'java.lang.String') --->>", arg1, arg2);
        return this.getInstance(arg1, arg2);
    }
    digest.getInstance.overload('java.lang.String', 'java.security.Provider').implementation = function (arg1, arg2){
        console.log("Digest name ('java.lang.String', 'java.security.Provider') --->>", arg1, arg2);
        return this.getInstance(arg, arg2);
    }
    //update
    digest.update.overload('byte').implementation = function (arg){
        console.log("Digest update('byte') 入参--->>", arg);
        var result = this.update(arg);
        // console.log("Digest update('byte') return : ", result);
        return result;
    }
    digest.update.overload('java.nio.ByteBuffer').implementation = function (arg){
        console.log("Digest update('java.nio.ByteBuffer') 入参(hex)--->>", bytesToHex(arg));
        if( log_str ) console.log("Digest update('java.nio.ByteBuffer') 入参(str)--->>", bytesToString(arg));
        var resutl = this.update(arg);
        // console.log("Digest update('java.nio.ByteBuffer') return : ", result);
        return result;
    }
    digest.update.overload('[B').implementation = function (arg){
        console.log("Digest update('[B') 入参(hex)--->>", bytesToHex(arg));
        if( log_str ) console.log("Digest update('[B') 入参(str)--->>", bytesToString(arg));
        var result = this.update(arg);
        return result;
    }
    digest.update.overload('[B', 'int', 'int').implementation = function (arg1, arg2, arg3){
        console.log("Digest update('[B', 'int', 'int') 入参(hex)--->>", bytesToHex(arg1), arg2, arg3);
        if( log_str ) console.log("Digest update('[B', 'int', 'int') 入参(str)--->>", bytesToString(arg1), arg2, arg3);
        return this.update(arg1, arg2, arg3);
    }

    //digest
    digest.digest.overload().implementation = function (){
        var result = this.digest();
        console.log("Digest digest('') retufn result: ", bytesToHex(result));
        return result;
    }
    digest.digest.overload('[B').implementation = function (arg){
        console.log("Digest digest('[B') 入参(hex)--->>", bytesToHex(arg));
        if( log_str ) console.log("Digest digest('[B') 入参(str)--->>", bytesToString(arg));
        var result = this.digest(arg);
        console.log("Digest digest('[B') retufn result: ", bytesToHex(result));
        return result;
    }
    digest.digest.overload('[B', 'int', 'int').implementation = function (arg1, arg2, arg3){
        console.log("Digest digest('[B', 'int', 'int') 入参(hex)--->>", bytesToHex(arg1), arg2, arg3);
        if( log_str ) console.log("Digest digest('[B', 'int', 'int') 入参(str)--->>", bytesToString(arg1), arg2, arg3);
        var result = this.digest(arg1, arg2, arg3);
        console.log("Digest digest('[B', 'int', 'int') retufn result: ", bytesToHex(result));
        return result;
    }
}

hook Hmac摘要算法 (HmacMD5…)

function HookHmacMessageDigest(){
    var hmac = Java.use('javax.crypto.Mac');

    //getInstance
    hmac.getInstance.overload('java.lang.String').implementation = function (arg){
        console.log("HmacDigest name ('java.lang.String') --->>", arg);
        return this.getInstance(arg);
    }
    hmac.getInstance.overload('java.lang.String', 'java.lang.String').implementation = function (arg1, arg2){
        console.log("HmacDigest name ('java.lang.String', 'java.lang.String') --->>", arg1, arg2);
        return this.getInstance(arg);
    }
    hmac.getInstance.overload('java.lang.String', 'java.security.Provider').implementation = function (arg1, arg2){
        console.log("HmacDigest name ('java.lang.String', 'java.security.Provider') --->>", arg1, arg2);
        return this.getInstance(arg);
    }

    //init
    hmac.init.overload('java.security.Key').implementation = function (arg){
        console.log("HmacDigest init ('java.security.Key') --->>", arg);
        return this.init(arg);
    }
     hmac.init.overload('java.security.Key', 'java.security.spec.AlgorithmParameterSpec').implementation = function (arg1, arg2){
        console.log("HmacDigest init ('java.security.Key', 'java.security.spec.AlgorithmParameterSpec') --->>", arg1, arg2);
        return this.init(arg);
    }

    //update
    hmac.update.overload('byte').implementation = function (arg){
        console.log("HmacDigest update('byte') --->>", arg);
        return this.update(arg);
    }
    hmac.update.overload('java.nio.ByteBuffer').implementation = function (arg){
        console.log("HmacDigest update('java.nio.ByteBuffer') --->>", arg);
        return this.update(arg);
    }
    hmac.update.overload('[B').implementation = function (arg){
        console.log("HmacDigest update('[B') --->>", arg);
        console.log("HmacDigest update('[B') hex--->>", bytesToHex(arg));
        console.log("HmacDigest update('[B') str--->>", bytesToString(arg));

        return this.update(arg);
    }
    hmac.update.overload('[B', 'int', 'int').implementation = function (arg1, arg2, arg3){
        console.log("HmacDigest update('[B', 'int', 'int') --->>", arg1, arg2, arg3);
        console.log("HmacDigest update('[B', 'int', 'int') hex--->>", bytesToHex(arg1), arg2, arg3);
        console.log("HmacDigest update('[B', 'int', 'int') str--->>", bytesToString(arg1), arg2, arg3);

        return this.update(arg1, arg2, arg3);
    }

    //doFinal
    hmac.doFinal.overload().implementation = function (){
        var value = this.doFinal();
        console.log("HmacDigest doFinal return: ", bytesToHex(value));
        return value;
    }
    hmac.doFinal.overload('[B').implementation = function (arg){
        console.log("HmacDigest doFinal('[B') --->>", arg);
        console.log("HmacDigest doFinal('[B') hex--->>", bytesToHex(arg));
        console.log("HmacDigest doFinal('[B') str--->>", bytesToString(arg));
        var value = this.doFinal(arg);
        console.log("HmacDigest doFinal return: ", bytesToHex(value));
        return value;
    }
    hmac.doFinal.overload('[B', 'int').implementation = function (arg1, arg2){
        console.log("HmacDigest doFinal('[B', 'int') --->>", arg1, arg2);
        console.log("HmacDigest doFinal('[B', 'int') hex--->>", arg1, arg2);
        console.log("HmacDigest doFinal('[B', 'int') str--->>", arg1, arg2);

         var value = this.doFinal(arg1, arg2);
        console.log("HmacDigest doFinal return: ", bytesToHex(value));
        return value;
    }
}

Hook DES AES RSA

function Hook_DES_AES_RSA(){
    var DES = Java.use("javax.crypto.SecretKeyFactory");
    DES.getInstance.overload('java.lang.String').implementation = function (arg){
        console.log("对称算法 name ('') --->>", arg);
        return this.getInstance(arg);
    }
    DES.getInstance.overload('java.lang.String', 'java.lang.String').implementation = function (arg1, arg2){
        console.log("对称算法 name ('java.lang.String', 'java.lang.String') --->>", arg1, arg2);
        return this.getInstance(arg);
    }
    DES.getInstance.overload('java.lang.String', 'java.security.Provider').implementation = function (arg1, arg2){
        console.log("对称算法 name ('java.lang.String', 'java.security.Provider') --->>", arg1, arg2);
        return this.getInstance(arg);
    }

    var AES = Java.use("javax.crypto.spec.SecretKeySpec");
    AES.$init.overload('[B', 'java.lang.String') .implementation = function (arg1, arg2){
        console.log("对称算法 name ('[B', 'java.lang.String') --->>", bytesToHex(arg1), arg2);
        return this.$init(arg1, arg2);
    }
    AES.$init.overload('[B', 'int', 'int', 'java.lang.String') .implementation = function (arg1, arg2, arg3){
        console.log("对称算法 name ('[B', 'int', 'int', 'java.lang.String') --->>", bytesToHex(arg1), arg2, bytesToString(arg3));
        return this.$init(arg1, arg2);
    }

    var RSApublicKey = Java.use("java.security.spec.X509EncodedKeySpec");
    RSApublicKey.$init.overload('[B').implementation = function (arg){
        console.log("RSA-PublicKey init('[B')  密钥参数-->" + bytesToBase64(arg))
        return this.$init(arg)
    }

    // var RSAprivateKey = Java.use("java.security.spec.PKCS8EncodedKeySpec");
    // RSAprivateKey.$init.implementation = function (arg){
    //     console.log("RSA-PrivateKey init('[B')  密钥参数-->" + bytesToBase64(arg))
    //     return this.$init(arg)
    // }


    // AES DES 一下通用
    //generateSecret
    var generateSecret = Java.use("javax.crypto.spec.DESKeySpec");
    generateSecret.$init.overload('[B').implementation = function (arg){
        console.log("generateSecret.init('[B') 参数-->: ", bytesToHex(arg));
        return this.$init(arg);
    }
    generateSecret.$init.overload('[B', 'int').implementation = function (arg1, arg2){
        console.log("generateSecret.init('[B', 'int') 参数-->: ", bytesToHex(arg1), arg2);
        return this.$init(arg1, arg2);
    }

    // IV
    var ivParams  = Java.use("javax.crypto.spec.IvParameterSpec");
    ivParams.$init.overload('[B').implementation = function (arg) {
        console.log("ivParams.init('[B') 参数-->: ", bytesToHex(arg));
        return this.$init(arg);
    };
    ivParams.$init.overload('[B', 'int', 'int').implementation = function (arg1, arg2, arg3) {
        console.log("ivParams.init('[B', 'int', 'int') 参数-->: ", bytesToHex(arg1), arg2, arg3);
        return this.$init(arg1, arg2, arg3);
    }


    var cipher = Java.use("javax.crypto.Cipher");
    cipher.getInstance.overload('java.lang.String').implementation = function (arg){
        console.log("cipher.getInstance('java.lang.String') 参数--->", bytesToString(arg));
        return this.getInstance(arg);
    }
    cipher.getInstance.overload('java.lang.String', 'java.lang.String').implementation = function (arg1, arg2){
        console.log("cipher.getInstance('java.lang.String', 'java.lang.String') 参数--->", bytesToString(arg1), bytesToString(arg2));
        return this.getInstance(arg1, arg2);
    }
    cipher.getInstance.overload('java.lang.String', 'java.security.Provider').implementation = function (arg1, arg2){
        console.log("cipher.getInstance('java.lang.String', 'java.security.Provider') 参数--->", bytesToString(arg1), arg2);
        return this.getInstance(arg1, arg2);
    }

    cipher.update.overload('[B').implementation = function (arg){
        console.log("cipher.update('[B') 参数--->", bytesToHex(arg));

        return this.update(arg);
    }
    cipher.update.overload('java.nio.ByteBuffer', 'java.nio.ByteBuffer').implementation = function (arg1, arg2){
        console.log("cipher.update('java.nio.ByteBuffer', 'java.nio.ByteBuffer') 参数--->", bytesToHex(arg1));

        return this.update(arg1, arg2);
    }
    cipher.update.overload('[B', 'int', 'int').implementation = function (arg1, arg2, arg3){
        console.log("cipher.update('[B', 'int', 'int') 参数--->", bytesToHex(arg));

        return this.update(arg1, arg2, arg3);
    }
    cipher.update.overload('[B', 'int', 'int', '[B').implementation = function (arg1, arg2, arg3, arg4){
        console.log("cipher.update('[B', 'int', 'int', '[B') 参数--->", bytesToHex(arg));

        return this.update(arg1, arg2, arg3, arg4);
    }
    cipher.update.overload('[B', 'int', 'int', '[B', 'int').implementation = function (arg1, arg2, arg3, arg4, arg5){
        console.log("cipher.update('[B', 'int', 'int', '[B', 'int') 参数--->", bytesToHex(arg));

        return this.update(arg1, arg2, arg3, arg4, arg5);
    }

    cipher.doFinal.overload().implementation = function (){
        var result = this.doFinal();
        console.log("cipher doFinal() return: ", bytesToHex(result));

        return result;
    }
    cipher.doFinal.overload('[B').implementation = function (arg){
        console.log("cipher doFinal('[B') 参数(hex)--->>", bytesToHex(arg));
        var result = this.doFinal(arg);
        console.log("cipher doFinal('[B') return: ", bytesToHex(result));

        return result;
    }
    cipher.doFinal.overload('java.nio.ByteBuffer', 'java.nio.ByteBuffer').implementation = function (arg1, arg2){
        console.log("cipher doFinal('java.nio.ByteBuffer', 'java.nio.ByteBuffer') 参数(hex)--->>", bytesToHex(arg1), bytesToHex(arg2));
        var result = this.doFinal(arg1, arg2);
        console.log("cipher doFinal('java.nio.ByteBuffer', 'java.nio.ByteBuffer') return: ", bytesToHex(result));

        return result;
    }
    cipher.doFinal.overload('[B', 'int').implementation = function (arg1, arg2){
        console.log("cipher doFinal('[B', 'int') 参数(hex)--->>", bytesToHex(arg1), arg2);
        var result = this.doFinal(arg1, arg2);
        console.log("cipher doFinal('[B', 'int') return: ", bytesToHex(result));

        return result;
    }
    cipher.doFinal.overload('[B', 'int', 'int').implementation = function (arg1, arg2, arg3){
        console.log("cipher doFinal('[B', 'int', 'int') 参数(hex)--->>", bytesToHex(arg1), arg2, arg3);
        var result = this.doFinal(arg1, arg2, arg3);
        console.log("cipher doFinal('[B', 'int', 'int') return: ", bytesToHex(result));

        return result;
    }
    cipher.doFinal.overload('[B', 'int', 'int', '[B').implementation = function (arg1, arg2, arg3, arg4){
        console.log("cipher doFinal('[B', 'int', 'int', '[B') 参数(hex)--->>", bytesToHex(arg1), arg2, arg3, bytesToHex(arg4));
        var result = this.doFinal(arg1, arg2, arg3, arg4);
        console.log("cipher doFinal('[B', 'int', 'int', '[B') return: ", bytesToHex(result));

        return result;
    }
    cipher.doFinal.overload('[B', 'int', 'int', '[B', 'int').implementation = function (arg1, arg2, arg3, arg4, arg5){
        console.log("cipher doFinal('[B', 'int', 'int', '[B', 'int') 参数(hex)--->>", bytesToHex(arg1), arg2, arg3, bytesToHex(arg4), arg5);
        var result = this.doFinal(arg1, arg2, arg3, arg4, arg5);
        console.log("cipher doFinal('[B', 'int', 'int', '[B', 'int') return: ", bytesToHex(result));

        return result;
    }
}