Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
eastpolar
/
alex-frida
1
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Ağaç: 5aee8ce179
Dallar Biçim İmleri
alex-frida
/
agent
/
HookDY.js

HookDY.js 11 KB
Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207 
  1. import {logColor, LogColor} from "./logger";
    2. 

  2. 

  3. export let HOOK_DY = {
    4. 

  4.     printStackTrace: function () {
    5. 

  5.         Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()).split("\n").forEach(function (line) {
    6. 

  6.             console.log(line);
    7. 

  7.         });
    8. 

  8.     }, hookTextViewClick: function () {
    9. 

  9.         function hookTextView() {
    10. 

  10.             var View = Java.use("android.view.View"); // setOnClickListener 定义在 View 类中
    11. 

  11.             var TextView = Java.use("android.widget.TextView"); // 为了访问 getText 方法
    12. 

  12. 

  13.             // 重写 setOnClickListener
    14. 

  14.             View.setOnClickListener.implementation = function (listener) {
    15. 

  15.                 // 检查 this 是否是 TextView 的实例
    16. 

  16.                 // console.log("type of this: " + this.getClass().getName());
    17. 

  17.                 if (this.getClass().getName().includes("TextView")) {
    18. 

  18.                     try { // 安全地转换 this 为 TextView
    19. 

  19.                         var textView = Java.cast(this, TextView);
    20. 

  20.                         let text = textView.getText();
    21. 

  21.                         console.log("id: " + textView.getId(), "\t\t >>> \t\t" + text)
    22. 

  22.                         // if (text.toString().includes("***")) {
    23. 

  23.                         //     var stack = Java.use("java.lang.Thread").currentThread().getStackTrace();
    24. 

  24.                         //     for (var i = 0; i < stack.length; i++) {
    25. 

  25.                         //         console.log(stack[i].toString());
    26. 

  26.                         //     }
    27. 

  27.                         //     //打印堆栈信息
    28. 

  28.                         //     console.log("1111")
    29. 

  29.                         //     var jThrowable = Java.use("java.lang.Throwable");
    30. 

  30.                         //     console.log("2222")
    31. 

  31.                         //     var jStackTrace = jThrowable.$new().getStackTrace();
    32. 

  32.                         //     console.log("Stack trace:");
    33. 

  33.                         //     jStackTrace.forEach(function (stackTraceElement) {
    34. 

  34.                         //         console.log("\t" + stackTraceElement.toString());
    35. 

  35.                         //     });
    36. 

  36.                         //     console.log("33333")
    37. 

  37.                         // }
    38. 

  38.                     } catch (e) {
    39. 

  39.                         console.log("报错:", e);
    40. 

  40.                     }
    41. 

  41.                 } else {
    42. 

  42.                     // console.log("Not a TextView");
    43. 

  43.                 }
    44. 

  44. 

  45.                 // 调用原始的 setOnClickListener 方法
    46. 

  46.                 this.setOnClickListener(listener);
    47. 

  47.             };
    48. 

  48.         }
    49. 

  49. 

  50.         function hookSocket() {
    51. 

  51.             Java.perform(function () {
    52. 

  52.                 // Hook Socket's OutputStream
    53. 

  53.                 var SocketOutputStream = Java.use("java.net.SocketOutputStream");
    54. 

  54.                 SocketOutputStream.write.overload('[B').implementation = function (b) {
    55. 

  55.                     console.log("SocketOutputStream.write:", Java.array('byte', b));
    56. 

  56.                     return this.write(b);
    57. 

  57.                 };
    58. 

  58.                 SocketOutputStream.write.overload('[B', 'int', 'int').implementation = function (b, off, len) {
    59. 

  59.                     console.log("SocketOutputStream.write with offset and length:", Java.array('byte', b).slice(off, off + len));
    60. 

  60.                     return this.write(b, off, len);
    61. 

  61.                 };
    62. 

  62. 

  63.                 // Hook Socket's InputStream
    64. 

  64.                 var SocketInputStream = Java.use("java.net.SocketInputStream");
    65. 

  65.                 SocketInputStream.read.overload('[B').implementation = function (b) {
    66. 

  66.                     var result = this.read(b);
    67. 

  67.                     console.log("SocketInputStream.read:", Java.array('byte', b));
    68. 

  68.                     return result;
    69. 

  69.                 };
    70. 

  70.                 SocketInputStream.read.overload('[B', 'int', 'int').implementation = function (b, off, len) {
    71. 

  71.                     var result = this.read(b, off, len);
    72. 

  72.                     console.log("SocketInputStream.read with offset and length:", Java.array('byte', b).slice(off, off + len));
    73. 

  73.                     return result;
    74. 

  74.                 };
    75. 

  75.             });
    76. 

  76. 

  77. 

  78.             let IMessageReceiveListener = Java.use("com.bytedance.frameworks.baselib.network.http.cronet.websocket.IMessageReceiveListener");
    79. 

  79.             IMessageReceiveListener["onConnection"].implementation = function (i, str, jSONObject) {
    80. 

  80.                 console.log(`IMessageReceiveListener.onConnection is called: i=${i}, str=${str}, jSONObject=${jSONObject}`);
    81. 

  81.                 this["onConnection"](i, str, jSONObject);
    82. 

  82.             };
    83. 

  83.             IMessageReceiveListener["onFeedBackLog"].implementation = function (str) {
    84. 

  84.                 console.log(`IMessageReceiveListener.onFeedBackLog is called: str=${str}`);
    85. 

  85.                 this["onFeedBackLog"](str);
    86. 

  86.             };
    87. 

  87.             IMessageReceiveListener["onMessage"].implementation = function (bArr, i) {
    88. 

  88.                 console.log(`IMessageReceiveListener.onMessage is called: bArr=${bArr}, i=${i}`);
    89. 

  89.                 this["onMessage"](bArr, i);
    90. 

  90.             };
    91. 

  91. 

  92.             let IWsClient = Java.use("com.bytedance.frameworks.baselib.network.http.cronet.websocket.IWsClient");
    93. 

  93.             IWsClient["sendMessage"].implementation = function (bArr, i) {
    94. 

  94.                 console.log(`IWsClient.sendMessage is called: bArr=${bArr}, i=${i}`);
    95. 

  95.                 let result = this["sendMessage"](bArr, i);
    96. 

  96.                 console.log(`IWsClient.sendMessage result=${result}`);
    97. 

  97.                 return result;
    98. 

  98.             };
    99. 

  99.         }
    100. 

  100. 

  101.         function hookDebugMode() {
    102. 

  102.             let DebugUtil = Java.use("com.bytedance.bdp.appbase.debug.DebugUtil");
    103. 

  103.             DebugUtil["debug"].implementation = function () {
    104. 

  104.                 console.log(`DebugUtil.debug is called`);
    105. 

  105.                 let result = this["debug"]();
    106. 

  106.                 console.log(`DebugUtil.debug result=${result}`);
    107. 

  107.                 return true;
    108. 

  108.             };
    109. 

  109.             DebugUtil["checkDebugSign"].implementation = function (str) {
    110. 

  110.                 console.log(`DebugUtil.checkDebugSign is called: str=${str}`);
    111. 

  111.                 let result = this["checkDebugSign"](str);
    112. 

  112.                 console.log(`DebugUtil.checkDebugSign result=${result}`);
    113. 

  113.                 return true;
    114. 

  114.             };
    115. 

  115. 

  116.             let ChannelUtil = Java.use("com.tt.miniapp.util.ChannelUtil");
    117. 

  117.             ChannelUtil["isLocalTest"].implementation = function () {
    118. 

  118.                 console.log(`ChannelUtil.isLocalTest is called`);
    119. 

  119.                 let result = this["isLocalTest"]();
    120. 

  120.                 console.log(`ChannelUtil.isLocalTest result=${result}`);
    121. 

  121.                 return true;
    122. 

  122.             };
    123. 

  123. 

  124.             DebugUtil.DEBUG = true;
    125. 

  125.         }
    126. 

  126. 

  127.         Java.perform(function () {
    128. 

  128.             logColor("HookDY.js is loaded", LogColor.GREEN_TEXT);
    129. 

  129.             // hookDebugMode();
    130. 

  130.             // hookTextView();
    131. 

  131.             // hookSocket();
    132. 

  132. 

  133.             let OnMessageListener = Java.use("com.ss.ugc.live.sdk.message.interfaces.OnMessageListener");
    134. 

  134.             OnMessageListener["onMessage"].implementation = function (iMessage) {
    135. 

  135.                 console.log(`OnMessageListener.onMessage is called: iMessage=${iMessage}`);
    136. 

  136.                 logColor("OnMessageListener.onMessage is called: iMessage=" + iMessage, LogColor.RED_TEXT);
    137. 

  137.                 this["onMessage"](iMessage);
    138. 

  138.             };
    139. 

  139. 

  140.             // let C2120008In = Java.use("X.08In");
    141. 

  141.             // C2120008In["onMessage"].implementation = function (iMessage) {
    142. 

  142.             //     console.log(`C2120008In.onMessage is called: iMessage=${iMessage}`);
    143. 

  143.             //     console.log("performClick triggered, printing stack trace:");
    144. 

  144.             //     Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()).split("\n").forEach(function (line) {
    145. 

  145.             //         console.log(line);
    146. 

  146.             //     });
    147. 

  147.             //     this["onMessage"](iMessage);
    148. 

  148.             // };
    149. 

  149.             //
    150. 

  150.             // let C1420440n0C = Java.use("X.0n0C");
    151. 

  151.             // C1420440n0C["onMessage"].implementation = function (iMessage) {
    152. 

  152.             //     console.log(`C1420440n0C.onMessage is called: iMessage=${iMessage}`);
    153. 

  153.             //     this.printStackTrace();
    154. 

  154.             //     this["onMessage"](iMessage);
    155. 

  155.             // };
    156. 

  156.             let GsonUtil = Java.use("com.bytedance.android.ec.core.utils.GsonUtil");
    157. 

  157. 

  158.             let HandlerC8064033h = Java.use("X.033h");
    159. 

  159.             HandlerC8064033h["handleMessage"].implementation = function (msg) {
    160. 

  160.                 //解析 android.os.Message
    161. 

  161.                 let what = msg.what.value;
    162. 

  162.                 // console.log(`msg.what:${what}`);
    163. 

  163.                 let objArr = msg.obj.value;
    164. 

  164.                 if (what !== 202 && objArr != null) {
    165. 

  165.                     let ArrayList = Java.use("java.util.ArrayList");
    166. 

  166.                     let objList = Java.cast(objArr, ArrayList);
    167. 

  167.                     for (let index = 0; index < objList.size(); index++) {
    168. 

  168.                         logColor(`---------------------------------------------------------------------------------------------------------------------------------`, LogColor.RED_TEXT);
    169. 

  169.                         let obj = objList.get(index);
    170. 

  170.                         let toString = obj.toString();
    171. 

  171.                         if (toString.includes("Gift")||toString.includes("gift")) {
    172. 

  172.                             logColor(`what:${what}\t\t obj${index}\t\tclass:${obj.getClass().getName()} =>\n` + GsonUtil.toJson(obj), LogColor.YELLOW_TEXT);
    173. 

  173.                         } else {
    174. 

  174.                             logColor(`what:${what}\t\t obj${index}\t\tclass:${obj.getClass().getName()} =>\n` + obj, LogColor.GREEN_TEXT);
    175. 

  175.                         }
    176. 

  176.                         logColor(`---------------------------------------------------------------------------------------------------------------------------------`, LogColor.RED_TEXT);
    177. 

  177.                     }
    178. 

  178.                 }
    179. 

  179. 

  180.                 this["handleMessage"](msg);
    181. 

  181.             };
    182. 

  182. 

  183.             //hook X.0mSO
    184. 

  184.             // setTimeout(function (){
    185. 

  185.             //     let use = Java.use("X.0mSO");
    186. 

  186.             //     if (use!==null){
    187. 

  187.             //         console.log("hook java")
    188. 

  188.             //         use.LIZJ.overload().implementation=function () {
    189. 

  189.             //             let lizj = this.LIZJ();
    190. 

  190.             //             console.log("call lizj:",lizj);
    191. 

  191.             //             return lizj;
    192. 

  192.             //         }
    193. 

  193.             //     }
    194. 

  194.             //
    195. 

  195.             // },5000);
    196. 

  196.             // setTimeout(function () {
    197. 

  197.             //     //hook webview的load url的所有方法
    198. 

  198.             //     Java.perform(function () {
    199. 

  199.             //         Java.use("android.webkit.WebView").loadUrl.overload("java.lang.String").implementation = function (url) {
    200. 

  200.             //             console.log("load url:", url);
    201. 

  201.             //             return this.loadUrl(url);
    202. 

  202.             //         }
    203. 

  203.             //     });
    204. 

  204.             // }, 5000);
    205. 

  205.         });
    206. 

  206.     }
    207. 

  207. }
    208.