Posts

App注入1

pre

app一直检测我的package list.烦人，我注入你。

frida+lief

pip install lief

python：

import lief

libnative = lief.parse("libsafeguard.so")
libnative.add_library("libdd.so")  # Injection!
libnative.write("libsafeguard.so.1")

下载：libgadget

具体实现看frida代码：lib/gadget/gadget.vala 然后将so上传到手机，配置文件写

{
  "interaction": {
    "type": "script",
    "path": "/sdcard/dd.js"
  }
}

setImmediate(function() {
Java.perform(function() {
    var targetClass='com.amap.api.location.AMapLocation';
    var methodName='getLongitude';
    var gclass = Java.use(targetClass);
    gclass[methodName].overload().implementation = function() {
        console.log('\nGDA[Hook getLongitude()]'+'');
        var i=this[methodName]();
        console.log('\treturn '+i);
        // return 108;
        return 11108.856 + (Math.floor(Math.random()*900) + 100) / 1000000;
    }
})
})

setImmediate(function() {
Java.perform(function() {
    var targetClass='com.amap.api.location.AMapLocation';
    var methodName='getLatitude';
    var gclass = Java.use(targetClass);
    gclass[methodName].overload().implementation = function() {
        console.log('\nGDA[Hook getLatitude()]'+'');
        var i=this[methodName]();
        console.log('\treturn '+i);
        // return 34;
        return 1234.160 + (Math.floor(Math.random()*900) + 100) / 1000000;
    }
})
})

libdd.config.so 文件配置和so同配置.