Toda mi ambición es ser libre toda mi vida.
Frida -> MiniApp
Frida -> MiniApp

Frida -> MiniApp

If we use frida -U com.tencent.mm -l xxx or objection -g com.tencent.mm explore to hook directly, we can’t see the function call, because the process you hook is not the process of WeChat applet but the process of WeChat itself.

So we have to specify the pid to hook, we can use

dumpsys activity top | grep ACTIVITY

to get it; we can also use frida -UF -l xxx to hook the current top-level Activity.

image-20231119162300722

In order to reach the hook Wechat API, we need to locate the concrete JAVA class. Since we don’t know that yet, we can just make up a random class. And we will see the error.

image-20231119162423614

After that, we just need to look for it in the apk.

1 hook Miniapp API

Step 1 : Just hook the api when it is called

Java.perform(function () {
   console.log("Entering.........");

   // Hook wx.getLocation()
   var getLocationClass = Java.use('xxx');
   getLocationClass.x.overload('xxx', 'org.json.JSONObject', 'int').implementation = function (context, jsonObject, i15) {
       console.log('getLocation called with data: ' + jsonObject.toString());
       var result = this.x(context, jsonObject, i15);
       return result;
  };
});

This is a easy python script that we can use with all the proposed examples in this tutorial:

import frida, sys

with open(sys.argv[1], 'r') as f:
   jscode = f.read()

pid = 16171
process = frida.get_usb_device().attach(pid)

script = process.create_script(jscode)

print('[ * ] Running Frida')
script.load()

sys.stdin.read()
image-20231119162817049

And we can see the prompt.

2 MiniApp API -> Android API

…continue

一条评论

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注