可通过ui来查看界面布局,来确定是否是 webview控件;
再继续砸壳后,找到 www
找到 app-service 进行 格式化分析,关键词定位等;
注:
可修改该文件,修改后将文件再 scp 进手机目录里,进行插桩调试;
进入根目录后: cd /
查找项目目录:
find . name app-service.js
运行沙盒目录
/private/var/mobile/Containers/Data/Application/
安装目录
/private/var/containers/Bundle/Application/
我们改动插桩的话,直接推到沙盒目录,一些缓存,临时文件等操作使用;
扫描二维码关注公众号,回复:
14718194 查看本文章
scp 修改后app-service.js root@ip:/var/mobile/Containers/Data/Application/xxx
重新打开 app 即可进行插桩运行
抓包忽略~
frida-trace -UF -m "-[WXStreamModule _buildRequestWithOptions:callbackRsp:]"
替换js:
/*
* Auto-generated by Frida. Please modify to match the signature of -[WXStreamModule _buildRequestWithOptions:callbackRsp:].
* This stub is currently auto-generated from manpages when available.
*
* For full API reference, see: https://frida.re/docs/javascript-api/
*/
{
/**
* Called synchronously when about to call -[WXStreamModule _buildRequestWithOptions:callbackRsp:].
*
* @this {object} - Object allowing you to store state for use in onLeave.
* @param {function} log - Call this function with a string to be presented to the user.
* @param {array} args - Function arguments represented as an array of NativePointer objects.
* For example use args[0].readUtf8String() if the first argument is a pointer to a C string encoded as UTF-8.
* It is also possible to modify arguments by assigning a NativePointer object to an element of this array.
* @param {object} state - Object allowing you to keep state across function calls.
* Only one JavaScript function will execute at a time, so do not worry about race-conditions.
* However, do not use this to store function arguments across onEnter/onLeave, but instead
* use "this" which is an object for keeping state local to an invocation.
*/
onEnter(log, args, state) {
log(`-[WXStreamModule _buildRequestWithOptions:${
ObjC.Object(args[2])} callbackRsp:${
ObjC.Object(args[3])}]`);
},
/**
* Called synchronously when about to return from -[WXStreamModule _buildRequestWithOptions:callbackRsp:].
*
* See onEnter for details.
*
* @this {object} - Object allowing you to access state stored in onEnter.
* @param {function} log - Call this function with a string to be presented to the user.
* @param {NativePointer} retval - Return value represented as a NativePointer object.
* @param {object} state - Object allowing you to keep state across function calls.
*/
onLeave(log, retval, state) {
}
}