1.pip install frida
2.pip install frida-tools
3.在Mumu的安装目录下找到adb_server.exe,执行 adb connect 127.0.0.1:7555
4.https://github.com/frida/frida/releases下载对应版本的frida,adb push D:\frida-server-12.0.8-android-arm64 /data/local/tmp/frida-server(我的server解压之后就在D盘)
5.adb shell
su
cd /data/local/tmp
chmod 777 frida-server
./frida-server
6.adb forward tcp:27042 tcp:27042 / adb forward tcp:27043 tcp:27043
7.编写py脚本与模拟器app交互
import frida import sys rdev = frida.get_remote_device() session = rdev.attach("ctf.crackme") js = """ Java.perform(function() { var MainActivity = Java.use('ctf.crackme.MainActivity') var onClick = MainActivity.onClick; onClick.implementation = function(v){ send('onClick'); onClick.call(this,v); } }); """ def on_message(message,data): print(message) script = session.create_script(js) script.on("message",on_message) script.load() sys.stdin.read()