Frida ArrayList主动调用 传参

xiaosheng发布

在分析一款app
frida主动调用函数,里面addAllYr需要传递一个数组进去

如下是getRandomNumList反编译源码

一开始采用的如下代码

const arr = Java.use("java.util.ArrayList")
const arr2 = arr.$new()
arr2.add(2)
arr2.add(1)
console.log(arr2)
console.log(addAllYr.newBuilder().setMj(74145).addAllYr(arr2))

发现报错

把主动调用代码删掉之后还是报错,我意识到是add()的问题,
我还不死心的hook了这两个重载

// arr.add.overload('int', 'java.lang.Object').implementation = function(i, o){
//     console.log("in here ----1", "i:", i, "o:", o)
//     return this.add(i, o)
// }
// arr.add.overload('java.lang.Object').implementation = function(o){
//     console.log("in here ----1")
//     return this.add(o)

// for (var i=0;i<arrlist.length;i++){
//     arr2.add(i, arrlist[i])
// }

解决方法

需要在new一个Integer
注意下面的$符号,详情看照片

const arr = Java.use("java.util.ArrayList")
const integer = Java.use('java.lang.Integer').$new(1)
const arr2 = arr.$new()
arr2.add(integer)
arr2.add(integer)
console.log(arr2)

扩展

我查阅过frida官方api,发现里面有这么一个方法

Java.array(type, elements): 
creates a Java array with elements of the specified type, 
from a JavaScript array elements. 
The resulting Java array behaves like a JS array,
but can be passed by reference to Java APIs 
in order to allow them to modify its contents.

我用这个方法进行传参也会报错

主动调用
{'type': 'error', 'description': "Error: addAllYr(): argument types do not match any of:\n\t.overload('java.lang.Iterable')", 'stack': "Error: addAllYr(): argument types do not match any of:\n\t.overload('java.lang.Iterable')\n    at X (frida/node_modules/frida-java-bridge/lib/class-factory.js:563)\n    at value (frida/node_modules/frida-java-bridge/lib/class-factory.js:967)\n    at e (frida/node_modules/frida-java-bridge/lib/class-factory.js:547)\n    at <anonymous> (/script1.js:120)\n    at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)\n    at _performPendingVmOps (frida/node_modules/frida-java-bridge/index.js:238)\n
at <anonymous> (frida/node_modules/frida-java-bridge/index.js:213)\n
at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)\n
at _performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:232)\n    at perform (frida/node_modules/frida-java-bridge/index.js:192)\n    at test (/script1.js:125)\n    at apply (native)\n    at <anonymous> (frida/runtime/core.js:51)", 'fileName': 'frida/node_modules/frida-java-bridge/lib/class-factory.js', 'lineNumber': 563, 'columnNumber': 1}

参考文献

[1] stackooverflow: frida: Error: a(): argument types do not match any of: overload(‘int’, ‘int’, ‘long’, ‘java.lang.String’, ‘java.lang.Object’)
[2] 无涯教程: Javascript – 使用 Frida 重载函数时从列表中删除元素
[3] bilibili: 主动调用
[4] FRIDA官方文档

分类: app逆向java
标签:

站点统计

  • 文章总数:316 篇
  • 分类总数:20 个
  • 标签总数:193 个
  • 运行天数:1199 天
  • 访问总数:98056 人次

相关文章

java

mybatisPlus PO层对象类型自动转换

今天遇到一个问题,在数据库层存储的是 “user_floo 阅读更多…

java

Fiddler增加请求右键生成代码功能

今天给老师做一个小程序的爬虫,下载里面一些视频,fiddler重放请求 阅读更多…

app逆向

Plugin [id: ‘com.android.application’, version: ‘7.3’, apply: false] was not found in any of the following sources:

本来我默认新建项目是Gradle 8.2版本的,我给gradle选定在 阅读更多…

浙公网安备33011302000604

辽ICP备20003309号