更新 hook.iml

.idea/hook.iml

@@ -3,8 +3,10 @@
   <component name="NewModuleRootManager">
     <content url="file://$MODULE_DIR$">
       <excludeFolder url="file://$MODULE_DIR$/venv" />
+      <excludeFolder url="file://$MODULE_DIR$/venv 3.11" />
+      <excludeFolder url="file://$MODULE_DIR$/venv 3.9" />
     </content>
-    <orderEntry type="inheritedJdk" />
+    <orderEntry type="jdk" jdkName="Python 3.9 (hook-frida)" jdkType="Python SDK" />
     <orderEntry type="sourceFolder" forTests="false" />
   </component>
 </module>

.idea/misc.xml

@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
-  <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.9 (hook)" project-jdk-type="Python SDK" />
+  <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.9 (hook-frida)" project-jdk-type="Python SDK" />
 </project>

AppLog.js

@@ -0,0 +1,6 @@
+Java.perform(function() {
+    var AppLog = Java.use("com.ss.android.common.applog.AppLog");
+    console.log("BASE_HEADER_KEYS value: " + AppLog.BASE_HEADER_KEYS.value);
+    return AppLog.BASE_HEADER_KEYS.value;
+});
+

AppLogReaperServiceImpl.js

@@ -0,0 +1,11 @@
+//AppLogReaperServiceImpl类的LIZ方法
+Java.perform(function() {
+    var AppLogReaperServiceImpl = Java.use("com.ss.android.ugc.aweme.lancet.AppLogReaperServiceImpl");
+
+    AppLogReaperServiceImpl.LIZ.overload('org.json.JSONObject').implementation = function(jsonObject) {
+        console.log("Logged JSON: " + jsonObject.toString());
+
+        // Call the original function
+        return this.LIZ(jsonObject);
+    };
+});

RegionMockConfig.js

@@ -0,0 +1,7 @@
+
+//RegionMockConfig类
+Java.perform(function() {
+    var AppLog = Java.use("com.ss.android.common.applog.AppLog");
+    console.log("BASE_HEADER_KEYS value: " + AppLog.BASE_HEADER_KEYS.value);
+});
+

SettingServiceImpl.js

@@ -0,0 +1,22 @@
+
+
+Java.perform(function() {
+    var SettingServiceImpl = Java.use("com.p314ss.android.ugc.aweme.setting.services.SettingServiceImpl");
+
+    var originalLJIILL = SettingServiceImpl.LJIILL.implementation;
+
+    SettingServiceImpl.LJIILL.implementation = function() {
+        // 打印日志，表示方法被hook
+        console.log("LJIILL method is called!");
+
+        // 尝试获取 accountRegion 字段的值
+        if (this.hasOwnProperty('accountRegion')) {
+            console.log("accountRegion: " + this.accountRegion);
+        } else {
+            console.log("accountRegion field not found in SettingServiceImpl.");
+        }
+
+        // 调用原始方法
+        originalLJIILL.call(this);
+    }
+});

test.py

@@ -1,24 +1,22 @@
 import frida
 
+def list_devices():
+    devices = frida.enumerate_devices()
+    for device in devices:
+        print(device)
+
+# list_devices()
+
+def connect_to_device(device_id):
+    device = frida.get_device(id=device_id, timeout=10)
+    print(device)
+
+# Connect to the Pixel 3 device
+connect_to_device("8C1X1H1YG")
+
+def on_message(message, data):
+    print(message)
 
-def is_frida_running(device):
-    try:
-        # 获取设备上的所有进程
-        processes = device.enumerate_processes()
 
-        # 检查是否存在名为 'frida-server' 的进程
-        for process in processes:
-            print(process)
-            if process.name == 'frida':
-                return True
-        return False
-    except Exception as e:
-        print(f"Error: {e}")
-        return False
 
 
-device = frida.get_usb_device(timeout=3)
-if is_frida_running(device):
-    print("Frida is running on the device.")
-else:
-    print("Frida is not running on the device.")