Compare commits
2 Commits
b1b381b7a6
...
358c51a054
| Author | SHA1 | Date |
|---|---|---|
 wangsiyuan
|
358c51a054 | |
|
wangsiyuan
|
db7b6cb54a |
|
|
@ -1,11 +1,101 @@
|
||||||
console.log("Script loaded successfully");
|
console.log("Script loaded successfully");
|
||||||
|
|
||||||
Java.perform(function() {
|
if (Java.available) {
|
||||||
|
Java.perform(function () {
|
||||||
|
console.log("start hook java.net.URL");
|
||||||
|
get_request_info()
|
||||||
var URL = Java.use('java.net.URL');
|
var URL = Java.use('java.net.URL');
|
||||||
URL.$init.overload('java.lang.String').implementation = function(spec) {
|
URL.$init.overload('java.lang.String').implementation = function (spec) {
|
||||||
if (spec.includes("appsflyer")){
|
if (spec.includes("appsflyer")) {
|
||||||
console.log("URL request: " + spec);
|
console.log("URL request: " + spec);
|
||||||
|
if (spec.includes("conversions")){
|
||||||
|
// check_conversion_loaded()
|
||||||
|
var stackTrace = Java.use('java.lang.Exception').$new().getStackTrace().toString();
|
||||||
|
console.log(stackTrace);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return this.$init(spec);
|
return this.$init(spec);
|
||||||
};
|
};
|
||||||
|
// JSONObject.$init.overload('java.lang.String').implementation = function (jsonString) {
|
||||||
|
// var result = this.$init.overload('java.lang.String').call(this, jsonString);
|
||||||
|
// if (typeof result.toString !== "undefined") {
|
||||||
|
// console.log("result: " + result.toString())
|
||||||
|
// var msgData = jsonString.toString();
|
||||||
|
//
|
||||||
|
// if (msgData.contains("install_time") &&
|
||||||
|
// (msgData.contains("af_siteid") || msgData.contains("af_channel") ||
|
||||||
|
// msgData.contains("af_status") || msgData.contains("af_message")) &&
|
||||||
|
// (!msgData.contains("is_first_launch"))) {
|
||||||
|
// console.log("msgdata: " + msgData)
|
||||||
|
// }
|
||||||
|
// }
|
||||||
|
//
|
||||||
|
// return result;
|
||||||
|
// };
|
||||||
|
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
function check_conversion_loaded() {
|
||||||
|
Java.perform(function() {
|
||||||
|
var found = false;
|
||||||
|
Java.enumerateLoadedClasses({
|
||||||
|
onMatch: function(className) {
|
||||||
|
if (className.includes("AppsFlyer2dXConversionCallback")) {
|
||||||
|
console.log("Found: " + className);
|
||||||
|
found = true;
|
||||||
|
}
|
||||||
|
},
|
||||||
|
onComplete: function() {
|
||||||
|
if (!found) {
|
||||||
|
console.log("AppsFlyer2dXConversionCallback class not loaded.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function get_request_info() {
|
||||||
|
console.log("start running get_request_info")
|
||||||
|
var HttpURLConnection = Java.use('java.net.HttpURLConnection');
|
||||||
|
var ByteArrayOutputStream = Java.use('java.io.ByteArrayOutputStream');
|
||||||
|
console.log(HttpURLConnection,ByteArrayOutputStream)
|
||||||
|
printMethods('java.net.HttpURLConnection');
|
||||||
|
printMethods('java.io.ByteArrayOutputStream');
|
||||||
|
HttpURLConnection.getRequestMethod.implementation = function () {
|
||||||
|
var url = this.getURL().toString();
|
||||||
|
var method = this.getRequestMethod();
|
||||||
|
console.log("URL: " + url + " | Request Method: " + method);
|
||||||
|
return method;
|
||||||
|
};
|
||||||
|
HttpURLConnection.setRequestProperty.implementation = function (key, value) {
|
||||||
|
if (this.getURL().toString().includes("conversions")){
|
||||||
|
console.log("Header: " + key + ": " + value);
|
||||||
|
}
|
||||||
|
return this.setRequestProperty(key, value);
|
||||||
|
};
|
||||||
|
HttpURLConnection.getOutputStream.implementation = function() {
|
||||||
|
var outputStream = this.getOutputStream();
|
||||||
|
var byteArrayOutputStream = ByteArrayOutputStream.$new();
|
||||||
|
var bytes = Java.array('byte', [1024]);
|
||||||
|
var len;
|
||||||
|
while ((len = outputStream.read(bytes)) != -1) {
|
||||||
|
byteArrayOutputStream.write(bytes, 0, len);
|
||||||
|
}
|
||||||
|
var requestBody = byteArrayOutputStream.toString();
|
||||||
|
if (this.getURL().toString().includes("conversions")) {
|
||||||
|
console.log("Request Body: " + requestBody);
|
||||||
|
}
|
||||||
|
return outputStream;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
function printMethods(className) {
|
||||||
|
var jclass = Java.use(className);
|
||||||
|
var methods = jclass.class.getDeclaredMethods();
|
||||||
|
console.log("Printing methods of " + className + ":\n");
|
||||||
|
methods.forEach(function(method) {
|
||||||
|
console.log(method);
|
||||||
|
});
|
||||||
|
}
|
||||||
2
main.py
2
main.py
|
|
@ -20,6 +20,7 @@ def attach_method(is_spawn):
|
||||||
|
|
||||||
|
|
||||||
def main(package_name,script_path,is_spawn):
|
def main(package_name,script_path,is_spawn):
|
||||||
|
print(f"script_path: {script_path}")
|
||||||
js_code = modules.files_utils.read_javascript(script_path)
|
js_code = modules.files_utils.read_javascript(script_path)
|
||||||
# print(js_code)
|
# print(js_code)
|
||||||
modules.command.start_frida()
|
modules.command.start_frida()
|
||||||
|
|
@ -59,4 +60,5 @@ if __name__ == '__main__':
|
||||||
attach_process_name = "Navi"
|
attach_process_name = "Navi"
|
||||||
package_name = "com.naviapp"
|
package_name = "com.naviapp"
|
||||||
script_path = "./hook_conversions.js"
|
script_path = "./hook_conversions.js"
|
||||||
|
# script_path = "./r0capture/script.js"
|
||||||
main(package_name,script_path, is_spawn)
|
main(package_name,script_path, is_spawn)
|
||||||
|
|
|
||||||
Reference in New Issue