xiongzhu
/
frida-rcs-hack


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374
							function trace(tag) {
    Log.e((tag || '') + Java.use('android.util.Log').getStackTraceString(Java.use('java.lang.Throwable').$new()))
}

function readFile(path) {
    var FileOutputStream = Java.use('java.io.FileOutputStream')
    var FileInputStream = Java.use('java.io.FileInputStream')
    var File = Java.use('java.io.File')
    var InputStreamReader = Java.use('java.io.InputStreamReader')
    var BufferedReader = Java.use('java.io.BufferedReader')
    var ByteArrayOutputStream = Java.use('java.io.ByteArrayOutputStream')

    var file = File.$new(path)
    var fileInputStream = FileInputStream.$new(file)

    var inputStreamReader = InputStreamReader.$new(Java.cast(fileInputStream, Java.use('java.io.InputStream')))
    var bufferedReader = BufferedReader.$new(inputStreamReader)
    var line
    var content = ''
    while ((line = bufferedReader.readLine()) !== null) {
        content += line + '\n'
    }

    bufferedReader.close()
    inputStreamReader.close()
    fileInputStream.close()

    return content
}

setImmediate(() => {
    Java.perform(function () {
        const Log = Java.use('android.util.Log')

        function log(msg) {
            console.log(`\x1b[30m[system_server] ${msg}\x1b[0m`)
            Log.d('frida-system_server', msg + '')
        }
        log(Java.classFactory.loader)

        Java.enumerateClassLoadersSync().forEach((loader) => {
            log(loader)
        })

        // const SystemServiceManager = Java.use('com.android.server.SystemServiceManager')
        // log(SystemServiceManager.class.getClassLoader())
        // const SystemServerClassLoaderFactory = Java.use('com.android.internal.os.SystemServerClassLoaderFactory')
        // const classLoader = SystemServerClassLoaderFactory.getOrCreateClassLoader(
        //     '/apex/com.android.wifi/javalib/service-wifi.jar',
        //     SystemServiceManager.class.getClassLoader(),
        //     false
        // )
        // log(classLoader)
        // Java.classFactory.loader = classLoader
        // // Java.enumerateLoadedClasses({
        // //     onMatch: function (className) {
        // //         if (className == 'com.android.server.wifi.WifiServiceImpl') {
        // //             const WifiService = Java.use('com.android.server.wifi.WifiService')
        // //         }
        // //     },
        // //     onComplete: function () {
        // //         console.log('枚举结束')
        // //     }
        // // })
        // const WifiServiceImpl = Java.use('com.android.server.wifi.WifiServiceImpl')
        // log(WifiServiceImpl)
        // WifiServiceImpl.getFactoryMacAddresses.overload().implementation = function () {
        //     const original = this.getFactoryMacAddresses()
        //     const spoof = ['00:00:00:00:00:00']
        //     log(`WifiServiceImpl.getFactoryMacAddresses() called, returning: ${spoof}, original: ${original}`)
        //     return spoof
        // }
    })
})