Página inicial Explorar Ajuda
Registrar Entrar
xiongzhu
/
frida-sms-hook
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Ver código fonte

.

x1ongzhu 1 ano atrás
pai
bb3f71a79b
commit
44807cc367
2 arquivos alterados com 119 adições e 0 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 60 0
      1.js
  2. 59 0
      2.js

+ 60 - 0
1.js
Ver arquivo 

@@ -0,0 +1,60 @@
 
+Java.perform(() => {
 
+    Java.deoptimizeEverything();
 
+    Java.choose("com.google.android.apps.messaging.home.HomeActivity", {
 
+        onMatch: function (instance) {
 
+            console.log("Found instance of MainActivity")
 
+
 
+            var Intent = Java.use("android.content.Intent")
 
+            var Long = Java.use("java.lang.Long")
 
+            var Byte = Java.use("java.lang.Byte")
 
+            var byte = Java.use("[B")
 
+            var Integer = Java.use("java.lang.Integer")
 
+
 
+            var intent = Intent.$new("android.provider.Telephony.SMS_DELIVER")
 
+
 
+            intent.putExtra("android.telephony.extra.SUBSCRIPTION_INDEX", 1)
 
+            intent.putExtra(
 
+                "messageId",
 
+                Long.valueOf(parseInt(Math.random() * 100000000).toString())
 
+            )
 
+            intent.putExtra("format", "3gpp")
 
+            intent.putExtra("android.telephony.extra.SLOT_INDEX", 1)
 
+            var pdu0 = Java.array(
 
+                "byte",
 
+                [
 
+                    6, -127, 0, 0, 0, 0, 0, 4, 11, -127, 81, 112, -121, 104,
 
+                    113, -15, 0, 0, -114, 64, 32, -48, -30, 51, 2, 4, -12, -14,
 
+                    -100, 14
 
+                ]
 
+            )
 
+            var pdus = Java.array("java.lang.Object", [pdu0])
 
+
 
+            var putSerializable = Intent.putExtra.overload(
 
+                "java.lang.String",
 
+                "java.io.Serializable"
 
+            )
 
+
 
+            console.log("pdus", pdus)
 
+
 
+            putSerializable.call(intent, "pdus",  )
 
+
 
+            intent.putExtra("phone", 1)
 
+            intent.putExtra("subscription", 1)
 
+
 
+            // var context = instance.getApplicationContext()
 
+
 
+            var Receiver = Java.use(
 
+                "com.google.android.apps.messaging.shared.receiver.SmsDeliverReceiver"
 
+            )
 
+            var onReceiveMethod = Receiver.onReceive
 
+            var receiverInstance = Receiver.$new()
 
+            var context = Java.use("android.app.ActivityThread")
 
+                .currentApplication()
 
+                .getApplicationContext()
 
+            onReceiveMethod.call(receiverInstance, context, intent)
 
+        },
 
+        onComplete: function () {
 
+            console.log("Completed")
 
+        }
 
+    })
 
+})

+ 59 - 0
2.js
Ver arquivo 

@@ -0,0 +1,59 @@
 
+Java.perform(() => {
 
+    Java.choose("com.example.mysmsapp.MainActivity", {
 
+        onMatch: function (instance) {
 
+            console.log("Found instance of MainActivity")
 
+
 
+            var Intent = Java.use("android.content.Intent")
 
+            var Long = Java.use("java.lang.Long")
 
+            var Byte = Java.use("java.lang.Byte")
 
+            var byte = Java.use("[B")
 
+            var Integer = Java.use("java.lang.Integer")
 
+
 
+            var intent = Intent.$new("android.provider.Telephony.SMS_DELIVER")
 
+
 
+            intent.putExtra("android.telephony.extra.SUBSCRIPTION_INDEX", 1)
 
+            intent.putExtra(
 
+                "messageId",
 
+                Long.valueOf(parseInt(Math.random() * 100000000).toString())
 
+            )
 
+            intent.putExtra("format", "3gpp")
 
+            intent.putExtra("android.telephony.extra.SLOT_INDEX", 1)
 
+            var pdu0 = Java.array(
 
+                "byte",
 
+                [
 
+                    6, -127, 0, 0, 0, 0, 0, 4, 11, -127, 81, 112, -121, 104,
 
+                    113, -15, 0, 0, -114, 64, 32, -48, -30, 51, 2, 4, -12, -14,
 
+                    -100, 14
 
+                ]
 
+            )
 
+            console.log("pdu0", pdu0.toString())
 
+
 
+            var pdus = Java.array("java.lang.Object", [null])
 
+            pdus[0] = pdu0
 
+            console.log("pdus", JSON.stringify(pdus))
 
+
 
+            var putSerializable = Intent.putExtra.overload(
 
+                "java.lang.String",
 
+                "java.io.Serializable"
 
+            )
 
+
 
+            putSerializable.call(intent, "pdus", Java.cast(pdus, Java.use('java.io.Serializable')))
 
+
 
+            intent.putExtra("phone", 1)
 
+            intent.putExtra("subscription", 1)
 
+
 
+            // var context = instance.getApplicationContext()
 
+
 
+            var Receiver = Java.use("com.example.mysmsapp.SmsReceiver")
 
+            var onReceiveMethod = Receiver.onReceive
 
+            var receiverInstance = Receiver.$new()
 
+            var context = Java.use("android.app.ActivityThread")
 
+                .currentApplication()
 
+                .getApplicationContext()
 
+            onReceiveMethod.call(receiverInstance, context, intent)
 
+        },
 
+        onComplete: function () {
 
+            console.log("Completed")
 
+        }
 
+    })
 
+})