逆向实战 | 手撕咚咚考勤定位打卡

逆向实战 | 手撕咚咚考勤定位打卡

傻逼软件,不说废话直接开始。

安卓定位归根道理如果要获取经纬度跑不出两个函数:

image

我干的事情很简单,直接一手硬编码写死(自己去地图软件找要定位的经纬度,经纬度都要改掉),并且从理论上说这个方法适用于大多数软件的定位功能:

正常获取:image

patch(double写IEEE754):
image

打包签名,over.

检查:
image

最后附赠调试使用的frida hook代码:

const simulated_latitude  = xx.94
const simulated_longitude = xxx.79
console.log("start")

Java.perform(function(){

    const Location = Java.use('android.location.Location')
    
    var location = Location.$new("gps")
    location.setLatitude(simulated_latitude)
    location.setLongitude(simulated_longitude)

    Location.$init.overload("android.location.Location").implementation = function(x){
        console.log("Instantiated new location ( Location ) ")
        return location
    }

    Location.$init.overload("java.lang.String").implementation = function(x){
        console.log("Instantiated new location ( String ) ")
        return location
    }

    Location.getLatitude.implementation = function(){
        console.log("Old latitude : " + this.getLatitude() + ", New Latitude : " + simulated_latitude)
        return simulated_latitude
    }


    Location.getLongitude.implementation = function(){
        console.log("Old longitude : " + this.getLongitude() + ", New Longitude : " + simulated_longitude)
        return simulated_longitude
    }

    // Not sure if needed, bypass fake location check
    Location.isFromMockProvider.implementation = function(){
        console.log("Location.isFromMockProvider -> false")
        return false
    }
})
posted @ 2024-07-15 15:04  Mz1  阅读(114)  评论(0编辑  收藏  举报