逆向实战 | 手撕咚咚考勤定位打卡
逆向实战 | 手撕咚咚考勤定位打卡
傻逼软件,不说废话直接开始。
安卓定位归根道理如果要获取经纬度跑不出两个函数:
我干的事情很简单,直接一手硬编码写死(自己去地图软件找要定位的经纬度,经纬度都要改掉),并且从理论上说这个方法适用于大多数软件的定位功能:
正常获取:
patch(double写IEEE754):
打包签名,over.
检查:
最后附赠调试使用的frida hook代码:
const simulated_latitude = xx.94
const simulated_longitude = xxx.79
console.log("start")
Java.perform(function(){
const Location = Java.use('android.location.Location')
var location = Location.$new("gps")
location.setLatitude(simulated_latitude)
location.setLongitude(simulated_longitude)
Location.$init.overload("android.location.Location").implementation = function(x){
console.log("Instantiated new location ( Location ) ")
return location
}
Location.$init.overload("java.lang.String").implementation = function(x){
console.log("Instantiated new location ( String ) ")
return location
}
Location.getLatitude.implementation = function(){
console.log("Old latitude : " + this.getLatitude() + ", New Latitude : " + simulated_latitude)
return simulated_latitude
}
Location.getLongitude.implementation = function(){
console.log("Old longitude : " + this.getLongitude() + ", New Longitude : " + simulated_longitude)
return simulated_longitude
}
// Not sure if needed, bypass fake location check
Location.isFromMockProvider.implementation = function(){
console.log("Location.isFromMockProvider -> false")
return false
}
})
本文来自博客园,作者:Mz1,转载请注明原文链接:https://www.cnblogs.com/Mz1-rc/p/18303188
如果有问题可以在下方评论或者email:mzi_mzi@163.com