function hook_java(){
if(Java.available){
Java.perform(function(){
var SwitchConfig = Java.use('mtopsdk.mtop.global.SwitchConfig');
SwitchConfig.isGlobalSpdySwitchOpen.overload().implementation = function(){
var ret = this.isGlobalSpdySwitchOpen.apply(this, arguments);
console.log("isGlobalSpdySwitchOpenl "+ret)
return false
}
hook_doComandNative()
});
}
}
function hook_doComandNative(){
var threadef = Java.use('java.lang.Thread');
var threadinstance = threadef.$new();
Java.enumerateClassLoaders({
"onMatch": function(loader) {
if (loader.toString().indexOf("libsgmain") > 0 ) {
Java.classFactory.loader = loader; // 将当前class factory中的loader指定为我们需要的
var signCls = Java.classFactory.use('com.taobao.wireless.security.adapter.JNICLibrary');
signCls.doCommandNative.implementation = function(a,b){
var retval = this.doCommandNative(a,b);
console.log(" #### >>> a = " + a);
console.log(" #### >>> rc= " + retval)
var stack = threadinstance.currentThread().getStackTrace();
console.log("#### >>> Rc Full call stack:" + Where(stack));
return retval;
}
}else if(loader.toString().indexOf("libsgmiddletier")>0){
Java.classFactory.loader = loader;
let a = Java.classFactory.use("com.alibaba.wireless.security.middletierplugin.b.c.a");
a["a"].overload('java.util.HashMap').implementation = function (hashMap) {
console.log('a is called' + ', ' + 'hashMap: ' + hashMap);
let ret = this.a(hashMap);
console.log('a ret value is ' + ret);
return ret;
};
}
},
"onComplete": function() {
console.log("success");
}
});
}
function main(){
hook_java();
// hook_libart();
}
function Where(stack){
var at = "stack: \r\t"
for(var i = 0; i < stack.length; ++i){
at += stack[i].toString() + "\n\t"
}
return at
}
function hook_libart(){
var symbols = Module.enumerateSymbolsSync("libart.so");
var addrGetStringUTFChars = null;
for(var i = 0 ;i < symbols.length ; ++i){
var symbol = symbols[i];
if(symbol.name.indexOf("art") >= 0 &&
symbol.name.indexOf("JNI") >=0 &&
symbol.name.indexOf("CheckJNI")< 0){
if(symbol.name.indexOf("GetStringUTFChars") >=0){
addrGetStringUTFChars = symbol.address;
console.log("GetStringUTFChars is at",symbol.address,symbol.name);
}
}
}
if (addrGetStringUTFChars) {
Interceptor.attach(addrGetStringUTFChars, {
onEnter: function (args) {},
onLeave: function (retval) {
if (retval != null) {
var bytes = Memory.readCString(retval);
if(bytes != null) {
if(bytes.toString().indexOf("x-sign") >0 )
{
console.log("[GetStringUTFChars] result:" + bytes);
var threadef = Java.use('java.lang.Thread');
var threadinstance = threadef.$new();
var stack = threadinstance.currentThread().getStackTrace();
console.log("====Java层堆栈开始=====\r\t")
console.log(Where(stack));
console.log("====Java层堆栈结束=====\r\t")
console.log("====Native层堆栈开始=====\r\t")
console.log(Thread.backtrace(this.context, Backtracer.FUZZY)
.map(DebugSymbol.fromAddress).join("\r\t"))
console.log("====Native层堆栈结束=====\r\t")
}
}
}
}
});
}
}
function hook_native(){
}
setImmediate(main)
