├── .gitignore
├── app
    ├── .gitignore
    ├── build.gradle
    ├── proguard-rules.pro
    └── src
    │   ├── androidTest
    │       └── java
    │       │   └── com
    │       │       └── leadroyal
    │       │           └── friposed
    │       │               └── ExampleInstrumentedTest.java
    │   ├── main
    │       ├── AndroidManifest.xml
    │       ├── assets
    │       │   └── friposed.json
    │       ├── java
    │       │   └── com
    │       │   │   └── leadroyal
    │       │   │       └── friposed
    │       │   │           ├── MainActivity.java
    │       │   │           └── SimpleHook.java
    │       └── res
    │       │   ├── drawable-v24
    │       │       └── ic_launcher_foreground.xml
    │       │   ├── drawable
    │       │       └── ic_launcher_background.xml
    │       │   ├── layout
    │       │       └── activity_main.xml
    │       │   ├── mipmap-anydpi-v26
    │       │       ├── ic_launcher.xml
    │       │       └── ic_launcher_round.xml
    │       │   ├── mipmap-hdpi
    │       │       ├── ic_launcher.png
    │       │       └── ic_launcher_round.png
    │       │   ├── mipmap-mdpi
    │       │       ├── ic_launcher.png
    │       │       └── ic_launcher_round.png
    │       │   ├── mipmap-xhdpi
    │       │       ├── ic_launcher.png
    │       │       └── ic_launcher_round.png
    │       │   ├── mipmap-xxhdpi
    │       │       ├── ic_launcher.png
    │       │       └── ic_launcher_round.png
    │       │   ├── mipmap-xxxhdpi
    │       │       ├── ic_launcher.png
    │       │       └── ic_launcher_round.png
    │       │   └── values
    │       │       ├── colors.xml
    │       │       ├── strings.xml
    │       │       └── styles.xml
    │   └── test
    │       └── java
    │           └── com
    │               └── leadroyal
    │                   └── friposed
    │                       └── ExampleUnitTest.java
├── build.gradle
├── friposed-api
    ├── .gitignore
    ├── build.gradle
    └── src
    │   └── main
    │       └── java
    │           └── com
    │               └── leadroyal
    │                   └── friposed
    │                       ├── IHook.java
    │                       ├── InvokedByFrida.java
    │                       └── ParamObj.java
├── friposed.js
├── gradle.properties
├── gradle
    └── wrapper
    │   ├── gradle-wrapper.jar
    │   └── gradle-wrapper.properties
├── gradlew
├── gradlew.bat
├── readme.md
└── settings.gradle


/.gitignore:
--------------------------------------------------------------------------------
 1 | *.iml
 2 | .gradle
 3 | /local.properties
 4 | /.idea/caches
 5 | /.idea/libraries
 6 | /.idea/modules.xml
 7 | /.idea/workspace.xml
 8 | /.idea/navEditor.xml
 9 | /.idea/assetWizardSettings.xml
10 | .DS_Store
11 | /build
12 | /captures
13 | .externalNativeBuild
14 | .cxx
15 | .idea


--------------------------------------------------------------------------------
/app/.gitignore:
--------------------------------------------------------------------------------
1 | /build


--------------------------------------------------------------------------------
/app/build.gradle:
--------------------------------------------------------------------------------
 1 | apply plugin: 'com.android.application'
 2 | 
 3 | android {
 4 |     compileSdkVersion 29
 5 |     buildToolsVersion "29.0.3"
 6 | 
 7 |     defaultConfig {
 8 |         applicationId "com.leadroyal.friposed"
 9 |         minSdkVersion 19
10 |         targetSdkVersion 29
11 |         versionCode 1
12 |         versionName "1.0"
13 | 
14 |         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
15 |     }
16 | 
17 |     buildTypes {
18 |         release {
19 |             minifyEnabled false
20 |             proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
21 |         }
22 |     }
23 | }
24 | 
25 | dependencies {
26 |     implementation project(":friposed-api")
27 |     implementation fileTree(dir: "libs", include: ["*.jar"])
28 |     implementation 'androidx.appcompat:appcompat:1.1.0'
29 |     implementation 'androidx.constraintlayout:constraintlayout:1.1.3'
30 |     testImplementation 'junit:junit:4.12'
31 |     androidTestImplementation 'androidx.test.ext:junit:1.1.1'
32 |     androidTestImplementation 'androidx.test.espresso:espresso-core:3.2.0'
33 | 
34 | }


--------------------------------------------------------------------------------
/app/proguard-rules.pro:
--------------------------------------------------------------------------------
 1 | # Add project specific ProGuard rules here.
 2 | # You can control the set of applied configuration files using the
 3 | # proguardFiles setting in build.gradle.
 4 | #
 5 | # For more details, see
 6 | #   http://developer.android.com/guide/developing/tools/proguard.html
 7 | 
 8 | # If your project uses WebView with JS, uncomment the following
 9 | # and specify the fully qualified class name to the JavaScript interface
10 | # class:
11 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview {
12 | #   public *;
13 | #}
14 | 
15 | # Uncomment this to preserve the line number information for
16 | # debugging stack traces.
17 | #-keepattributes SourceFile,LineNumberTable
18 | 
19 | # If you keep the line number information, uncomment this to
20 | # hide the original source file name.
21 | #-renamesourcefileattribute SourceFile


--------------------------------------------------------------------------------
/app/src/androidTest/java/com/leadroyal/friposed/ExampleInstrumentedTest.java:
--------------------------------------------------------------------------------
 1 | package com.leadroyal.friposed;
 2 | 
 3 | import android.content.Context;
 4 | 
 5 | import androidx.test.platform.app.InstrumentationRegistry;
 6 | import androidx.test.ext.junit.runners.AndroidJUnit4;
 7 | 
 8 | import org.junit.Test;
 9 | import org.junit.runner.RunWith;
10 | 
11 | import static org.junit.Assert.*;
12 | 
13 | /**
14 |  * Instrumented test, which will execute on an Android device.
15 |  *
16 |  * @see <a href="http://d.android.com/tools/testing">Testing documentation</a>
17 |  */
18 | @RunWith(AndroidJUnit4.class)
19 | public class ExampleInstrumentedTest {
20 |     @Test
21 |     public void useAppContext() {
22 |         // Context of the app under test.
23 |         Context appContext = InstrumentationRegistry.getInstrumentation().getTargetContext();
24 |         assertEquals("com.leadroyal.friposed", appContext.getPackageName());
25 |     }
26 | }


--------------------------------------------------------------------------------
/app/src/main/AndroidManifest.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <manifest xmlns:android="http://schemas.android.com/apk/res/android"
 3 |     package="com.leadroyal.friposed">
 4 | 
 5 |     <application
 6 |         android:allowBackup="true"
 7 |         android:icon="@mipmap/ic_launcher"
 8 |         android:label="@string/app_name"
 9 |         android:roundIcon="@mipmap/ic_launcher_round"
10 |         android:supportsRtl="true"
11 |         android:theme="@style/AppTheme">
12 |         <activity android:name=".MainActivity">
13 |             <intent-filter>
14 |                 <action android:name="android.intent.action.MAIN" />
15 | 
16 |                 <category android:name="android.intent.category.LAUNCHER" />
17 |             </intent-filter>
18 |         </activity>
19 |     </application>
20 | 
21 | </manifest>


--------------------------------------------------------------------------------
/app/src/main/assets/friposed.json:
--------------------------------------------------------------------------------
1 | [
2 |   {
3 |     "enable": true,
4 |     "targetPackage": "com.leadroyal.friposed",
5 |     "targetClassName": "com.leadroyal.friposed.MainActivity",
6 |     "targetMethodSig": "func(java.lang.String,int)",
7 |     "hookClassName": "com.leadroyal.friposed.SimpleHook"
8 |   }
9 | ]


--------------------------------------------------------------------------------
/app/src/main/java/com/leadroyal/friposed/MainActivity.java:
--------------------------------------------------------------------------------
 1 | package com.leadroyal.friposed;
 2 | 
 3 | import android.os.Bundle;
 4 | import android.util.Log;
 5 | import android.view.View;
 6 | 
 7 | import androidx.appcompat.app.AppCompatActivity;
 8 | 
 9 | public class MainActivity extends AppCompatActivity {
10 |     private static final String TAG = "MainActivity";
11 | 
12 |     @Override
13 |     protected void onCreate(Bundle savedInstanceState) {
14 |         super.onCreate(savedInstanceState);
15 |         setContentView(R.layout.activity_main);
16 |     }
17 | 
18 |     public void click(View view) {
19 |         func("Click Me!", 123);
20 |     }
21 | 
22 |     private void func(String s, int i) {
23 |         Log.d(TAG, s + '\t' + i);
24 |     }
25 | }


--------------------------------------------------------------------------------
/app/src/main/java/com/leadroyal/friposed/SimpleHook.java:
--------------------------------------------------------------------------------
 1 | package com.leadroyal.friposed;
 2 | 
 3 | import android.util.Log;
 4 | 
 5 | public class SimpleHook implements IHook {
 6 |     private static final String TAG = "SimpleHook";
 7 | 
 8 |     @Override
 9 |     public void beforeHook(ParamObj paramObj) {
10 |         for (int i = 0; i < paramObj.args.length; i++) {
11 |             if (paramObj.args[i] == null)
12 |                 Log.e(TAG, "args[" + i + "]=" + "null@null");
13 |             else
14 |                 Log.e(TAG, "args[" + i + "]=" + paramObj.args[i] + "@" + paramObj.args[i].getClass());
15 |         }
16 |     }
17 | 
18 |     @Override
19 |     public void afterHook(ParamObj paramObj) {
20 |         Log.e(TAG, "return " + paramObj.getResult());
21 |     }
22 | }
23 | 


--------------------------------------------------------------------------------
/app/src/main/res/drawable-v24/ic_launcher_foreground.xml:
--------------------------------------------------------------------------------
 1 | <vector xmlns:android="http://schemas.android.com/apk/res/android"
 2 |     xmlns:aapt="http://schemas.android.com/aapt"
 3 |     android:width="108dp"
 4 |     android:height="108dp"
 5 |     android:viewportWidth="108"
 6 |     android:viewportHeight="108">
 7 |     <path android:pathData="M31,63.928c0,0 6.4,-11 12.1,-13.1c7.2,-2.6 26,-1.4 26,-1.4l38.1,38.1L107,108.928l-32,-1L31,63.928z">
 8 |         <aapt:attr name="android:fillColor">
 9 |             <gradient
10 |                 android:endX="85.84757"
11 |                 android:endY="92.4963"
12 |                 android:startX="42.9492"
13 |                 android:startY="49.59793"
14 |                 android:type="linear">
15 |                 <item
16 |                     android:color="#44000000"
17 |                     android:offset="0.0" />
18 |                 <item
19 |                     android:color="#00000000"
20 |                     android:offset="1.0" />
21 |             </gradient>
22 |         </aapt:attr>
23 |     </path>
24 |     <path
25 |         android:fillColor="#FFFFFF"
26 |         android:fillType="nonZero"
27 |         android:pathData="M65.3,45.828l3.8,-6.6c0.2,-0.4 0.1,-0.9 -0.3,-1.1c-0.4,-0.2 -0.9,-0.1 -1.1,0.3l-3.9,6.7c-6.3,-2.8 -13.4,-2.8 -19.7,0l-3.9,-6.7c-0.2,-0.4 -0.7,-0.5 -1.1,-0.3C38.8,38.328 38.7,38.828 38.9,39.228l3.8,6.6C36.2,49.428 31.7,56.028 31,63.928h46C76.3,56.028 71.8,49.428 65.3,45.828zM43.4,57.328c-0.8,0 -1.5,-0.5 -1.8,-1.2c-0.3,-0.7 -0.1,-1.5 0.4,-2.1c0.5,-0.5 1.4,-0.7 2.1,-0.4c0.7,0.3 1.2,1 1.2,1.8C45.3,56.528 44.5,57.328 43.4,57.328L43.4,57.328zM64.6,57.328c-0.8,0 -1.5,-0.5 -1.8,-1.2s-0.1,-1.5 0.4,-2.1c0.5,-0.5 1.4,-0.7 2.1,-0.4c0.7,0.3 1.2,1 1.2,1.8C66.5,56.528 65.6,57.328 64.6,57.328L64.6,57.328z"
28 |         android:strokeWidth="1"
29 |         android:strokeColor="#00000000" />
30 | </vector>


--------------------------------------------------------------------------------
/app/src/main/res/drawable/ic_launcher_background.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <vector xmlns:android="http://schemas.android.com/apk/res/android"
  3 |     android:width="108dp"
  4 |     android:height="108dp"
  5 |     android:viewportWidth="108"
  6 |     android:viewportHeight="108">
  7 |     <path
  8 |         android:fillColor="#3DDC84"
  9 |         android:pathData="M0,0h108v108h-108z" />
 10 |     <path
 11 |         android:fillColor="#00000000"
 12 |         android:pathData="M9,0L9,108"
 13 |         android:strokeWidth="0.8"
 14 |         android:strokeColor="#33FFFFFF" />
 15 |     <path
 16 |         android:fillColor="#00000000"
 17 |         android:pathData="M19,0L19,108"
 18 |         android:strokeWidth="0.8"
 19 |         android:strokeColor="#33FFFFFF" />
 20 |     <path
 21 |         android:fillColor="#00000000"
 22 |         android:pathData="M29,0L29,108"
 23 |         android:strokeWidth="0.8"
 24 |         android:strokeColor="#33FFFFFF" />
 25 |     <path
 26 |         android:fillColor="#00000000"
 27 |         android:pathData="M39,0L39,108"
 28 |         android:strokeWidth="0.8"
 29 |         android:strokeColor="#33FFFFFF" />
 30 |     <path
 31 |         android:fillColor="#00000000"
 32 |         android:pathData="M49,0L49,108"
 33 |         android:strokeWidth="0.8"
 34 |         android:strokeColor="#33FFFFFF" />
 35 |     <path
 36 |         android:fillColor="#00000000"
 37 |         android:pathData="M59,0L59,108"
 38 |         android:strokeWidth="0.8"
 39 |         android:strokeColor="#33FFFFFF" />
 40 |     <path
 41 |         android:fillColor="#00000000"
 42 |         android:pathData="M69,0L69,108"
 43 |         android:strokeWidth="0.8"
 44 |         android:strokeColor="#33FFFFFF" />
 45 |     <path
 46 |         android:fillColor="#00000000"
 47 |         android:pathData="M79,0L79,108"
 48 |         android:strokeWidth="0.8"
 49 |         android:strokeColor="#33FFFFFF" />
 50 |     <path
 51 |         android:fillColor="#00000000"
 52 |         android:pathData="M89,0L89,108"
 53 |         android:strokeWidth="0.8"
 54 |         android:strokeColor="#33FFFFFF" />
 55 |     <path
 56 |         android:fillColor="#00000000"
 57 |         android:pathData="M99,0L99,108"
 58 |         android:strokeWidth="0.8"
 59 |         android:strokeColor="#33FFFFFF" />
 60 |     <path
 61 |         android:fillColor="#00000000"
 62 |         android:pathData="M0,9L108,9"
 63 |         android:strokeWidth="0.8"
 64 |         android:strokeColor="#33FFFFFF" />
 65 |     <path
 66 |         android:fillColor="#00000000"
 67 |         android:pathData="M0,19L108,19"
 68 |         android:strokeWidth="0.8"
 69 |         android:strokeColor="#33FFFFFF" />
 70 |     <path
 71 |         android:fillColor="#00000000"
 72 |         android:pathData="M0,29L108,29"
 73 |         android:strokeWidth="0.8"
 74 |         android:strokeColor="#33FFFFFF" />
 75 |     <path
 76 |         android:fillColor="#00000000"
 77 |         android:pathData="M0,39L108,39"
 78 |         android:strokeWidth="0.8"
 79 |         android:strokeColor="#33FFFFFF" />
 80 |     <path
 81 |         android:fillColor="#00000000"
 82 |         android:pathData="M0,49L108,49"
 83 |         android:strokeWidth="0.8"
 84 |         android:strokeColor="#33FFFFFF" />
 85 |     <path
 86 |         android:fillColor="#00000000"
 87 |         android:pathData="M0,59L108,59"
 88 |         android:strokeWidth="0.8"
 89 |         android:strokeColor="#33FFFFFF" />
 90 |     <path
 91 |         android:fillColor="#00000000"
 92 |         android:pathData="M0,69L108,69"
 93 |         android:strokeWidth="0.8"
 94 |         android:strokeColor="#33FFFFFF" />
 95 |     <path
 96 |         android:fillColor="#00000000"
 97 |         android:pathData="M0,79L108,79"
 98 |         android:strokeWidth="0.8"
 99 |         android:strokeColor="#33FFFFFF" />
100 |     <path
101 |         android:fillColor="#00000000"
102 |         android:pathData="M0,89L108,89"
103 |         android:strokeWidth="0.8"
104 |         android:strokeColor="#33FFFFFF" />
105 |     <path
106 |         android:fillColor="#00000000"
107 |         android:pathData="M0,99L108,99"
108 |         android:strokeWidth="0.8"
109 |         android:strokeColor="#33FFFFFF" />
110 |     <path
111 |         android:fillColor="#00000000"
112 |         android:pathData="M19,29L89,29"
113 |         android:strokeWidth="0.8"
114 |         android:strokeColor="#33FFFFFF" />
115 |     <path
116 |         android:fillColor="#00000000"
117 |         android:pathData="M19,39L89,39"
118 |         android:strokeWidth="0.8"
119 |         android:strokeColor="#33FFFFFF" />
120 |     <path
121 |         android:fillColor="#00000000"
122 |         android:pathData="M19,49L89,49"
123 |         android:strokeWidth="0.8"
124 |         android:strokeColor="#33FFFFFF" />
125 |     <path
126 |         android:fillColor="#00000000"
127 |         android:pathData="M19,59L89,59"
128 |         android:strokeWidth="0.8"
129 |         android:strokeColor="#33FFFFFF" />
130 |     <path
131 |         android:fillColor="#00000000"
132 |         android:pathData="M19,69L89,69"
133 |         android:strokeWidth="0.8"
134 |         android:strokeColor="#33FFFFFF" />
135 |     <path
136 |         android:fillColor="#00000000"
137 |         android:pathData="M19,79L89,79"
138 |         android:strokeWidth="0.8"
139 |         android:strokeColor="#33FFFFFF" />
140 |     <path
141 |         android:fillColor="#00000000"
142 |         android:pathData="M29,19L29,89"
143 |         android:strokeWidth="0.8"
144 |         android:strokeColor="#33FFFFFF" />
145 |     <path
146 |         android:fillColor="#00000000"
147 |         android:pathData="M39,19L39,89"
148 |         android:strokeWidth="0.8"
149 |         android:strokeColor="#33FFFFFF" />
150 |     <path
151 |         android:fillColor="#00000000"
152 |         android:pathData="M49,19L49,89"
153 |         android:strokeWidth="0.8"
154 |         android:strokeColor="#33FFFFFF" />
155 |     <path
156 |         android:fillColor="#00000000"
157 |         android:pathData="M59,19L59,89"
158 |         android:strokeWidth="0.8"
159 |         android:strokeColor="#33FFFFFF" />
160 |     <path
161 |         android:fillColor="#00000000"
162 |         android:pathData="M69,19L69,89"
163 |         android:strokeWidth="0.8"
164 |         android:strokeColor="#33FFFFFF" />
165 |     <path
166 |         android:fillColor="#00000000"
167 |         android:pathData="M79,19L79,89"
168 |         android:strokeWidth="0.8"
169 |         android:strokeColor="#33FFFFFF" />
170 | </vector>
171 | 


--------------------------------------------------------------------------------
/app/src/main/res/layout/activity_main.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <androidx.constraintlayout.widget.ConstraintLayout xmlns:android="http://schemas.android.com/apk/res/android"
 3 |     xmlns:app="http://schemas.android.com/apk/res-auto"
 4 |     xmlns:tools="http://schemas.android.com/tools"
 5 |     android:layout_width="match_parent"
 6 |     android:layout_height="match_parent"
 7 |     tools:context=".MainActivity">
 8 | 
 9 |     <Button
10 |         android:layout_width="wrap_content"
11 |         android:layout_height="wrap_content"
12 |         android:text="Hello friposed!"
13 |         android:onClick="click"
14 |         android:textAllCaps="false"
15 |         android:textSize="30sp"
16 |         app:layout_constraintBottom_toBottomOf="parent"
17 |         app:layout_constraintLeft_toLeftOf="parent"
18 |         app:layout_constraintRight_toRightOf="parent"
19 |         app:layout_constraintTop_toTopOf="parent" />
20 | 
21 | </androidx.constraintlayout.widget.ConstraintLayout>


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-anydpi-v26/ic_launcher.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">
3 |     <background android:drawable="@drawable/ic_launcher_background" />
4 |     <foreground android:drawable="@drawable/ic_launcher_foreground" />
5 | </adaptive-icon>


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">
3 |     <background android:drawable="@drawable/ic_launcher_background" />
4 |     <foreground android:drawable="@drawable/ic_launcher_foreground" />
5 | </adaptive-icon>


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-hdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/LeadroyaL/friposed/726b26dab8d419d5f2b5e23cdbd128022fc803fe/app/src/main/res/mipmap-hdpi/ic_launcher.png


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-hdpi/ic_launcher_round.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/LeadroyaL/friposed/726b26dab8d419d5f2b5e23cdbd128022fc803fe/app/src/main/res/mipmap-hdpi/ic_launcher_round.png


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-mdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/LeadroyaL/friposed/726b26dab8d419d5f2b5e23cdbd128022fc803fe/app/src/main/res/mipmap-mdpi/ic_launcher.png


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-mdpi/ic_launcher_round.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/LeadroyaL/friposed/726b26dab8d419d5f2b5e23cdbd128022fc803fe/app/src/main/res/mipmap-mdpi/ic_launcher_round.png


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/LeadroyaL/friposed/726b26dab8d419d5f2b5e23cdbd128022fc803fe/app/src/main/res/mipmap-xhdpi/ic_launcher.png


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xhdpi/ic_launcher_round.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/LeadroyaL/friposed/726b26dab8d419d5f2b5e23cdbd128022fc803fe/app/src/main/res/mipmap-xhdpi/ic_launcher_round.png


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xxhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/LeadroyaL/friposed/726b26dab8d419d5f2b5e23cdbd128022fc803fe/app/src/main/res/mipmap-xxhdpi/ic_launcher.png


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/LeadroyaL/friposed/726b26dab8d419d5f2b5e23cdbd128022fc803fe/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.png


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xxxhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/LeadroyaL/friposed/726b26dab8d419d5f2b5e23cdbd128022fc803fe/app/src/main/res/mipmap-xxxhdpi/ic_launcher.png


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/LeadroyaL/friposed/726b26dab8d419d5f2b5e23cdbd128022fc803fe/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.png


--------------------------------------------------------------------------------
/app/src/main/res/values/colors.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <resources>
3 |     <color name="colorPrimary">#6200EE</color>
4 |     <color name="colorPrimaryDark">#3700B3</color>
5 |     <color name="colorAccent">#03DAC5</color>
6 | </resources>


--------------------------------------------------------------------------------
/app/src/main/res/values/strings.xml:
--------------------------------------------------------------------------------
1 | <resources>
2 |     <string name="app_name">friposed</string>
3 | </resources>


--------------------------------------------------------------------------------
/app/src/main/res/values/styles.xml:
--------------------------------------------------------------------------------
 1 | <resources>
 2 |     <!-- Base application theme. -->
 3 |     <style name="AppTheme" parent="Theme.AppCompat.Light.DarkActionBar">
 4 |         <!-- Customize your theme here. -->
 5 |         <item name="colorPrimary">@color/colorPrimary</item>
 6 |         <item name="colorPrimaryDark">@color/colorPrimaryDark</item>
 7 |         <item name="colorAccent">@color/colorAccent</item>
 8 |     </style>
 9 | 
10 | </resources>


--------------------------------------------------------------------------------
/app/src/test/java/com/leadroyal/friposed/ExampleUnitTest.java:
--------------------------------------------------------------------------------
 1 | package com.leadroyal.friposed;
 2 | 
 3 | import org.junit.Test;
 4 | 
 5 | import static org.junit.Assert.*;
 6 | 
 7 | /**
 8 |  * Example local unit test, which will execute on the development machine (host).
 9 |  *
10 |  * @see <a href="http://d.android.com/tools/testing">Testing documentation</a>
11 |  */
12 | public class ExampleUnitTest {
13 |     @Test
14 |     public void addition_isCorrect() {
15 |         assertEquals(4, 2 + 2);
16 |     }
17 | }


--------------------------------------------------------------------------------
/build.gradle:
--------------------------------------------------------------------------------
 1 | // Top-level build file where you can add configuration options common to all sub-projects/modules.
 2 | buildscript {
 3 |     repositories {
 4 |         google()
 5 |         jcenter()
 6 |     }
 7 |     dependencies {
 8 |         classpath "com.android.tools.build:gradle:4.0.0"
 9 | 
10 |         // NOTE: Do not place your application dependencies here; they belong
11 |         // in the individual module build.gradle files
12 |     }
13 | }
14 | 
15 | allprojects {
16 |     repositories {
17 |         google()
18 |         jcenter()
19 |     }
20 | }
21 | 
22 | task clean(type: Delete) {
23 |     delete rootProject.buildDir
24 | }


--------------------------------------------------------------------------------
/friposed-api/.gitignore:
--------------------------------------------------------------------------------
1 | /build


--------------------------------------------------------------------------------
/friposed-api/build.gradle:
--------------------------------------------------------------------------------
1 | apply plugin: 'java-library'
2 | 
3 | dependencies {
4 |     implementation fileTree(dir: 'libs', include: ['*.jar'])
5 | }
6 | 
7 | sourceCompatibility = "1.7"
8 | targetCompatibility = "1.7"


--------------------------------------------------------------------------------
/friposed-api/src/main/java/com/leadroyal/friposed/IHook.java:
--------------------------------------------------------------------------------
1 | package com.leadroyal.friposed;
2 | 
3 | public interface IHook {
4 |     public void beforeHook(ParamObj paramObj);
5 | 
6 |     public void afterHook(ParamObj paramObj);
7 | }
8 | 


--------------------------------------------------------------------------------
/friposed-api/src/main/java/com/leadroyal/friposed/InvokedByFrida.java:
--------------------------------------------------------------------------------
1 | package com.leadroyal.friposed;
2 | 
3 | 
4 | public @interface InvokedByFrida {
5 | }
6 | 


--------------------------------------------------------------------------------
/friposed-api/src/main/java/com/leadroyal/friposed/ParamObj.java:
--------------------------------------------------------------------------------
 1 | package com.leadroyal.friposed;
 2 | 
 3 | public class ParamObj {
 4 |     public Object thisObj;
 5 |     public Object[] args;
 6 |     @InvokedByFrida
 7 |     private boolean returnEarly;
 8 |     @InvokedByFrida
 9 |     private Object result;
10 | 
11 |     public ParamObj(Object thisObj, Object[] args) {
12 |         this.thisObj = thisObj;
13 |         this.args = args;
14 |     }
15 | 
16 |     public Object getResult() {
17 |         return this.result;
18 |     }
19 | 
20 |     public void setResult(Object result) {
21 |         this.result = result;
22 |         this.returnEarly = true;
23 |     }
24 | }
25 | 


--------------------------------------------------------------------------------
/friposed.js:
--------------------------------------------------------------------------------
  1 | Java.perform(function () {
  2 |     function loadApk(apkPath) {
  3 |         Java.openClassFile(apkPath).load();
  4 |     }
  5 |     function hasFile(fileName) {
  6 |         return Java.use("java.io.File").$new(fileName).exists();
  7 |     }
  8 |     function getPackagePath(pkgName) {
  9 |         return Java.use("android.app.ActivityThread").currentApplication().getPackageManager().getPackageInfo(pkgName, 0).applicationInfo.value.sourceDir.value;
 10 |     }
 11 |     function js2java(typeName, value) {
 12 |         // js boolean/number/Int64 -- > java boolean/byte/short/int/long/float/double
 13 |         switch (typeName) {
 14 |             case "Z":
 15 |                 return Java.use("java.lang.Boolean").valueOf(value);
 16 |             case "B":
 17 |                 return Java.use("java.lang.Byte").valueOf(value);
 18 |             case "S":
 19 |                 return Java.use("java.lang.Short").valueOf(value);
 20 |             case "I":
 21 |                 return Java.use("java.lang.Integer").valueOf(value);
 22 |             case "J":
 23 |                 return Java.use("java.lang.Long").valueOf(value);
 24 |             case "F":
 25 |                 return Java.use("java.lang.Float").valueOf(value);
 26 |             case "D":
 27 |                 return Java.use("java.lang.Double").valueOf(value);
 28 |             default:
 29 |                 return value;
 30 |         }
 31 |     }
 32 |     function java2js(typeName, value) {
 33 |         // java boolean/byte/short/int/long/float/double --> js boolean/number/Int64
 34 |         switch (typeName) {
 35 |             case "Z":
 36 |                 return Java.cast(value, Java.use("java.lang.Boolean")).booleanValue();
 37 |             case "B":
 38 |                 return Java.cast(value, Java.use("java.lang.Byte")).byteValue();
 39 |             case "S":
 40 |                 return Java.cast(value, Java.use("java.lang.Short")).shortValue();
 41 |             case "I":
 42 |                 return Java.cast(value, Java.use("java.lang.Integer")).intValue();
 43 |             case "J":
 44 |                 return Java.cast(value, Java.use("java.lang.Long")).longValue();
 45 |             case "F":
 46 |                 return Java.cast(value, Java.use("java.lang.Float")).floatValue();
 47 |             case "D":
 48 |                 return Java.cast(value, Java.use("java.lang.Double")).doubleValue();
 49 |             default:
 50 |                 return value;
 51 |         }
 52 |     }
 53 |     function readZipContent(zipPath, entryName) {
 54 |         var zipFile = Java.use("java.util.zip.ZipFile").$new(zipPath);
 55 |         var zipEntry = zipFile.getEntry(entryName);
 56 |         var fis = zipFile.getInputStream(zipEntry);
 57 |         var fakebs = new Array(fis.available());
 58 |         for (var index = 0; index < fakebs.length; index++) {
 59 |             fakebs[index] = 0;
 60 |         }
 61 |         var _bs = Java.array("byte", fakebs);
 62 |         fis.read(_bs);
 63 |         fis.close();
 64 |         zipFile.close();
 65 |         return Java.use("java.lang.String").$new(_bs).toString();
 66 |     }
 67 |     function findMatch(overloads, sig) {
 68 |         var sp = sig.split(",");
 69 |         for (var i in overloads) {
 70 |             var curArgumentTypes = overloads[i].argumentTypes;
 71 |             if (sp.length != curArgumentTypes.length)
 72 |                 continue;
 73 |             for (var j in curArgumentTypes) {
 74 |                 if (curArgumentTypes[j].className != sp[j]) {
 75 |                     continue;
 76 |                 }
 77 |             }
 78 |             return overloads[i];
 79 |         }
 80 |     }
 81 |     function getPackageName() {
 82 |         return Java.use("android.app.ActivityThread").currentApplication().getPackageName();
 83 |     }
 84 | 
 85 |     // load plugin
 86 |     const LOCAL_APK_PATH = "/data/local/tmp/friposed.apk";
 87 |     const FRIPOSED_PKGNAME = "com.leadroyal.friposed";
 88 |     var dir;
 89 |     if (hasFile(LOCAL_APK_PATH)) {
 90 |         dir = LOCAL_APK_PATH;
 91 |     } else {
 92 |         dir = getPackagePath(FRIPOSED_PKGNAME);
 93 |     }
 94 |     var content = readZipContent(dir, "assets/friposed.json")
 95 |     loadApk(dir);
 96 | 
 97 |     var config = JSON.parse(content);
 98 |     var clz_ParamObj = Java.use("com.leadroyal.friposed.ParamObj");
 99 | 
100 |     var currentPackageName = getPackageName();
101 |     for (var configIndex in config) {
102 |         if (config[configIndex].enable != undefined && !config[configIndex].enable) {
103 |             console.log("[Disabled]. Skip:", config[configIndex].hookClassName);
104 |             continue;
105 |         }
106 |         if (config[configIndex].targetPackage != currentPackageName) {
107 |             console.log("[Mismatch]. Skip: target/current", config[configIndex].targetPackage, currentPackageName);
108 |             continue;
109 |         }
110 |         var targetClassName = config[configIndex].targetClassName;
111 |         var targetMethodSig = config[configIndex].targetMethodSig;
112 |         var targetMethodName = targetMethodSig.split('(')[0];
113 |         var targetMethodParam = targetMethodSig.split('(')[1];
114 |         targetMethodParam = targetMethodParam.substring(0, targetMethodParam.length - 1);
115 |         var targetMethod = findMatch(Java.use(targetClassName)[targetMethodName].overloads, targetMethodSig);
116 |         var hookClassName = config[configIndex].hookClassName;
117 |         var hook = Java.use(hookClassName).$new();
118 |         startHook(targetMethod, hook);
119 |     }
120 | 
121 |     function startHook(targetMethod, hook) {
122 |         targetMethod.implementation = function () {
123 |             // 将 js 的 arguments 处理为 java 的 Object[]，主要处理基本类型
124 |             var argJsArray = Array(arguments.length);
125 |             for (var i = 0; i < arguments.length; i++) {
126 |                 argJsArray[i] = js2java(targetMethod.argumentTypes[i].name, arguments[i]);
127 |             }
128 |             var argJavaArray = Java.array("java.lang.Object", argJsArray);
129 | 
130 |             // 根据是否static，决定是否传递this
131 |             var isInstanceMethod = targetMethod.type == 3; // Java.MethodType.Instance
132 |             var thisObject = null;
133 |             if (isInstanceMethod)
134 |                 thisObject = this;
135 | 
136 |             var param_obj = clz_ParamObj.$new(thisObject, argJavaArray);
137 | 
138 |             // 调用before
139 |             console.log("before invoked:", targetMethod.methodName);
140 |             hook.beforeHook(param_obj);
141 | 
142 |             // 如果需要提前返回，就返回
143 |             if (param_obj.returnEarly.value) {
144 |                 console.log("return early");
145 |             } else {
146 |                 // 执行原先的方法
147 |                 // 将 Object[] 转为 frida传参的格式，主要处理基本类型
148 |                 var after_obj = param_obj.args.value;
149 |                 var invokeArray = Array(after_obj.length);
150 |                 for (var i = 0; i < after_obj.length; i++) {
151 |                     invokeArray[i] = java2js(targetMethod.argumentTypes[i].name, after_obj[i]);
152 |                 }
153 |                 console.log("original invoked:", targetMethod.methodName);
154 |                 var ret = targetMethod.apply(this, invokeArray);
155 | 
156 |                 // 将结果赋值给 param_obj
157 |                 var ret2js = js2java(targetMethod.returnType.name, ret);
158 |                 if (targetMethod.returnType.name == "V") {
159 |                     // 如果函数的返回值声明为 void，不要设置param_obj.result，因为 frida 会报错
160 |                 } else {
161 |                     param_obj.result.value = ret2js;
162 |                 }
163 |             }
164 | 
165 |             // 调用after
166 |             console.log("after invoked:", targetMethod.methodName);
167 |             hook.afterHook(param_obj);
168 | 
169 |             // 如果函数的返回值声明为 void，返回undefined 表示返回void
170 |             if (targetMethod.returnType.name == "V")
171 |                 return undefined;
172 | 
173 |             // 最终结果以 param_obj.result 为准，转为js认的基本类型
174 |             return java2js(targetMethod.returnType.name, param_obj.result.value);
175 |         };
176 |     }
177 | });


--------------------------------------------------------------------------------
/gradle.properties:
--------------------------------------------------------------------------------
 1 | # Project-wide Gradle settings.
 2 | # IDE (e.g. Android Studio) users:
 3 | # Gradle settings configured through the IDE *will override*
 4 | # any settings specified in this file.
 5 | # For more details on how to configure your build environment visit
 6 | # http://www.gradle.org/docs/current/userguide/build_environment.html
 7 | # Specifies the JVM arguments used for the daemon process.
 8 | # The setting is particularly useful for tweaking memory settings.
 9 | org.gradle.jvmargs=-Xmx2048m
10 | # When configured, Gradle will run in incubating parallel mode.
11 | # This option should only be used with decoupled projects. More details, visit
12 | # http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
13 | # org.gradle.parallel=true
14 | # AndroidX package structure to make it clearer which packages are bundled with the
15 | # Android operating system, and which are packaged with your app"s APK
16 | # https://developer.android.com/topic/libraries/support-library/androidx-rn
17 | android.useAndroidX=true
18 | # Automatically convert third-party libraries to use AndroidX
19 | android.enableJetifier=true


--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/LeadroyaL/friposed/726b26dab8d419d5f2b5e23cdbd128022fc803fe/gradle/wrapper/gradle-wrapper.jar


--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.properties:
--------------------------------------------------------------------------------
1 | #Fri May 29 19:34:43 CST 2020
2 | distributionBase=GRADLE_USER_HOME
3 | distributionPath=wrapper/dists
4 | zipStoreBase=GRADLE_USER_HOME
5 | zipStorePath=wrapper/dists
6 | distributionUrl=https\://services.gradle.org/distributions/gradle-6.1.1-all.zip
7 | 


--------------------------------------------------------------------------------
/gradlew:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env sh
  2 | 
  3 | ##############################################################################
  4 | ##
  5 | ##  Gradle start up script for UN*X
  6 | ##
  7 | ##############################################################################
  8 | 
  9 | # Attempt to set APP_HOME
 10 | # Resolve links: $0 may be a link
 11 | PRG="$0"
 12 | # Need this for relative symlinks.
 13 | while [ -h "$PRG" ] ; do
 14 |     ls=`ls -ld "$PRG"`
 15 |     link=`expr "$ls" : '.*-> \(.*\)$'`
 16 |     if expr "$link" : '/.*' > /dev/null; then
 17 |         PRG="$link"
 18 |     else
 19 |         PRG=`dirname "$PRG"`"/$link"
 20 |     fi
 21 | done
 22 | SAVED="`pwd`"
 23 | cd "`dirname \"$PRG\"`/" >/dev/null
 24 | APP_HOME="`pwd -P`"
 25 | cd "$SAVED" >/dev/null
 26 | 
 27 | APP_NAME="Gradle"
 28 | APP_BASE_NAME=`basename "$0"`
 29 | 
 30 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 31 | DEFAULT_JVM_OPTS=""
 32 | 
 33 | # Use the maximum available, or set MAX_FD != -1 to use that value.
 34 | MAX_FD="maximum"
 35 | 
 36 | warn () {
 37 |     echo "$*"
 38 | }
 39 | 
 40 | die () {
 41 |     echo
 42 |     echo "$*"
 43 |     echo
 44 |     exit 1
 45 | }
 46 | 
 47 | # OS specific support (must be 'true' or 'false').
 48 | cygwin=false
 49 | msys=false
 50 | darwin=false
 51 | nonstop=false
 52 | case "`uname`" in
 53 |   CYGWIN* )
 54 |     cygwin=true
 55 |     ;;
 56 |   Darwin* )
 57 |     darwin=true
 58 |     ;;
 59 |   MINGW* )
 60 |     msys=true
 61 |     ;;
 62 |   NONSTOP* )
 63 |     nonstop=true
 64 |     ;;
 65 | esac
 66 | 
 67 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 68 | 
 69 | # Determine the Java command to use to start the JVM.
 70 | if [ -n "$JAVA_HOME" ] ; then
 71 |     if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
 72 |         # IBM's JDK on AIX uses strange locations for the executables
 73 |         JAVACMD="$JAVA_HOME/jre/sh/java"
 74 |     else
 75 |         JAVACMD="$JAVA_HOME/bin/java"
 76 |     fi
 77 |     if [ ! -x "$JAVACMD" ] ; then
 78 |         die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
 79 | 
 80 | Please set the JAVA_HOME variable in your environment to match the
 81 | location of your Java installation."
 82 |     fi
 83 | else
 84 |     JAVACMD="java"
 85 |     which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 86 | 
 87 | Please set the JAVA_HOME variable in your environment to match the
 88 | location of your Java installation."
 89 | fi
 90 | 
 91 | # Increase the maximum file descriptors if we can.
 92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
 93 |     MAX_FD_LIMIT=`ulimit -H -n`
 94 |     if [ $? -eq 0 ] ; then
 95 |         if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
 96 |             MAX_FD="$MAX_FD_LIMIT"
 97 |         fi
 98 |         ulimit -n $MAX_FD
 99 |         if [ $? -ne 0 ] ; then
100 |             warn "Could not set maximum file descriptor limit: $MAX_FD"
101 |         fi
102 |     else
103 |         warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
104 |     fi
105 | fi
106 | 
107 | # For Darwin, add options to specify how the application appears in the dock
108 | if $darwin; then
109 |     GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
110 | fi
111 | 
112 | # For Cygwin, switch paths to Windows format before running java
113 | if $cygwin ; then
114 |     APP_HOME=`cygpath --path --mixed "$APP_HOME"`
115 |     CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
116 |     JAVACMD=`cygpath --unix "$JAVACMD"`
117 | 
118 |     # We build the pattern for arguments to be converted via cygpath
119 |     ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
120 |     SEP=""
121 |     for dir in $ROOTDIRSRAW ; do
122 |         ROOTDIRS="$ROOTDIRS$SEP$dir"
123 |         SEP="|"
124 |     done
125 |     OURCYGPATTERN="(^($ROOTDIRS))"
126 |     # Add a user-defined pattern to the cygpath arguments
127 |     if [ "$GRADLE_CYGPATTERN" != "" ] ; then
128 |         OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
129 |     fi
130 |     # Now convert the arguments - kludge to limit ourselves to /bin/sh
131 |     i=0
132 |     for arg in "$@" ; do
133 |         CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
134 |         CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
135 | 
136 |         if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
137 |             eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
138 |         else
139 |             eval `echo args$i`="\"$arg\""
140 |         fi
141 |         i=$((i+1))
142 |     done
143 |     case $i in
144 |         (0) set -- ;;
145 |         (1) set -- "$args0" ;;
146 |         (2) set -- "$args0" "$args1" ;;
147 |         (3) set -- "$args0" "$args1" "$args2" ;;
148 |         (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
149 |         (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
150 |         (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
151 |         (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
152 |         (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
153 |         (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
154 |     esac
155 | fi
156 | 
157 | # Escape application args
158 | save () {
159 |     for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
160 |     echo " "
161 | }
162 | APP_ARGS=$(save "$@")
163 | 
164 | # Collect all arguments for the java command, following the shell quoting and substitution rules
165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
166 | 
167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
169 |   cd "$(dirname "$0")"
170 | fi
171 | 
172 | exec "$JAVACMD" "$@"
173 | 


--------------------------------------------------------------------------------
/gradlew.bat:
--------------------------------------------------------------------------------
 1 | @if "%DEBUG%" == "" @echo off
 2 | @rem ##########################################################################
 3 | @rem
 4 | @rem  Gradle startup script for Windows
 5 | @rem
 6 | @rem ##########################################################################
 7 | 
 8 | @rem Set local scope for the variables with windows NT shell
 9 | if "%OS%"=="Windows_NT" setlocal
10 | 
11 | set DIRNAME=%~dp0
12 | if "%DIRNAME%" == "" set DIRNAME=.
13 | set APP_BASE_NAME=%~n0
14 | set APP_HOME=%DIRNAME%
15 | 
16 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
17 | set DEFAULT_JVM_OPTS=
18 | 
19 | @rem Find java.exe
20 | if defined JAVA_HOME goto findJavaFromJavaHome
21 | 
22 | set JAVA_EXE=java.exe
23 | %JAVA_EXE% -version >NUL 2>&1
24 | if "%ERRORLEVEL%" == "0" goto init
25 | 
26 | echo.
27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
28 | echo.
29 | echo Please set the JAVA_HOME variable in your environment to match the
30 | echo location of your Java installation.
31 | 
32 | goto fail
33 | 
34 | :findJavaFromJavaHome
35 | set JAVA_HOME=%JAVA_HOME:"=%
36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe
37 | 
38 | if exist "%JAVA_EXE%" goto init
39 | 
40 | echo.
41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
42 | echo.
43 | echo Please set the JAVA_HOME variable in your environment to match the
44 | echo location of your Java installation.
45 | 
46 | goto fail
47 | 
48 | :init
49 | @rem Get command-line arguments, handling Windows variants
50 | 
51 | if not "%OS%" == "Windows_NT" goto win9xME_args
52 | 
53 | :win9xME_args
54 | @rem Slurp the command line arguments.
55 | set CMD_LINE_ARGS=
56 | set _SKIP=2
57 | 
58 | :win9xME_args_slurp
59 | if "x%~1" == "x" goto execute
60 | 
61 | set CMD_LINE_ARGS=%*
62 | 
63 | :execute
64 | @rem Setup the command line
65 | 
66 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
67 | 
68 | @rem Execute Gradle
69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
70 | 
71 | :end
72 | @rem End local scope for the variables with windows NT shell
73 | if "%ERRORLEVEL%"=="0" goto mainEnd
74 | 
75 | :fail
76 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
77 | rem the _cmd.exe /c_ return code!
78 | if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
79 | exit /b 1
80 | 
81 | :mainEnd
82 | if "%OS%"=="Windows_NT" endlocal
83 | 
84 | :omega
85 | 


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
  1 | # friposed —— Write java hook with frida
  2 | 
  3 | `friposed = frida + xposed`，字面意思，本来想借助 frida 实现一套完整的 xposed 支持，但由于代价实在太高，于是只能写一套简单的实现。
  4 | 
  5 | ### 一句话用途
  6 | 
  7 | 在 frida 可用时，使用 java 写 hook。 
  8 | 
  9 | ### 背景
 10 | 
 11 | 在2017年初，刚接触 frida 时，我就一直在吐槽 frida hook java 的反人类设计，并不是说 frida 项目不好，而是用 js 这种弱类型语言去描述和操作强类型的 java，在 js 里写 java hook 体验很差，本身就是不优雅的。（而且我那台手机用 frida 经常 crash。）
 12 | 
 13 | 0202年已经过去一半了，不怎么使用 frida。看身边小伙伴在用 frida 而不是 xposed，感觉自己落伍了，不够 fashion，于是突发奇想写了这个项目，使用 frida 作为桥梁，提供在 java 里写 hook 的能力，**从而让像我这样“半截入土”的 xposed 开发者仍然可以苟活在 frida 的环境里**。
 14 | 
 15 | 并且对于仅拥有root、未拥有xposed的环境，提供了使用java hook的办法。
 16 | 
 17 | ### Demo体验方法
 18 | 
 19 | demo就是 `friposed.apk` 本身，实现对自己的 hook，可阅读配置文件来理解它`assets/friposed.json`。
 20 | 
 21 | 1. 安装并运行 APP，配好 frida 环境
 22 | 2. `frida -U -l friposed.js com.leadroyal.friposed`
 23 | 3. 点击桌面上的 button，观察命令行的输出，观察 logcat 的输出，预期结果如下
 24 | 
 25 | ```java
 26 | package com.leadroyal.friposed;
 27 | 
 28 | import android.util.Log;
 29 | 
 30 | public class SimpleHook implements IHook {
 31 |     private static final String TAG = "SimpleHook";
 32 | 
 33 |     @Override
 34 |     public void beforeHook(ParamObj paramObj) {
 35 |         for (int i = 0; i < paramObj.args.length; i++) {
 36 |             if (paramObj.args[i] == null)
 37 |                 Log.e(TAG, "args[" + i + "]=" + "null@null");
 38 |             else
 39 |                 Log.e(TAG, "args[" + i + "]=" + paramObj.args[i] + "@" + paramObj.args[i].getClass());
 40 |         }
 41 |     }
 42 | 
 43 |     @Override
 44 |     public void afterHook(ParamObj paramObj) {
 45 |         Log.e(TAG, "return " + paramObj.getResult());
 46 |     }
 47 | }
 48 | 
 49 | ```
 50 | 
 51 | ```
 52 | > frida
 53 | [Redmi 8A::com.leadroyal.friposed]-> before invoked: func
 54 | original invoked: func
 55 | after invoked: func
 56 | 
 57 | > logcat
 58 | SimpleHook: args[0]=Click Me!@class java.lang.String
 59 | SimpleHook: args[1]=123@class java.lang.Integer
 60 | MainActivity: Click Me!	123
 61 | SimpleHook: return null
 62 | ```
 63 | 
 64 | ### 基础用法
 65 | 
 66 | 1. 打开本项目里的安卓工程 `com.leadroyal.friposed` ，按需修改 `assets/friposed.json`，并且创建对应实现了 `com.leadroyal.friposed.IHook`的类。
 67 | 
 68 |     ```json
 69 |     [
 70 |       {
 71 |         "enable": true,
 72 |         "targetPackage": "com.leadroyal.friposed",
 73 |         "targetClassName": "com.leadroyal.friposed.MainActivity",
 74 |         "targetMethodSig": "func(java.lang.String,int)",
 75 |         "hookClassName": "com.leadroyal.friposed.SimpleHook"
 76 |       }
 77 |     ]
 78 |     ```
 79 | 
 80 | 2. 开发自定义的 Hook（一定要实现 IHook这个接口）。提供基础功能：在`beforeHook`和`afterHook` 对 arguments 进行读写，对 result 进行读写，从而实现`XC_MethodHook`，使用 setResult 实现 `XC_MethodReplacement`。
 81 | 3. 安装 `friposed.apk` 或者 `adb push friposed.apk /data/local/tmp/`，
 82 | 4. `frida -U friposed.js TARGET_PACKAGE_NAME`
 83 | 
 84 | ### 实现原理
 85 | 
 86 | 使用 frida-cli 进行 attach 后，加载 `com.leadoryal.friposed` 这个 apk，访问内部的 `assets/friposed.json` 配置文件，寻找对应的 class 和 method进行 hook，依次执行这几步操作：
 87 | 
 88 | 1. 调用前的参数传递给 apk 里的 hook 类的 `beforeMethod`，此时可修改参数和返回值
 89 | 2. 调用原先的实现或者提前返回
 90 | 3. 将参数和返回值传递给 apk 里 hook 类的 `afterMethod`，此时同样可修改参数和返回值
 91 | 4. js 将结果返回
 92 | 
 93 | ### 高级用法
 94 | 
 95 | - 不安装 APP 来加载 friposed
 96 | 
 97 | 	friposed 会先访问 `/data/local/tmp/friposed.apk`，将 apk 文件放到该位置即可，也可以修js改代码的`LOCAL_APK_PATH`使用其他位置的 apk。
 98 | 
 99 | - 使用其他包名
100 | 
101 | 	修改 js 代码的`FRIPOSED_PKGNAME`使用其他包名作为 friposed 的入口，但一定要保证下面三个文件还存在，建议将`friposed-api`这个 gradle 项目打包带走：
102 | 	- com.leadroyal.friposed.ParamObj
103 | 	- com.leadroyal.friposed.IHook
104 | 	- assets/friposed.json
105 | 
106 | 
107 | ### 其他
108 | 
109 | 这真的只是个小项目，是我第一个 frida 项目也应该是最后一个 frida 项目，因此请不要对它抱有过高的期望，有 bug 和需求请提出来。


--------------------------------------------------------------------------------
/settings.gradle:
--------------------------------------------------------------------------------
1 | include ':app'
2 | include ':friposed-api'
3 | rootProject.name = "friposed"


--------------------------------------------------------------------------------