├── DESC ├── Jshook-frida通杀.js └── README.md /DESC: -------------------------------------------------------------------------------- 1 | 通杀MD5,sha,AES...算法 2 | -------------------------------------------------------------------------------- /Jshook-frida通杀.js: -------------------------------------------------------------------------------- 1 | var N_ENCRYPT_MODE = 1 2 | var N_DECRYPT_MODE = 2 3 | 4 | function showStacks() { 5 | var Exception = Java.use("java.lang.Exception"); 6 | var ins = Exception.$new("Exception"); 7 | var straces = ins.getStackTrace(); 8 | 9 | if (undefined == straces || null == straces) { 10 | return; 11 | } 12 | 13 | common.log("============================= Stack strat======================="); 14 | common.log(""); 15 | 16 | for (var i = 0; i < straces.length; i++) { 17 | var str = " " + straces[i].toString(); 18 | common.log(str); 19 | } 20 | 21 | common.log(""); 22 | common.log("============================= Stack end=======================\r\n"); 23 | Exception.$dispose(); 24 | } 25 | 26 | //工具相关函数 27 | var base64EncodeChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/', 28 | base64DecodeChars = new Array((-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), (-1), 62, (-1), (-1), (-1), 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, (-1), (-1), (-1), (-1), (-1), (-1), (-1), 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, (-1), (-1), (-1), (-1), (-1), (-1), 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, (-1), (-1), (-1), (-1), (-1)); 29 | 30 | function stringToBase64(e) { 31 | var r, a, c, h, o, t; 32 | for (c = e.length, a = 0, r = ''; a < c;) { 33 | if (h = 255 & e.charCodeAt(a++), a == c) { 34 | r += base64EncodeChars.charAt(h >> 2), 35 | r += base64EncodeChars.charAt((3 & h) << 4), 36 | r += '=='; 37 | break 38 | } 39 | if (o = e.charCodeAt(a++), a == c) { 40 | r += base64EncodeChars.charAt(h >> 2), 41 | r += base64EncodeChars.charAt((3 & h) << 4 | (240 & o) >> 4), 42 | r += base64EncodeChars.charAt((15 & o) << 2), 43 | r += '='; 44 | break 45 | } 46 | t = e.charCodeAt(a++), 47 | r += base64EncodeChars.charAt(h >> 2), 48 | r += base64EncodeChars.charAt((3 & h) << 4 | (240 & o) >> 4), 49 | r += base64EncodeChars.charAt((15 & o) << 2 | (192 & t) >> 6), 50 | r += base64EncodeChars.charAt(63 & t) 51 | } 52 | return r 53 | } 54 | function base64ToString(e) { 55 | var r, a, c, h, o, t, d; 56 | for (t = e.length, o = 0, d = ''; o < t;) { 57 | do 58 | r = base64DecodeChars[255 & e.charCodeAt(o++)]; 59 | while (o < t && r == -1); 60 | if (r == -1) 61 | break; 62 | do 63 | a = base64DecodeChars[255 & e.charCodeAt(o++)]; 64 | while (o < t && a == -1); 65 | if (a == -1) 66 | break; 67 | d += String.fromCharCode(r << 2 | (48 & a) >> 4); 68 | do { 69 | if (c = 255 & e.charCodeAt(o++), 61 == c) 70 | return d; 71 | c = base64DecodeChars[c] 72 | } while (o < t && c == -1); 73 | if (c == -1) 74 | break; 75 | d += String.fromCharCode((15 & a) << 4 | (60 & c) >> 2); 76 | do { 77 | if (h = 255 & e.charCodeAt(o++), 61 == h) 78 | return d; 79 | h = base64DecodeChars[h] 80 | } while (o < t && h == -1); 81 | if (h == -1) 82 | break; 83 | d += String.fromCharCode((3 & c) << 6 | h) 84 | } 85 | return d 86 | } 87 | function hexToBase64(str) { 88 | return base64Encode(String.fromCharCode.apply(null, str.replace(/\r|\n/g, "").replace(/([\da-fA-F]{2}) ?/g, "0x$1 ").replace(/ +$/, "").split(" "))); 89 | } 90 | function base64ToHex(str) { 91 | for (var i = 0, bin = base64Decode(str.replace(/[ \r\n]+$/, "")), hex = []; i < bin.length; ++i) { 92 | var tmp = bin.charCodeAt(i).toString(16); 93 | if (tmp.length === 1) 94 | tmp = "0" + tmp; 95 | hex[hex.length] = tmp; 96 | } 97 | return hex.join(""); 98 | } 99 | function hexToBytes(str) { 100 | var pos = 0; 101 | var len = str.length; 102 | if (len % 2 != 0) { 103 | return null; 104 | } 105 | len /= 2; 106 | var hexA = new Array(); 107 | for (var i = 0; i < len; i++) { 108 | var s = str.substr(pos, 2); 109 | var v = parseInt(s, 16); 110 | hexA.push(v); 111 | pos += 2; 112 | } 113 | return hexA; 114 | } 115 | function bytesToHex(arr) { 116 | var str = ''; 117 | var k, j; 118 | for (var i = 0; i < arr.length; i++) { 119 | k = arr[i]; 120 | j = k; 121 | if (k < 0) { 122 | j = k + 256; 123 | } 124 | if (j < 16) { 125 | str += "0"; 126 | } 127 | str += j.toString(16); 128 | } 129 | return str; 130 | } 131 | function stringToHex(str) { 132 | var val = ""; 133 | for (var i = 0; i < str.length; i++) { 134 | if (val == "") 135 | val = str.charCodeAt(i).toString(16); 136 | else 137 | val += str.charCodeAt(i).toString(16); 138 | } 139 | return val 140 | } 141 | function stringToBytes(str) { 142 | var ch, st, re = []; 143 | for (var i = 0; i < str.length; i++) { 144 | ch = str.charCodeAt(i); 145 | st = []; 146 | do { 147 | st.push(ch & 0xFF); 148 | ch = ch >> 8; 149 | } 150 | while (ch); 151 | re = re.concat(st.reverse()); 152 | } 153 | return re; 154 | } 155 | //将byte[]转成String的方法 156 | function bytesToString(arr) { 157 | var str = ''; 158 | arr = new Uint8Array(arr); 159 | for (var i in arr) { 160 | str += String.fromCharCode(arr[i]); 161 | } 162 | return str; 163 | } 164 | function bytesToBase64(e) { 165 | var r, a, c, h, o, t; 166 | for (c = e.length, a = 0, r = ''; a < c;) { 167 | if (h = 255 & e[a++], a == c) { 168 | r += base64EncodeChars.charAt(h >> 2), 169 | r += base64EncodeChars.charAt((3 & h) << 4), 170 | r += '=='; 171 | break 172 | } 173 | if (o = e[a++], a == c) { 174 | r += base64EncodeChars.charAt(h >> 2), 175 | r += base64EncodeChars.charAt((3 & h) << 4 | (240 & o) >> 4), 176 | r += base64EncodeChars.charAt((15 & o) << 2), 177 | r += '='; 178 | break 179 | } 180 | t = e[a++], 181 | r += base64EncodeChars.charAt(h >> 2), 182 | r += base64EncodeChars.charAt((3 & h) << 4 | (240 & o) >> 4), 183 | r += base64EncodeChars.charAt((15 & o) << 2 | (192 & t) >> 6), 184 | r += base64EncodeChars.charAt(63 & t) 185 | } 186 | return r 187 | } 188 | function base64ToBytes(e) { 189 | var r, a, c, h, o, t, d; 190 | for (t = e.length, o = 0, d = []; o < t;) { 191 | do 192 | r = base64DecodeChars[255 & e.charCodeAt(o++)]; 193 | while (o < t && r == -1); 194 | if (r == -1) 195 | break; 196 | do 197 | a = base64DecodeChars[255 & e.charCodeAt(o++)]; 198 | while (o < t && a == -1); 199 | if (a == -1) 200 | break; 201 | d.push(r << 2 | (48 & a) >> 4); 202 | do { 203 | if (c = 255 & e.charCodeAt(o++), 61 == c) 204 | return d; 205 | c = base64DecodeChars[c] 206 | } while (o < t && c == -1); 207 | if (c == -1) 208 | break; 209 | d.push((15 & a) << 4 | (60 & c) >> 2); 210 | do { 211 | if (h = 255 & e.charCodeAt(o++), 61 == h) 212 | return d; 213 | h = base64DecodeChars[h] 214 | } while (o < t && h == -1); 215 | if (h == -1) 216 | break; 217 | d.push((3 & c) << 6 | h) 218 | } 219 | return d 220 | } 221 | //stringToBase64 stringToHex stringToBytes 222 | //base64ToString base64ToHex base64ToBytes 223 | // hexToBase64 hexToBytes 224 | // bytesToBase64 bytesToHex bytesToString 225 | 226 | 227 | 228 | Java.perform(function () { 229 | var secretKeySpec = Java.use('javax.crypto.spec.SecretKeySpec'); 230 | secretKeySpec.$init.overload('[B', 'java.lang.String').implementation = function (a, b) { 231 | showStacks(); 232 | var result = this.$init(a, b); 233 | common.log("======================================"); 234 | common.log("算法名:" + b + "|str密钥:" + bytesToString(a)); 235 | common.log("算法名:" + b + "|Hex密钥:" + bytesToHex(a)); 236 | return result; 237 | } 238 | 239 | var DESKeySpec = Java.use('javax.crypto.spec.DESKeySpec'); 240 | DESKeySpec.$init.overload('[B').implementation = function (a) { 241 | showStacks(); 242 | var result = this.$init(a); 243 | common.log("======================================"); 244 | var bytes_key_des = this.getKey(); 245 | common.log("des密钥 |str " + bytesToString(bytes_key_des)); 246 | common.log("des密钥 |hex " + bytesToHex(bytes_key_des)); 247 | return result; 248 | } 249 | 250 | DESKeySpec.$init.overload('[B', 'int').implementation = function (a, b) { 251 | showStacks(); 252 | var result = this.$init(a, b); 253 | common.log("======================================"); 254 | var bytes_key_des = this.getKey(); 255 | common.log("des密钥 |str " + bytesToString(bytes_key_des)); 256 | common.log("des密钥 |hex " + bytesToHex(bytes_key_des)); 257 | return result; 258 | } 259 | 260 | var mac = Java.use('javax.crypto.Mac'); 261 | mac.getInstance.overload('java.lang.String').implementation = function (a) { 262 | showStacks(); 263 | var result = this.getInstance(a); 264 | common.log("======================================"); 265 | common.log("算法名:" + a); 266 | return result; 267 | } 268 | mac.update.overload('[B').implementation = function (a) { 269 | //showStacks(); 270 | this.update(a); 271 | common.log("======================================"); 272 | common.log("update:" + bytesToString(a)) 273 | } 274 | mac.update.overload('[B', 'int', 'int').implementation = function (a, b, c) { 275 | //showStacks(); 276 | this.update(a, b, c) 277 | common.log("======================================"); 278 | common.log("update:" + bytesToString(a) + "|" + b + "|" + c); 279 | } 280 | mac.doFinal.overload().implementation = function () { 281 | //showStacks(); 282 | var result = this.doFinal(); 283 | common.log("======================================"); 284 | common.log("doFinal结果: |str :" + bytesToString(result)); 285 | common.log("doFinal结果: |hex :" + bytesToHex(result)); 286 | common.log("doFinal结果: |base64 :" + bytesToBase64(result)); 287 | return result; 288 | } 289 | mac.doFinal.overload('[B').implementation = function (a) { 290 | //showStacks(); 291 | var result = this.doFinal(a); 292 | common.log("======================================"); 293 | common.log("doFinal参数: |str :" + bytesToString(a)); 294 | common.log("doFinal参数: |hex :" + bytesToHex(a)); 295 | common.log("doFinal结果: |str :" + bytesToString(result)); 296 | common.log("doFinal结果: |hex :" + bytesToHex(result)); 297 | common.log("doFinal结果: |base64 :" + bytesToBase64(result)); 298 | return result; 299 | } 300 | 301 | var md = Java.use('java.security.MessageDigest'); 302 | md.getInstance.overload('java.lang.String', 'java.lang.String').implementation = function (a, b) { 303 | //showStacks(); 304 | common.log("======================================"); 305 | common.log("算法名:" + a); 306 | return this.getInstance(a, b); 307 | } 308 | md.getInstance.overload('java.lang.String').implementation = function (a) { 309 | //showStacks(); 310 | common.log("======================================"); 311 | common.log("算法名:" + a); 312 | return this.getInstance(a); 313 | } 314 | md.update.overload('[B').implementation = function (a) { 315 | //showStacks(); 316 | common.log("======================================"); 317 | common.log("update:" + bytesToString(a)) 318 | return this.update(a); 319 | } 320 | md.update.overload('[B', 'int', 'int').implementation = function (a, b, c) { 321 | //showStacks(); 322 | common.log("======================================"); 323 | common.log("update:" + bytesToString(a) + "|" + b + "|" + c); 324 | return this.update(a, b, c); 325 | } 326 | md.digest.overload().implementation = function () { 327 | //showStacks(); 328 | common.log("======================================"); 329 | var result = this.digest(); 330 | common.log("digest结果 |hex:" + bytesToHex(result)); 331 | common.log("digest结果 |base64:" + bytesToBase64(result)); 332 | return result; 333 | } 334 | md.digest.overload('[B').implementation = function (a) { 335 | //showStacks(); 336 | common.log("======================================"); 337 | common.log("digest参数 |str:" + bytesToString(a)); 338 | common.log("digest参数 |hex:" + bytesToHex(a)); 339 | var result = this.digest(a); 340 | common.log("digest结果: |hex" + bytesToHex(result)); 341 | common.log("digest结果: |base64" + bytesToBase64(result)); 342 | return result; 343 | } 344 | 345 | var ivParameterSpec = Java.use('javax.crypto.spec.IvParameterSpec'); 346 | ivParameterSpec.$init.overload('[B').implementation = function (a) { 347 | //showStacks(); 348 | var result = this.$init(a); 349 | common.log("======================================"); 350 | common.log("iv向量: |str:" + bytesToString(a)); 351 | common.log("iv向量: |hex:" + bytesToHex(a)); 352 | return result; 353 | } 354 | 355 | var cipher = Java.use('javax.crypto.Cipher'); 356 | cipher.getInstance.overload('java.lang.String').implementation = function (a) { 357 | //showStacks(); 358 | var result = this.getInstance(a); 359 | common.log("======================================"); 360 | common.log("模式填充:" + a); 361 | return result; 362 | } 363 | cipher.init.overload('int', 'java.security.Key').implementation = function (a, b) { 364 | //showStacks(); 365 | var result = this.init(a, b); 366 | common.log("======================================"); 367 | if (N_ENCRYPT_MODE == a) 368 | { 369 | common.log("init | 加密模式"); 370 | } 371 | else if(N_DECRYPT_MODE == a) 372 | { 373 | common.log("init | 解密模式"); 374 | } 375 | 376 | var bytes_key = b.getEncoded(); 377 | common.log("init key:" + "|str密钥:" + bytesToString(bytes_key)); 378 | common.log("init key:" + "|Hex密钥:" + bytesToHex(bytes_key)); 379 | return result; 380 | } 381 | cipher.init.overload('int', 'java.security.cert.Certificate').implementation = function (a, b) { 382 | //showStacks(); 383 | var result = this.init(a, b); 384 | common.log("======================================"); 385 | 386 | if (N_ENCRYPT_MODE == a) 387 | { 388 | common.log("init | 加密模式"); 389 | } 390 | else if(N_DECRYPT_MODE == a) 391 | { 392 | common.log("init | 解密模式"); 393 | } 394 | 395 | return result; 396 | } 397 | cipher.init.overload('int', 'java.security.Key', 'java.security.spec.AlgorithmParameterSpec').implementation = function (a, b, c) { 398 | //showStacks(); 399 | var result = this.init(a, b, c); 400 | common.log("======================================"); 401 | 402 | if (N_ENCRYPT_MODE == a) 403 | { 404 | common.log("init | 加密模式"); 405 | } 406 | else if(N_DECRYPT_MODE == a) 407 | { 408 | common.log("init | 解密模式"); 409 | } 410 | 411 | var bytes_key = b.getEncoded(); 412 | common.log("init key:" + "|str密钥:" + bytesToString(bytes_key)); 413 | common.log("init key:" + "|Hex密钥:" + bytesToHex(bytes_key)); 414 | 415 | return result; 416 | } 417 | cipher.init.overload('int', 'java.security.cert.Certificate', 'java.security.SecureRandom').implementation = function (a, b, c) { 418 | //showStacks(); 419 | var result = this.init(a, b, c); 420 | if (N_ENCRYPT_MODE == a) 421 | { 422 | common.log("init | 加密模式"); 423 | } 424 | else if(N_DECRYPT_MODE == a) 425 | { 426 | common.log("init | 解密模式"); 427 | } 428 | return result; 429 | } 430 | cipher.init.overload('int', 'java.security.Key', 'java.security.SecureRandom').implementation = function (a, b, c) { 431 | //showStacks(); 432 | var result = this.init(a, b, c); 433 | if (N_ENCRYPT_MODE == a) 434 | { 435 | common.log("init | 加密模式"); 436 | } 437 | else if(N_DECRYPT_MODE == a) 438 | { 439 | common.log("init | 解密模式"); 440 | } 441 | 442 | var bytes_key = b.getEncoded(); 443 | common.log("init key:" + "|str密钥:" + bytesToString(bytes_key)); 444 | common.log("init key:" + "|Hex密钥:" + bytesToHex(bytes_key)); 445 | return result; 446 | } 447 | cipher.init.overload('int', 'java.security.Key', 'java.security.AlgorithmParameters').implementation = function (a, b, c) { 448 | //showStacks(); 449 | var result = this.init(a, b, c); 450 | if (N_ENCRYPT_MODE == a) 451 | { 452 | common.log("init | 加密模式"); 453 | } 454 | else if(N_DECRYPT_MODE == a) 455 | { 456 | common.log("init | 解密模式"); 457 | } 458 | 459 | var bytes_key = b.getEncoded(); 460 | common.log("init key:" + "|str密钥:" + bytesToString(bytes_key)); 461 | common.log("init key:" + "|Hex密钥:" + bytesToHex(bytes_key)); 462 | return result; 463 | } 464 | cipher.init.overload('int', 'java.security.Key', 'java.security.AlgorithmParameters', 'java.security.SecureRandom').implementation = function (a, b, c, d) { 465 | //showStacks(); 466 | var result = this.init(a, b, c, d); 467 | if (N_ENCRYPT_MODE == a) 468 | { 469 | common.log("init | 加密模式"); 470 | } 471 | else if(N_DECRYPT_MODE == a) 472 | { 473 | common.log("init | 解密模式"); 474 | } 475 | 476 | var bytes_key = b.getEncoded(); 477 | common.log("init key:" + "|str密钥:" + bytesToString(bytes_key)); 478 | common.log("init key:" + "|Hex密钥:" + bytesToHex(bytes_key)); 479 | return result; 480 | } 481 | cipher.init.overload('int', 'java.security.Key', 'java.security.spec.AlgorithmParameterSpec', 'java.security.SecureRandom').implementation = function (a, b, c, d) { 482 | //showStacks(); 483 | var result = this.init(a, b, c, d); 484 | if (N_ENCRYPT_MODE == a) 485 | { 486 | common.log("init | 加密模式"); 487 | } 488 | else if(N_DECRYPT_MODE == a) 489 | { 490 | common.log("init | 解密模式"); 491 | } 492 | 493 | var bytes_key = b.getEncoded(); 494 | common.log("init key:" + "|str密钥:" + bytesToString(bytes_key)); 495 | common.log("init key:" + "|Hex密钥:" + bytesToHex(bytes_key)); 496 | return result; 497 | } 498 | 499 | cipher.update.overload('[B').implementation = function (a) { 500 | //showStacks(); 501 | var result = this.update(a); 502 | common.log("======================================"); 503 | common.log("update:" + bytesToString(a)); 504 | return result; 505 | } 506 | cipher.update.overload('[B', 'int', 'int').implementation = function (a, b, c) { 507 | //showStacks(); 508 | var result = this.update(a, b, c); 509 | common.log("======================================"); 510 | common.log("update:" + bytesToString(a) + "|" + b + "|" + c); 511 | return result; 512 | } 513 | cipher.doFinal.overload().implementation = function () { 514 | //showStacks(); 515 | var result = this.doFinal(); 516 | common.log("======================================"); 517 | common.log("doFinal结果: |str :" + bytesToString(result)); 518 | common.log("doFinal结果: |hex :" + bytesToHex(result)); 519 | common.log("doFinal结果: |base64 :" + bytesToBase64(result)); 520 | return result; 521 | } 522 | cipher.doFinal.overload('[B').implementation = function (a) { 523 | //showStacks(); 524 | var result = this.doFinal(a); 525 | common.log("======================================"); 526 | common.log("doFinal参数: |str :" + bytesToString(a)); 527 | common.log("doFinal参数: |hex :" + bytesToHex(a)); 528 | common.log("doFinal结果: |str :" + bytesToString(result)); 529 | common.log("doFinal结果: |hex :" + bytesToHex(result)); 530 | common.log("doFinal结果: |base64 :" + bytesToBase64(result)); 531 | return result; 532 | } 533 | 534 | var x509EncodedKeySpec = Java.use('java.security.spec.X509EncodedKeySpec'); 535 | x509EncodedKeySpec.$init.overload('[B').implementation = function (a) { 536 | //showStacks(); 537 | var result = this.$init(a); 538 | common.log("======================================"); 539 | common.log("RSA密钥:" + bytesToBase64(a)); 540 | return result; 541 | } 542 | 543 | var rSAPublicKeySpec = Java.use('java.security.spec.RSAPublicKeySpec'); 544 | rSAPublicKeySpec.$init.overload('java.math.BigInteger', 'java.math.BigInteger').implementation = function (a, b) { 545 | //showStacks(); 546 | var result = this.$init(a, b); 547 | common.log("======================================"); 548 | //common.log("RSA密钥:" + bytesToBase64(a)); 549 | common.log("RSA密钥N:" + a.toString(16)); 550 | common.log("RSA密钥E:" + b.toString(16)); 551 | return result; 552 | } 553 | 554 | var KeyPairGenerator = Java.use('java.security.KeyPairGenerator'); 555 | KeyPairGenerator.generateKeyPair.implementation = function () 556 | { 557 | //showStacks(); 558 | var result = this.generateKeyPair(); 559 | common.log("======================================"); 560 | 561 | var str_private = result.getPrivate().getEncoded(); 562 | var str_public = result.getPublic().getEncoded(); 563 | common.log("公钥 |hex" + bytesToHex(str_public)); 564 | common.log("私钥 |hex" + bytesToHex(str_private)); 565 | 566 | return result; 567 | } 568 | 569 | KeyPairGenerator.genKeyPair.implementation = function () 570 | { 571 | //showStacks(); 572 | var result = this.genKeyPair(); 573 | common.log("======================================"); 574 | 575 | var str_private = result.getPrivate().getEncoded(); 576 | var str_public = result.getPublic().getEncoded(); 577 | common.log("公钥 |hex" + bytesToHex(str_public)); 578 | common.log("私钥 |hex" + bytesToHex(str_private)); 579 | 580 | return result; 581 | } 582 | }); 583 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Jshook 2 | frida自吐算法 3 | --------------------------------------------------------------------------------