# JNI_OnLoad will call 'RegisterNatives'.
emulator.call_symbol(lib_module, 'JNI_OnLoad',
emulator.java_vm.address_ptr, 0x00)
# bypass douyin checks
path = "vfs/system/bin/app_process32"
sz = os.path.getsize(path)
vf = VirtualFile("/system/bin/app_process32",
misc_utils.my_open(path, os.O_RDONLY), path)
emulator.memory.map(0xab006000, sz, UC_PROT_WRITE | UC_PROT_READ, vf, 0)
x = XGorgen()
data = 'acde74a94e6b493a3399fac83c7c08b35D58B21D9582AF77647FC9902E36AE70f9c001e9334e6e94916682224fbe4e5f00000000000000000000000000000000'
data = bytearray(bytes.fromhex(data))
arr = Array("B", data)
result = x.leviathan(emulator, 1562848170, arr)
print(''.join(['%02x' % b for b in result]))
# 037d560d0000903e34fb093f1d21e78f3bdf3fbebe00b124becc
# 036d2a7b000010f4d05395b7df8b0ec2b5ec085b938a473a6a51
# 036d2a7b000010f4d05395b7df8b0ec2b5ec085b938a473a6a51
# 0300000000002034d288fe8d6b95b778105cc36eade709d2b500
# 0300000000002034d288fe8d6b95b778105cc36eade709d2b500
# 0300000000002034d288fe8d6b95b778105cc36eade709d2b500
# Dump natives found.
# for method in MainActivity.jvm_methods.values():
# if method.native:
# Show loaded modules.
logger.info("Loaded modules:")
for module in emulator.modules:
logger.info("=> 0x%08x - %s" % (module.base, module.filename))
try:
# Run JNI_OnLoad.
# JNI_OnLoad will call 'RegisterNatives'.
emulator.call_symbol(lib_module, 'JNI_OnLoad',
emulator.java_vm.address_ptr, 0x00)
x = XGorgen()
data = 'acde74a94e6b493a3399fac83c7c08b35D58B21D9582AF77647FC9902E36AE70f9c001e9334e6e94916682224fbe4e5f00000000000000000000000000000000'
data = bytearray(bytes.fromhex(data))
arr = Array(data)
result = x.leviathan(emulator, 1562848170, arr)
print(''.join(['%02x' % b for b in result]))
# 037d560d0000903e34fb093f1d21e78f3bdf3fbebe00b124becc
# 036d2a7b000010f4d05395b7df8b0ec2b5ec085b938a473a6a51
# 036d2a7b000010f4d05395b7df8b0ec2b5ec085b938a473a6a51
# 0300000000002034d288fe8d6b95b778105cc36eade709d2b500
# 0300000000002034d288fe8d6b95b778105cc36eade709d2b500
# 0300000000002034d288fe8d6b95b778105cc36eade709d2b500
# Dump natives found.
except UcError as e:
print("Exit at %x" % emulator.mu.reg_read(UC_ARM_REG_PC))
def getHardwareAddress(self, emu):
mac = config.global_config_get("mac")
barr = bytearray(mac)
arr = Array("B", barr)
return arr
def getBytes(self, emu, charset):
pycharset = charset.get_py_string()
barr = bytearray(self.__str, pycharset)
arr = Array("B", barr)
return arr
try:
# Run JNI_OnLoad.
# JNI_OnLoad will call 'RegisterNatives'.
impl = ContextImpl()
app = MainApplication()
app.attachBaseContext(impl)
emulator.call_symbol(lib_module, 'JNI_OnLoad',
emulator.java_vm.address_ptr, 0x00)
o2 = Integer(1)
o3 = String("")
o4 = String("/data/data/fm.xiami.main/app_SGLib")
o5 = String("")
pyarr = [app, o2, o3, o4, o5]
arr = Array("Ljava/lang/Object;", pyarr)
#print(arr)
#emulator.mu.hook_add(UC_HOOK_CODE, hook_code, emulator)
JNICLibrary.doCommandNative(emulator, 10101, arr)
o1 = String("main")
o2 = String("6.4.163")
o3 = String("/data/data/fm.xiami.main/lib/libsgmainso-6.4.163.so")
print("begin 10102")
arr = Array("Ljava/lang/Object;", [o1, o2, o3])
JNICLibrary.doCommandNative(emulator, 10102, arr)
'''
01-26 02:46:31.968 5752 6060 I librev-dj: param0 {INPUT=XtX3M1bJ69cDAFWqkBwQYXgY&&&21465214&a75c08d1bc5069534cd65d35372bede2&2169991&mtop.alimusic.common.menuservice.getdata&1.0&&701287@xiami_android_8.3.8&AohsPSPH-F7lQLJzyIvh_6geqxEqIetYwOxZ0laI9k_9&&&27} [class java.util.HashMap]
01-26 02:46:31.968 5752 6060 I librev-dj: param1 21465214 [class java.lang.String]
try:
# Run JNI_OnLoad.
# JNI_OnLoad will call 'RegisterNatives'.
act_thread = ActivityThread()
app = act_thread.currentApplication(emulator)
emulator.call_symbol(lib_module, 'JNI_OnLoad',
emulator.java_vm.address_ptr, 0x00)
o2 = Integer(1)
o3 = String("")
o4 = String("/data/data/fm.xiami.main/app_SGLib")
o5 = String("")
pyarr = [app, o2, o3, o4, o5]
arr = Array(pyarr)
#print(arr)
JNICLibrary.doCommandNative(emulator, 10101, arr)
o1 = String("main")
o2 = String("6.4.163")
o3 = String("/data/data/fm.xiami.main/lib/libsgmainso-6.4.163.so")
print("begin 10102")
arr = Array([o1, o2, o3])
JNICLibrary.doCommandNative(emulator, 10102, arr)
'''
01-26 02:46:31.968 5752 6060 I librev-dj: param0 {INPUT=XtX3M1bJ69cDAFWqkBwQYXgY&&&21465214&a75c08d1bc5069534cd65d35372bede2&2169991&mtop.alimusic.common.menuservice.getdata&1.0&&701287@xiami_android_8.3.8&AohsPSPH-F7lQLJzyIvh_6geqxEqIetYwOxZ0laI9k_9&&&27} [class java.util.HashMap]
01-26 02:46:31.968 5752 6060 I librev-dj: param1 21465214 [class java.lang.String]
01-26 02:46:31.968 5752 6060 I librev-dj: param2 7 [class java.lang.Integer]