The target
Prints the parameters and return value of the CC_MD5 method
The environment
Jailbroken iOS devices require frida to be installed
For macOS computers, install Frida and install Frida-Tools
steps
(1) The mobile phone connects to the computer, and the mobile phone starts the app to be tested
(2) Frida-ps view the PID of the current app
frida-ps -Ua
Copy the codeThe output is as follows:
PID Name Identifier -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 47712 WeChat com. Tencent. Xin 30692 alipay com. Alipay. Iphoneclient Calculator com.appleCopy the code(3) Frida-trace the final wechat CC_MD5 method
frida-trace -U 47712 -i "CC_MD5"
Copy the codeThe output is as follows:
Instrumenting functions...
CC_MD5: Loaded handler at "/Users/xxxx/Documents/TargetApp/__handlers__/ASEProcessing/CC_MD5.js"
Copy the codeHold down the keyboard Ctrl+C to stop frida-trace
(4) According to the above path to find the cc_md5. js file, and edit
Main code:
onEnter: function (log, args, state) { log('CC_MD5()--arg[0]='+args[0].readUtf8String()); }, onLeave: function (log, retval, state) { log('CC_MD5()--return--='); var md5_digest = hexdump(retval,{length:16}); var hexified = " "; var raw_array = md5_digest.split("\n"); for (var a=0; a<raw_array.length; a++) { var line_array = raw_array[a].split(" "); for (var b=1; b<line_array.length-1; b++) { if (line_array[b].length === 2) { hexified += line_array[b]; hexified = hexified.trim(); } } } log(hexified+"\n"); }}Copy the codeRemember to save the modification.
(5) Repeat step (3)
After a few finger operations on wechat, you will see some CC_MD5 related prints on the terminal:
20014 ms CC_MD5()--arg[0]=dong540131487888 20014 ms CC_MD5()--return--= 20014 ms c476c6182489c453fff807eeb9595f8d 20015 ms CC_MD5()--arg[0]=https://wx.qlogo.cn/mmhead/ver_1/3lDOnjQscyrAxQP555555f8MuNjW8tAqoETibPgkds5qLFiaKEkyzfxZ2fdg5uPuKib6N1 WyshhmI5fEqgqRiaXicZVzvp0NoAiakPkbeklsWI39S8/132 20015 ms CC_MD5()--return--= 20015 ms 3d9f8fb870f139c3c73d5d83j5734d26Copy the codeTest successful!