-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathelfHook.js
More file actions
39 lines (30 loc) · 1.1 KB
/
elfHook.js
File metadata and controls
39 lines (30 loc) · 1.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
function main() {
const module = Process.mainModule;
console.log(JSON.stringify(module));
const xxteaEncrypt = module.base.add(0x12F5);
const xxteaDecrypt = module.base.add(0x1456);
Interceptor.attach(xxteaDecrypt, {
onEnter: function (_args) {
console.log("xxtea_decrypt called");
},
});
const xxtea_encrypt = new NativeFunction(xxteaEncrypt, 'int', ['pointer', 'int', 'int']);
const xxtea_decrypt = new NativeFunction(xxteaDecrypt, 'int', ['pointer', 'int', 'int']);
Interceptor.replace(
xxtea_encrypt,
xxtea_decrypt,
);
Interceptor.attach(module.base.add(0x1596), {
onEnter: function (args) {
const outputPath = args[0].add(5);
args[0] = args[1];
args[1] = outputPath;
// 输入变成了 message.txt.enc
console.log('Argument 1: ' + args[0].readUtf8String());
// 输出变成了 passwd
console.log('Argument 2: ' + args[1].readUtf8String());
// console.log('Argument 3: ' + args[2]);
},
});
}
setImmediate(main);