Python
import frida
import sys
import json
from datetime import datetimedef on_message(message, data):if message['type'] == 'send':try:payload = message['payload']timestamp = datetime.fromtimestamp(payload['timestamp']/1000).strftime('%Y-%m-%d %H:%M:%S')print("\n" + "="*50)print(f"[{timestamp}] 收到消息:")if payload['type'] == 'getLocalId_result':print(f"函数: getLocalId 结果")print(f"输入参数: {payload['input']}")print(f"返回结果: {payload['result']}")elif payload['type'] == 'getMsgUiDataContent':print(f"函数: getMsgUiDataContent")msg = payload['message']print(f"发送者: {msg.get('nickname', '')}")print(f"内容类型: {msg.get('content_type', '')}")content = msg.get('content', '')if content:try:content_json = json.loads(content)if 'link' in content_json:print(f"链接: {content_json['link']}")else:print(f"内容: {content}")except:print(f"内容: {content}")else:link = msg.get('link', '')if link:print(f"链接: {link}")else:print(f"内容: {content}")elif payload['type'] == 'error':print(f"[!] 错误类型: {payload['error']}")print(f"错误详情: {payload['error_detail']}")if 'raw_message' in payload:print(f"原始消息: {payload['raw_message']}")except Exception as e:print(f"[!] 处理消息时出错: {str(e)}")print(f"原始消息: {message}")elif message['type'] == 'error':print(f"[!] Frida错误: {message['stack']}")try:# 连接到目标进程device = frida.get_usb_device()pid = device.spawn(["com.xingin.xhs"])session = device.attach(pid)# 加载JS脚本,使用UTF-8编码打开文件with open(r"C:\Users\xie__\Desktop\小红书测试.js", encoding='utf-8') as f:script = session.create_script(f.read())script.on('message', on_message)script.load()device.resume(pid)print("[*] Hook已加载,等待消息...")sys.stdin.read()except Exception as e:print(f"[!] 发生错误: {str(e)}")JS
Java.perform(function() {// Hook MsgConvertUtilstry {var MsgConvertUtils = Java.use('com.xingin.chatbase.bean.convert.MsgConvertUtils');MsgConvertUtils.getLocalId.overload('java.lang.String').implementation = function(msgContent) {console.log('\n[+] MsgConvertUtils.getLocalId 被调用');// 发送数据到Pythonsend({type: "getLocalId",input: msgContent,timestamp: new Date().getTime()});// 调用原始方法var result = this.getLocalId(msgContent);// 发送结果到Pythonsend({type: "getLocalId_result",input: msgContent,result: result,timestamp: new Date().getTime()});return result;};// Hook getMsgUiDataContent 方法MsgConvertUtils.getMsgUiDataContent.overload('java.lang.String').implementation = function(msgContent) { try {var msgJson = JSON.parse(msgContent);// 发送完整消息到Pythonsend({type: "getMsgUiDataContent",message: msgJson,timestamp: new Date().getTime()});} catch(e) {send({type: "error",error: "解析消息内容失败",raw_message: msgContent,error_detail: String(e),timestamp: new Date().getTime()});}// 调用原始方法并返回结果var result = this.getMsgUiDataContent(msgContent);return result;};} catch(e) {send({type: "error",error: "Hook MsgConvertUtils 失败",error_detail: String(e),timestamp: new Date().getTime()});}
});
