release 0.1

rpc transfer js to FridaGpcServiceImp

FridaClient/FridaScrpit/hook.js

@@ -0,0 +1,24 @@
+function main() {
+    Java.perform(function () {
+
+        Java.enumerateClassLoaders({
+            onMatch: function(loader) {
+                let msg = `[loader]:${loader}`;
+                console.log(msg);
+                Java.use("com.test.fgum.MainActivity").update_text(msg);
+            },
+            onComplete: function() {
+                let msg = `find loader end`;
+                console.log(msg);
+                Java.use("com.test.fgum.MainActivity").update_text(msg);
+            }
+        });
+
+         var i = 0;
+         var timer = setInterval(function () {
+             console.log(i++);
+         },1000)
+    })
+}
+
+setImmediate(main);

FridaClient/FridaScrpit/hookbutton.js

@@ -0,0 +1,22 @@
+function main() {
+
+     // hook 所有 View 的点击事件
+      Java.perform(function () {
+        var View = Java.use('android.view.View');
+        var OnClickListener = Java.use('android.view.View$OnClickListener');
+
+        // hook View 的 setOnClickListener 方法
+        View.setOnClickListener.implementation = function (listener) {
+          this.setOnClickListener(OnClickListener.$new({
+            onClick: function (view) {
+              // 按钮被点击时执行的代码
+              console.log('Button was clicked!');
+              // 调用原始方法以确保按钮的点击事件仍然被处理
+              listener.onClick(view);
+            }
+          }));
+        };
+      });
+}
+
+setImmediate(main);

FridaClient/src/main/java/org/example/Main.java

@@ -1,29 +1,38 @@
 package org.example;
 
-import com.kone.pbdemo.protocol.FridaServiceGrpc;
-import com.kone.pbdemo.protocol.StringArgument;
+import com.google.protobuf.ByteString;
+import com.kone.pbdemo.protocol.*;
 import io.grpc.ManagedChannel;
 import io.grpc.ManagedChannelBuilder;
 import io.grpc.stub.StreamObserver;
 
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+
 public class Main {
     public static void main(String[] args) {
 
-        String host = "192.168.1.2";      //remote android ip
-        String dir = "D:\\apk\\work\\vip\\dump";   //pc dex dir
+        String host = "192.168.0.63";      //remote android ip
         int port = 9091;
         ManagedChannel channel = ManagedChannelBuilder.forAddress(host, port).usePlaintext().maxInboundMessageSize(Integer.MAX_VALUE).build();
 
-        FridaGpcClientImp service = new FridaGpcClientImp(channel);
+        FridaServiceGrpc.FridaServiceBlockingStub iServerInface = FridaServiceGrpc.newBlockingStub(channel);
 
         FridaServiceGrpc.FridaServiceStub stub = FridaServiceGrpc.newStub(channel);
 
-        // 调用服务方法，并接收来自服务端推送的消息
-        StringArgument stringArgument = StringArgument.newBuilder().build();
-        stub.streamMessages(stringArgument, new StreamObserver<StringArgument>() {
+        StreamObserver<GrpcMessage> requestStreamObserver = stub.subscribe( new StreamObserver<GrpcMessage>() {
+
             @Override
-            public void onNext(StringArgument response) {
-                System.out.println("Received message: " + response.getData());
+            public void onNext(GrpcMessage response) {
+                switch (response.getType()){
+                    case  log:{
+                        String log = response.getContent().toString();
+                        System.out.print(log);
+                    }
+                }
             }
 
             @Override
@@ -36,6 +45,28 @@ public void onCompleted() {
                 System.out.println("Server closed the stream.");
             }
         });
-//        System.out.println("Hello world!");
+//        用requestStreamObserver 
+
+        String filePath = "D:\\Project\\git\\FGum\\FridaClient\\FridaScrpit\\hook.js";
+        try {
+            byte[] js_byte = Files.readAllBytes(Paths.get(filePath));
+            GrpcMessage file =  GrpcMessage.newBuilder().setType(GrpcType.file).setContent(ByteString.copyFrom(js_byte)).build();
+            requestStreamObserver.onNext(file);
+
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+
+        CountDownLatch latch = new CountDownLatch(1);
+
+        // Wait for the server to complete
+        try {
+            latch.await(1, TimeUnit.MINUTES);
+        } catch (InterruptedException e) {
+            throw new RuntimeException(e);
+        }
+
+        channel.shutdown();
+
     }
 }

FridaClient/src/main/proto/message.proto

@@ -5,28 +5,42 @@ option go_package = "protocol";
 option java_multiple_files = true;
 option java_package = "com.kone.pbdemo.protocol";
 
+enum GrpcType {
+  log = 0;
+  file = 1;
+  cmd = 2;
+  unknow = 3;
+}
 
 service FridaService {
-    rpc LoadJS (Filebuff) returns (Empty) {}
-    rpc streamMessages (StringArgument) returns (stream StringArgument);
+  rpc LoadJS (Filebuff) returns (Empty) {}
+  rpc Subscribe(stream GrpcMessage) returns (stream GrpcMessage);
 
 }
 
 service FridaClient {
-    rpc on_message(StringArgument) returns (Empty) {}
+  rpc on_message(StringArgument) returns (Empty) {}
 
 }
 
 
 message StringArgument {
-    string data = 1;
+  string data = 1;
 }
 
-message Filebuff {
-    bytes Content = 1;
+message GrpcMessage {
+  GrpcType type = 1;
+  bytes Content = 2;
 }
 
-
+message Filebuff {
+  bytes Content = 1;
+}
+//
+//// The push response message
+//message PushResponse {
+//    string message = 1;
+//}
 
 message Empty {}
 

app/src/main/AndroidManifest.xml

@@ -2,8 +2,8 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
     xmlns:tools="http://schemas.android.com/tools">
 
+    <uses-permission android:name="android.permission.INTERNET"/>
     <application
-        android:allowBackup="true"
         android:dataExtractionRules="@xml/data_extraction_rules"
         android:fullBackupContent="@xml/backup_rules"
         android:icon="@mipmap/ic_launcher"

app/src/main/cpp/native-lib.cpp

@@ -4,6 +4,10 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <sys/stat.h>
+#include <mutex>
+#include <thread>
+#include <condition_variable>
+#include <chrono>
 
 #include "logging.h"
 #include "native-lib.h"
@@ -17,6 +21,12 @@ static GumScript *script;
 static GMainContext *context;
 static GMainLoop *loop;
 
+// 共享内存数据结构
+std::string sharedMemory;
+std::mutex logmtx;
+std::condition_variable cv;
+JavaVM* g_vm = nullptr;
+
 char *readfile(const char *filepath) {
     FILE *file = fopen(filepath, "r");
     if (file == NULL) {
@@ -40,7 +50,21 @@ char *readfile(const char *filepath) {
     }
     return (char *) buffer;
 }
-
+void logFunc(jclass LoadEntry,jmethodID jsendlog) {
+    JNIEnv* env;
+
+    if(g_vm->AttachCurrentThread(&env, nullptr)==0){
+        while (true){
+            std::unique_lock<std::mutex> lock(logmtx);
+            cv.wait(lock, []{ return !sharedMemory.empty() ; });
+            if (!sharedMemory.empty()) {
+                jstring log = env->NewStringUTF(sharedMemory.c_str());
+                env->CallStaticBooleanMethod(LoadEntry,jsendlog,log);
+                sharedMemory.clear();
+            }
+        }
+    }
+}
 int hookFunc(jbyte* buffer) {
     LOGD ("[*] gumjsHook()");
     gum_init_embedded();
@@ -68,8 +92,8 @@ int hookFunc(jbyte* buffer) {
 
 int gumjsHook(jbyte* buffer) {
     pthread_t pthread;
-    int result = pthread_create(&pthread, NULL, (void *(*)(void *)) (hookFunc),
-                                (void *) buffer);
+
+    int result = pthread_create(&pthread, NULL, (void *(*)(void *)) (hookFunc),(void *) buffer);
     struct timeval now;
     struct timespec outtime;
     pthread_mutex_lock(&mtx);
@@ -86,45 +110,65 @@ int gumjsHook(jbyte* buffer) {
     return result;
 }
 
-static void
-on_message(const gchar *message, GBytes *data, gpointer user_data) {
+static void on_message(const gchar *message, GBytes *data, gpointer user_data) {
     JsonParser *parser;
     JsonObject *root;
     const gchar *type;
 
     parser = json_parser_new();
     json_parser_load_from_data(parser, message, -1, NULL);
     root = json_node_get_object(json_parser_get_root(parser));
+    std::lock_guard<std::mutex> lock(logmtx);
 
     type = json_object_get_string_member(root, "type");
     if (strcmp(type, "log") == 0) {
         const gchar *log_message;
         log_message = json_object_get_string_member(root, "payload");
+
         LOGD ("[*] log : %s ", log_message);
+//        sharedMemory=sharedMemory+log_message;
+
     } else {
         LOGD ("[*] %s ", message);
+//        sharedMemory=sharedMemory+message;
     }
+    cv.notify_one(); // 通知等待的消费者线程
 
     g_object_unref(parser);
 }
 
-extern "C" JNIEXPORT jstring JNICALL
-Java_com_test_fgum_MainActivity_stringFromJNI(
-        JNIEnv* env,
-        jobject /* this */) {
-    std::string hello = "Hello from C++";
-    return env->NewStringUTF(hello.c_str());
-}
 
 extern "C"
-JNIEXPORT jboolean JNICALL
-Java_com_test_fgum_FridaGpcServiceImp_loadbuff(JNIEnv *env, jobject thiz, jbyteArray js_buff) {
+JNIEXPORT jboolean JNICALL loadbuff(JNIEnv *env, jclass thiz, jbyteArray js_buff) {
     // TODO: implement loadbuff()
-    jsize length = env->GetArrayLength(js_buff);
     jbyte* buffer = env->GetByteArrayElements(js_buff, NULL);
     if (buffer == NULL) {
         return false;
     }
     gumjsHook(buffer);
     return true;
-}
+}
+#include <future>
+
+JNIEXPORT jint JNI_OnLoad(JavaVM* vm, void* reserved) {
+    JNIEnv* env;
+    if (vm->GetEnv( (void**) &env, JNI_VERSION_1_6) != JNI_OK) {
+        return -1;
+    }
+    pthread_t pthread;
+    g_vm = vm;
+    jclass LoadEntry = env->FindClass("com/test/fgum/LoadEntry");
+    JNINativeMethod methods[]= {
+            {"loadbuff", "([B)Z",(void*) loadbuff},
+    };
+    env->RegisterNatives(LoadEntry, methods, sizeof(methods)/sizeof(JNINativeMethod));
+    jmethodID jsendlog = env->GetStaticMethodID(LoadEntry,"sendlog", "(Ljava/lang/String;)Z");
+    LOGE("BEFORE");
+    // 使用 lambda 表达式捕获参数并作为线程函数
+//    std::thread t([LoadEntry, jsendlog]() { logFunc(LoadEntry, jsendlog); });
+//    t.detach();
+    LOGE("REWRWEREWER");
+
+    return JNI_VERSION_1_6;
+}
+