IOS WeChat & Frida 处理HongBao参数的问题(已解决)

首先函数声明:- (void)OnWCToHongbaoCommonResponse:(id)arg1 Request:(id)arg2;

此函数的第一个参数为HongBaoRes,声明如下:

@interface SKBuiltinBuffer_t : NSObject
@property(retain, nonatomic) NSData *buffer; 
@property(nonatomic) unsigned int iLen;

@end
@interface SKBuiltinString_t : NSObject
@property(retain, nonatomic) NSString *string;
@end

@interface BaseResponse : NSObject
@property(retain, nonatomic) SKBuiltinString_t *errMsg;
@property(nonatomic) int ret;

@end
@interface HongBaoRes : NSObject
@property(retain, nonatomic) BaseResponse *baseResponse;
@property(nonatomic) int cgiCmdid; // @dynamic cgiCmdid;
@property(retain, nonatomic) NSString *errorMsg; // @dynamic errorMsg;
@property(nonatomic) int errorType; // @dynamic errorType;
@property(retain, nonatomic) NSString *platMsg; // @dynamic platMsg;
@property(nonatomic) int platRet; // @dynamic platRet;
@property(retain, nonatomic) SKBuiltinBuffer_t *retText; // @dynamic retText;
@end

用Xcode上写Hook代码如下:

- (void)OnWCToHongbaoCommonResponse:(HongBaoRes *)arg1 Request:(id)arg2
{
    NSData *buffer = arg1.retText.buffer;
    NSString *aString = [[NSString alloc] initWithData:buffer encoding:NSUTF8StringEncoding];
     NSLog(@"retText:%@",aString);
    %orig;
}

得到retText

retText:{"retcode":0,"retmsg":"ok","sendId":"xxxxx","wishing":"恭喜发财,大吉大利","isSender":0,"receiveStatus":0,"hbStatus":2,"statusMess":"给你发了一个红包","hbType":0,"watermark":"","sendUserName":"xxxx","timingIdentifier":"35971B49DE4AE3E604E17E3EAB463272"}

现在用Frida Hook 了OnWCToHongbaoCommonResponse:Request:这个方法,我想打印出retText的值
Frida Hook代码:

        var className = "WCRedEnvelopesLogicMgr";
        var funcName = "- OnWCToHongbaoCommonResponse:Request:";
        var hook = eval('ObjC.classes.' + className + '["' + funcName + '"]');
        console.log("[*] Class Name: " + className);
        console.log("[*] Method Name: " + funcName);
        Interceptor.attach(hook.implementation, {
          onEnter: function(args) {
            var arg2 = new ObjC.Object(args[2]);
            console.log("LogicMgr:"+ arg2.$ivars.retText);
            
            
          },
          onLeave: function(retval) {
            console.log("Finished!");
          }
        });

提示retText undefined

问题:如何使用Frida打印出retText的值??
第一次发帖,如有不妥之处,请管理删帖

1 个赞

这个markdown语法看起来不妥

1 个赞

正在编辑 稍等

我改好了你怎么又搞回来了。。。。

啊 辛苦zhang总了 我。。。自己琢磨了一下 那麻烦zhang总在帮我调整一下

Frida 通过arg1.retText().buffer() 即可访问 答应出来的是NSData 转化为NSString 即可

2 个赞