fix

apktool.py

@@ -0,0 +1,378 @@
+# -*- coding:utf-8 -*-
+import os
+import re
+import shutil
+import subprocess
+import sys
+import time
+
+import win32api
+import win32con
+import yaml
+import xml.etree.ElementTree as ET
+channel_rose = '朱雀'
+channel_coolpad='FAKE'
+channel_xmy = '小绵羊'
+channel_9hgame = '九狐'
+channel_icefoxgame = '冰狐'
+# 测试组游戏地址，需要根据游戏修改
+# 测试组游戏地址，需要根据游戏修改
+# 测试组游戏地址，需要根据游戏修改
+game_dir = r'\\10.8.230.114\public\测试组\青雀\秦皇汉武Y'
+# 其他情况使用BPM上面的任务名称
+game_channel = '秦皇汉武Y-朱雀'
+
+def copy_mommy_for_9hgame(decompile_dir_path):
+    htprotect_dir_path = os.path.join(decompile_dir_path, 'smali', 'com', 'ydzs', 'framework')
+    if not os.path.exists(htprotect_dir_path):
+        os.makedirs(htprotect_dir_path)
+    shutil.copy(os.path.join(r'D:\special_problem\九狐', 'MommyUtils.smali'), htprotect_dir_path)
+
+if ' ' in game_channel:
+    game_channel = game_channel.replace(' ', '-')
+print(sys.argv)
+if len(sys.argv) == 3:
+    game_dir = sys.argv[1]
+    game_channel = sys.argv[2]
+print(game_dir)
+print(game_channel)
+
+def fix_install_fail_bug(decompile_dir_path):
+    namespace = '{http://schemas.android.com/apk/res/android}'
+    ET.register_namespace('android', 'http://schemas.android.com/apk/res/android')
+    manifest_path = os.path.join(decompile_dir_path, 'AndroidManifest.xml')
+    xml_tree = ET.parse(manifest_path)
+    xml_root = xml_tree.getroot()
+    application_node = xml_root.find('./application')
+    etract_value = application_node.get(f'{namespace}extractNativeLibs')
+    if etract_value is not None and etract_value == 'false':
+        # 修改extractNativeLib
+        application_node.set(f'{namespace}extractNativeLibs', 'true')
+        xml_tree.write(manifest_path, encoding='utf-8', xml_declaration=True)
+
+    yaml_path = os.path.join(decompile_dir_path, 'apktool.yml')
+    file = open(yaml_path, 'r', encoding='utf-8')
+    yaml_result = yaml.load(file, Loader=yaml.BaseLoader)
+    sdk_info = yaml_result['sdkInfo']
+    yaml_result['packageInfo']['renameManifestPackage'] = None
+    print(sdk_info)
+    if int(sdk_info['targetSdkVersion']) > 29:
+        sdk_info['targetSdkVersion'] = '29'
+        print(sdk_info)
+        file.close()
+        with open(yaml_path, 'w', encoding='utf-8') as f:
+            yaml.dump(yaml_result, f)
+
+def rindex(lst, value):
+    for i, v in enumerate(reversed(lst)):
+        if v == value:
+            return len(lst) - i - 1  # return the index in the original list`
+    return None
+
+
+def move_game_apk_to_work():
+    cmd_move_str = f'copy {game_path} {work_path}'
+    print(cmd_move_str)
+    result = subprocess.getoutput(cmd_move_str)
+    print(result)
+
+
+def get_decompile_dir_name(apk_path):
+    s_index = apk_path.index('.')
+    print('s_index', s_index)
+    p_index = rindex(apk_path, '\\')
+    print('p_index:', p_index)
+    dir_name = apk_path[:rindex(apk_path, '\\') + 1] + apk_path[p_index + 1:s_index]
+    print('dir_name:', dir_name)
+    return dir_name
+
+
+def find_r_smali_and_replace(smali_file_path, regex_str):
+    with open(smali_file_path, 'r') as f:
+        smali_str = f.read()
+        pattern = re.compile(regex_str)
+        resource_arr = pattern.findall(smali_str)
+        if len(resource_arr) > 0:
+            print(smali_file_path)
+        for r_str in resource_arr:
+            virtual_name = r_str[r_str.index(' ') + 1:r_str.index(',')]
+            print(virtual_name)
+            resource_type = r_str[r_str.index('R$') + 2:r_str.index(';')].capitalize()
+            print(resource_type)
+            resource_name = r_str[r_str.index('->') + 2:r_str.index(':')]
+            print(resource_name)
+            new_r_str = "const-string %s, \"%s\"\n\n\tinvoke-static {%s}, Lcom/ydzs/framework/MommyUtils;->get%sId(Ljava/lang/String;)I\n\n\tmove-result %s" % (
+                virtual_name, resource_name, virtual_name, resource_type, virtual_name)
+            print(new_r_str)
+            smali_str = smali_str.replace(r_str, new_r_str)
+    with open(smali_file_path, 'w') as f:
+        f.write(smali_str)
+
+
+def replace_rose_resource(d_dir):
+    r_regex_str = r'sget[^\n]*R\$layout[^\n]*I|sget[^\n]*R\$id[^\n]*I|sget[^\n]*R\$drawable[^\n]*I|sget[^\n]*R\$string[^\n]*I|sget[^\n]*R\$array[^\n]*I|sget[^\n]*R\$bool[^\n]*I|sget[^\n]*R\$integer[^\n]*I'
+    for dirpath, dirnames, filenames in os.walk(d_dir):
+        if r'com\wanwu' in dirpath or r'com\ydzs' in dirpath:
+            for smali_file in filenames:
+                smali_file_path = os.path.join(dirpath, smali_file)
+                # print(smali_file_path)
+                find_r_smali_and_replace(smali_file_path, r_regex_str)
+
+
+def fix_coolpad_version_3_method_name_change_bug(decompile_dir):
+    is_version_3_sdk = False
+    is_new_sdk_and_version_lt_version_3 = False
+    for dirpath, dirnames, filenames in os.walk(decompile_dir):
+        if r'com\yulong\sdk\promoter' in dirpath and 'OnGameAuthListener.smali' in filenames:
+            auth_listener_path = os.path.join(dirpath, 'OnGameAuthListener.smali')
+            with open(auth_listener_path, 'r', encoding='utf-8') as f:
+                smali_str_arr = f.read()
+                if 'onSuccess' in smali_str_arr:
+                    is_version_3_sdk = True
+                if 'onResult' in smali_str_arr:
+                    is_new_sdk_and_version_lt_version_3 = True
+                break
+    for dirpath, dirnames, filenames in os.walk(decompile_dir):
+        if r'com\yulong\sdk\promoter' in dirpath and 'PromoterGameAuthApi$1.smali' in filenames:
+            smali_path = os.path.join(dirpath, 'PromoterGameAuthApi$1.smali')
+            print(smali_path)
+            with open(smali_path, 'r', encoding='utf-8') as f:
+                smali_str_arr = f.readlines()
+                index_str = r'onSuccess'
+                if is_new_sdk_and_version_lt_version_3:
+                    index_str = r'onSuccess'
+                elif is_version_3_sdk:
+                    index_str = r'onResult'
+                for line in smali_str_arr:
+                    if index_str in line:
+                        print(line)
+                        index = smali_str_arr.index(line)
+                        if is_new_sdk_and_version_lt_version_3:
+                            smali_str_arr[index] = line.replace(index_str, 'onResult')
+                        elif is_version_3_sdk:
+                            smali_str_arr[index] = line.replace(index_str, 'onSuccess')
+                        print(smali_str_arr[index])
+                        break
+            with open(smali_path, 'w', encoding='utf-8') as f:
+                f.write(''.join(smali_str_arr))
+                break
+    return is_version_3_sdk
+
+
+def fix_coolpad_version_3_login_fail_bug(decompile_dir_path):
+    insert_str_list = [
+        '\n\t.locals 0\n\n',
+        '\treturn-void\n\n']
+    for dirpath, dirnames, filenames in os.walk(decompile_dir_path):
+        if r'com\yulong\account\auth' in dirpath and 'AuthCodeApiImpl.smali' in filenames:
+            smali_path = os.path.join(dirpath, 'AuthCodeApiImpl.smali')
+            with open(smali_path, 'r', encoding='utf-8') as f:
+                smali_str_arr = f.readlines()
+                index_str = '.method private returnAuthError(Lcom/yulong/account/common/info/ErrorInfo;)V'
+                end_method_str = '.end method'
+                insert_str = ''.join(insert_str_list)
+                on_create_index = 0
+                insert_index = 0
+                for line in smali_str_arr:
+                    if index_str in line:
+                        on_create_index = smali_str_arr.index(line)
+                        print('on_create_index', on_create_index, line)
+                        break
+                for index, value in enumerate(smali_str_arr):
+                    if index > on_create_index and end_method_str in value:
+                        insert_index = index
+                        print('insert_index', index)
+                        break
+                print(on_create_index, insert_index)
+                del smali_str_arr[on_create_index + 1:insert_index]
+                smali_str_arr.insert(on_create_index + 1, insert_str)
+            with open(smali_path, 'w', encoding='utf-8') as f:
+                f.write(''.join(smali_str_arr))
+                break
+
+start_time = int(time.time())
+# 判断游戏是否需要修复并且是否是朱雀游戏，不需要修复就只需要拷贝arm64
+script_dir_list = os.listdir(r'F:\python_learn\day_1\script')
+is_need_fix = False
+for py_name in script_dir_list:
+    if game_channel in py_name:
+        is_need_fix = True
+        break
+
+print("aaaaaaaaaaaaaaa", is_need_fix)
+
+game_path = 'game_path is empty'
+for game_name in os.listdir(game_dir):
+    if ((channel_rose in game_channel or '青雀' in game_channel) and channel_rose in game_name) \
+            or ((channel_coolpad in game_channel or 'fake' in game_channel) and channel_coolpad in game_name)\
+            or ((channel_icefoxgame in game_channel or '冰狐' in game_channel) and channel_icefoxgame in game_name)\
+            or (channel_9hgame in game_channel and channel_9hgame in game_name)\
+            or (channel_xmy in game_channel and channel_xmy in game_name)\
+            or ('遥望' in game_channel and '遥望' in game_name):
+        game_path = os.path.join(game_dir, game_name)
+        break
+print('game_path:', game_path)
+work_path = r"D:\work"
+apk_file_path = f'{work_path}' + game_path[rindex(game_path, "\\"):]
+apk_file_path_copy = os.path.join(work_path, 'copy_'+game_path[rindex(game_path, "\\")+1:])
+print(apk_file_path_copy)
+if '全民泡泡' in game_channel:
+    if channel_rose in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'qmpp_rose')
+    elif channel_coolpad in game_channel or 'fake' in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'qmpp_coolpad')
+    elif channel_9hgame in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'qmpp_9hgame')
+    else:
+        decompile_dir_name = os.path.join(work_path, 'qmpp_xmy')
+elif '我的安吉拉2' in game_channel:
+    if channel_rose in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'wdajl_rose')
+    elif channel_coolpad in game_channel or 'fake' in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'wdajl_coolpad')
+    elif channel_9hgame in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'wdajl_9hgame')
+    else:
+        decompile_dir_name = os.path.join(work_path, 'wdajl_xmy')
+else:
+    decompile_dir_name = get_decompile_dir_name(apk_file_path)
+
+
+kfzs_sign = "kfzs_sign"
+kfzs_sign_youliang = "kfzs_sign_youliang"
+ydzs_sign = "ydzs_sign"
+# 签名文件，需要根据游戏修改
+# 签名文件，需要根据游戏修改
+# 签名文件，需要根据游戏修改
+current_sign = kfzs_sign
+if channel_rose in game_path or channel_coolpad in game_path or channel_9hgame in game_path:
+    current_sign = ydzs_sign
+elif channel_xmy in game_path:
+    current_sign = kfzs_sign
+
+# 修复脚本文件名,需要根据游戏修改
+# 修复脚本文件名,需要根据游戏修改
+# 修复脚本文件名,需要根据游戏修改
+if is_need_fix:
+    fix_python_path = os.path.join(r'F:\python_learn\day_1\script', f'{game_channel}.py')
+    print('fix_python_path', fix_python_path)
+
+# # 拷贝游戏包
+move_game_apk_to_work()
+# 复制一个原始包,只第一次复制
+if apk_file_path_copy[rindex(apk_file_path, '\\')+1:] not in os.listdir(work_path):
+    print("执行拷贝原始游戏包")
+    copy_origin_game_apk = f'copy {apk_file_path} {apk_file_path_copy}'
+    subprocess.getoutput(copy_origin_game_apk)
+else:
+    print("不执行拷贝原始游戏包")
+# # 解包
+cmd_decompile_str = rf'apktool d {apk_file_path} -f -o {decompile_dir_name} --only-main-classes'
+print(cmd_decompile_str)
+os.system(cmd_decompile_str)
+
+if channel_9hgame in game_path or channel_icefoxgame in game_path:
+    copy_mommy_for_9hgame(decompile_dir_name)
+
+#朱雀包拷贝arm64
+if (channel_rose in game_path or channel_coolpad in game_path or channel_9hgame in game_path or channel_icefoxgame in game_path) and 'arm64-v8a' in os.listdir(os.path.join(decompile_dir_name, 'lib')):
+    print('朱雀拷贝arm64')
+    arm64_path = os.path.join(decompile_dir_name, 'lib', 'arm64-v8a')
+    cmd_copy_arm64 = rf'copy D:\special_problem\朱雀arm64\libydzs.so {arm64_path}'
+    os.system(cmd_copy_arm64)
+    cmd_copy_arm64 = rf'copy D:\special_problem\朱雀arm64\libwanwusdk.so {arm64_path}'
+    os.system(cmd_copy_arm64)
+#朱雀包拷贝x86
+if (channel_rose in game_path or channel_coolpad in game_path or channel_9hgame in game_path or channel_icefoxgame in game_path) and 'x86' in os.listdir(os.path.join(decompile_dir_name, 'lib')):
+    print('朱雀拷贝x86')
+    x86_path = os.path.join(decompile_dir_name, 'lib', 'x86')
+    cmd_copy_x86 = rf'copy D:\special_problem\朱雀x86\libydzs.so {x86_path}'
+    os.system(cmd_copy_x86)
+
+#朱雀包修改资源获取方式
+if channel_rose in game_path or channel_coolpad in game_path or channel_9hgame in game_path or channel_icefoxgame in game_path:
+    print('执行朱雀包修改资源脚本')
+    replace_rose_resource(decompile_dir_name)
+    for dirpath, dirnames, filenames in os.walk(decompile_dir_name):
+        if r'com\ydzs\framework\java' in dirpath and 'YDZSSDKUser.smali' in filenames:
+            smali_path = os.path.join(dirpath, 'YDZSSDKUser.smali')
+            print(smali_path)
+            with open(smali_path, 'r', encoding='utf-8') as f:
+                smali_str_arr = f.readlines()
+                index_str = 'invoke-static {}, Lcom/ydzs/framework/SDKNativeWrapper;->nativeGetRealnameStatus()Ljava/lang/String;'
+                index_str2 = 'invoke-static {p1}, Lcom/ydzs/framework/SDKNativeWrapper;->nativeEnterGame(Ljava/util/HashMap;)Ljava/lang/String;'
+                replace_str = '\tinvoke-static {}, Lcom/ydzs/framework/SDKNativeWrapper;->nativeGetRealnameStatus()V\n'
+                replace_str2 = '\tinvoke-static {p1}, Lcom/ydzs/framework/SDKNativeWrapper;->nativeEnterGame(Ljava/util/HashMap;)V\n'
+                for line in smali_str_arr:
+                    if index_str in line:
+                        smali_str_arr[smali_str_arr.index(line)] = replace_str
+                    if index_str2 in line:
+                        smali_str_arr[smali_str_arr.index(line)] = replace_str2
+            with open(smali_path, 'w', encoding='utf-8') as f:
+                f.write(''.join(smali_str_arr))
+
+        if r'com\ydzs\framework' in dirpath and 'SDKNativeWrapper.smali' in filenames:
+            smali_path = os.path.join(dirpath, 'SDKNativeWrapper.smali')
+            print(smali_path)
+            with open(smali_path, 'r', encoding='utf-8') as f:
+                smali_str_arr = f.readlines()
+                index_str = '.method public static native nativeGetRealnameStatus()Ljava/lang/String;'
+                index_str2 = '.method public static native nativeEnterGame(Ljava/util/HashMap;)Ljava/lang/String;'
+                replace_str = '.method public static native nativeGetRealnameStatus()V\n'
+                replace_str2 = '.method public static native nativeEnterGame(Ljava/util/HashMap;)V\n'
+                for line in smali_str_arr:
+                    if index_str in line:
+                        smali_str_arr[smali_str_arr.index(line)] = replace_str
+                    if index_str2 in line:
+                        smali_str_arr[smali_str_arr.index(line)] = replace_str2
+            with open(smali_path, 'w', encoding='utf-8') as f:
+                f.write(''.join(smali_str_arr))
+
+# # 修复脚本
+if is_need_fix:
+    os.system(f'python {fix_python_path} {decompile_dir_name} {game_dir}')
+
+#修复酷派新sdk 3.0接口方法名改变登录后闪退bug
+is_version_3_sdk = fix_coolpad_version_3_method_name_change_bug(decompile_dir_name)
+print('is_version_3_sdk: ', is_version_3_sdk)
+if is_version_3_sdk:
+    fix_coolpad_version_3_login_fail_bug(decompile_dir_name)
+
+fix_install_fail_bug(decompile_dir_name)
+
+# # 合包
+if '全民泡泡' in game_channel or '我的安吉拉2' in game_channel:
+    cmd_build_str = f'apktool b {decompile_dir_name} -f -o {apk_file_path} --use-aapt2'
+elif '乱世终结' in game_channel:
+    cmd_build_str = f'apktool b {decompile_dir_name} -f -o {apk_file_path} -api 29'
+else:
+    cmd_build_str = f'apktool b {decompile_dir_name} -f -o {apk_file_path}'
+print('cmd_build_str:', cmd_build_str)
+os.system(cmd_build_str)
+# 签名
+if '极无双' in game_channel or '终末阵线' in game_channel\
+        or '灌篮高手' in game_channel or '炼仙传说' in game_channel\
+        or '生死狙击' in game_channel or '全明星激斗' in game_channel\
+        or '弹弹堂大冒险' in game_channel or '勇者秘境' in game_channel\
+        or '狩猎吧原始人' in game_channel:
+    current_sign = kfzs_sign_youliang
+
+if '航海王启航D' in game_channel:
+    current_sign = ydzs_sign
+
+if '我叫MT：经典再现Y' in game_channel:
+    current_sign = kfzs_sign
+
+cmd_sign_str = rf'{current_sign} {apk_file_path}'
+print(cmd_sign_str)
+cmd_result = subprocess.getoutput(cmd_sign_str)
+print(cmd_result)
+# 拷贝回测试组
+cmd_move_back_to_test_public = f'copy {apk_file_path} {game_dir}'
+print(cmd_move_back_to_test_public)
+cmd_result = subprocess.getoutput(cmd_move_back_to_test_public)
+print(cmd_result)
+end_time = int(time.time())
+print('执行时间s:', end_time-start_time)
+print('执行时间m:', (end_time-start_time)/60)
+win32api.MessageBox(0, "游戏修复完毕", "提醒", win32con.MB_OK)

apktool2.py

@@ -0,0 +1,375 @@
+# -*- coding:utf-8 -*-
+import os
+import re
+import shutil
+import subprocess
+import sys
+import time
+
+import win32api
+import win32con
+import yaml
+import xml.etree.ElementTree as ET
+channel_rose = '朱雀'
+channel_coolpad='FAKE'
+channel_xmy = '小绵羊'
+channel_9hgame = '九狐'
+channel_icefoxgame = '冰狐'
+# 测试组游戏地址，需要根据游戏修改
+# 测试组游戏地址，需要根据游戏修改
+# 测试组游戏地址，需要根据游戏修改
+game_dir = r'\\10.8.230.114\public\测试组\青雀\破天一剑Y'
+# 其他情况使用BPM上面的任务名称
+game_channel = '破天一剑Y-朱雀'
+
+def copy_mommy_for_9hgame(decompile_dir_path):
+    htprotect_dir_path = os.path.join(decompile_dir_path, 'smali', 'com', 'ydzs', 'framework')
+    if not os.path.exists(htprotect_dir_path):
+        os.makedirs(htprotect_dir_path)
+    shutil.copy(os.path.join(r'D:\special_problem\九狐', 'MommyUtils.smali'), htprotect_dir_path)
+
+if ' ' in game_channel:
+    game_channel = game_channel.replace(' ', '-')
+print(sys.argv)
+if len(sys.argv) == 3:
+    game_dir = sys.argv[1]
+    game_channel = sys.argv[2]
+print(game_dir)
+print(game_channel)
+
+def fix_install_fail_bug(decompile_dir_path):
+    namespace = '{http://schemas.android.com/apk/res/android}'
+    ET.register_namespace('android', 'http://schemas.android.com/apk/res/android')
+    manifest_path = os.path.join(decompile_dir_path, 'AndroidManifest.xml')
+    xml_tree = ET.parse(manifest_path)
+    xml_root = xml_tree.getroot()
+    application_node = xml_root.find('./application')
+    etract_value = application_node.get(f'{namespace}extractNativeLibs')
+    if etract_value is not None and etract_value == 'false':
+        # 修改extractNativeLib
+        application_node.set(f'{namespace}extractNativeLibs', 'true')
+        xml_tree.write(manifest_path, encoding='utf-8', xml_declaration=True)
+
+    yaml_path = os.path.join(decompile_dir_path, 'apktool.yml')
+    file = open(yaml_path, 'r', encoding='utf-8')
+    yaml_result = yaml.load(file, Loader=yaml.BaseLoader)
+    sdk_info = yaml_result['sdkInfo']
+    yaml_result['packageInfo']['renameManifestPackage'] = None
+    print(sdk_info)
+    if int(sdk_info['targetSdkVersion']) > 29:
+        sdk_info['targetSdkVersion'] = '29'
+        print(sdk_info)
+        file.close()
+        with open(yaml_path, 'w', encoding='utf-8') as f:
+            yaml.dump(yaml_result, f)
+
+def rindex(lst, value):
+    for i, v in enumerate(reversed(lst)):
+        if v == value:
+            return len(lst) - i - 1  # return the index in the original list`
+    return None
+
+
+def move_game_apk_to_work():
+    cmd_move_str = f'copy {game_path} {work_path}'
+    print(cmd_move_str)
+    result = subprocess.getoutput(cmd_move_str)
+    print(result)
+
+
+def get_decompile_dir_name(apk_path):
+    s_index = apk_path.index('.')
+    print('s_index', s_index)
+    p_index = rindex(apk_path, '\\')
+    print('p_index:', p_index)
+    dir_name = apk_path[:rindex(apk_path, '\\') + 1] + apk_path[p_index + 1:s_index]
+    print('dir_name:', dir_name)
+    return dir_name
+
+
+def find_r_smali_and_replace(smali_file_path, regex_str):
+    with open(smali_file_path, 'r') as f:
+        smali_str = f.read()
+        pattern = re.compile(regex_str)
+        resource_arr = pattern.findall(smali_str)
+        if len(resource_arr) > 0:
+            print(smali_file_path)
+        for r_str in resource_arr:
+            virtual_name = r_str[r_str.index(' ') + 1:r_str.index(',')]
+            print(virtual_name)
+            resource_type = r_str[r_str.index('R$') + 2:r_str.index(';')].capitalize()
+            print(resource_type)
+            resource_name = r_str[r_str.index('->') + 2:r_str.index(':')]
+            print(resource_name)
+            new_r_str = "const-string %s, \"%s\"\n\n\tinvoke-static {%s}, Lcom/ydzs/framework/MommyUtils;->get%sId(Ljava/lang/String;)I\n\n\tmove-result %s" % (
+                virtual_name, resource_name, virtual_name, resource_type, virtual_name)
+            print(new_r_str)
+            smali_str = smali_str.replace(r_str, new_r_str)
+    with open(smali_file_path, 'w') as f:
+        f.write(smali_str)
+
+
+def replace_rose_resource(d_dir):
+    r_regex_str = r'sget[^\n]*R\$layout[^\n]*I|sget[^\n]*R\$id[^\n]*I|sget[^\n]*R\$drawable[^\n]*I|sget[^\n]*R\$string[^\n]*I|sget[^\n]*R\$array[^\n]*I|sget[^\n]*R\$bool[^\n]*I|sget[^\n]*R\$integer[^\n]*I'
+    for dirpath, dirnames, filenames in os.walk(d_dir):
+        if r'com\wanwu' in dirpath or r'com\ydzs' in dirpath:
+            for smali_file in filenames:
+                smali_file_path = os.path.join(dirpath, smali_file)
+                # print(smali_file_path)
+                find_r_smali_and_replace(smali_file_path, r_regex_str)
+
+
+def fix_coolpad_version_3_method_name_change_bug(decompile_dir):
+    is_version_3_sdk = False
+    is_new_sdk_and_version_lt_version_3 = False
+    for dirpath, dirnames, filenames in os.walk(decompile_dir):
+        if r'com\yulong\sdk\promoter' in dirpath and 'OnGameAuthListener.smali' in filenames:
+            auth_listener_path = os.path.join(dirpath, 'OnGameAuthListener.smali')
+            with open(auth_listener_path, 'r', encoding='utf-8') as f:
+                smali_str_arr = f.read()
+                if 'onSuccess' in smali_str_arr:
+                    is_version_3_sdk = True
+                if 'onResult' in smali_str_arr:
+                    is_new_sdk_and_version_lt_version_3 = True
+                break
+    for dirpath, dirnames, filenames in os.walk(decompile_dir):
+        if r'com\yulong\sdk\promoter' in dirpath and 'PromoterGameAuthApi$1.smali' in filenames:
+            smali_path = os.path.join(dirpath, 'PromoterGameAuthApi$1.smali')
+            print(smali_path)
+            with open(smali_path, 'r', encoding='utf-8') as f:
+                smali_str_arr = f.readlines()
+                index_str = r'onSuccess'
+                if is_new_sdk_and_version_lt_version_3:
+                    index_str = r'onSuccess'
+                elif is_version_3_sdk:
+                    index_str = r'onResult'
+                for line in smali_str_arr:
+                    if index_str in line:
+                        print(line)
+                        index = smali_str_arr.index(line)
+                        if is_new_sdk_and_version_lt_version_3:
+                            smali_str_arr[index] = line.replace(index_str, 'onResult')
+                        elif is_version_3_sdk:
+                            smali_str_arr[index] = line.replace(index_str, 'onSuccess')
+                        print(smali_str_arr[index])
+                        break
+            with open(smali_path, 'w', encoding='utf-8') as f:
+                f.write(''.join(smali_str_arr))
+                break
+    return is_version_3_sdk
+
+
+def fix_coolpad_version_3_login_fail_bug(decompile_dir_path):
+    insert_str_list = [
+        '\n\t.locals 0\n\n',
+        '\treturn-void\n\n']
+    for dirpath, dirnames, filenames in os.walk(decompile_dir_path):
+        if r'com\yulong\account\auth' in dirpath and 'AuthCodeApiImpl.smali' in filenames:
+            smali_path = os.path.join(dirpath, 'AuthCodeApiImpl.smali')
+            with open(smali_path, 'r', encoding='utf-8') as f:
+                smali_str_arr = f.readlines()
+                index_str = '.method private returnAuthError(Lcom/yulong/account/common/info/ErrorInfo;)V'
+                end_method_str = '.end method'
+                insert_str = ''.join(insert_str_list)
+                on_create_index = 0
+                insert_index = 0
+                for line in smali_str_arr:
+                    if index_str in line:
+                        on_create_index = smali_str_arr.index(line)
+                        print('on_create_index', on_create_index, line)
+                        break
+                for index, value in enumerate(smali_str_arr):
+                    if index > on_create_index and end_method_str in value:
+                        insert_index = index
+                        print('insert_index', index)
+                        break
+                print(on_create_index, insert_index)
+                del smali_str_arr[on_create_index + 1:insert_index]
+                smali_str_arr.insert(on_create_index + 1, insert_str)
+            with open(smali_path, 'w', encoding='utf-8') as f:
+                f.write(''.join(smali_str_arr))
+                break
+
+start_time = int(time.time())
+# 判断游戏是否需要修复并且是否是朱雀游戏，不需要修复就只需要拷贝arm64
+script_dir_list = os.listdir(r'F:\python_learn\day_1\script')
+is_need_fix = False
+for py_name in script_dir_list:
+    if game_channel in py_name:
+        is_need_fix = True
+        break
+
+print("aaaaaaaaaaaaaaa", is_need_fix)
+
+game_path = 'game_path is empty'
+for game_name in os.listdir(game_dir):
+    if ((channel_rose in game_channel or '青雀' in game_channel) and channel_rose in game_name) \
+            or ((channel_coolpad in game_channel or 'fake' in game_channel) and channel_coolpad in game_name)\
+            or ((channel_icefoxgame in game_channel or '冰狐' in game_channel) and channel_icefoxgame in game_name)\
+            or (channel_9hgame in game_channel and channel_9hgame in game_name)\
+            or (channel_xmy in game_channel and channel_xmy in game_name)\
+            or ('遥望' in game_channel and '遥望' in game_name):
+        game_path = os.path.join(game_dir, game_name)
+        break
+print('game_path:', game_path)
+work_path = r"D:\work"
+apk_file_path = f'{work_path}' + game_path[rindex(game_path, "\\"):]
+apk_file_path_copy = os.path.join(work_path, 'copy_'+game_path[rindex(game_path, "\\")+1:])
+print(apk_file_path_copy)
+if '全民泡泡' in game_channel:
+    if channel_rose in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'qmpp_rose')
+    elif channel_coolpad in game_channel or 'fake' in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'qmpp_coolpad')
+    elif channel_9hgame in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'qmpp_9hgame')
+    else:
+        decompile_dir_name = os.path.join(work_path, 'qmpp_xmy')
+elif '我的安吉拉2' in game_channel:
+    if channel_rose in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'wdajl_rose')
+    elif channel_coolpad in game_channel or 'fake' in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'wdajl_coolpad')
+    elif channel_9hgame in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'wdajl_9hgame')
+    else:
+        decompile_dir_name = os.path.join(work_path, 'wdajl_xmy')
+else:
+    decompile_dir_name = get_decompile_dir_name(apk_file_path)
+
+
+kfzs_sign = "kfzs_sign"
+kfzs_sign_youliang = "kfzs_sign_youliang"
+ydzs_sign = "ydzs_sign"
+# 签名文件，需要根据游戏修改
+# 签名文件，需要根据游戏修改
+# 签名文件，需要根据游戏修改
+current_sign = kfzs_sign
+if channel_rose in game_path or channel_coolpad in game_path or channel_9hgame in game_path:
+    current_sign = ydzs_sign
+elif channel_xmy in game_path:
+    current_sign = kfzs_sign
+
+# 修复脚本文件名,需要根据游戏修改
+# 修复脚本文件名,需要根据游戏修改
+# 修复脚本文件名,需要根据游戏修改
+if is_need_fix:
+    fix_python_path = os.path.join(r'F:\python_learn\day_1\script', f'{game_channel}.py')
+    print('fix_python_path', fix_python_path)
+
+# # 拷贝游戏包
+move_game_apk_to_work()
+# 复制一个原始包,只第一次复制
+if apk_file_path_copy[rindex(apk_file_path, '\\')+1:] not in os.listdir(work_path):
+    print("执行拷贝原始游戏包")
+    copy_origin_game_apk = f'copy {apk_file_path} {apk_file_path_copy}'
+    subprocess.getoutput(copy_origin_game_apk)
+else:
+    print("不执行拷贝原始游戏包")
+# # 解包
+cmd_decompile_str = rf'apktool d {apk_file_path} -f -o {decompile_dir_name} --only-main-classes'
+print(cmd_decompile_str)
+os.system(cmd_decompile_str)
+
+if channel_9hgame in game_path or channel_icefoxgame in game_path:
+    copy_mommy_for_9hgame(decompile_dir_name)
+
+#朱雀包拷贝arm64
+if (channel_rose in game_path or channel_coolpad in game_path or channel_9hgame in game_path or channel_icefoxgame in game_path) and 'arm64-v8a' in os.listdir(os.path.join(decompile_dir_name, 'lib')):
+    print('朱雀拷贝arm64')
+    arm64_path = os.path.join(decompile_dir_name, 'lib', 'arm64-v8a')
+    cmd_copy_arm64 = rf'copy D:\special_problem\朱雀arm64\libydzs.so {arm64_path}'
+    os.system(cmd_copy_arm64)
+    cmd_copy_arm64 = rf'copy D:\special_problem\朱雀arm64\libwanwusdk.so {arm64_path}'
+    os.system(cmd_copy_arm64)
+#朱雀包拷贝x86
+if (channel_rose in game_path or channel_coolpad in game_path or channel_9hgame in game_path or channel_icefoxgame in game_path) and 'x86' in os.listdir(os.path.join(decompile_dir_name, 'lib')):
+    print('朱雀拷贝x86')
+    x86_path = os.path.join(decompile_dir_name, 'lib', 'x86')
+    cmd_copy_x86 = rf'copy D:\special_problem\朱雀x86\libydzs.so {x86_path}'
+    os.system(cmd_copy_x86)
+
+#朱雀包修改资源获取方式
+if channel_rose in game_path or channel_coolpad in game_path or channel_9hgame in game_path or channel_icefoxgame in game_path:
+    print('执行朱雀包修改资源脚本')
+    replace_rose_resource(decompile_dir_name)
+    for dirpath, dirnames, filenames in os.walk(decompile_dir_name):
+        if r'com\ydzs\framework\java' in dirpath and 'YDZSSDKUser.smali' in filenames:
+            smali_path = os.path.join(dirpath, 'YDZSSDKUser.smali')
+            print(smali_path)
+            with open(smali_path, 'r', encoding='utf-8') as f:
+                smali_str_arr = f.readlines()
+                index_str = 'invoke-static {}, Lcom/ydzs/framework/SDKNativeWrapper;->nativeGetRealnameStatus()Ljava/lang/String;'
+                index_str2 = 'invoke-static {p1}, Lcom/ydzs/framework/SDKNativeWrapper;->nativeEnterGame(Ljava/util/HashMap;)Ljava/lang/String;'
+                replace_str = '\tinvoke-static {}, Lcom/ydzs/framework/SDKNativeWrapper;->nativeGetRealnameStatus()V\n'
+                replace_str2 = '\tinvoke-static {p1}, Lcom/ydzs/framework/SDKNativeWrapper;->nativeEnterGame(Ljava/util/HashMap;)V\n'
+                for line in smali_str_arr:
+                    if index_str in line:
+                        smali_str_arr[smali_str_arr.index(line)] = replace_str
+                    if index_str2 in line:
+                        smali_str_arr[smali_str_arr.index(line)] = replace_str2
+            with open(smali_path, 'w', encoding='utf-8') as f:
+                f.write(''.join(smali_str_arr))
+
+        if r'com\ydzs\framework' in dirpath and 'SDKNativeWrapper.smali' in filenames:
+            smali_path = os.path.join(dirpath, 'SDKNativeWrapper.smali')
+            print(smali_path)
+            with open(smali_path, 'r', encoding='utf-8') as f:
+                smali_str_arr = f.readlines()
+                index_str = '.method public static native nativeGetRealnameStatus()Ljava/lang/String;'
+                index_str2 = '.method public static native nativeEnterGame(Ljava/util/HashMap;)Ljava/lang/String;'
+                replace_str = '.method public static native nativeGetRealnameStatus()V\n'
+                replace_str2 = '.method public static native nativeEnterGame(Ljava/util/HashMap;)V\n'
+                for line in smali_str_arr:
+                    if index_str in line:
+                        smali_str_arr[smali_str_arr.index(line)] = replace_str
+                    if index_str2 in line:
+                        smali_str_arr[smali_str_arr.index(line)] = replace_str2
+            with open(smali_path, 'w', encoding='utf-8') as f:
+                f.write(''.join(smali_str_arr))
+
+# # 修复脚本
+if is_need_fix:
+    os.system(f'python {fix_python_path} {decompile_dir_name} {game_dir}')
+
+#修复酷派新sdk 3.0接口方法名改变登录后闪退bug
+is_version_3_sdk = fix_coolpad_version_3_method_name_change_bug(decompile_dir_name)
+print('is_version_3_sdk: ', is_version_3_sdk)
+if is_version_3_sdk:
+    fix_coolpad_version_3_login_fail_bug(decompile_dir_name)
+
+fix_install_fail_bug(decompile_dir_name)
+
+# # 合包
+if '全民泡泡' in game_channel or '我的安吉拉2' in game_channel:
+    cmd_build_str = f'apktool b {decompile_dir_name} -f -o {apk_file_path} --use-aapt2'
+elif '乱世终结' in game_channel:
+    cmd_build_str = f'apktool b {decompile_dir_name} -f -o {apk_file_path} -api 29'
+else:
+    cmd_build_str = f'apktool b {decompile_dir_name} -f -o {apk_file_path}'
+print('cmd_build_str:', cmd_build_str)
+os.system(cmd_build_str)
+# 签名
+if '极无双' in game_channel or '终末阵线' in game_channel\
+        or '灌篮高手' in game_channel or '炼仙传说' in game_channel\
+        or '生死狙击' in game_channel or '全明星激斗' in game_channel\
+        or '弹弹堂大冒险' in game_channel or '勇者秘境' in game_channel:
+    current_sign = kfzs_sign_youliang
+if '航海王启航D' in game_channel:
+    current_sign = ydzs_sign
+if '我叫MT：经典再现Y' in game_channel:
+    current_sign = kfzs_sign
+
+cmd_sign_str = rf'{current_sign} {apk_file_path}'
+print(cmd_sign_str)
+cmd_result = subprocess.getoutput(cmd_sign_str)
+print(cmd_result)
+# 拷贝回测试组
+cmd_move_back_to_test_public = f'copy {apk_file_path} {game_dir}'
+print(cmd_move_back_to_test_public)
+cmd_result = subprocess.getoutput(cmd_move_back_to_test_public)
+print(cmd_result)
+end_time = int(time.time())
+print('执行时间s:', end_time-start_time)
+print('执行时间m:', (end_time-start_time)/60)
+win32api.MessageBox(0, "游戏修复完毕", "提醒", win32con.MB_OK)

apktool3.py

@@ -0,0 +1,375 @@
+# -*- coding:utf-8 -*-
+import os
+import re
+import shutil
+import subprocess
+import sys
+import time
+
+import win32api
+import win32con
+import yaml
+import xml.etree.ElementTree as ET
+channel_rose = '朱雀'
+channel_coolpad='FAKE'
+channel_xmy = '小绵羊'
+channel_9hgame = '九狐'
+channel_icefoxgame = '冰狐'
+# 测试组游戏地址，需要根据游戏修改
+# 测试组游戏地址，需要根据游戏修改
+# 测试组游戏地址，需要根据游戏修改
+game_dir = r'\\10.8.230.114\public\测试组\20240523\破天一剑Y'
+# 其他情况使用BPM上面的任务名称
+game_channel = '破天一剑Y-朱雀'
+
+def copy_mommy_for_9hgame(decompile_dir_path):
+    htprotect_dir_path = os.path.join(decompile_dir_path, 'smali', 'com', 'ydzs', 'framework')
+    if not os.path.exists(htprotect_dir_path):
+        os.makedirs(htprotect_dir_path)
+    shutil.copy(os.path.join(r'D:\special_problem\九狐', 'MommyUtils.smali'), htprotect_dir_path)
+
+if ' ' in game_channel:
+    game_channel = game_channel.replace(' ', '-')
+print(sys.argv)
+if len(sys.argv) == 3:
+    game_dir = sys.argv[1]
+    game_channel = sys.argv[2]
+print(game_dir)
+print(game_channel)
+
+def fix_install_fail_bug(decompile_dir_path):
+    namespace = '{http://schemas.android.com/apk/res/android}'
+    ET.register_namespace('android', 'http://schemas.android.com/apk/res/android')
+    manifest_path = os.path.join(decompile_dir_path, 'AndroidManifest.xml')
+    xml_tree = ET.parse(manifest_path)
+    xml_root = xml_tree.getroot()
+    application_node = xml_root.find('./application')
+    etract_value = application_node.get(f'{namespace}extractNativeLibs')
+    if etract_value is not None and etract_value == 'false':
+        # 修改extractNativeLib
+        application_node.set(f'{namespace}extractNativeLibs', 'true')
+        xml_tree.write(manifest_path, encoding='utf-8', xml_declaration=True)
+
+    yaml_path = os.path.join(decompile_dir_path, 'apktool.yml')
+    file = open(yaml_path, 'r', encoding='utf-8')
+    yaml_result = yaml.load(file, Loader=yaml.BaseLoader)
+    sdk_info = yaml_result['sdkInfo']
+    yaml_result['packageInfo']['renameManifestPackage'] = None
+    print(sdk_info)
+    if int(sdk_info['targetSdkVersion']) > 29:
+        sdk_info['targetSdkVersion'] = '29'
+        print(sdk_info)
+        file.close()
+        with open(yaml_path, 'w', encoding='utf-8') as f:
+            yaml.dump(yaml_result, f)
+
+def rindex(lst, value):
+    for i, v in enumerate(reversed(lst)):
+        if v == value:
+            return len(lst) - i - 1  # return the index in the original list`
+    return None
+
+
+def move_game_apk_to_work():
+    cmd_move_str = f'copy {game_path} {work_path}'
+    print(cmd_move_str)
+    result = subprocess.getoutput(cmd_move_str)
+    print(result)
+
+
+def get_decompile_dir_name(apk_path):
+    s_index = apk_path.index('.')
+    print('s_index', s_index)
+    p_index = rindex(apk_path, '\\')
+    print('p_index:', p_index)
+    dir_name = apk_path[:rindex(apk_path, '\\') + 1] + apk_path[p_index + 1:s_index]
+    print('dir_name:', dir_name)
+    return dir_name
+
+
+def find_r_smali_and_replace(smali_file_path, regex_str):
+    with open(smali_file_path, 'r') as f:
+        smali_str = f.read()
+        pattern = re.compile(regex_str)
+        resource_arr = pattern.findall(smali_str)
+        if len(resource_arr) > 0:
+            print(smali_file_path)
+        for r_str in resource_arr:
+            virtual_name = r_str[r_str.index(' ') + 1:r_str.index(',')]
+            print(virtual_name)
+            resource_type = r_str[r_str.index('R$') + 2:r_str.index(';')].capitalize()
+            print(resource_type)
+            resource_name = r_str[r_str.index('->') + 2:r_str.index(':')]
+            print(resource_name)
+            new_r_str = "const-string %s, \"%s\"\n\n\tinvoke-static {%s}, Lcom/ydzs/framework/MommyUtils;->get%sId(Ljava/lang/String;)I\n\n\tmove-result %s" % (
+                virtual_name, resource_name, virtual_name, resource_type, virtual_name)
+            print(new_r_str)
+            smali_str = smali_str.replace(r_str, new_r_str)
+    with open(smali_file_path, 'w') as f:
+        f.write(smali_str)
+
+
+def replace_rose_resource(d_dir):
+    r_regex_str = r'sget[^\n]*R\$layout[^\n]*I|sget[^\n]*R\$id[^\n]*I|sget[^\n]*R\$drawable[^\n]*I|sget[^\n]*R\$string[^\n]*I|sget[^\n]*R\$array[^\n]*I|sget[^\n]*R\$bool[^\n]*I|sget[^\n]*R\$integer[^\n]*I'
+    for dirpath, dirnames, filenames in os.walk(d_dir):
+        if r'com\wanwu' in dirpath or r'com\ydzs' in dirpath:
+            for smali_file in filenames:
+                smali_file_path = os.path.join(dirpath, smali_file)
+                # print(smali_file_path)
+                find_r_smali_and_replace(smali_file_path, r_regex_str)
+
+
+def fix_coolpad_version_3_method_name_change_bug(decompile_dir):
+    is_version_3_sdk = False
+    is_new_sdk_and_version_lt_version_3 = False
+    for dirpath, dirnames, filenames in os.walk(decompile_dir):
+        if r'com\yulong\sdk\promoter' in dirpath and 'OnGameAuthListener.smali' in filenames:
+            auth_listener_path = os.path.join(dirpath, 'OnGameAuthListener.smali')
+            with open(auth_listener_path, 'r', encoding='utf-8') as f:
+                smali_str_arr = f.read()
+                if 'onSuccess' in smali_str_arr:
+                    is_version_3_sdk = True
+                if 'onResult' in smali_str_arr:
+                    is_new_sdk_and_version_lt_version_3 = True
+                break
+    for dirpath, dirnames, filenames in os.walk(decompile_dir):
+        if r'com\yulong\sdk\promoter' in dirpath and 'PromoterGameAuthApi$1.smali' in filenames:
+            smali_path = os.path.join(dirpath, 'PromoterGameAuthApi$1.smali')
+            print(smali_path)
+            with open(smali_path, 'r', encoding='utf-8') as f:
+                smali_str_arr = f.readlines()
+                index_str = r'onSuccess'
+                if is_new_sdk_and_version_lt_version_3:
+                    index_str = r'onSuccess'
+                elif is_version_3_sdk:
+                    index_str = r'onResult'
+                for line in smali_str_arr:
+                    if index_str in line:
+                        print(line)
+                        index = smali_str_arr.index(line)
+                        if is_new_sdk_and_version_lt_version_3:
+                            smali_str_arr[index] = line.replace(index_str, 'onResult')
+                        elif is_version_3_sdk:
+                            smali_str_arr[index] = line.replace(index_str, 'onSuccess')
+                        print(smali_str_arr[index])
+                        break
+            with open(smali_path, 'w', encoding='utf-8') as f:
+                f.write(''.join(smali_str_arr))
+                break
+    return is_version_3_sdk
+
+
+def fix_coolpad_version_3_login_fail_bug(decompile_dir_path):
+    insert_str_list = [
+        '\n\t.locals 0\n\n',
+        '\treturn-void\n\n']
+    for dirpath, dirnames, filenames in os.walk(decompile_dir_path):
+        if r'com\yulong\account\auth' in dirpath and 'AuthCodeApiImpl.smali' in filenames:
+            smali_path = os.path.join(dirpath, 'AuthCodeApiImpl.smali')
+            with open(smali_path, 'r', encoding='utf-8') as f:
+                smali_str_arr = f.readlines()
+                index_str = '.method private returnAuthError(Lcom/yulong/account/common/info/ErrorInfo;)V'
+                end_method_str = '.end method'
+                insert_str = ''.join(insert_str_list)
+                on_create_index = 0
+                insert_index = 0
+                for line in smali_str_arr:
+                    if index_str in line:
+                        on_create_index = smali_str_arr.index(line)
+                        print('on_create_index', on_create_index, line)
+                        break
+                for index, value in enumerate(smali_str_arr):
+                    if index > on_create_index and end_method_str in value:
+                        insert_index = index
+                        print('insert_index', index)
+                        break
+                print(on_create_index, insert_index)
+                del smali_str_arr[on_create_index + 1:insert_index]
+                smali_str_arr.insert(on_create_index + 1, insert_str)
+            with open(smali_path, 'w', encoding='utf-8') as f:
+                f.write(''.join(smali_str_arr))
+                break
+
+start_time = int(time.time())
+# 判断游戏是否需要修复并且是否是朱雀游戏，不需要修复就只需要拷贝arm64
+script_dir_list = os.listdir(r'F:\python_learn\day_1\script')
+is_need_fix = False
+for py_name in script_dir_list:
+    if game_channel in py_name:
+        is_need_fix = True
+        break
+
+print("aaaaaaaaaaaaaaa", is_need_fix)
+
+game_path = 'game_path is empty'
+for game_name in os.listdir(game_dir):
+    if ((channel_rose in game_channel or '青雀' in game_channel) and channel_rose in game_name) \
+            or ((channel_coolpad in game_channel or 'fake' in game_channel) and channel_coolpad in game_name)\
+            or ((channel_icefoxgame in game_channel or '冰狐' in game_channel) and channel_icefoxgame in game_name)\
+            or (channel_9hgame in game_channel and channel_9hgame in game_name)\
+            or (channel_xmy in game_channel and channel_xmy in game_name)\
+            or ('遥望' in game_channel and '遥望' in game_name):
+        game_path = os.path.join(game_dir, game_name)
+        break
+print('game_path:', game_path)
+work_path = r"D:\work"
+apk_file_path = f'{work_path}' + game_path[rindex(game_path, "\\"):]
+apk_file_path_copy = os.path.join(work_path, 'copy_'+game_path[rindex(game_path, "\\")+1:])
+print(apk_file_path_copy)
+if '全民泡泡' in game_channel:
+    if channel_rose in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'qmpp_rose')
+    elif channel_coolpad in game_channel or 'fake' in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'qmpp_coolpad')
+    elif channel_9hgame in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'qmpp_9hgame')
+    else:
+        decompile_dir_name = os.path.join(work_path, 'qmpp_xmy')
+elif '我的安吉拉2' in game_channel:
+    if channel_rose in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'wdajl_rose')
+    elif channel_coolpad in game_channel or 'fake' in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'wdajl_coolpad')
+    elif channel_9hgame in game_channel:
+        decompile_dir_name = os.path.join(work_path, 'wdajl_9hgame')
+    else:
+        decompile_dir_name = os.path.join(work_path, 'wdajl_xmy')
+else:
+    decompile_dir_name = get_decompile_dir_name(apk_file_path)
+
+
+kfzs_sign = "kfzs_sign"
+kfzs_sign_youliang = "kfzs_sign_youliang"
+ydzs_sign = "ydzs_sign"
+# 签名文件，需要根据游戏修改
+# 签名文件，需要根据游戏修改
+# 签名文件，需要根据游戏修改
+current_sign = kfzs_sign
+if channel_rose in game_path or channel_coolpad in game_path or channel_9hgame in game_path:
+    current_sign = ydzs_sign
+elif channel_xmy in game_path:
+    current_sign = kfzs_sign
+
+# 修复脚本文件名,需要根据游戏修改
+# 修复脚本文件名,需要根据游戏修改
+# 修复脚本文件名,需要根据游戏修改
+if is_need_fix:
+    fix_python_path = os.path.join(r'F:\python_learn\day_1\script', f'{game_channel}.py')
+    print('fix_python_path', fix_python_path)
+
+# # 拷贝游戏包
+move_game_apk_to_work()
+# 复制一个原始包,只第一次复制
+if apk_file_path_copy[rindex(apk_file_path, '\\')+1:] not in os.listdir(work_path):
+    print("执行拷贝原始游戏包")
+    copy_origin_game_apk = f'copy {apk_file_path} {apk_file_path_copy}'
+    subprocess.getoutput(copy_origin_game_apk)
+else:
+    print("不执行拷贝原始游戏包")
+# # 解包
+cmd_decompile_str = rf'apktool d {apk_file_path} -f -o {decompile_dir_name} --only-main-classes'
+print(cmd_decompile_str)
+os.system(cmd_decompile_str)
+
+if channel_9hgame in game_path or channel_icefoxgame in game_path:
+    copy_mommy_for_9hgame(decompile_dir_name)
+
+#朱雀包拷贝arm64
+if (channel_rose in game_path or channel_coolpad in game_path or channel_9hgame in game_path or channel_icefoxgame in game_path) and 'arm64-v8a' in os.listdir(os.path.join(decompile_dir_name, 'lib')):
+    print('朱雀拷贝arm64')
+    arm64_path = os.path.join(decompile_dir_name, 'lib', 'arm64-v8a')
+    cmd_copy_arm64 = rf'copy D:\special_problem\朱雀arm64\libydzs.so {arm64_path}'
+    os.system(cmd_copy_arm64)
+    cmd_copy_arm64 = rf'copy D:\special_problem\朱雀arm64\libwanwusdk.so {arm64_path}'
+    os.system(cmd_copy_arm64)
+#朱雀包拷贝x86
+if (channel_rose in game_path or channel_coolpad in game_path or channel_9hgame in game_path or channel_icefoxgame in game_path) and 'x86' in os.listdir(os.path.join(decompile_dir_name, 'lib')):
+    print('朱雀拷贝x86')
+    x86_path = os.path.join(decompile_dir_name, 'lib', 'x86')
+    cmd_copy_x86 = rf'copy D:\special_problem\朱雀x86\libydzs.so {x86_path}'
+    os.system(cmd_copy_x86)
+
+#朱雀包修改资源获取方式
+if channel_rose in game_path or channel_coolpad in game_path or channel_9hgame in game_path or channel_icefoxgame in game_path:
+    print('执行朱雀包修改资源脚本')
+    replace_rose_resource(decompile_dir_name)
+    for dirpath, dirnames, filenames in os.walk(decompile_dir_name):
+        if r'com\ydzs\framework\java' in dirpath and 'YDZSSDKUser.smali' in filenames:
+            smali_path = os.path.join(dirpath, 'YDZSSDKUser.smali')
+            print(smali_path)
+            with open(smali_path, 'r', encoding='utf-8') as f:
+                smali_str_arr = f.readlines()
+                index_str = 'invoke-static {}, Lcom/ydzs/framework/SDKNativeWrapper;->nativeGetRealnameStatus()Ljava/lang/String;'
+                index_str2 = 'invoke-static {p1}, Lcom/ydzs/framework/SDKNativeWrapper;->nativeEnterGame(Ljava/util/HashMap;)Ljava/lang/String;'
+                replace_str = '\tinvoke-static {}, Lcom/ydzs/framework/SDKNativeWrapper;->nativeGetRealnameStatus()V\n'
+                replace_str2 = '\tinvoke-static {p1}, Lcom/ydzs/framework/SDKNativeWrapper;->nativeEnterGame(Ljava/util/HashMap;)V\n'
+                for line in smali_str_arr:
+                    if index_str in line:
+                        smali_str_arr[smali_str_arr.index(line)] = replace_str
+                    if index_str2 in line:
+                        smali_str_arr[smali_str_arr.index(line)] = replace_str2
+            with open(smali_path, 'w', encoding='utf-8') as f:
+                f.write(''.join(smali_str_arr))
+
+        if r'com\ydzs\framework' in dirpath and 'SDKNativeWrapper.smali' in filenames:
+            smali_path = os.path.join(dirpath, 'SDKNativeWrapper.smali')
+            print(smali_path)
+            with open(smali_path, 'r', encoding='utf-8') as f:
+                smali_str_arr = f.readlines()
+                index_str = '.method public static native nativeGetRealnameStatus()Ljava/lang/String;'
+                index_str2 = '.method public static native nativeEnterGame(Ljava/util/HashMap;)Ljava/lang/String;'
+                replace_str = '.method public static native nativeGetRealnameStatus()V\n'
+                replace_str2 = '.method public static native nativeEnterGame(Ljava/util/HashMap;)V\n'
+                for line in smali_str_arr:
+                    if index_str in line:
+                        smali_str_arr[smali_str_arr.index(line)] = replace_str
+                    if index_str2 in line:
+                        smali_str_arr[smali_str_arr.index(line)] = replace_str2
+            with open(smali_path, 'w', encoding='utf-8') as f:
+                f.write(''.join(smali_str_arr))
+
+# # 修复脚本
+if is_need_fix:
+    os.system(f'python {fix_python_path} {decompile_dir_name} {game_dir}')
+
+#修复酷派新sdk 3.0接口方法名改变登录后闪退bug
+is_version_3_sdk = fix_coolpad_version_3_method_name_change_bug(decompile_dir_name)
+print('is_version_3_sdk: ', is_version_3_sdk)
+if is_version_3_sdk:
+    fix_coolpad_version_3_login_fail_bug(decompile_dir_name)
+
+fix_install_fail_bug(decompile_dir_name)
+
+# # 合包
+if '全民泡泡' in game_channel or '我的安吉拉2' in game_channel:
+    cmd_build_str = f'apktool b {decompile_dir_name} -f -o {apk_file_path} --use-aapt2'
+elif '乱世终结' in game_channel:
+    cmd_build_str = f'apktool b {decompile_dir_name} -f -o {apk_file_path} -api 29'
+else:
+    cmd_build_str = f'apktool b {decompile_dir_name} -f -o {apk_file_path}'
+print('cmd_build_str:', cmd_build_str)
+os.system(cmd_build_str)
+# 签名
+if '极无双' in game_channel or '终末阵线' in game_channel\
+        or '灌篮高手' in game_channel or '炼仙传说' in game_channel\
+        or '生死狙击' in game_channel or '全明星激斗' in game_channel\
+        or '弹弹堂大冒险' in game_channel or '勇者秘境' in game_channel:
+    current_sign = kfzs_sign_youliang
+if '航海王启航D' in game_channel:
+    current_sign = ydzs_sign
+if '我叫MT：经典再现Y' in game_channel:
+    current_sign = kfzs_sign
+
+cmd_sign_str = rf'{current_sign} {apk_file_path}'
+print(cmd_sign_str)
+cmd_result = subprocess.getoutput(cmd_sign_str)
+print(cmd_result)
+# 拷贝回测试组
+cmd_move_back_to_test_public = f'copy {apk_file_path} {game_dir}'
+print(cmd_move_back_to_test_public)
+cmd_result = subprocess.getoutput(cmd_move_back_to_test_public)
+print(cmd_result)
+end_time = int(time.time())
+print('执行时间s:', end_time-start_time)
+print('执行时间m:', (end_time-start_time)/60)
+win32api.MessageBox(0, "游戏修复完毕", "提醒", win32con.MB_OK)

frida-learn/debug.py

@@ -0,0 +1,51 @@
+# -*- coding:utf-8 -*-
+import sys
+
+__author__ = 'Snow'
+import frida
+
+
+src = """
+    setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        //var SDKPluginWrapper = Java.use("com.kf.framework.SDKPluginWrapper");
+        //SDKPluginWrapper.getDeveloperInfo.implementation = function(){
+        //    var hashTable = this.getDeveloperInfo();
+        //    hashTable.put("debugMode","0");
+        //    return hashTable;
+        //};
+
+        var SDKPluginWrapper = Java.use("com.ydzs.framework.SDKPluginWrapper");
+        SDKPluginWrapper.getDeveloperInfo.implementation = function(){
+            var hashTable = this.getDeveloperInfo();
+            hashTable.put("debugMode","0");
+            return hashTable;
+        };
+
+         var CoolPad$2$1 = Java.use("com.sqwan.msdk.api.sdk.CoolPad$2$1");
+         CoolPad$2$1.onRequestSuccess.implementation = function(var1){
+            send("param1 ---->" + var1);
+            this.onRequestSuccess(var1);
+
+         };
+    });
+});
+"""
+
+def on_message(message,data):
+    if message["type"] == "send":
+        print("[+] {}".format(message["payload"]))
+    else:
+        print("[-] {}".format(message))
+
+app = "异能都市"
+
+dev = frida.get_remote_device()
+session = dev.attach(app)
+script = session.create_script(src)
+script.on("message", on_message)
+script.load()
+# dev.resume(app)
+sys.stdin.read()
+

frida-learn/dex_dump.py

@@ -0,0 +1,47 @@
+# -*- coding:utf-8 -*-
+import sys
+
+__author__ = 'Snow'
+import frida
+
+
+src = """
+    var dex_count = 0
+    Interceptor.attach(
+    Module.findExportByName(
+        'libart.so',
+        '_ZN3art7DexFile10OpenMemoryEPKhjRKNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEjPNS_6MemMapEPKNS_10OatDexFileEPS9_'
+    ),
+    {
+        onEnter: function (args) {
+            var begin = args[1]
+            var address = parseInt(begin, 16) + 0x20
+            var dex_size = Memory.readInt(ptr(address))
+            dex_count++
+            send('Dex' + dex_count + ' Size : ' + dex_size)
+            var file = new File('/data/data/%s/classes' + (dex_count == 1 ? '' : dex_count) + '.dex', 'wb')
+            file.write(Memory.readByteArray(begin, dex_size))
+            file.flush()
+            file.close()
+        },
+        onLeave: function (retval) {
+        }
+    }
+);
+"""
+app = 'com.hytc.hxsg2.coolpad'
+
+def on_message(message,data):
+    if message["type"] == "send":
+        print("[+] {}".format(message["payload"]))
+    else:
+        print("[-] {}".format(message))
+dev = frida.get_remote_device()
+pid = dev.spawn(app)
+session = dev.attach(pid)
+script = session.create_script(src % app)
+script.on("message", on_message)
+script.load()
+dev.resume(app)
+sys.stdin.read()
+

frida-learn/dex_dump_64.py

@@ -0,0 +1,47 @@
+# -*- coding:utf-8 -*-
+import sys
+
+__author__ = 'Snow'
+import frida
+
+
+src = """
+    var dex_count = 0
+    Interceptor.attach(
+    Module.findExportByName(
+        'libdexfile.so',
+        '_ZN3art13DexFileLoader10OpenCommonEPKhmS2_mRKNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEjPKNS_10OatDexFileEbbPS9_NS3_10unique_ptrINS_16DexFileContainerENS3_14default_deleteISH_EEEEPNS0_12VerifyResultE'
+    ),
+    {
+        onEnter: function (args) {
+            var begin = args[1]
+            var address = parseInt(begin, 16) + 0x20
+            var dex_size = Memory.readInt(ptr(address))
+            dex_count++
+            send('Dex' + dex_count + ' Size : ' + dex_size)
+            var file = new File('/data/data/%s/classes' + (dex_count == 1 ? '' : dex_count) + '.dex', 'wb')
+            file.write(Memory.readByteArray(begin, dex_size))
+            file.flush()
+            file.close()
+        },
+        onLeave: function (retval) {
+        }
+    }
+);
+"""
+app = 'com.hytc.hxsg2.coolpad'
+
+def on_message(message,data):
+    if message["type"] == "send":
+        print("[+] {}".format(message["payload"]))
+    else:
+        print("[-] {}".format(message))
+dev = frida.get_remote_device()
+pid = dev.spawn(app)
+session = dev.attach(pid)
+script = session.create_script(src % app)
+script.on("message", on_message)
+script.load()
+dev.resume(app)
+sys.stdin.read()
+

frida-learn/fkysr2.py

@@ -0,0 +1,54 @@
+# -*- coding:utf-8 -*-
+import sys
+
+__author__ = 'Snow'
+import frida
+
+dev = frida.get_remote_device()
+session = dev.attach("海王捕鱼")
+src = """
+    setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        var Toast = Java.use("android.widget.Toast");
+        // 获取 context
+        var currentApplication = Java.use("android.app.ActivityThread").currentApplication();
+        var context = currentApplication.getApplicationContext();
+        // 在主线程中运行回调
+        Java.scheduleOnMainThread(function(){
+            Toast.makeText(context, "Hello frida!", Toast.LENGTH_LONG.value).show();
+        });
+        var sdk = Java.use("com.handmobi.mutisdk.library.api.sdk._360");
+        sdk.gameLogin.implementation = function(var1,var2,var3){
+            this.gameLogin(var1,var2,var3);
+            send("Landroid/app/Activity;      : "+var1);
+            send("int      : "+var2);
+            send("Lcom/handmobi/mutisdk/library/game/SdkResultCallBack;      : "+var3);
+            //console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
+
+        };
+
+        var AppUtil_OuterAccess = Java.use("com.handmobi.sdk.library.utils.AppUtil_OuterAccess")
+        AppUtil_OuterAccess.getToken.overload("android.content.Context").implementation = function(var1){
+            var token = AppUtil_OuterAccess.getToken(var1);
+            send("token is:" + token);
+            return token;
+        }
+
+        var loginCallback = Java.use("com.handmobi.mutisdk.library.api.sdk._360$3");
+        loginCallback.onFinished.implementation = function(result){
+            send("login result:"+result);
+            this.onFinished(result);
+        }
+    });
+});
+"""
+
+def on_message(message,data):
+    print("[-] {}".format(message))
+
+script = session.create_script(src)
+script.on("message", on_message)
+script.load()
+sys.stdin.read()
+

frida-learn/game_js/bydsj.js

@@ -0,0 +1,21 @@
+setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        var AndroidApi = Java.use("com.pokercity.common.AndroidApi");
+        AndroidApi.GetSelfAppSign.implementation = function(){
+            var result = this.GetSelfAppSign();
+            send("signature result----->"+result);
+            return result;
+        };
+        var ApplicationPackageManager = Java.use("android.app.ApplicationPackageManager");
+        ApplicationPackageManager.getPackageInfo.overload("java.lang.String","int").implementation = function(var1,var2){
+            var result = this.getPackageInfo(var1,var2);
+            if(var2 == 64){
+                send("getPackageInfo----> var2:"+var2);
+                console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
+            }
+
+            return result;
+        };
+    });
+});

frida-learn/game_js/dldlkp.js

@@ -0,0 +1,30 @@
+setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        var GUtils = Java.use("com.ly.sdk.utils.GUtils");
+        GUtils.getAppSignature.implementation = function(var1,var2,var3){
+            var result = this.getAppSignature(var1,var2,var3);
+            send("getAppSignature----> result:"+result);
+            return result;
+        };
+        var ApplicationPackageManager = Java.use("android.app.ApplicationPackageManager");
+        ApplicationPackageManager.getPackageInfo.overload("java.lang.String","int").implementation = function(var1,var2){
+            var result = this.getPackageInfo(var1,var2);
+            if(var2 == 64){
+                send("getPackageInfo----> var2:"+var2);
+                console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
+            }
+
+            return result;
+        };
+
+         Java.enumerateClassLoaders({
+        "onMatch": function(loader) {
+            console.log(loader);
+        },
+        "onComplete": function() {
+            console.log("success");
+        }
+    });
+    });
+});

frida-learn/game_js/fbmy2.js

@@ -0,0 +1,10 @@
+setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        var AppEnv = Java.use("com.kingsoft.shiyou.omnisdk.basic.build.AppEnvKt");
+        AppEnv.getDEBUG_MODE.overload().implementation = function(){
+            send("hook getDEBUG_MODE:"+this.getDEBUG_MODE());
+            return true;
+        }
+    });
+});

frida-learn/game_js/fkysr2.js

@@ -0,0 +1,34 @@
+setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        var Toast = Java.use("android.widget.Toast");
+        // 获取 context
+        var currentApplication = Java.use("android.app.ActivityThread").currentApplication();
+        var context = currentApplication.getApplicationContext();
+        // 在主线程中运行回调
+        Java.scheduleOnMainThread(function(){
+            Toast.makeText(context, "Hello frida!", Toast.LENGTH_LONG.value).show();
+        });
+        var k = Java.use("com.quicksdk.utility.k");
+        k.a.overload().implementation = function(){
+            var result = this.a();
+            send("result      : "+result);
+            return result;
+            //console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
+
+        };
+
+        var AppUtil_OuterAccess = Java.use("com.handmobi.sdk.library.utils.AppUtil_OuterAccess")
+        AppUtil_OuterAccess.getToken.overload("android.content.Context").implementation = function(var1){
+            var token = AppUtil_OuterAccess.getToken(var1);
+            send("token is:" + token);
+            return token;
+        }
+
+        var loginCallback = Java.use("com.handmobi.mutisdk.library.api.sdk._360$3");
+        loginCallback.onFinished.implementation = function(result){
+            send("login result:"+result);
+            this.onFinished(result);
+        }
+    });
+});

frida-learn/game_js/hhwrsyz.js

@@ -0,0 +1,40 @@
+setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        var Toast = Java.use("android.widget.Toast");
+        // 获取 context
+        var currentApplication = Java.use("android.app.ActivityThread").currentApplication();
+        var context = currentApplication.getApplicationContext();
+        // 在主线程中运行回调
+        Java.scheduleOnMainThread(function(){
+            Toast.makeText(context, "Hello frida!", Toast.LENGTH_LONG.value).show();
+        });
+        var AndroidUtil = Java.use("com.hutong.libsupersdk.util.AndroidUtil");
+        AndroidUtil.getCertificateSHA1Fingerprint.implementation = function(var1){
+            var result = this.getCertificateSHA1Fingerprint(var1);
+            send("getCertificateSHA1Fingerprint signature      : "+result);
+            //console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
+            return "B0:79:22:3E:93:D2:DC:B1:83:6A:4C:B8:E1:60:16:72:A7:97:94:9A";
+        };
+        var UnityPlayer = Java.use("com.unity3d.player.UnityPlayer");
+        UnityPlayer.finish.implementation = function(){
+            send("UnityPlayer----> finish invoke");
+        };
+        UnityPlayer.loadLibraryStatic.implementation = function(var1){
+            send("UnityPlayer loadLibraryStatic var1---->" + var1);
+            var result = this.loadLibraryStatic(var1);
+            return result;
+        };
+
+        var ApplicationPackageManager = Java.use("android.app.ApplicationPackageManager");
+        ApplicationPackageManager.getPackageInfo.overload("java.lang.String","int").implementation = function(var1,var2){
+            var result = this.getPackageInfo(var1,var2);
+            if(var2 == 64){
+                send("getPackageInfo----> var2:"+var2);
+                console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
+            }
+
+            return result;
+        };
+    });
+});

frida-learn/game_js/hook_signatures.js

@@ -0,0 +1,26 @@
+setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        var ApplicationPackageManager = Java.use("android.app.ApplicationPackageManager");
+        var PackageInfo = Java.use("android.content.pm.PackageInfo");
+        var Signature = Java.use("android.content.pm.Signature");
+        var Array = Java.use("java.lang.reflect.Array");
+        ApplicationPackageManager.getPackageInfo.overload("java.lang.String","int").implementation = function(var1,var2){
+            var result = this.getPackageInfo(var1,var2);
+            if(var2 == 64){
+                send("getPackageInfo----> var2:"+var2);
+                console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
+            }
+
+            return result;
+        };
+        Signature.toByteArray.overload().implementation = function(){
+            var result = this.toByteArray();
+            console.log("yb sign byte[]------->",result);
+            var signCharStr = Signature.$new(result).toCharsString()
+            console.log("yb sign charStr------->",signCharStr);
+            return result;
+        }
+
+    });
+});

frida-learn/game_js/llfz.js

@@ -0,0 +1,63 @@
+setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+
+        var ApplicationPackageManager = Java.use("android.app.ApplicationPackageManager");
+        var PackageInfo = Java.use("android.content.pm.PackageInfo");
+        var Signature = Java.use("android.content.pm.Signature");
+        var Array = Java.use("java.lang.reflect.Array");
+        ApplicationPackageManager.getPackageInfo.overload("java.lang.String","int").implementation = function(var1,var2){
+            var result = this.getPackageInfo(var1,var2);
+            if(var2 == 64){
+                send("getPackageInfo----> var2:"+var2);
+                console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
+            }
+
+            return result;
+        };
+
+        Signature.toByteArray.overload().implementation = function(){
+            var result = this.toByteArray();
+            console.log("yb sign byte[]------->",result);
+            var signCharStr = Signature.$new(result).toCharsString()
+            console.log("yb sign charStr------->",signCharStr);
+            return result;
+        }
+
+        var SWProtectSDK = Java.use("com.swpprotect.sdk.SWProtectSDK")
+        SWProtectSDK.getSign.overload("java.lang.String").implementation = function(var1){
+            send("starting getSign");
+            var result = this.getSign(var1);
+            console.log("getSign result------>",result)
+            return result;
+        }
+
+        SWProtectSDK.getSecInfo.overload().implementation = function(){
+            send("starting getSecInfo");
+            var result = this.getSecInfo();
+            console.log("getSecInfo result------>",result)
+            return result;
+        }
+
+        var b = Java.use("com.swpprotect.sdk.a.b")
+        b.a.overload("java.lang.String","java.lang.String").implementation = function(var1,var2){
+            send("starting com.swpprotect.sdk.a.b");
+            var result = this.a(var1,var2)
+            console.log("com.swpprotect.sdk.a.b a--------->",result)
+            return result;
+        }
+        b.a.overload().implementation = function(){
+
+            return 1;
+        }
+
+        var c = Java.use("com.swpprotect.sdk.Ladder.a")
+        c.a.overload("java.lang.String").implementation = function(var1){
+            var result = this.a(var1);
+            console.log("com.swpprotect.sdk.Ladder.a a(str) result ----->",result)
+            console.log("com.swpprotect.sdk.Ladder.a a(str) param----->",var1)
+            return result;
+        }
+
+    });
+});

frida-learn/game_js/netease_coolpad.js

@@ -0,0 +1,18 @@
+setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        var SdkCoolpad = Java.use("com.netease.ntunisdk.SdkCoolpad");
+        SdkCoolpad.logout.implementation = function(){
+            send("SdkCoolpad logout  invoked   : ");
+            console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
+            this.logout()
+        };
+
+        var SDKManager = Java.use("com.netease.ntunisdk.base.SDKManager");
+        SDKManager.logout.implementation = function(){
+            send("SDKManager logout  invoked   : ");
+            console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
+            this.logout()
+        };
+    });
+});

frida-learn/game_js/whhx.js

@@ -0,0 +1,15 @@
+setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        var CPAccountConfig = Java.use("com.yulong.account.api.CPAccountConfig")
+        var CPGameAuthCodeApi = Java.use("com.yulong.game.api.CPGameAuthCodeApi")
+        CPAccountConfig.configGameAuthApi.overload().implementation = function(){
+            send("hook configGameAuthApi")
+            this.configGameAuthApi();
+        }
+       CPGameAuthCodeApi.getAuthCode.implementation = function(var1){
+            send("hook getAuthCode")
+            this.getAuthCode(var1)
+       }
+    });
+});

frida-learn/game_js/yqqs.js

@@ -0,0 +1,15 @@
+setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        var CPAccountConfig = Java.use("com.yulong.account.api.CPAccountConfig")
+        var CPGameAuthCodeApi = Java.use("com.yulong.game.api.CPGameAuthCodeApi")
+        CPAccountConfig.configGameAuthApi.overload().implementation = function(){
+            send("hook configGameAuthApi")
+            this.configGameAuthApi();
+        }
+       CPGameAuthCodeApi.getAuthCode.implementation = function(var1){
+            send("hook getAuthCode")
+            this.getAuthCode(var1)
+       }
+    })
+})

frida-learn/haiwangbuyu360.py

@@ -0,0 +1,54 @@
+# -*- coding:utf-8 -*-
+import sys
+
+__author__ = 'Snow'
+import frida
+
+dev = frida.get_remote_device()
+session = dev.attach("胡莱三国3")
+src = """
+    setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        var Toast = Java.use("android.widget.Toast");
+        // 获取 context
+        var currentApplication = Java.use("android.app.ActivityThread").currentApplication();
+        var context = currentApplication.getApplicationContext();
+        // 在主线程中运行回调
+        Java.scheduleOnMainThread(function(){
+            Toast.makeText(context, "Hello frida!", Toast.LENGTH_LONG.value).show();
+        });
+        var sdk = Java.use("com.handmobi.mutisdk.library.api.sdk._360");
+        sdk.gameLogin.implementation = function(var1,var2,var3){
+            this.gameLogin(var1,var2,var3);
+            send("Landroid/app/Activity;      : "+var1);
+            send("int      : "+var2);
+            send("Lcom/handmobi/mutisdk/library/game/SdkResultCallBack;      : "+var3);
+            //console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
+
+        };
+
+        var AppUtil_OuterAccess = Java.use("com.handmobi.sdk.library.utils.AppUtil_OuterAccess")
+        AppUtil_OuterAccess.getToken.overload("android.content.Context").implementation = function(var1){
+            var token = AppUtil_OuterAccess.getToken(var1);
+            send("token is:" + token);
+            return token;
+        }
+
+        var loginCallback = Java.use("com.handmobi.mutisdk.library.api.sdk._360$3");
+        loginCallback.onFinished.implementation = function(result){
+            send("login result:"+result);
+            this.onFinished(result);
+        }
+    });
+});
+"""
+
+def on_message(message,data):
+    print("[-] {}".format(message))
+
+script = session.create_script(src)
+script.on("message", on_message)
+script.load()
+sys.stdin.read()
+

frida-learn/hhwrsyzkp.py

@@ -0,0 +1,28 @@
+# -*- coding:utf-8 -*-
+import sys
+
+__author__ = 'Snow'
+import frida
+
+dev = frida.get_remote_device()
+session = dev.attach("太古神王2")
+src = """
+    setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        var Platform = Java.use("com.chujian.sdk.platform.ChuJianPlatform$1");
+        Platform.onAuthResult.implementation = function(var1,var2){
+            send("onAuthResult------>"+var1.toString());
+        };
+    });
+});
+"""
+
+def on_message(message,data):
+    print("[-] {}".format(message))
+
+script = session.create_script(src)
+script.on("message", on_message)
+script.load()
+sys.stdin.read()
+

frida-learn/hlsg3.py

@@ -0,0 +1,41 @@
+# -*- coding:utf-8 -*-
+import sys
+
+__author__ = 'Snow'
+import frida
+
+dev = frida.get_remote_device()
+session = dev.attach("胡莱三国3")
+src = """
+    setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        var CPGameAuthCodeApi = Java.use("com.yulong.game.api.CPGameAuthCodeApi");
+        CPGameAuthCodeApi.createGameApi.implementation = function(activity,appid){
+            send("appid:"+appid);
+            send("activity:"+activity);
+            return CPGameAuthCodeApi.createGameApi(activity,appid);
+        }
+
+        var COOLPAD12ChannelInterfaceImpl = Java.use("com.hoolai.open.fastaccess.channel.impl.coolpad12.COOLPAD12ChannelInterfaceImpl");
+        COOLPAD12ChannelInterfaceImpl.onCreate.implementation = function(context){
+            send("onCreate invoked"+context);
+            this.onCreate(context);
+        }
+
+        COOLPAD12ChannelInterfaceImpl.applicationInit.implementation = function(context){
+            send("onCreate invoked"+context);
+            this.applicationInit(context);
+        }
+    });
+});
+"""
+
+def on_message(message,data):
+    print("[-] {}".format(message))
+
+script = session.create_script(src)
+script.on("message", on_message)
+script.load()
+sys.stdin.read()
+

frida-learn/inject.py

@@ -0,0 +1,13 @@
+# -*- coding:utf-8 -*-
+__author__ = 'Snow'
+
+
+import sys
+import lief
+
+str_so_apk = sys.argv[1]
+str_so_gadget = sys.argv[2]
+
+libnative = lief.parse(str_so_apk)
+libnative.add_library(str_so_gadget) # Injection!
+libnative.write(str_so_apk)

frida-learn/js/hook_RegisterNatives.js

@@ -0,0 +1,50 @@
+function find_RegisterNatives(params) {
+    var symbols = Module.enumerateSymbolsSync("libart.so");
+    var addrRegisterNatives = null;
+    for (var i = 0; i < symbols.length; i++) {
+        var symbol = symbols[i];
+
+        //_ZN3art3JNI15RegisterNativesEP7_JNIEnvP7_jclassPK15JNINativeMethodi
+        if (symbol.name.indexOf("art") >= 0 &&
+                symbol.name.indexOf("JNI") >= 0 &&
+                symbol.name.indexOf("RegisterNatives") >= 0 &&
+                symbol.name.indexOf("CheckJNI") < 0) {
+            addrRegisterNatives = symbol.address;
+            console.log("RegisterNatives is at ", symbol.address, symbol.name);
+            hook_RegisterNatives(addrRegisterNatives)
+        }
+    }
+
+}
+
+function hook_RegisterNatives(addrRegisterNatives) {
+
+    if (addrRegisterNatives != null) {
+        Interceptor.attach(addrRegisterNatives, {
+            onEnter: function (args) {
+                console.log("[RegisterNatives] method_count:", args[3]);
+                var env = args[0];
+                var java_class = args[1];
+                var class_name = Java.vm.tryGetEnv().getClassName(java_class);
+                //console.log(class_name);
+
+                var methods_ptr = ptr(args[2]);
+
+                var method_count = parseInt(args[3]);
+                for (var i = 0; i < method_count; i++) {
+                    var name_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3));
+                    var sig_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3 + Process.pointerSize));
+                    var fnPtr_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3 + Process.pointerSize * 2));
+
+                    var name = Memory.readCString(name_ptr);
+                    var sig = Memory.readCString(sig_ptr);
+                    var find_module = Process.findModuleByAddress(fnPtr_ptr);
+                    console.log("[RegisterNatives] java_class:", class_name, "name:", name, "sig:", sig, "fnPtr:", fnPtr_ptr,  " fnOffset:", ptr(fnPtr_ptr).sub(find_module.base), " callee:", DebugSymbol.fromAddress(this.returnAddress));
+
+                }
+            }
+        });
+    }
+}
+
+setImmediate(find_RegisterNatives);

frida-learn/js/hook_dex_dump.js

@@ -0,0 +1,51 @@
+var savepath = "/sdcard/"
+function savedexfile(dexfileptr) {
+    try {
+        //将mCookie转换为对应的dexfile内存指针
+        var dexfilebegin = ptr(dexfileptr).add(Process.pointerSize*1).readPointer(); //dex的初始指针
+        var dexfilesize = ptr(dexfileptr).add(Process.pointerSize*2).readU32(); //dex的大小
+        var dex = new File(savepath+"_"+dexfilesize+".dex","a");
+        if(dex!=null){
+            var content = ptr(dexfilebegin).readByteArray(dexfilesize);
+            dex.write(content);
+            dex.flush();
+            dex.close();
+            console.warn("[dumpdex]"+savepath+"_"+dexfilesize+".dex");
+        }
+    } catch (e) {
+
+    }
+}
+
+
+function dumpDexBymCookie() {
+    Java.perform(function () {
+       var DexFileClass = Java.use("dalvik.system.DexFile");
+       Java.choose("dalvik.system.DexFile",{
+           onMatch:function (dexfile) {
+               var mCookie = dexfile.mCookie.value;
+               //获取类列表和dex路径
+            //    var classlist = DexFileClass.getClassNameList(mCookie);
+            //    classlist.forEach(function (classname) {
+            //        console.log(dexfile.mFileName.value+"->"+classname);
+            //    })
+               //console.log(mCookie.$className);
+               var Array = Java.use("java.lang.reflect.Array");
+               var size = Array.getLength(mCookie);
+               var i = 0;
+               for(i=0;i<size;i++){
+                   //console.log(i+"->"+Array.getLong(mCookie,i));
+                   var longvalue = Array.getLong(mCookie,i);
+                   var dexfilestr = ptr(longvalue + "");
+                   //console.log(dexfilestr);
+                   savedexfile(dexfilestr)
+                }
+
+           },onComplete:function () {
+               console.warn("Search DexFile over!");
+           }
+       })
+    })
+}
+
+setImmediate(dumpDexBymCookie())

frida-learn/js/hook_root_check.js

@@ -0,0 +1,34 @@
+Java.perform(function() {
+    var cls2 = Java.use('java.io.File');
+    //Hook指定函数
+    cls2.exists.overload().implementation = function() {
+        //进入函数
+        console.log('exists-in');
+        //获取自身的path
+        var mypath = this.getPath();
+        //root特征文件列表
+        var paths = new Array("/system/app/Superuser.apk", "/sbin/su",
+            "/system/bin/su", "/system/xbin/su",
+            "/data/local/xbin/su", "/data/local/bin/su",
+            "/system/sd/xbin/su", "/system/bin/failsafe/su",
+            "/data/local/su", "/su/bin/su");
+        //判断路径是否匹配root特征
+        var flag = false;
+        paths.forEach(function(path) {
+            if (mypath == path) {
+                console.log('检测到root特征文件', path);
+                flag = true;
+                return;
+            }
+        });
+        if (!flag) {
+            //调用原函数，避免影响正常功能
+            var result = this.exists();
+        } else {
+            //返回false，绕过root检测
+            result = false;
+        }
+        console.log('exists-out', result)
+        return result;
+    }
+});

frida-learn/js/readme.txt

@@ -0,0 +1 @@
+frida -U --no-pause -f package_name -l hook_RegisterNatives.js

frida-learn/miniprogram.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en" xmlns="http://www.w3.org/1999/html">
+<head>
+    <meta charset="UTF-8">
+    <title>Title</title>
+    <script>
+        function jumpMiniProgram(scheme){
+            location.href = scheme
+        }
+    </script>
+</head>
+<body>
+
+</body>
+</html>

frida-learn/r0capture.py

@@ -0,0 +1,363 @@
+# -*- coding:utf-8 -*-
+
+# Copyright 2017 Google Inc. All Rights Reserved.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Decrypts and logs a process's SSL traffic.
+Hooks the functions SSL_read() and SSL_write() in a given process and logs the
+decrypted data to the console and/or to a pcap file.
+  Typical usage example:
+  ssl_log("wget", "log.pcap", True)
+Dependencies:
+  frida (https://www.frida.re/):
+    sudo pip install frida
+  hexdump (https://bitbucket.org/techtonik/hexdump/) if using verbose output:
+    sudo pip install hexdump
+"""
+
+__author__ = "geffner@google.com (Jason Geffner)"
+__version__ = "2.0"
+
+"""
+# r0capture
+ID: r0ysue 
+安卓应用层抓包通杀脚本
+https://github.com/r0ysue/r0capture
+## 简介
+- 仅限安卓平台，测试安卓7、8、9、10 可用 ；
+- 无视所有证书校验或绑定，无视任何证书；
+- 通杀TCP/IP四层模型中的应用层中的全部协议；
+- 通杀协议包括：Http,WebSocket,Ftp,Xmpp,Imap,Smtp,Protobuf等等、以及它们的SSL版本；
+- 通杀所有应用层框架，包括HttpUrlConnection、Okhttp1/3/4、Retrofit/Volley等等；
+"""
+
+
+# Windows版本需要安装库：
+# pip install 'win_inet_pton'
+# pip install hexdump
+import argparse
+import os
+import platform
+import pprint
+import random
+import signal
+import socket
+import struct
+import time
+import sys
+from pathlib import Path
+
+import frida
+
+try:
+    if os.name == 'nt':
+        import win_inet_pton
+except ImportError:
+    # win_inet_pton import error
+    pass
+
+try:
+    import hexdump  # pylint: disable=g-import-not-at-top
+except ImportError:
+    pass
+try:
+    from shutil import get_terminal_size as get_terminal_size
+except:
+    try:
+        from backports.shutil_get_terminal_size import get_terminal_size as get_terminal_size
+    except:
+        pass
+
+
+try:
+    import click
+except:
+    class click:
+        @staticmethod
+        def secho(message=None, **kwargs):
+            print(message)
+        @staticmethod
+        def style(**kwargs):
+            raise Exception("unsupported style")
+
+banner = """
+--------------------------------------------------------------------------------------------
+           .oooo.                                      .                                  
+          d8P'`Y8b                                   .o8                                  
+oooo d8b 888    888  .ooooo.   .oooo.   oo.ooooo.  .o888oo oooo  oooo  oooo d8b  .ooooo.  
+`888""8P 888    888 d88' `"Y8 `P  )88b   888' `88b   888   `888  `888  `888""8P d88' `88b 
+ 888     888    888 888        .oP"888   888   888   888    888   888   888     888ooo888 
+ 888     `88b  d88' 888   .o8 d8(  888   888   888   888 .  888   888   888     888    .o 
+d888b     `Y8bd8P'  `Y8bod8P' `Y888""8o  888bod8P'   "888"  `V88V"V8P' d888b    `Y8bod8P' 
+                                         888                                              
+                                        o888o                                                                                                                                       
+                    https://github.com/r0ysue/r0capture
+--------------------------------------------------------------------------------------------\n
+"""
+
+
+def show_banner():
+    colors = ['bright_red', 'bright_green', 'bright_blue', 'cyan', 'magenta']
+    try:
+        click.style('color test', fg='bright_red')
+    except:
+        colors = ['red', 'green', 'blue', 'cyan', 'magenta']
+    try:
+        columns = get_terminal_size().columns
+        if columns >= len(banner.splitlines()[1]):
+            for line in banner.splitlines():
+                click.secho(line, fg=random.choice(colors))
+    except:
+        pass
+
+# ssl_session[<SSL_SESSION id>] = (<bytes sent by client>,
+#                                  <bytes sent by server>)
+ssl_sessions = {}
+
+
+def ssl_log(process, pcap=None, host=False, verbose=False, isUsb=False, ssllib="", isSpawn=True, wait=0):
+    """Decrypts and logs a process's SSL traffic.
+    Hooks the functions SSL_read() and SSL_write() in a given process and logs
+    the decrypted data to the console and/or to a pcap file.
+    Args:
+      process: The target process's name (as a string) or process ID (as an int).
+      pcap: The file path to which the pcap file should be written.
+      verbose: If True, log the decrypted traffic to the console.
+    Raises:
+      NotImplementedError: Not running on a Linux or macOS system.
+    """
+
+    # if platform.system() not in ("Darwin", "Linux"):
+    #   raise NotImplementedError("This function is only implemented for Linux and "
+    #                             "macOS systems.")
+
+    def log_pcap(pcap_file, ssl_session_id, function, src_addr, src_port,
+                 dst_addr, dst_port, data):
+        """Writes the captured data to a pcap file.
+        Args:
+          pcap_file: The opened pcap file.
+          ssl_session_id: The SSL session ID for the communication.
+          function: The function that was intercepted ("SSL_read" or "SSL_write").
+          src_addr: The source address of the logged packet.
+          src_port: The source port of the logged packet.
+          dst_addr: The destination address of the logged packet.
+          dst_port: The destination port of the logged packet.
+          data: The decrypted packet data.
+        """
+        t = time.time()
+
+        if ssl_session_id not in ssl_sessions:
+            ssl_sessions[ssl_session_id] = (random.randint(0, 0xFFFFFFFF),
+                                            random.randint(0, 0xFFFFFFFF))
+        client_sent, server_sent = ssl_sessions[ssl_session_id]
+
+        if function == "SSL_read":
+            seq, ack = (server_sent, client_sent)
+        else:
+            seq, ack = (client_sent, server_sent)
+
+        for writes in (
+                # PCAP record (packet) header
+                ("=I", int(t)),  # Timestamp seconds
+                ("=I", int((t * 1000000) % 1000000)),  # Timestamp microseconds
+                ("=I", 40 + len(data)),  # Number of octets saved
+                ("=i", 40 + len(data)),  # Actual length of packet
+                # IPv4 header
+                (">B", 0x45),  # Version and Header Length
+                (">B", 0),  # Type of Service
+                (">H", 40 + len(data)),  # Total Length
+                (">H", 0),  # Identification
+                (">H", 0x4000),  # Flags and Fragment Offset
+                (">B", 0xFF),  # Time to Live
+                (">B", 6),  # Protocol
+                (">H", 0),  # Header Checksum
+                (">I", src_addr),  # Source Address
+                (">I", dst_addr),  # Destination Address
+                # TCP header
+                (">H", src_port),  # Source Port
+                (">H", dst_port),  # Destination Port
+                (">I", seq),  # Sequence Number
+                (">I", ack),  # Acknowledgment Number
+                (">H", 0x5018),  # Header Length and Flags
+                (">H", 0xFFFF),  # Window Size
+                (">H", 0),  # Checksum
+                (">H", 0)):  # Urgent Pointer
+            pcap_file.write(struct.pack(writes[0], writes[1]))
+        pcap_file.write(data)
+
+        if function == "SSL_read":
+            server_sent += len(data)
+        else:
+            client_sent += len(data)
+        ssl_sessions[ssl_session_id] = (client_sent, server_sent)
+
+    def on_message(message, data):
+        """Callback for errors and messages sent from Frida-injected JavaScript.
+        Logs captured packet data received from JavaScript to the console and/or a
+        pcap file. See https://www.frida.re/docs/messages/ for more detail on
+        Frida's messages.
+        Args:
+          message: A dictionary containing the message "type" and other fields
+              dependent on message type.
+          data: The string of captured decrypted data.
+        """
+        if message["type"] == "error":
+            pprint.pprint(message)
+            os.kill(os.getpid(), signal.SIGTERM)
+            return
+        if len(data) == 1:
+            print(message["payload"]["function"])
+            print(message["payload"]["stack"])
+            return
+        p = message["payload"]        
+        if verbose:
+            src_addr = socket.inet_ntop(socket.AF_INET,
+                                        struct.pack(">I", p["src_addr"]))
+            dst_addr = socket.inet_ntop(socket.AF_INET,
+                                        struct.pack(">I", p["dst_addr"]))
+            print("SSL Session: " + p["ssl_session_id"])
+            print("[%s] %s:%d --> %s:%d" % (
+                p["function"],
+                src_addr,
+                p["src_port"],
+                dst_addr,
+                p["dst_port"]))
+            hexdump.hexdump(data)
+            print(p["stack"])
+        if pcap:
+            log_pcap(pcap_file, p["ssl_session_id"], p["function"], p["src_addr"],
+                     p["src_port"], p["dst_addr"], p["dst_port"], data)
+
+    if isUsb:
+        try:
+            device = frida.get_usb_device()
+        except:
+            device = frida.get_remote_device()
+    else:
+        if host:
+            manager = frida.get_device_manager()
+            device = manager.add_remote_device(host)
+        else:
+            device = frida.get_local_device()
+
+    if isSpawn:
+        pid = device.spawn([process])
+        time.sleep(1)
+        session = device.attach(pid)
+        time.sleep(1)
+        device.resume(pid)
+    else:
+        print("attach")
+        session = device.attach(process)
+    if wait > 0:
+        print("wait for {} seconds".format(wait))
+        time.sleep(wait)
+
+    # session = frida.attach(process)
+
+    # pid = device.spawn([process])
+    # pid = process
+    # session = device.attach(pid)
+    # device.resume(pid)
+    if pcap:
+        pcap_file = open(pcap, "wb", 0)
+        for writes in (
+                ("=I", 0xa1b2c3d4),  # Magic number
+                ("=H", 2),  # Major version number
+                ("=H", 4),  # Minor version number
+                ("=i", time.timezone),  # GMT to local correction
+                ("=I", 0),  # Accuracy of timestamps
+                ("=I", 65535),  # Max length of captured packets
+                ("=I", 228)):  # Data link type (LINKTYPE_IPV4)
+            pcap_file.write(struct.pack(writes[0], writes[1]))
+
+    with open(Path(__file__).resolve().parent.joinpath("./script.js"), encoding="utf-8") as f:
+        _FRIDA_SCRIPT = f.read()
+        # _FRIDA_SCRIPT = session.create_script(content)
+        # print(_FRIDA_SCRIPT)
+    script = session.create_script(_FRIDA_SCRIPT)
+    script.on("message", on_message)
+    script.load()
+
+    if ssllib != "":
+        script.exports.setssllib(ssllib)
+
+    print("Press Ctrl+C to stop logging.")
+
+    def stoplog(signum, frame):
+        print('You have stoped logging.')
+        session.detach()
+        if pcap:
+            pcap_file.flush()
+            pcap_file.close()
+        exit()
+    signal.signal(signal.SIGINT, stoplog)
+    signal.signal(signal.SIGTERM, stoplog)
+    sys.stdin.read()
+
+if __name__ == "__main__":
+    show_banner()
+    class ArgParser(argparse.ArgumentParser):
+
+        def error(self, message):
+            print("ssl_logger v" + __version__)
+            print("by " + __author__)
+            print("Modified by BigFaceCat")
+            print("Error: " + message)
+            print()
+            print(self.format_help().replace("usage:", "Usage:"))
+            self.exit(0)
+
+
+    parser = ArgParser(
+        add_help=False,
+        description="Decrypts and logs a process's SSL traffic.",
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+        epilog=r"""
+Examples:
+    %(prog)s -pcap ssl.pcap openssl
+    %(prog)s -verbose 31337
+    %(prog)s -pcap log.pcap -verbose wget
+    %(prog)s -pcap log.pcap -ssl "*libssl.so*" com.bigfacecat.testdemo
+""")
+
+    args = parser.add_argument_group("Arguments")
+    args.add_argument("-pcap", '-p', metavar="<path>", required=False,
+                      help="Name of PCAP file to write")
+    args.add_argument("-host", '-H', metavar="<192.168.1.1:27042>", required=False,
+                      help="connect to remote frida-server on HOST")
+    args.add_argument("-verbose","-v",  required=False, action="store_const", default=True,
+                      const=True, help="Show verbose output")
+    args.add_argument("process", metavar="<process name | process id>",
+                      help="Process whose SSL calls to log")
+    args.add_argument("-ssl", default="", metavar="<lib>",
+                      help="SSL library to hook")
+    args.add_argument("--isUsb", "-U", default=False, action="store_true",
+                      help="connect to USB device")
+    args.add_argument("--isSpawn", "-f", default=False, action="store_true",
+                      help="if spawned app")
+    args.add_argument("-wait", "-w", type=int, metavar="<seconds>", default=0,
+                      help="Time to wait for the process")
+
+    parsed = parser.parse_args()
+    ssl_log(
+        int(parsed.process) if parsed.process.isdigit() else parsed.process, 
+    parsed.pcap, 
+    parsed.host,
+    parsed.verbose, 
+    isUsb=parsed.isUsb, 
+    isSpawn=parsed.isSpawn, 
+    ssllib=parsed.ssl, 
+    wait=parsed.wait
+    )

frida-learn/script.js

@@ -0,0 +1,339 @@
+/**
+   * Initializes 'addresses' dictionary and NativeFunctions.
+   */
+"use strict";
+rpc.exports = {
+  setssllib: function (name) {
+    console.log("setSSLLib => " + name);
+    libname = name;
+    initializeGlobals();
+    return;
+  }
+};
+
+var addresses = {};
+var SSL_get_fd = null;
+var SSL_get_session = null;
+var SSL_SESSION_get_id = null;
+var getpeername = null;
+var getsockname = null;
+var ntohs = null;
+var ntohl = null;
+var SSLstackwrite = null;
+var SSLstackread = null;
+
+var libname = "*libssl*";
+
+function uuid(len, radix) {
+  var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'.split('');
+  var uuid = [], i;
+  radix = radix || chars.length;
+
+  if (len) {
+    // Compact form
+    for (i = 0; i < len; i++) uuid[i] = chars[0 | Math.random() * radix];
+  } else {
+    // rfc4122, version 4 form
+    var r;
+
+    // rfc4122 requires these characters
+    uuid[8] = uuid[13] = uuid[18] = uuid[23] = '-';
+    uuid[14] = '4';
+
+    // Fill in random data. At i==19 set the high bits of clock sequence as
+    // per rfc4122, sec. 4.1.5
+    for (i = 0; i < 36; i++) {
+      if (!uuid[i]) {
+        r = 0 | Math.random() * 16;
+        uuid[i] = chars[(i == 19) ? (r & 0x3) | 0x8 : r];
+      }
+    }
+  }
+
+  return uuid.join('');
+}
+function return_zero(args) {
+  return 0;
+}
+function initializeGlobals() {
+  var resolver = new ApiResolver("module");
+  var exps = [
+    [Process.platform == "darwin" ? "*libboringssl*" : "*libssl*", ["SSL_read", "SSL_write", "SSL_get_fd", "SSL_get_session", "SSL_SESSION_get_id"]], // for ios and Android
+    [Process.platform == "darwin" ? "*libsystem*" : "*libc*", ["getpeername", "getsockname", "ntohs", "ntohl"]]
+  ];
+  // console.log(exps)
+  for (var i = 0; i < exps.length; i++) {
+    var lib = exps[i][0];
+    var names = exps[i][1];
+    for (var j = 0; j < names.length; j++) {
+      var name = names[j];
+      // console.log("exports:" + lib + "!" + name)
+      var matches = resolver.enumerateMatchesSync("exports:" + lib + "!" + name);
+      if (matches.length == 0) {
+        if (name == "SSL_get_fd") {
+          addresses["SSL_get_fd"] = 0;
+          continue;
+        }
+        throw "Could not find " + lib + "!" + name;
+      }
+      else if (matches.length != 1) {
+        // Sometimes Frida returns duplicates.
+        var address = 0;
+        var s = "";
+        var duplicates_only = true;
+        for (var k = 0; k < matches.length; k++) {
+          if (s.length != 0) {
+            s += ", ";
+          }
+          s += matches[k].name + "@" + matches[k].address;
+          if (address == 0) {
+            address = matches[k].address;
+          }
+          else if (!address.equals(matches[k].address)) {
+            duplicates_only = false;
+          }
+        }
+        if (!duplicates_only) {
+          throw "More than one match found for " + lib + "!" + name + ": " + s;
+        }
+      }
+      addresses[name] = matches[0].address;
+    }
+  }
+  if (addresses["SSL_get_fd"] == 0) {
+    SSL_get_fd = return_zero;
+  } else {
+    SSL_get_fd = new NativeFunction(addresses["SSL_get_fd"], "int", ["pointer"]);
+  }
+  SSL_get_session = new NativeFunction(addresses["SSL_get_session"], "pointer", ["pointer"]);
+  SSL_SESSION_get_id = new NativeFunction(addresses["SSL_SESSION_get_id"], "pointer", ["pointer", "pointer"]);
+  getpeername = new NativeFunction(addresses["getpeername"], "int", ["int", "pointer", "pointer"]);
+  getsockname = new NativeFunction(addresses["getsockname"], "int", ["int", "pointer", "pointer"]);
+  ntohs = new NativeFunction(addresses["ntohs"], "uint16", ["uint16"]);
+  ntohl = new NativeFunction(addresses["ntohl"], "uint32", ["uint32"]);
+}
+initializeGlobals();
+
+function ipToNumber(ip) {
+  var num = 0;
+  if (ip == "") {
+    return num;
+  }
+  var aNum = ip.split(".");
+  if (aNum.length != 4) {
+    return num;
+  }
+  num += parseInt(aNum[0]) << 0;
+  num += parseInt(aNum[1]) << 8;
+  num += parseInt(aNum[2]) << 16;
+  num += parseInt(aNum[3]) << 24;
+  num = num >>> 0;//这个很关键，不然可能会出现负数的情况
+  return num;
+}
+
+/**
+ * Returns a dictionary of a sockfd's "src_addr", "src_port", "dst_addr", and
+ * "dst_port".
+ * @param {int} sockfd The file descriptor of the socket to inspect.
+ * @param {boolean} isRead If true, the context is an SSL_read call. If
+ *     false, the context is an SSL_write call.
+ * @return {dict} Dictionary of sockfd's "src_addr", "src_port", "dst_addr",
+ *     and "dst_port".
+ */
+function getPortsAndAddresses(sockfd, isRead) {
+  var message = {};
+  var src_dst = ["src", "dst"];
+  for (var i = 0; i < src_dst.length; i++) {
+    if ((src_dst[i] == "src") ^ isRead) {
+      var sockAddr = Socket.localAddress(sockfd)
+    }
+    else {
+      var sockAddr = Socket.peerAddress(sockfd)
+    }
+    if (sockAddr == null) {
+      // 网络超时or其他原因可能导致socket被关闭
+      message[src_dst[i] + "_port"] = 0
+      message[src_dst[i] + "_addr"] = 0
+    } else {
+      message[src_dst[i] + "_port"] = (sockAddr.port & 0xFFFF)
+      message[src_dst[i] + "_addr"] = ntohl(ipToNumber(sockAddr.ip.split(":").pop()))
+    }
+  }
+  return message;
+}
+/**
+ * Get the session_id of SSL object and return it as a hex string.
+ * @param {!NativePointer} ssl A pointer to an SSL object.
+ * @return {dict} A string representing the session_id of the SSL object's
+ *     SSL_SESSION. For example,
+ *     "59FD71B7B90202F359D89E66AE4E61247954E28431F6C6AC46625D472FF76336".
+ */
+function getSslSessionId(ssl) {
+  var session = SSL_get_session(ssl);
+  if (session == 0) {
+    return 0;
+  }
+  var len = Memory.alloc(4);
+  var p = SSL_SESSION_get_id(session, len);
+  len = Memory.readU32(len);
+  var session_id = "";
+  for (var i = 0; i < len; i++) {
+    // Read a byte, convert it to a hex string (0xAB ==> "AB"), and append
+    // it to session_id.
+    session_id +=
+      ("0" + Memory.readU8(p.add(i)).toString(16).toUpperCase()).substr(-2);
+  }
+  return session_id;
+}
+
+Interceptor.attach(addresses["SSL_read"],
+  {
+    onEnter: function (args) {
+      var message = getPortsAndAddresses(SSL_get_fd(args[0]), true);
+      message["ssl_session_id"] = getSslSessionId(args[0]);
+      message["function"] = "SSL_read";
+      message["stack"] = SSLstackread;
+      this.message = message;
+      this.buf = args[1];
+    },
+    onLeave: function (retval) {
+      retval |= 0; // Cast retval to 32-bit integer.
+      if (retval <= 0) {
+        return;
+      }
+      send(this.message, Memory.readByteArray(this.buf, retval));
+    }
+  });
+
+Interceptor.attach(addresses["SSL_write"],
+  {
+    onEnter: function (args) {
+      var message = getPortsAndAddresses(SSL_get_fd(args[0]), false);
+      message["ssl_session_id"] = getSslSessionId(args[0]);
+      message["function"] = "SSL_write";
+      message["stack"] = SSLstackwrite;
+      send(message, Memory.readByteArray(args[1], parseInt(args[2])));
+    },
+    onLeave: function (retval) {
+    }
+  });
+
+if (Java.available) {
+  Java.perform(function () {
+    function storeP12(pri, p7, p12Path, p12Password) {
+      var X509Certificate = Java.use("java.security.cert.X509Certificate")
+      var p7X509 = Java.cast(p7, X509Certificate);
+      var chain = Java.array("java.security.cert.X509Certificate", [p7X509])
+      var ks = Java.use("java.security.KeyStore").getInstance("PKCS12", "BC");
+      ks.load(null, null);
+      ks.setKeyEntry("client", pri, Java.use('java.lang.String').$new(p12Password).toCharArray(), chain);
+      try {
+        var out = Java.use("java.io.FileOutputStream").$new(p12Path);
+        ks.store(out, Java.use('java.lang.String').$new(p12Password).toCharArray())
+      } catch (exp) {
+        console.log(exp)
+      }
+    }
+    //在服务器校验客户端的情形下，帮助dump客户端证书，并保存为p12的格式，证书密码为r0ysue
+    Java.use("java.security.KeyStore$PrivateKeyEntry").getPrivateKey.implementation = function () {
+      var result = this.getPrivateKey()
+      var packageName = Java.use("android.app.ActivityThread").currentApplication().getApplicationContext().getPackageName();
+      storeP12(this.getPrivateKey(), this.getCertificate(), '/sdcard/Download/' + packageName + uuid(10, 16) + '.p12', 'r0ysue');
+      var message = {};
+      message["function"] = "dumpClinetCertificate=>" + '/sdcard/Download/' + packageName + uuid(10, 16) + '.p12' + '   pwd: r0ysue';
+      message["stack"] = Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Throwable").$new());
+      var data = Memory.alloc(1);
+      send(message, Memory.readByteArray(data, 1))
+      return result;
+    }
+    Java.use("java.security.KeyStore$PrivateKeyEntry").getCertificateChain.implementation = function () {
+      var result = this.getCertificateChain()
+      var packageName = Java.use("android.app.ActivityThread").currentApplication().getApplicationContext().getPackageName();
+      storeP12(this.getPrivateKey(), this.getCertificate(), '/sdcard/Download/' + packageName + uuid(10, 16) + '.p12', 'r0ysue');
+      var message = {};
+      message["function"] = "dumpClinetCertificate=>" + '/sdcard/Download/' + packageName + uuid(10, 16) + '.p12' + '   pwd: r0ysue';
+      message["stack"] = Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Throwable").$new());
+      var data = Memory.alloc(1);
+      send(message, Memory.readByteArray(data, 1))
+      return result;
+    }
+
+    //SSLpinning helper 帮助定位证书绑定的关键代码
+    Java.use("java.io.File").$init.overload('java.io.File', 'java.lang.String').implementation = function (file, cert) {
+      var result = this.$init(file, cert)
+      var stack = Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Throwable").$new());
+      if (file.getPath().indexOf("cacert") >= 0 && stack.indexOf("X509TrustManagerExtensions.checkServerTrusted") >= 0) {
+        var message = {};
+        message["function"] = "SSLpinning position locator => " + file.getPath() + " " + cert;
+        message["stack"] = stack;
+        var data = Memory.alloc(1);
+        send(message, Memory.readByteArray(data, 1))
+      }
+      return result;
+    }
+
+
+    Java.use("java.net.SocketOutputStream").socketWrite0.overload('java.io.FileDescriptor', '[B', 'int', 'int').implementation = function (fd, bytearry, offset, byteCount) {
+      var result = this.socketWrite0(fd, bytearry, offset, byteCount);
+      var message = {};
+      message["function"] = "HTTP_send";
+      message["ssl_session_id"] = "";
+      message["src_addr"] = ntohl(ipToNumber((this.socket.value.getLocalAddress().toString().split(":")[0]).split("/").pop()));
+      message["src_port"] = parseInt(this.socket.value.getLocalPort().toString());
+      message["dst_addr"] = ntohl(ipToNumber((this.socket.value.getRemoteSocketAddress().toString().split(":")[0]).split("/").pop()));
+      message["dst_port"] = parseInt(this.socket.value.getRemoteSocketAddress().toString().split(":").pop());
+      message["stack"] = Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Throwable").$new()).toString();
+      var ptr = Memory.alloc(byteCount);
+      for (var i = 0; i < byteCount; ++i)
+        Memory.writeS8(ptr.add(i), bytearry[offset + i]);
+      send(message, Memory.readByteArray(ptr, byteCount))
+      return result;
+    }
+    Java.use("java.net.SocketInputStream").socketRead0.overload('java.io.FileDescriptor', '[B', 'int', 'int', 'int').implementation = function (fd, bytearry, offset, byteCount, timeout) {
+      var result = this.socketRead0(fd, bytearry, offset, byteCount, timeout);
+      var message = {};
+      message["function"] = "HTTP_recv";
+      message["ssl_session_id"] = "";
+      message["src_addr"] = ntohl(ipToNumber((this.socket.value.getRemoteSocketAddress().toString().split(":")[0]).split("/").pop()));
+      message["src_port"] = parseInt(this.socket.value.getRemoteSocketAddress().toString().split(":").pop());
+      message["dst_addr"] = ntohl(ipToNumber((this.socket.value.getLocalAddress().toString().split(":")[0]).split("/").pop()));
+      message["dst_port"] = parseInt(this.socket.value.getLocalPort());
+      message["stack"] = Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Throwable").$new()).toString();
+      if (result > 0) {
+        var ptr = Memory.alloc(result);
+        for (var i = 0; i < result; ++i)
+          Memory.writeS8(ptr.add(i), bytearry[offset + i]);
+        send(message, Memory.readByteArray(ptr, result))
+      }
+      return result;
+    }
+
+    if (parseFloat(Java.androidVersion)  > 8) {
+      Java.use("com.android.org.conscrypt.ConscryptFileDescriptorSocket$SSLOutputStream").write.overload('[B', 'int', 'int').implementation = function (bytearry, int1, int2) {
+        var result = this.write(bytearry, int1, int2);
+        SSLstackwrite = Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Throwable").$new()).toString();
+        return result;
+      }
+      Java.use("com.android.org.conscrypt.ConscryptFileDescriptorSocket$SSLInputStream").read.overload('[B', 'int', 'int').implementation = function (bytearry, int1, int2) {
+        var result = this.read(bytearry, int1, int2);
+        SSLstackread = Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Throwable").$new()).toString();
+        return result;
+      }
+    }
+    else {
+      Java.use("com.android.org.conscrypt.OpenSSLSocketImpl$SSLOutputStream").write.overload('[B', 'int', 'int').implementation = function (bytearry, int1, int2) {
+        var result = this.write(bytearry, int1, int2);
+        SSLstackwrite = Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Throwable").$new()).toString();
+        return result;
+      }
+      Java.use("com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream").read.overload('[B', 'int', 'int').implementation = function (bytearry, int1, int2) {
+        var result = this.read(bytearry, int1, int2);
+        SSLstackread = Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Throwable").$new()).toString();
+        return result;
+      }
+
+    }
+  }
+
+  )
+}

frida-learn/sp_js.py

@@ -0,0 +1,26 @@
+# -*- coding:utf-8 -*-
+import sys
+
+__author__ = 'Snow'
+import frida
+
+def on_message(message,data):
+    if message["type"] == "send":
+        print("[+] {}".format(message["payload"]))
+    else:
+        print("[-] {}".format(message))
+
+app = "三国杀"
+
+dev = frida.get_remote_device()
+# pid = dev.spawn(app)
+session = dev.attach(app)
+js_path = "js/hook_root_check.js"
+with open(js_path,encoding='utf-8') as f:
+    _FRIDA_JS = f.read()
+script = session.create_script(_FRIDA_JS)
+script.on("message", on_message)
+script.load()
+# dev.resume(pid)
+sys.stdin.read()
+

frida-learn/spawn_js.py

@@ -0,0 +1,26 @@
+# -*- coding:utf-8 -*-
+import sys
+
+__author__ = 'Snow'
+import frida
+
+def on_message(message,data):
+    if message["type"] == "send":
+        print("[+] {}".format(message["payload"]))
+    else:
+        print("[-] {}".format(message))
+
+app = "com.yzmj.hardtime.coolpad"
+
+dev = frida.get_remote_device()
+pid = dev.spawn(app)
+session = dev.attach(pid)
+js_path = "js/hook_dex_dump.js"
+with open(js_path,encoding='utf-8') as f:
+    _FRIDA_JS = f.read()
+script = session.create_script(_FRIDA_JS)
+script.on("message", on_message)
+script.load()
+dev.resume(pid)
+sys.stdin.read()
+

frida-learn/wlxxkp.py

@@ -0,0 +1,71 @@
+# -*- coding:utf-8 -*-
+import sys
+
+__author__ = 'Snow'
+import frida
+
+app = "武林闲侠"
+
+dev = frida.get_remote_device()
+# pid = dev.spawn(app)
+session = dev.attach(app)
+src = """
+    setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        //var Toast = Java.use("android.widget.Toast");
+        // 获取 context
+        //var currentApplication = Java.use("android.app.ActivityThread").currentApplication();
+        //var context = currentApplication.getApplicationContext();
+        // 在主线程中运行回调
+        //Java.scheduleOnMainThread(function(){
+        //    Toast.makeText(context, "Hello frida!", Toast.LENGTH_LONG.value).show();
+        //});
+
+        var TypedArray = Java.use("android.content.res.TypedArray");
+        TypedArray.hasValue.implementation = function(var1){
+            var result = this.hasValue(var1);
+            send("hook hasValue index="+var1);
+            send("hook hasValue mData=" + this.mData.value);
+            send("hook hasValue result="+result);
+            return result;
+        };
+
+        var Activity = Java.use("android.app.Activity");
+        Activity.onCreate.overload("android.os.Bundle").implementation = function(var1){
+            send("hook onCreate activity="+this);
+            this.onCreate(var1);
+        };
+
+        var AppCompatDelegateImpl = Java.use("androidx.appcompat.app.AppCompatDelegateImpl");
+        AppCompatDelegateImpl.createSubDecor.implementation = function(){
+            send("hook createSubDecor");
+            var result = this.createSubDecor();
+            console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
+            return result;
+        };
+
+
+
+        //var Context = Java.use("android.content.Context");
+        //Context.obtainStyledAttributes.overload("[I").implementation = function(var1){
+        //    var result = this.obtainStyledAttributes(var1);
+        //    send("obtainStyledAttributes param1="+var1);
+        //    console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
+        //    return result;
+        //};
+
+
+    });
+});
+"""
+
+def on_message(message,data):
+    print("[-] {}".format(message))
+
+script = session.create_script(src)
+script.on("message", on_message)
+script.load()
+# dev.resume(app)
+sys.stdin.read()
+

frida-learn/yinghunzhirenzhanluebankp.py

@@ -0,0 +1,72 @@
+# -*- coding:utf-8 -*-
+import sys
+
+__author__ = 'Snow'
+import frida
+
+dev = frida.get_remote_device()
+session = dev.attach("英魂之刃战略版")
+src = """
+    setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        var NdlhAPICreator = Java.use("com.lh.cn.NdlhAPICreator");
+
+         NdlhAPICreator.msgRspGetAccountId.implementation = function(var1){
+            this.msgRspGetAccountId(var1);
+            send("hook NdlhAPICreator->msgRspGetAccountId")
+            send("param1 android.os.Message     : "+var1);
+            send("ND_LH_API_ON_GET_ACCOUNT_ID value     : "+var1.getData().getString("ND_LH_API_ON_GET_ACCOUNT_ID"));
+        };
+
+        NdlhAPICreator.verifyIdCard.implementation = function(var1){
+            this.verifyIdCard(var1);
+            send("hook NdlhAPICreator->verifyIdCard")
+            send("param1 boolean     : "+var1);
+            send("Field of NdlhAPICreator s_accountid     : "+this.s_accountid.value);
+            send("Field of NdlhAPICreator s_accountname     : "+this.s_accountname.value);
+            console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
+        };
+
+
+        var realNameVerifiedCallback = Java.use("com.lh.cn.NdlhAPICreator$10");
+        realNameVerifiedCallback.onFailed.implementation = function(var1,var2){
+            this.onFailed(var1,var2);
+            send("hook realNameVerifiedCallback->onFailed")
+            send("param1 int     : "+var1);
+            send("param2 str      : "+var2);
+            send("Field of NdlhAPICreator s_accountid     : "+NdlhAPICreator.s_accountid.value);
+            send("Field of NdlhAPICreator s_accountname     : "+NdlhAPICreator.s_accountname.value);
+            console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new()));
+        };
+
+         realNameVerifiedCallback.onSuccess.implementation = function(var1,var2){
+            this.onSuccess(var1,var2);
+            send("hook realNameVerifiedCallback->onSuccess")
+            send("param1 int     : "+var1);
+            send("param2 str      : "+var2);
+            send("Field of NdlhAPICreator s_accountid     : "+NdlhAPICreator.s_accountid.value);
+            send("Field of NdlhAPICreator s_accountname     : "+NdlhAPICreator.s_accountname.value);
+        };
+
+        var NdlhAPICreatorbase = Java.use("com.lh.cn.NdlhAPICreatorbase");
+        NdlhAPICreatorbase.VerifiedCheckV2.overload('java.lang.String', 'java.lang.String', 'com.lh.cn.NdlhAPICreatorbase$OnVerifiedCheckCallback').implementation = function(var1,var2,var3){
+            this.VerifiedCheckV2(var1,var2,var3);
+            send("hook NdlhAPICreatorbase->VerifiedCheckV2")
+            send("param1 str     : "+var1);
+        };
+    });
+});
+"""
+
+def on_message(message,data):
+    if message["type"] == "send":
+        print("[+] {}".format(message["payload"]))
+    else:
+        print("[-] {}".format(message))
+
+script = session.create_script(src)
+script.on("message", on_message)
+script.load()
+sys.stdin.read()
+

frida-learn/zhenhunjiekp.py

@@ -0,0 +1,39 @@
+# -*- coding:utf-8 -*-
+import sys
+
+__author__ = 'Snow'
+import frida
+
+dev = frida.get_remote_device()
+session = dev.attach("镇魂街：武神躯")
+src = """
+    setImmediate(function(){
+    Java.perform(function(){
+        send("starting script");
+        var SDKPluginWrapper = Java.use("com.kf.framework.SDKPluginWrapper");
+        SDKPluginWrapper.getDeveloperInfo.implementation = function(){
+            var hashTable = this.getDeveloperInfo();
+            hashTable.put("debugMode","0");
+            return hashTable;
+        };
+        var Coolcloud = Java.use("com.coolcloud.uac.android.api.Coolcloud");
+        Coolcloud.$init.overload("android.content.Context","java.lang.String").implementation = function(){
+            send("hook Coolcloud init");
+            send("game activity is "+ arguments[0]);
+            this.$init(arguments[0],arguments[1]);
+        };
+    });
+});
+"""
+
+def on_message(message,data):
+    if message["type"] == "send":
+        print("[+] {}".format(message["payload"]))
+    else:
+        print("[-] {}".format(message))
+
+script = session.create_script(src)
+script.on("message", on_message)
+script.load()
+sys.stdin.read()
+

learn

@@ -0,0 +1 @@
+Subproject commit af9d3cf0e26c9e07de68f28467429dce0e6ae254

script

@@ -0,0 +1 @@
+Subproject commit e5896f41fdf8dbd052e107d9d15bdf410f04d0ac