credittone / hooker Goto Github PK

环境正常配置，但是只要在手机端进行操作，设备就会重启，请问这个是哪类情况，需要我怎样进行设置呢？

型号：一加五
安卓版本：6.0.1

Mac os 10.15.6
手机nexus 5，Android 6.0.1，已经root，已安装xposed。
Python 3.7.x

按照GitHub上面的流程，clone了项目，push了文件夹，和sh启动了deploy脚本。
./hooker启动后，输入了其中一个包名，比如wx的。然后手机重启了。
重试了几次，都重启了手机。

a: Discovering activities.
b: Discovering services.
c: Discovering object. eg:'c {objectId}'

return Session(self._impl.attach(self._pid_of(target), *args, **kwargs))

frida.ProcessNotRespondingError: process with pid 14550 either refused to load frida-agent, or terminated during injection

File "hooker.py", line 241, in printActivitys
info(online_script.exports.activitys())
AttributeError: 'NoneType' object has no attribute 'exports'

作者你好
步骤：
在使用hook工具时，
1、首先输入报名com.mediatek.ppl
2、再输入a扫描activity时提示找到两个相同的进程，

问题：
frida官方说是指定进程号来处理，当前hooker框架好像没有指定进程号的方式来处理
如果这种有两个相同进程名的应用要怎么处理？

错误日志如下：

ex: Exit to the upper layer. eg:'ex'
: a
Traceback (most recent call last):
File "/Users/tato/hook/git/hooker/hooker.py", line 60, in attach
online_session = rdev.attach(packageName)
File "/usr/local/lib/python3.9/site-packages/frida/core.py", line 26, in wrapper
return f(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/frida/core.py", line 156, in attach
return Session(self._impl.attach(self._pid_of(target), *args, **kwargs))
File "/usr/local/lib/python3.9/site-packages/frida/core.py", line 180, in _pid_of
return self.get_process(target).pid
File "/usr/local/lib/python3.9/site-packages/frida/core.py", line 26, in wrapper
return f(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/frida/core.py", line 110, in get_process
raise _frida.ProcessNotFoundError("ambiguous name; it matches: %s" % ", ".join(["%s (pid: %d)" % (process.name, process.pid) for process in matching]))
frida.ProcessNotFoundError: ambiguous name; it matches: com.mediatek.ppl (pid: 13221), com.mediatek.ppl (pid: 14430)

ju人重新编译去敏感特征frida-server的其他版本哪里下载

夜神模拟器最新版，安卓7.1.2
win电脑安装夜神模拟器，vm虚拟机安装Ubuntu 18
tcpforward已开启

➜  hooker git:(2022074_first_use) ✗ ./hooker
./hooker: line 6: frida-ps: command not found
Enter the need to attach package.
:
It's  that you have attached app.
Traceback (most recent call last):
  File "/Users/xxx/Desktop/hooker/hooker.py", line 6, in <module>
    import frida, sys
ModuleNotFoundError: No module named 'frida'

已经安装了frida和frida-tools，为什么运行.hooker会提示如下报错？

是mac系统，提示frida已经安装完成，frida-tools也安装好了，命令行就是没有frida。其它的电脑不用配置就有frida相应的命令的

Failed to spawn: ambiguous name; it matches: com.ss.android.ugc.aweme (pid: 29644), com.ss.android.ugc.aweme (pid: 30187)

例如方法:

class a{
    public double d(){}
    public void d(){}
}

生成的脚本只会hook其中一个.

packageName is None: but there are packageName exist when i use order=frida-ps -U

这是什么错误

好多模拟器Tantan不能启动。

Hi,

Could you check the following error.

➜  hooker git:(master) ./hooker
 PID  Name                  Identifier
----  --------------------  --------------------------------
3370  Chrome                com.android.chrome
1594  Google Play Store     com.android.vending
4325  Messaging             com.android.messaging
1307  Phone                 com.android.dialer
1234  Test                 test.dede.dede
   -  Amaze                 com.amaze.filemanager
   -  Calendar              com.android.calendar
   -  Camera                com.android.camera2
   -  Clock                 com.android.deskclock
   -  Contacts              com.android.contacts
   -  Custom Locale         com.android.customlocale2
   -  Development Settings  com.android.development_settings
   -  Email                 com.android.email
   -  Files                 com.android.documentsui
   -  Gallery               com.android.gallery3d
   -  Search                com.android.quicksearchbox
   -  Settings              com.android.settings
   -  Superuser             com.genymotion.superuser
   -  WebView Shell         org.chromium.webview_shell
   -  drozer Agent          com.mwr.dz
Enter the need to attach package.
: test.dede.dede
It's test.dede.dede that you have attached app.
Traceback (most recent call last):
  File "/Users/test/hooker/hooker.py", line 100, in attach
    createHookingEnverment(packageName, online_script.exports.mainactivity())
  File "/usr/local/lib/python3.9/site-packages/frida/core.py", line 468, in method
    return script._rpc_request('call', js_name, args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/frida/core.py", line 400, in _rpc_request
    raise result[2]
frida.InvalidOperationError: script has been destroyed

--------------------------------------------------
Please enter e, s, j, c or ex command.
a: Discovering activities.
b: Discovering services.
c: Discovering object. eg:'c {objectId}'
d: Object2Explain. eg:'d {objectId}'
v: Discovering view. eg:'v {viewId}'
e: Determines whether a class exists. eg:'e android.app.Application'
s: Discovering classes by a class'regex. eg:'s com.tencent.mm.Message.*'
t: Discovering offspring classes by a class'name. eg:'t com.tencent.mm.BasicActivity'
j: Generating hooked js. eg:'j okhttp3.Request$Builder:build'
k: Generating hooked the string generation js with a keyword. eg:'k {YourKeyword}'
l: Generating hooked the param generation js with a param keyword. eg:'l {YourKeyword}'
m: Discovering so module.
ex: Exit to the upper layer. eg:'ex'

好吧，我刚刚做安卓逆向，看你软件用起来挺方便的，我每次手动搞挺麻烦的，自己写一套没几个月写不下了，有机会在合作

---原始邮件---
发件人: "来自牛逼的爬虫工程师"[email protected]
发送时间: 2020年9月19日(周六) 中午12:43
收件人: "dorry"[email protected];
主题: 回复：咨询爬虫软件

这个暂时不卖哈

发自我的iPhone

------------------ 原始邮件 ------------------
发件人: dorry [email protected]
发送时间: 2020年9月19日 12:42
收件人: 来自牛逼的爬虫工程师 [email protected]
主题: 回复：咨询爬虫软件

HOOKER PRO

---原始邮件---
发件人: "来自牛逼的爬虫工程师"[email protected]
发送时间: 2020年9月19日(周六) 中午12:41
收件人: "dorry"[email protected];
主题: 回复：咨询爬虫软件

需要买什么？

发自我的iPhone

------------------ 原始邮件 ------------------
发件人: dorry [email protected]
发送时间: 2020年9月19日 12:41
收件人: 1273568669 [email protected]
主题: 回复：咨询爬虫软件

你好，咨询一下软件怎么卖

public static Activity getGlobleActivity() throws ClassNotFoundException, IllegalArgumentException, SecurityException, IllegalAccessException,
　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　InvocationTargetException, NoSuchMethodException, NoSuchFieldException
{
　　Class activityThreadClass = Class.forName("android.app.ActivityThread");
　　Object activityThread = activityThreadClass.getMethod("currentActivityThread").invoke(null);
　　Field activitiesField = activityThreadClass.getDeclaredField("mActivities");
　　activitiesField.setAccessible(true);
　　Map activities = (Map) activitiesField.get(activityThread);
　　for(Object activityRecord:activities.values())
　　{
　　　　Class activityRecordClass = activityRecord.getClass();
　　　　Field pausedField = activityRecordClass.getDeclaredField("paused");
　　　　pausedField.setAccessible(true);
　　　　if(!pausedField.getBoolean(activityRecord))
　　　　{
　　　　　　Field activityField = activityRecordClass.getDeclaredField("activity");
　　　　　　activityField.setAccessible(true);
　　　　　　Activity activity = (Activity) activityField.get(activityRecord);
　　　　　　return activity;
　　　　}
　　}
　　return null;
}

这里输入com.ss.andriod.ugc.trill直接报错了。
如果输入TikTok可以attach，但是后面inject dex又会失败

hluda-server去哪里下载了？没有搜到可下载的地方，能给提供一下嘛？

2022年 04月 15日 星期五 15:37:52 CST
____
/ _ | Frida 14.2.2 - A world-class dynamic instrumentation toolkit
| (| |
> _ | Commands:
// |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://www.frida.re/docs/home/
Attaching...
[Remote::com.tencent.mobileqq]-> Process terminated

Thank you for using Frida!
Fatal Python error: _enter_buffered_busy: could not acquire lock for <_io.BufferedReader name=''> at interpreter shutdown, possibly due to daemon threads
Python runtime state: finalizing (tstate=0x000055ad4daefe80)

Current thread 0x00007fb1da861740 (most recent call first):

打开App进行跳转以后会闪退然后就报错

涉及js:keystore_dump.js
设备:小米8屏幕指纹版
安卓版本:9
miui版本:miui10.2
dump出p12文件的时候一直报错说Permission denied,不知道需要给哪个东西权限?frida-server已经chmod 777了,已经给了APP读写手机存储权限.
有需要别的截图或者附件联系我,我一直在线

运行Deploy.sh后，华为手机无法连接adb了

环境：Ubuntu 1804
Android 9，小米8，已经安装edxposed，脸谱，已经root

前面已经启动了hook，当输入某个包名的时候就这样提示了，这个是什么情况呢，大佬。如果有时间会告知下，麻烦了

复现过程如下：
1.华为 手机
2. ./hooker

com.alibaba.taurus.xxxs
j cch

提示都是正常的，能够正确生成cch.js
3. ./hooking cch.js

./hooking cch.js
2021年 6月 5日 星期六 09时43分36秒 CST
     ____
    / _  |   Frida 14.2.18 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
Attaching...
TypeError: not a function
    at Bt (frida/node_modules/frida-java-bridge/lib/android.js:1158)
    at replace (frida/node_modules/frida-java-bridge/lib/android.js:1003)
    at set (frida/node_modules/frida-java-bridge/lib/class-factory.js:1010)
    at <anonymous> (/cch.js:156)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:16)
    at _performPendingVmOps (frida/node_modules/frida-java-bridge/index.js:238)
    at <anonymous> (frida/node_modules/frida-java-bridge/index.js:213)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:16)
    at _performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:232)
    at perform (frida/node_modules/frida-java-bridge/index.js:192)
    at <eval> (/cch.js:270)
[HUAWEI MT7 CL00::com.alibaba.taurus.xxxs]->

4. 使用frida -U com.alibaba.taurus.xxxs -l cch.js 报同样错误
5. a命令是正常的。
6. getprop ro.build.version.release

5.1.1

cch.js.zip

ls: /data/local/tmp//re.frida.server: Permission denied

@CreditTone 你好，这个是什么问题？

环境是ubuntu focal，
配置环境完成后就没有下文了

Redmi Note 9 运行Deploy.sh后，执行hooker命令，进程不会出现提示frida-ps 未找到命令

设备需要root吗

很感兴趣，想学习一下

在主Feed的For you界面，点击头像之后，./hooking android_ui.js
viewTree()返回的是MainActivity的view tree，而不是当前HostActivity的。
猜测是MainActivity没有paused导致的。
另外请求开源radar.dex，为了加入一个点击坐标的click的函数，自己兜了大圈。向上面这个问题也不好处理。

如下报错
frida.ProcessNotRespondingError: process with pid 2787 either refused to load frida-agent, or terminated during injection

stephen@ubuntu:~/hooker/com.yaotong.crackme$ ./objection

A newer version of objection is available!
You have v1.10.1 and v1.10.2 is ready for download.

Upgrade with: pip3 install objection --upgrade
For more information, please see: https://github.com/sensepost/objection/wiki/Updating

Traceback (most recent call last):
File "/home/stephen/.pyenv/versions/3.9.0/bin/objection", line 33, in
sys.exit(load_entry_point('objection==1.10.1', 'console_scripts', 'objection')())
File "/home/stephen/.pyenv/versions/3.9.0/bin/objection", line 25, in importlib_load_entry_point
return next(matches).load()
File "/home/stephen/.pyenv/versions/3.9.0/lib/python3.9/importlib/metadata.py", line 77, in load
module = import_module(match.group('module'))
File "/home/stephen/.pyenv/versions/3.9.0/lib/python3.9/importlib/init.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 1030, in _gcd_import
File "", line 1007, in _find_and_load
File "", line 986, in _find_and_load_unlocked
File "", line 680, in _load_unlocked
File "", line 790, in exec_module
File "", line 228, in _call_with_frames_removed
File "/home/stephen/.pyenv/versions/3.9.0/lib/python3.9/site-packages/objection/console/cli.py", line 8, in
from .repl import Repl
File "/home/stephen/.pyenv/versions/3.9.0/lib/python3.9/site-packages/objection/console/repl.py", line 15, in
from .commands import COMMANDS
File "/home/stephen/.pyenv/versions/3.9.0/lib/python3.9/site-packages/objection/console/commands.py", line 10, in
from ..commands import sqlite
File "/home/stephen/.pyenv/versions/3.9.0/lib/python3.9/site-packages/objection/commands/sqlite.py", line 7, in
from litecli.main import LiteCli
File "/home/stephen/.pyenv/versions/3.9.0/lib/python3.9/site-packages/litecli/main.py", line 13, in
from sqlite3 import OperationalError
File "/home/stephen/.pyenv/versions/3.9.0/lib/python3.9/sqlite3/init.py", line 23, in
from sqlite3.dbapi2 import *
File "/home/stephen/.pyenv/versions/3.9.0/lib/python3.9/sqlite3/dbapi2.py", line 27, in
from _sqlite3 import *
ModuleNotFoundError: No module named '_sqlite3'
stephen@ubuntu:~/hooker/com.yaotong.crackme$

3187 剑与远征 com.lilithgames.afk.aligames
23587 媒体存储 com.android.providers.media
3218 微信 com.tencent.mm
25374 用户字典 com.android.providers.userdictionary
25458 电话 com.google.android.dialer
1876 电话和短信存储 com.android.providers.telephony
1876 电话服务 com.android.phone
1547 系统界面 com.android.systemui
25374 联系人存储 com.android.providers.contacts
1058 设置存储 com.android.providers.settings
1819 谷歌拼音输入法 com.google.android.inputmethod.pinyin
26025 软件包安装程序 com.google.android.packageinstaller
1058 通话管理 com.android.server.telecom
22228 部落冲突 com.supercell.clashofclans
Enter the need to attach package.
: com.lilithgames.afk.aligames
It's com.lilithgames.afk.aligames that you have attached app.

Please enter e, s, j, c or ex command.
a: Discovering activities.
b: Discovering services.
c: Discovering object. eg:'c {objectId}'
d: Object2Explain. eg:'d {objectId}'
v: Discovering view. eg:'v {viewId}'
e: Determines whether a class exists. eg:'e android.app.Application'
s: Discovering classes by a class'regex. eg:'s com.tencent.mm.Message.*'
t: Discovering offspring classes by a class'name. eg:'t com.tencent.mm.BasicActivity'
j: Generating hooked js. eg:'j okhttp3.Request$Builder:build'
k: Generating hooked the string generation js with a keyword. eg:'k {YourKeyword}'
l: Generating hooked the param generation js with a param keyword. eg:'l {YourKeyword}'
m: Discovering so module.
ex: Exit to the upper layer. eg:'ex'
:
这个时候app已经死掉了
--------下面是原因
--------- beginning of crash
05-07 09:55:29.427 28006-28425/? A/libc: Fatal signal 11 (SIGSEGV), code 0, fault addr 0x6d66 in tid 28425 (Thread-2014)
05-07 09:55:29.487 459-459/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
05-07 09:55:29.488 459-459/? A/DEBUG: Build fingerprint: 'google/shamu/shamu:6.0.1/MMB29K/2419427:user/release-keys'
05-07 09:55:29.488 459-459/? A/DEBUG: Revision: '0'
05-07 09:55:29.488 459-459/? A/DEBUG: ABI: 'arm'
05-07 09:55:29.488 459-459/? A/DEBUG: pid: 28006, tid: 28425, name: Thread-2014 >>> com.lilithgames.afk.aligames <<<
05-07 09:55:29.488 459-459/? A/DEBUG: signal 11 (SIGSEGV), code 0 (SI_USER), fault addr 0x9c
05-07 09:55:29.499 459-459/? W/debuggerd: type=1400 audit(0.0:304982): avc: denied { search } for name="com.lilithgames.afk.aligames" dev="dm-0" ino=587545 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
05-07 09:55:29.499 459-459/? W/debuggerd: type=1400 audit(0.0:304983): avc: denied { search } for name="com.lilithgames.afk.aligames" dev="dm-0" ino=587545 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
05-07 09:55:29.509 459-459/? W/debuggerd: type=1400 audit(0.0:304984): avc: denied { search } for name="com.lilithgames.afk.aligames" dev="dm-0" ino=587545 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
05-07 09:55:29.529 459-459/? W/debuggerd: type=1400 audit(0.0:304985): avc: denied { search } for name="com.lilithgames.afk.aligames" dev="dm-0" ino=587545 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
05-07 09:55:29.529 459-459/? W/debuggerd: type=1400 audit(0.0:304986): avc: denied { search } for name="com.lilithgames.afk.aligames" dev="dm-0" ino=587545 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
05-07 09:55:29.529 459-459/? W/debuggerd: type=1400 audit(0.0:304987): avc: denied { search } for name="com.lilithgames.afk.aligames" dev="dm-0" ino=587545 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
05-07 09:55:29.529 459-459/? W/debuggerd: type=1400 audit(0.0:304988): avc: denied { search } for name="com.lilithgames.afk.aligames" dev="dm-0" ino=587545 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
05-07 09:55:29.539 459-459/? W/debuggerd: type=1400 audit(0.0:304989): avc: denied { search } for name="com.lilithgames.afk.aligames" dev="dm-0" ino=587545 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
05-07 09:55:29.539 459-459/? W/debuggerd: type=1400 audit(0.0:304990): avc: denied { search } for name="com.lilithgames.afk.aligames" dev="dm-0" ino=587545 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
05-07 09:55:29.549 459-459/? W/debuggerd: type=1400 audit(0.0:304991): avc: denied { search } for name="com.lilithgames.afk.aligames" dev="dm-0" ino=587545 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
05-07 09:55:29.549 459-459/? W/debuggerd: type=1400 audit(0.0:304992): avc: denied { search } for name="com.lilithgames.afk.aligames" dev="dm-0" ino=587545 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
05-07 09:55:29.549 459-459/? W/debuggerd: type=1400 audit(0.0:304993): avc: denied { search } for name="com.lilithgames.afk.aligames" dev="dm-0" ino=587545 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
05-07 09:55:29.549 459-459/? W/debuggerd: type=1400 audit(0.0:304994): avc: denied { search } for name="com.lilithgames.afk.aligames" dev="dm-0" ino=587545 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
05-07 09:55:29.549 459-459/? W/debuggerd: type=1400 audit(0.0:304995): avc: denied { search } for name="com.lilithgames.afk.aligames" dev="dm-0" ino=587545 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
05-07 09:55:29.559 459-459/? W/debuggerd: type=1400 audit(0.0:304996): avc: denied { search } for name="com.lilithgames.afk.aligames" dev="dm-0" ino=587545 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
05-07 09:55:29.610 459-459/? A/DEBUG: Abort message: 'art/runtime/thread.cc:1237] Native thread exited without calling

------问下怎么看到js log----

[('-p', 'com.android.settings'), ('-b', 'true')]
injecting radar.dex failure.
radar注入失败

打算再次扩展AndroidUI ，写一些自动化脚本，不知能否将radar.dex 开源。多谢

遇到一个app孵化了一个子进程，然后子进程又对父进程进行了trace。导致frida无法附加上去。

第一步：直接输入进程名发现，有两个相同的进程。（失败）
Enter the need to attach package.
: com.gome.eshopnew
It's com.gome.eshopnew that you have attached app.
Traceback (most recent call last):
File "hooker.py", line 93, in attach
online_session = rdev.attach(target)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/frida/core.py", line 26, in wrapper
return f(*args, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/frida/core.py", line 156, in attach
return Session(self._impl.attach(self._pid_of(target)))
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/frida/core.py", line 180, in _pid_of
return self.get_process(target).pid
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/frida/core.py", line 26, in wrapper
return f(*args, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/frida/core.py", line 110, in get_process
raise _frida.ProcessNotFoundError("ambiguous name; it matches: %s" % ", ".join(["%s (pid: %d)" % (process.name, process.pid) for process in matching]))
frida.ProcessNotFoundError: ambiguous name; it matches: com.gome.eshopnew (pid: 7661), com.gome.eshopnew (pid: 7743)

第二步：尝试通过进程号attach（失败）
Enter the need to attach package.
: 7661
It's 7661 that you have attached app.
Traceback (most recent call last):
File "hooker.py", line 91, in attach
online_session = frida.core.Session(rdev._impl.attach(pid))
frida.PermissionDeniedError: unable to access process with pid 7661 due to system restrictions; try sudo sysctl kernel.yama.ptrace_scope=0, or run Frida as root

思考：仔细一想可能主进程已经被traceing了........

第三步：验证猜想
~/hooker/com.gome.eshopnew$ adb shell
1|oxygen: su
1|oxygen: cat /proc/7661/status
Name: m.gome.eshopnew
State: S (sleeping)
Tgid: 7661
Pid: 7661
PPid: 744
TracerPid: 7743
Uid: 10122 10122 10122 10122
Gid: 10122 10122 10122 10122
Ngid: 0
FDSize: 256
Groups: 3001 3002 3003 9997 50122
VmPeak: 2304804 kB
VmSize: 2253688 kB

TracerPid果然是非0。这种情况需要想办法把孵化的那个子进程干掉，或者找到做ptrace的那个so硬改nop重打包安装。其他暂时没想到

如题

可以看 header 或者data cookies信息不

通过click.js hook到被点击View的真实VClass是android.support.v7.widget.AppCompatTextView，这个系统类，以及堆栈里都是系统类，对分析毫无帮助啊，我该怎么办？
ViewClz: android.support.v7.widget.AppCompatTextView
ViewId: 2131296475
------------startFlag:6fq79b4f,objectHash:obj:873346533,thread(id:1,name:main),timestamp:1619427614290---------------
public boolean android.view.View.performClick()
at android.view.View.performClick(Native Method)
at android.view.View$PerformClick.run(View.java:19866)
at android.os.Handler.handleCallback(Handler.java:739)
at android.os.Handler.dispatchMessage(Handler.java:95)
at android.os.Looper.loop(Looper.java:135)
at android.app.ActivityThread.main(ActivityThread.java:5254)
at java.lang.reflect.Method.invoke(Native Method)
at java.lang.reflect.Method.invoke(Method.java:372)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:905)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:700)
------------endFlag:6fq79b4f,usedtime:8---------------

建议大佬加一个可以指定端口参数
有些app会检测端口

双向认证进行./spawn keystore_dump.js，出现报错
Error: java.lang.ClassNotFoundException: Didn't find class "[java.security.cert.X509Certificate" on path: DexPathList[[zip file "/data/app/com.yuanrenxue.match2022-VRPl2zHSsrdhlLZsuj2BSg==/base.apk"],nativeLibraryDirectories=[/data/app/com.yuanrenxue.match2022-VRPl2zHSsrdhlLZsuj2BSg==/lib/arm64, /data/app/com.yuanrenxue.match2022-VRPl2zHSsrdhlLZsuj2BSg==/base.apk!/lib/arm64-v8a, /system/lib64, /vendor/lib64]]

报错，找不到这个文件