a frida hook for iOBD2 Android app
iOBD2这个万年不更新的app,
实在是不好用,
反编译重写又不是我的强项,
先把想要的数据dump出来吧,
····
····
"use strict";
console.log("Waiting for Java..");
Java.perform(function() {
var Log = Java.use("android.util.Log");
Log.v("hook-frida-lief", "Have fun!");
try {
var mLat = 0;
var mLog = 0;
var alt = 0;
var carpath = Java.use("com.xtooltech.ui.OBDUIManager");
var dashboard = Java.use("com.obd2.mydashboard.ui.OBDDashboardActivity");
dashboard.startDashBoardActivity.implementation = function() {
this.startDashBoardActivity();
carpath.setCarpath("startBaiduCarpath");
carpath.$dispose;
Log.v("hook-dashboard", "force start baidu carpath!");
};
dashboard.unConnectionAttention.implementation = function(var1) {
Log.v("hook-dashboard", "disable activity unConnection Attention!");
};
dashboard.$dispose;
var baidu = Java.use(
"com.obd2.floating.OBDBaiduPathManager$MyLocationListenner"
);
baidu.onReceiveLocation.implementation = function(var1) {
Java.choose("com.obd2.floating.OBDBaiduPathManager", {
onMatch: function(instance) {
instance.mLat.value = var1.getLatitude();
instance.mLog.value = var1.getLongitude();
mLat = var1.getLatitude();
mLog = var1.getLongitude();
alt = var1.getAltitude();
if (alt == "5e-324") {
alt = "";
}
},
onComplete: function() {}
});
};
baidu.$dispose;
Log.v(
"hook-obd-data",
"log v! col1 getIgnitionTiming,getRpm,getSpeed,getWaterTemperature,getThrottlePercentage,getEngineLoad,getMassAirFlow,getIntakeAirTemp,getAirPressure,getVoltage,getDtcCount,getAllTime,getPhasemileage,getStageFuel,getStaticFuel,getDynamicFuel,getIsSensor,getSensorNum,getAcc,getRunTime,getCO2Quality,getAvgFuel,col2 col3 col4 col5 col6"
);
var Chemi = function(var2) {
if (!var2) {
Log.v(
"hook-refreshChemiUI",
"null echo test! lat: " + mLat + ", log: " + mLog
);
return;
}
Log.v(
"hook-obd-data",
alt +
"," +
mLat +
"," +
mLog +
"," +
var2.getIgnitionTiming() +
"," +
var2.getRpm() +
"," +
var2.getSpeed() +
"," +
var2.getWaterTemperature() +
"," +
var2.getThrottlePercentage() +
"," +
var2.getEngineLoad() +
"," +
var2.getMassAirFlow() +
"," +
var2.getIntakeAirTemp() +
"," +
var2.getAirPressure() +
"," +
var2.getVoltage() +
"," +
var2.getDtcCount() +
"," +
var2.getAllTime() +
"," +
var2.getPhasemileage() +
"," +
var2.getStageFuel() +
"," +
var2.getStaticFuel() +
"," +
var2.getDynamicFuel() +
"," +
var2.getIsSensor() +
"," +
var2.getSensorNum() +
"," +
var2.getAcc() +
"," +
var2.getRunTime() +
"," +
var2.getCO2Quality() +
"," +
var2.getAvgFuel()
);
};
var sports = Java.use("com.obd2.mydashboard.ui.OBDSportsModelManager");
sports.refreshChemiUI.implementation = function(var2) {
this.refreshChemiUI(var2);
Chemi(var2);
};
var buffList = function(var1) {
var ret = "\n";
for (var i = 0; i < var1.size(); ++i) {
ret = ret + var1.get(i) + "\n";
}
return ret;
};
sports.getData.implementation = function() {
Log.v("hook-sports", "try to add obd commands!");
var ret = this.getData();
var var2 = this.mDiagnosisCommand.value;
Log.v("hook-sports", "find old commands: " + buffList(var2));
// var ArrayList = Java.use("java.util.ArrayList");
// var var2 = ArrayList.$new();
var items1 = DataArray.$new("0x00,0x00,0x00,0x00,0x00,0x42");
var2.add(items1);
var items2 = DataArray.$new("0x00,0x00,0x00,0x02,0x00,0x00");
var2.add(items2);
var items3 = DataArray.$new("0x00,0x00,0x00,0x00,0x00,0x10");
var2.add(items3);
var items4 = DataArray.$new("0x00,0x00,0x00,0x00,0x00,0x0E");
var2.add(items4);
Log.v(
"hook-sports",
"hook done! with new commans: " + buffList(this.mDiagnosisCommand.value)
);
var cls = Java.use("com.obd2.mydashboard.ui.OBDSportsModelManager");
Log.v(
"hook-sports",
"debug static value: " + buffList(cls.mDiagnosisCommand.value)
);
cls.$dispose;
return ret;
};
sports.$dispose;
Log.v("hook-process", "sports mode done!");
var DataArray = Java.use("com.obd2.comm.DataArray");
var obdcommand = Java.use("com.obd2.mydashboard.ui.OBDObtainDiagnosisData");
obdcommand.obtainCurrentCommandSets.implementation = function(var1, var2) {
// setIdlingVoltage("0x00,0x00,0x00,0x00,0x00,0x42")
// setIdlingFuelConsumption("0x00,0x00,0x00,0x02,0x00,0x00")
// setIdlingInletAirFlow("0x00,0x00,0x00,0x00,0x00,0x10")
// setIdlingIgnitionAdvanceAngle("0x00,0x00,0x00,0x00,0x00,0x0E")
Log.v("hook-obd-command", "done hooked obd commands!");
var ret = this.obtainCurrentCommandSets("100", var2);
Log.v("hook-obd-command", "changed obd type");
return ret;
};
var edite = Java.use("com.obd2.mydashboard.ui.OBDEditeModeManager");
edite.refreshChemiUI.implementation = function(var2, var3, var4, var5) {
this.refreshChemiUI(var2, var3, var4, var5);
Chemi(var2);
};
edite.$dispose;
Log.v("hook-process", "edite mode done!");
var idling = Java.use("com.obd2.mydashboard.ui.OBDIdlingModeManager");
idling.refreshDataChemi.implementation = function(var2) {
this.refreshDataChemi(var2);
Chemi(var2);
};
idling.$dispose;
Log.v("hook-process", "idling mode done!");
Chemi(null);
Log.v("hook-chemi", "chemi echo test done!");
var dashboardservice = Java.use(
"com.obd2.mydashboard.ui.OBDDashBoardService"
);
dashboardservice.getDashBoardCommandItems.implementation = function() {
Log.v("hook-dash", "try to modify mflag value!");
this.getDashBoardCommandItems();
Log.v("hook-dash", "mFlag value: " + this.mFlag.value);
};
dashboardservice.onCreate.implementation = function() {
this.onCreate();
Log.v("hook-ds-service", "change create");
};
dashboardservice.$dispose;
Log.v("hook-dash", "hook done!");
var std = Java.use("com.obd2.diagnostic.std.DataStream_STD");
std.packDashBoardItem.implementation = function(var1, var2){
Log.v("hook-std", "get obd from: "+var2);
var ret = this.packDashBoardItem(var1, var2);
return ret;
};
std.$dispose;
Log.v("hook-std", "change std obd command!");
} catch (e) {
Log.v("hook-firda", e.message);
}
});