ios使用frida-rpc

ios应用使用frida实现rpc，server端：

const express = require('express');
const frida = require('frida');
const app = express();
const port = 3000;

// 使用 bodyParser 来解析 POST 请求的 JSON 数据
const bodyParser = require('body-parser');
app.use(bodyParser.json());

// 与设备建立连接
async function connectToFrida() {
    try {
        const device = await frida.getUsbDevice();
        console.log('Connected to device');
        return device;
    } catch (error) {
        console.error('Error connecting to device:', error);
    }
}

// 启动脚本
async function startFridaScript(device) {
    try {
        // 连接目标进程
        const session = await device.attach('OneTravel');
        const script = await session.createScript(`
            var targetClass = ObjC.classes.UPARSA;
            var targetMethod = targetClass['+ encryptString:publicKey:'];
            Interceptor.attach(targetMethod.implementation, {
                onEnter: function(args) {
                    var inputString = ObjC.Object(args[2]).toString();
                    var publicKey = ObjC.Object(args[3]).toString();
                    console.log("Hooked encryptString:publicKey: called!");
                    console.log("Input String: " + inputString);
                    console.log("Public Key: " + publicKey);
                },
                onLeave: function(retval) {
                    if (retval) {
                        console.log("Returning from encryptString:publicKey:");
                        console.log("Encrypted String: " + ObjC.Object(retval).toString());
                    }
                }
            });
            
            // 通过 rpc.exports 导出加密方法供外部调用
            rpc.exports = {
                encryptString: function(inputString, publicKey) {
                    var result = targetMethod.call(targetClass,inputString, publicKey)
                    return result.toString();
                    
          
                }
            };

        `);

        await script.load();
        return script;
    } catch (error) {
        console.error('Error starting Frida script:', error);
    }
}

// 路由：接收加密请求
app.post('/encrypt', async (req, res) => {
    const {input, publicKey} = req.body;

    if (!input || !publicKey) {
        return res.status(400).json({error: 'Input and publicKey are required'});
    }

    try {
        // 连接到 Frida 设备
        const device = await connectToFrida();

        // 启动 Frida 脚本
        const script = await startFridaScript(device);

        // 调用 Frida 脚本中的 encryptString 方法
        const encrypted = await script.exports.encryptString(input, publicKey);

        res.json({encryptedString: encrypted});
    } catch (error) {
        console.error('Error during encryption:', error);
        res.status(500).json({error: 'Internal server error'});
    }
});

// 启动 HTTP 服务器
app.listen(port, () => {
    console.log(`Server running at http://localhost:${port}`);
});

client端：

import requests

json_data = {
    'input': '17872855633',
    'publicKey': "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3yWkNvyIYZMLLm4BJdt7DaD/3\nkxPXkjuvPcsd8aVeoRb4RIFEUZhXCbppEuhGAAgJoaZtMaFEn9pSByQ8V7AaOIZT\nqDlSus8R1yXOMsotYG7bTgLbaPMB1wGgrn95woNZzZP9tYZ84oBi8Nm5pofEhZ/W\nImT1HOLVP5EtGG6lbwIDAQAB\n-----END PUBLIC KEY-----\n",
}

response = requests.post('http://localhost:3000/encrypt', json=json_data)
print(response.text)