Shellblock

https://github.com/frida

夜神Frida

先adb连上夜神，看看它是什么系统

adb connect 127.0.0.1:62001
adb shell getprop ro.product.cpu.abi

把对应的 fridaServer拷进去

adb push frida-server-14.2.18-android-x86 /data/local/tmp/frida-server

运行框架

adb shell
su
cd /data/local/tmp
chmod 755 frida-server
./frida-server

映射端口

adb forward tcp:27042 tcp:27042

雷电Frida

adb connect 127.0.0.1:5557
adb shell getprop ro.product.cpu.abi

把对应的 fridaServer拷进去

adb push frida-server /data/local/tmp

运行框架

adb shell
cd /data/local/tmp
chmod 777 frida-server
./frida-server

映射端口

adb forward tcp:27042 tcp:27042

ks sig3接口

需要用到的文件：

• https://101022.xyz/ks-sig3
• https://raw.githubusercontent.com/leafTheFish/DeathNote/main/ksjsb_v2.js

Python环境下运行

python api.py

sig3url ＝'http://127.0.0.1:5000?str=' 端口可以自行修改文件

sig3调用

let res = appver=9.10.10.2342&isp=CMCC&language=zh-cn&ud=${ud}&did_tag=7&egid=${egid}did=${did}&activityId=148&cs=false&client_key=2ac2a76d&os=android&kuaishou.api_st=${token}&token=${token}
   let sign = await getsig3('/rest/r/reward/task/getActivityReward', res)