# -*- coding: UTF-8 -*-

from·fastapi import FastAPI
import uvicorn
import frida

jsCode = """

function hookTest(username, passward){
var result;
Java.perform(function(){

var time = new Date().getTime();
time = '1597582774344';

var string = Java.use('java.lang.String');
var signData = string.$new('equtype=ANDROID&loginImei=Android352689082129358&timeStamp=' +
time + '&userPwd=' + passward + '&username=' + username + '&key=sdlkjsdljf0j2fsjk');

var Utils = Java.use('com.dodonew.online.util.Utils');
var sign = Utils.md5(signData).toUpperCase();
console.log('sign: ', sign);

var encryptData = '{"equtype":"ANDROID","loginImei":"Android352689082129358","sign":"'+
sign +'","timeStamp":"'+ time +'","userPwd":"' + passward + '","username":"' + username + '"}';

var RequestUtil = Java.use('com.dodonew.online.http.RequestUtil');
var Encrypt = RequestUtil.encodeDesMap(encryptData, '65102933', '32028092');
console.log('Encrypt: ', Encrypt);
result = Encrypt;
});
return result;
}
rpc.exports = {
xiaobai: hookTest
};

""";

#调用frida脚本 链接多个设备
process = frida.get_device_manager().add_remote_device('192.168.1.11:27042').attach("com.dodonew.online")
script = process.create_script(jsCode)
print('[*] Running 小白')
script.load()

app = FastAPI()

@app.get("/get") #注意这里url上没有定义参数
async def getEchoApi(item_id, item_user, item_pass):
#fastapi会聪明的发现它不是URL参数,然后自动将他识别为param参数
#RPC远程调用
result = script.exports.xiaobai(item_user, item_pass)
return {"item_id": item_id, "item_retval": result}

if __name__ == '__main__':
uvicorn.run(app, port = 8080)