Last active
November 20, 2025 07:06
-
-
Save tiopex/db3cd1b508b53bb7e72811ef319d2bf4 to your computer and use it in GitHub Desktop.
UART communication on android using frida
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Install frida-server https://github.com/frida/frida on android and run as a root | |
| 2. install frida-tools on PC: `pip install frida-tools` | |
| 3. Get the id of the `com.ayaneo.gamewindow` process which is using UART communication: `frida-ps -U` | |
| 4. Run frida: frida.exe -U -p 3942 -l hook_serial_hex.js |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function hexAsciiDump(byteArray, length) { | |
| if (length <= 0) return; | |
| var out = ""; | |
| for (var i = 0; i < length; i += 16) { | |
| // offset | |
| out += ("0000" + i.toString(16)).slice(-4) + " "; | |
| var hexPart = ""; | |
| var asciiPart = ""; | |
| for (var j = 0; j < 16; j++) { | |
| if (i + j < length) { | |
| var b = byteArray[i + j]; | |
| if (b < 0) b += 256; | |
| hexPart += ("0" + b.toString(16)).slice(-2) + " "; | |
| if (b >= 0x20 && b <= 0x7e) { | |
| asciiPart += String.fromCharCode(b); | |
| } else { | |
| asciiPart += "."; | |
| } | |
| } else { | |
| hexPart += " "; | |
| asciiPart += " "; | |
| } | |
| } | |
| out += hexPart + " " + asciiPart + "\n"; | |
| } | |
| console.log(out); | |
| } | |
| Java.perform(function() { | |
| var FileInputStream = Java.use("java.io.FileInputStream"); | |
| var FileOutputStream = Java.use("java.io.FileOutputStream"); | |
| var targetPath = "/dev/ttyHS4"; | |
| FileOutputStream.$init.overload('java.io.File').implementation = function(file) { | |
| var path = file.getAbsolutePath(); | |
| if (path.indexOf(targetPath) !== -1) { | |
| console.log("[*] FileOutputStream open for /dev/ttyHS4"); | |
| } | |
| return this.$init(file); | |
| }; | |
| FileOutputStream.write.overload('[B').implementation = function(data) { | |
| console.log("[WRITE] len:", data.length); | |
| hexAsciiDump(data, data.length); | |
| return this.write(data); | |
| }; | |
| FileInputStream.$init.overload('java.io.File').implementation = function(file) { | |
| var path = file.getAbsolutePath(); | |
| if (path.indexOf(targetPath) !== -1) { | |
| console.log("[*] FileInputStream open for /dev/ttyHS4"); | |
| } | |
| return this.$init(file); | |
| }; | |
| FileInputStream.read.overload('[B').implementation = function(buf) { | |
| var ret = this.read(buf); | |
| if (ret > 0) { | |
| console.log("[READ] len:", ret); | |
| hexAsciiDump(buf, ret); | |
| } | |
| return ret; | |
| }; | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment