/** * TikTok Event Logger * This file fetches the frida event and eventv3 lo

1. /**
2.  * TikTok Event Logger
3.  * This file fetches the frida event and eventv3 logs and outputs each event as JSON + \n to ./output.txt
4.  * It hookes com.ss.android.common.applog.g.insertEvent and sends it to the onMessage listener which does the actual I/O
5.  *
6.  * Prerequisites:
7.  * Have frida-server installed
8.  * Make sure you've run have setenforce 0 via adb shell
9.  * Run frida -U -n com.zhiliaoapp.musically -l ./index.js
10.  *
11.  */
12. 'use strict'
13.  
14. const fs = require('fs')
15. const frida = require('frida')
16.  
17. const current = {
18.   device: null,
19.   pid: null,
20.   script: null
21. };
22.  
23. async function main() {
24.   process.on('SIGTERM', stop);
25.   process.on('SIGINT', stop);
26.  
27.   const device = await frida.getUsbDevice();
28.   current.device = device;
29.   device.output.connect(onOutput);
30.   console.log(device)
31.  
32.   const application = await device.getFrontmostApplication();
33.   console.log('[*] Frontmost application:', application);
34.   console.log('[*] spawn()');
35.   const pid = application.pid
36.   if (application.identifier !== 'com.zhiliaoapp.musically') {
37.     console.error('TikTok isnt the active app. Ending.')
38.     stop()
39.   }
40.   // let pid = 'com.zhiliaoapp.musically' // await device.spawn(['com.zhiliaoapp.musically'])
41.   console.log('PID is: ', pid)
42.   current.pid = pid;
43.  
44.   console.log(`[*] attach(${pid})`);
45.   const session = await device.attach(pid);
46.   session.detached.connect(onDetached);
47.  
48.   console.log(`[*] createScript()`);
49.   const script = await session.createScript(`
50.   if (Java.available) {
51.     Java.perform(function () {
52.         var EventLogger = Java.use('com.ss.android.common.applog.g');
53.         EventLogger.insertEvent.implementation = function (m) {
54.           var event = {
55.             category: m.category.value,
56.             ext_json: m.ext_json.value,
57.             ext_value: m.ext_value.value,
58.             id: m.id.value,
59.             instant_only: m.instant_only.value,
60.             label: m.label.value,
61.             mHasTimelySend: m.mHasTimelySend.value,
62.             session_id: m.session_id.value,
63.             tag: m.tag.value,
64.             teaEventIndex: m.teaEventIndex.value,
65.             timestamp: m.timestamp.value,
66.             user_id: m.user_id.value,
67.             value: m.value.value,
68.           }
69.           send(event)
70.           return this.insertEvent(m)
71.         }
72.     })
73.   }
74. `);
75.   current.script = script;
76.   script.message.connect(onMessage);
77.   await script.load();
78.  
79. }
80.  
81. function stop() {
82.   const { device, script } = current;
83.  
84.   if (script !== null) {
85.     script.unload();
86.     current.script = null;
87.   }
88.  
89.   if (device !== null) {
90.     device.output.disconnect(onOutput);
91.     current.device = null;
92.   }
93. }
94.  
95. function onOutput(pid, fd, data) {
96.   if (pid !== current.pid)
97.     return;
98.  
99.   let description;
100.   if (data.length > 0)
101.     description = '"' + data.toString().replace(/\n/g, '\\n') + '"';
102.   else
103.     description = '<EOF>';
104.   console.log(`[*] onOutput(pid=${pid}, fd=${fd}, data=${description})`);
105. }
106.  
107. function onDetached(reason) {
108.   console.log(`[*] onDetached(reason='${reason}')`);
109.   current.device.output.disconnect(onOutput);
110. }
111.  
112. function onMessage(message, data) {
113.   console.log('[*] onMessage() message:', message, 'data:', data);
114.   fs.appendFileSync('output-fresh.txt', `\n${JSON.stringify(message.payload)}`, 'utf8')
115. }
116.  
117. main()
118.   .catch(e => {
119.     console.error(e);
120.   });