Improve Frida util #3365
Description
Specify Overload
In MASTG-DEMO-0058 this doesn't seem to be causing trouble here but we definitely need to be able to specify an overload and maybe, if empty, try to hook all.
In MASTG-DEMO-0002 this is a problem though.
var target = {
category: "STORAGE",
demo: "0002",
hooks: [
{
class: "android.content.ContentResolver",
methods: [
"insert"
]
}
]
};It hooks both the 2 and 3 input args overloads.
Recursive Get Input/Return Argument Values
If one of the inputParameters or returnValue are objects and we need their values we won't be able to see them now.
var target = {
category: "STORAGE",
demo: "0002",
hooks: [
{
class: "android.content.ContentResolver",
methods: [
"insert"
],
maxDepth: 1 // Added maxDepth property to recursively decode objects up to 1 level deep
}
]
};In this case android.content.ContentValues would reveal what we're looking for. So instead of this:
"inputParameters": [
{
"type": "android.net.Uri",
"value": "content://media/external/downloads"
},
{
"type": "android.content.ContentValues",
"value": "<instance: android.content.ContentValues>"
}
],We'd see something like this:
"inputParameters": [
{
"type": "android.net.Uri",
"value": "content://media/external/downloads"
},
{
"type": "android.content.ContentValues",
"value": {
"__class": "android.content.ContentValues",
"_display_name": "secretFile86.txt",
"mime_type": "text/plain",
"relative_path": "Download"
}
}
],If that still isn't what we're looking for we could set maxDepth: 2 and so on.
Decode Flags
Sometimes there are interesting flags we need to decode. We can decide if frida should decode them or we can do it after the json was created.
For example in https://mas.owasp.org/MASTG/demos/android/MASVS-RESILIENCE/MASTG-DEMO-0027/MASTG-DEMO-0027
// Map flag values to names
const flagNames = {
[Authenticators.BIOMETRIC_WEAK.value]: "BIOMETRIC_WEAK",
[Authenticators.BIOMETRIC_STRONG.value]: "BIOMETRIC_STRONG",
[Authenticators.DEVICE_CREDENTIAL.value]: "DEVICE_CREDENTIAL"
};
// Map result codes to messages
const resultMessages = {
[BiometricManager.BIOMETRIC_SUCCESS.value]: "BIOMETRIC_SUCCESS",
[BiometricManager.BIOMETRIC_ERROR_NO_HARDWARE.value]: "BIOMETRIC_ERROR_NO_HARDWARE",
[BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE.value]: "BIOMETRIC_ERROR_HW_UNAVAILABLE",
[BiometricManager.BIOMETRIC_ERROR_NONE_ENROLLED.value]: "BIOMETRIC_ERROR_NONE_ENROLLED"
};or https://mas.owasp.org/MASTG/demos/ios/MASVS-AUTH/MASTG-DEMO-0044/MASTG-DEMO-0044/
const AccessControlFlags = {
kSecAccessControlUserPresence: 1 << 0,
kSecAccessControlBiometryAny: 1 << 1,
kSecAccessControlBiometryCurrentSet: 1 << 3,
kSecAccessControlDevicePasscode: 1 << 4,
kSecAccessControlWatch: 1 << 5,
kSecAccessControlOr: 1 << 14,
kSecAccessControlAnd: 1 << 15,
kSecAccessControlPrivateKeyUsage: 1 << 30,
kSecAccessControlApplicationPassword: 1 << 31,
};Valid JSON
We must ensure that we output a valid output.json. Now it's like:
{ ... }It should be:
[
{ ... },
...
]Interceptor
We need support for Interceptor. See MASTG-DEMO-0002
[*] open called to open a file from external storage at: /storage/emulated/0/Android/data/org.owasp.mastestapp/files/secret.txt
Backtrace:
libcore.io.Linux.open(Native Method)
libcore.io.ForwardingOs.open(ForwardingOs.java:563)
libcore.io.BlockGuardOs.open(BlockGuardOs.java:274)
libcore.io.ForwardingOs.open(ForwardingOs.java:563)
android.app.ActivityThread$AndroidOs.open(ActivityThread.java:8063)
libcore.io.IoBridge.open(IoBridge.java:560)
java.io.FileOutputStream.<init>(FileOutputStream.java:236)
java.io.FileOutputStream.<init>(FileOutputStream.java:186)
org.owasp.mastestapp.MastgTest.mastgTestApi(MastgTest.kt:26)