-
Notifications
You must be signed in to change notification settings - Fork 10
Home
Physics edited this page May 5, 2020
·
10 revisions
#! /usr/bin/env python3
# -*- coding: utf-8 -*-
import sys
import time
try:
import frida
except ImportError:
sys.exit('install frida\nsudo python3 -m pip install frida')
def err(msg):
sys.stderr.write(msg + '\n')
def on_message(message, data):
if message['type'] == 'error':
err('[!] ' + message['stack'])
elif message['type'] == 'send':
print('[+] ' + message['payload'])
else:
print(message)
def main():
target_process = sys.argv[1]
device = frida.get_usb_device()
try:
started = False
session = device.attach(target_process)
except frida.ProcessNotFoundError:
print('Starting process {}...\n'.format(target_process))
started = True
try:
pid = device.spawn([target_process])
except frida.NotSupportedError:
sys.exit('An error ocurred while attaching with the procces\n')
session = device.attach(pid)
script = session.create_script("""
Java.perform(function () {
<Your Javascript Code>
});
""")
script.on('message', on_message)
print('[!] Press <Enter> at any time to detach from instrumented program.\n\n')
script.load()
if started:
device.resume(pid)
input()
session.detach()
if __name__ == '__main__':
if len(sys.argv) != 2:
usage = 'usage {} <process name or PID>\n\n'.format(__file__)
sys.exit(usage)
main()var someClass = Java.use("some.package.class");
someClass.methodName.implementation = function (param1) {
var returned = this.methodName.apply(this, arguments);
console.log('method was called with the param: ' + param1 + ' and returned: ' + returned);
console.log('');
return returned;
}var someClass = Java.use("some.package.class");
obj = someClass.$new();
obj.instanceMethod(null);Java.choose("some.package.class" , {
onMatch : function(instance){ //This function will be called for every instance found by frida
console.log("Found instance: " + instance);
},
onComplete:function(){}
});var URL = Java.use("java.net.URL");
URL.$init.overload('java.lang.String').implementation = function (stringUrl) {
console.log(stringUrl);
console.log("");
return this.$init(stringUrl);
}; ...
textParam = input()
script = session.create_script("""
Java.perform(function () {
someTextFromPython = "%s";
console.log(someTextFromPython);
});
""" % textParam)Java.perform(function () {
var someClass = Java.use("some.package.someClass");
var result = someClass.someClassMethod();
send(result);
});def on_message(message, data):
if message['type'] == 'error':
err('[!] ' + message['stack'])
elif message['type'] == 'send':
resultFromInstrumentedClass = message['payload'] # <---- handle the recived data
else:
print(message)script = session.create_script("""
...
// function that handles the data
recv('input', function(data) {
console.log(data.payload)
});
...
""")
script.on('message', on_message)
script.load()
...
script.post({'type': 'input', 'payload': someData}) # <-- send the datasomeUnknownObject = class.method(param1,param2);
console.log(JSON.stringify(someUnknownObject));