wip compare class laoder

frida/theseus_frida/__init__.py

@@ -59,6 +59,8 @@ def on_message(message, data, data_storage: dict, file_storage: Path):
     elif message["type"] == "send" and message["payload"]["type"] == "classloader-done":
         global CLASSLOADER_DONE
         CLASSLOADER_DONE = True
+    elif message["type"] == "send" and message["payload"]["type"] == "app_info":
+        handle_app_info(message["payload"]["data"], data_storage)
     else:
         print("[-] message:", message)
 
@@ -234,6 +236,14 @@ def handle_load_dex(data, data_storage: dict, file_storage: Path):
     )
 
 
+def handle_app_info(data, data_storage: dict):
+    data["actualSourceDir"] = data["sourceDir"].removesuffix("/base.apk")
+    data_storage["app_info"] = data
+    print("[+] Received app info:")
+    for k in data.keys():
+        print(f"    {k}: {data[k]}")
+
+
 def setup_frida(device_name: str, env: dict[str, str], adb: str) -> frida.core.Device:
     if device_name != "":
         device = frida.get_device(device_name)
@@ -424,7 +434,7 @@ def collect_runtime(
     cls = {}
     for cl in data_storage["classloaders"]:
         # This is verry doubious
-        if cl["cname"] == "dalvik.system.PathClassLoader":
+        if cl["cname"] == "Ldalvik/system/PathClassLoader;":
             zip_files = list(
                 map(
                     lambda s: s.removeprefix('zip file "').removesuffix('"'),

frida/theseus_frida/hook.js

@@ -1,6 +1,7 @@
 const sended_class_loaders = new Set();
 
 function send_class_loader(cl) {
+  get_app_info();
   const System = Java.use('java.lang.System');
   let cl_id = System.identityHashCode(cl);
   while (cl != null && !sended_class_loaders.has(cl_id)) {
@@ -9,7 +10,7 @@ function send_class_loader(cl) {
       "id": cl_id,
       "parent_id": System.identityHashCode(parent_),
       "str": cl.toString(),
-      "cname": cl.$className
+      "cname": cl.getClass().descriptorString()
     }});
     sended_class_loaders.add(cl_id);
     cl = parent_;
@@ -26,6 +27,37 @@ function dump_classloaders() {
   });
 }
 
+let info_sent = false
+function get_app_info() {
+  if (info_sent) {
+    return;
+  }
+  var app = Java.use('android.app.ActivityThread').currentApplication();
+  if (app == null) {
+    return;
+  }
+  var context = app.getApplicationContext();
+  if (context == null) {
+    return;
+  }
+  var appinfo = context.getApplicationInfo();
+  if (appinfo == null) {
+    return;
+  }
+  send({"type": "app_info", "data": {
+    "dataDir": appinfo.dataDir.value,
+    "deviceProtectedDataDir": appinfo.deviceProtectedDataDir.value,
+    "nativeLibraryDir": appinfo.nativeLibraryDir.value,
+    "publicSourceDir": appinfo.publicSourceDir.value,
+    "sharedLibraryFiles": appinfo.sharedLibraryFiles.value,
+    "sourceDir": appinfo.sourceDir.value,
+    "splitNames": appinfo.splitNames.value,
+    "splitPublicSourceDirs": appinfo.splitPublicSourceDirs.value,
+    "splitSourceDirs": appinfo.splitSourceDirs.value,
+  }});
+  info_sent = true;
+}
+
 /* ----- Frida Native Class Loading -----
  * Broken, for some ineffable frida-android reason.
 function registerStackConsumer() {
@@ -117,6 +149,8 @@ Java.perform(() => {
   const System = Java.use('java.lang.System');
   */
 
+
+
   const StackWalker = Java.use('java.lang.StackWalker');
   const StackWalkerOptions = Java.use('java.lang.StackWalker$Option');
   const StackWalkerOptionsShowHidden = StackWalkerOptions.valueOf("SHOW_HIDDEN_FRAMES");
@@ -304,7 +338,8 @@ Java.perform(() => {
     let classloader_class = null;
     let classloader_id = System.identityHashCode(loader);
     if (loader !== null) {
-      send_class_loader(loader);
+      // send_class_loader(loader); // Sending names before the end of the initialization 
+	                            // collect the wrong string representation !
       classloader_class = loader.getClass().descriptorString();
     }
     send({