From 606c635a91012c590317418cc536b4138e9f1326 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Mon, 16 Jun 2025 14:59:07 +0200 Subject: [PATCH] fix for several issues --- frida/theseus_frida/__init__.py | 2 +- patcher/Cargo.lock | 84 ++++++++++++++++++++++++++++++--- patcher/Cargo.toml | 1 + patcher/src/bin/patcher.rs | 40 ++++++++++++++-- patcher/src/runtime_data.rs | 2 +- 5 files changed, 118 insertions(+), 11 deletions(-) diff --git a/frida/theseus_frida/__init__.py b/frida/theseus_frida/__init__.py index d77ad12..19b8ef3 100644 --- a/frida/theseus_frida/__init__.py +++ b/frida/theseus_frida/__init__.py @@ -335,7 +335,7 @@ def collect_runtime( "cnstr_new_inst_data": [], "dyn_code_load": [], "classloaders": {}, - "app_info": {}, + "app_info": None, } try: env = dict(os.environ) diff --git a/patcher/Cargo.lock b/patcher/Cargo.lock index b86527a..2cf0d24 100644 --- a/patcher/Cargo.lock +++ b/patcher/Cargo.lock @@ -136,7 +136,7 @@ dependencies = [ "anyhow", "flate2", "log", - "rand", + "rand 0.8.5", ] [[package]] @@ -154,6 +154,12 @@ dependencies = [ "windows-targets", ] +[[package]] +name = "bitflags" +version = "2.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b8e56985ec62d17e9c1001dc89c88ecd7dc08e47eba5ec7c29c7b5eeecde967" + [[package]] name = "block-buffer" version = "0.10.4" @@ -335,7 +341,19 @@ checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "libc", - "wasi", + "wasi 0.11.0+wasi-snapshot-preview1", +] + +[[package]] +name = "getrandom" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4" +dependencies = [ + "cfg-if", + "libc", + "r-efi", + "wasi 0.14.2+wasi-0.2.4", ] [[package]] @@ -438,6 +456,7 @@ dependencies = [ "clap", "env_logger", "log", + "rand 0.9.1", "serde", "serde_json", ] @@ -484,6 +503,12 @@ dependencies = [ "proc-macro2", ] +[[package]] +name = "r-efi" +version = "5.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5" + [[package]] name = "rand" version = "0.8.5" @@ -491,8 +516,18 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" dependencies = [ "libc", - "rand_chacha", - "rand_core", + "rand_chacha 0.3.1", + "rand_core 0.6.4", +] + +[[package]] +name = "rand" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9fbfd9d094a40bf3ae768db9361049ace4c0e04a4fd6b359518bd7b73a73dd97" +dependencies = [ + "rand_chacha 0.9.0", + "rand_core 0.9.3", ] [[package]] @@ -502,7 +537,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" dependencies = [ "ppv-lite86", - "rand_core", + "rand_core 0.6.4", +] + +[[package]] +name = "rand_chacha" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" +dependencies = [ + "ppv-lite86", + "rand_core 0.9.3", ] [[package]] @@ -511,7 +556,16 @@ version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" dependencies = [ - "getrandom", + "getrandom 0.2.15", +] + +[[package]] +name = "rand_core" +version = "0.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38" +dependencies = [ + "getrandom 0.3.3", ] [[package]] @@ -665,6 +719,15 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +[[package]] +name = "wasi" +version = "0.14.2+wasi-0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3" +dependencies = [ + "wit-bindgen-rt", +] + [[package]] name = "windows-sys" version = "0.59.0" @@ -738,6 +801,15 @@ version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" +[[package]] +name = "wit-bindgen-rt" +version = "0.39.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1" +dependencies = [ + "bitflags", +] + [[package]] name = "zerocopy" version = "0.8.24" diff --git a/patcher/Cargo.toml b/patcher/Cargo.toml index 89505c3..9176ec7 100644 --- a/patcher/Cargo.toml +++ b/patcher/Cargo.toml @@ -16,6 +16,7 @@ env_logger = "0.11.6" serde = "1.0.217" serde_json = "1.0.138" log = "0.4.25" +rand = "0.9.1" [profile.minsizerelease] inherits = "release" diff --git a/patcher/src/bin/patcher.rs b/patcher/src/bin/patcher.rs index d6c9fb5..ba01b83 100644 --- a/patcher/src/bin/patcher.rs +++ b/patcher/src/bin/patcher.rs @@ -1,4 +1,6 @@ use anyhow::Context; +use log::warn; +use rand::distr::{Alphanumeric, SampleString}; use std::collections::HashMap; use std::fs::File; use std::io::{Cursor, Read}; @@ -56,7 +58,16 @@ fn main() { // Reflection let mut test_methods = HashMap::new(); - let test_class = IdType::class("theseus/T"); + // Generate a new, unique name + let test_class = loop { + let ty = IdType::class(&format!( + "theseus/{}/T", + Alphanumeric.sample_string(&mut rand::rng(), 16), + )); + if apk.get_class(&ty).is_none() { + break ty; + } + }; for method in rt_data.get_method_referenced().iter() { if let Some(class) = apk.get_class_mut(&method.class_) { //println!("{:#?}", class.direct_methods.keys()); @@ -76,7 +87,18 @@ fn main() { }) .unwrap() }; - transform_method(method, &rt_data, test_class.clone(), &mut test_methods).unwrap(); + // May be native method or other kind of android shenanigan. + if method.code.is_some() { + if let Err(err) = + transform_method(method, &rt_data, test_class.clone(), &mut test_methods) + { + warn!( + "Failed to patch method {}: {}", + method.descriptor.__str__(), + err + ); + }; + } } } let mut class = Class::new(test_class.get_name()).unwrap(); @@ -85,7 +107,19 @@ fn main() { .into_values() .map(|v| (v.descriptor.clone(), v)) .collect(); - apk.add_class("classes.dex", class).unwrap(); + // Add the new testing class in a separateed dex file to avoid breaking + // the dex method limit. + // TODO: check the number of methods in the existing dex files to avoid generated + // a new one each time. + let mut i = 2; + let new_dex_name = loop { + let name = format!("classes{}.dex", i); + if !apk.dex_files.contains_key(&name) { + break name; + }; + i += 1; + }; + apk.add_class(&new_dex_name, class).unwrap(); let mut dex_files = vec![]; let mut files = apk.gen_raw_dex().unwrap(); let mut i = 0; diff --git a/patcher/src/runtime_data.rs b/patcher/src/runtime_data.rs index 1c309fb..c5c3691 100644 --- a/patcher/src/runtime_data.rs +++ b/patcher/src/runtime_data.rs @@ -15,7 +15,7 @@ pub struct RuntimeData { /// Additionnal classloader data. pub classloaders: HashMap, /// Additionnal application data. - pub app_info: AppInfo, + pub app_info: Option, } impl RuntimeData {