refactoring

frida/theseus_frida/__init__.py

@@ -16,6 +16,10 @@ logger.remove()  # remove androguard logs
 FRIDA_SCRIPT = Path(__file__).parent / "hook.js"
 STACK_CONSUMER_B64 = Path(__file__).parent / "StackConsumer.dex.b64"
 
+# The number of bytes used to encode a java hash (from Object.hashCode or System.identiyHashCode)
+# The type is 'int', so it sould be a 32bit signed value?
+HASH_NB_BYTES = 4
+
 
 # Define handler to event generated by the scripts
 def on_message(message, data, data_storage: dict, file_storage: Path):
@@ -137,7 +141,7 @@ def handle_cnstr_new_inst_data(data, data_storage: dict):
 def handle_load_dex(data, data_storage: dict, file_storage: Path):
     dex = data["dex"]
     classloader_class = data["classloader_class"]
-    classloader = data["classloader"]
+    classloader = data["classloader"].hex()
     short_class = classloader_class.split("/")[-1].removesuffix(";")
     files = []
     print("DEX file loaded:")

frida/theseus_frida/hook.js

@@ -183,7 +183,7 @@ Java.perform(() => {
     let path = Path.of(sourceName, []);
     let dex = Files.readAllBytes(path);
     let b64 = Base64.encodeToString(dex, Base64.DEFAULT.value);
-    let classloader_class = "";
+    let classloader_class = null;
     let classloader_id = System.identityHashCode(loader);
     if (loader !== null) {
       classloader_class = loader.getClass().descriptorString();