these-android-re/android_of_theseus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

collect stack data

Browse source
This commit is contained in:
Jean-Marie 'Histausse' Mineau 2025-02-06 16:18:32 +01:00
parent 7713f3247a
commit c11101b46a
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
5 changed files with 175 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

80
frida/theseus_frida/__init__.py
View file

@ -8,6 +8,7 @@ import frida # type: ignore
from androguard.core.apk import get_apkid # type: ignore
FRIDA_SCRIPT = Path(__file__).parent / "hook.js"
STACK_CONSUMER_B64 = Path(__file__).parent / "StackConsumer.dex.b64"
# Define handler to event generated by the scripts
@ -25,52 +26,68 @@ def on_message(message, data):
print("[on_message] message:", message)
def get_ty(java_name: str) -> str:
"""Return the android name from the java name of a class / type"""
# TODO: array
# TODO: scalar
if java_name == "V": # tmp stub
return "V"
return f"L{java_name.replace('.', '/')};"
def print_stack(stack, prefix: str):
for frame in stack:
native = ""
if frame["is_native"]:
native = " (native)"
print(f"{prefix}{frame['method']}:{frame['bytecode_index']}{native}")
def get_method_id(method_data) -> str:
"""Get a method descriptor from the different elements collected from the methods."""
name = method_data["name"]
ret = get_ty(method_data["ret"])
cls = get_ty(method_data["class"])
args = "".join(map(get_ty, method_data["args"]))
return f"{cls}->{name}({args}){ret}"
# def get_ty(java_name: str) -> str:
# """Return the android name from the java name of a class / type"""
# # TODO: array
# # TODO: scalar
# if java_name == "V": # tmp stub
# return "V"
# return f"L{java_name.replace('.', '/')};"
# def get_method_id(method_data) -> str:
# """Get a method descriptor from the different elements collected from the methods."""
# name = method_data["name"]
# ret = get_ty(method_data["ret"])
# cls = get_ty(method_data["class"])
# args = "".join(map(get_ty, method_data["args"]))
# return f"{cls}->{name}({args}){ret}"
def handle_invoke_data(data):
method = get_method_id(data["method"])
caller_method = "?" # get_method_id(data["caller_method"])
addr = data["addr"]
method = data["method"]
# caller_method = "?" # get_method_id(data["caller_method"])
# addr = data["addr"]
print("Method.Invoke:")
print(f" called: {method}")
print(f" by: {caller_method}")
print(f" at: 0x{addr:08x}")
print(f" stack:")
print_stack(data["stack"], " ")
# print(f" by: {caller_method}")
# print(f" at: 0x{addr:08x}")
def handle_class_new_inst_data(data):
constructor = get_method_id(data["constructor"])
caller_method = "?" # get_method_id(data["caller_method"])
addr = data["addr"]
constructor = data["constructor"]
# caller_method = "?" # get_method_id(data["caller_method"])
# addr = data["addr"]
print("Class.NewInstance:")
print(f" called: {constructor}")
print(f" by: {caller_method}")
print(f" at: 0x{addr:08x}")
print(f" stack:")
print_stack(data["stack"], " ")
# print(f" by: {caller_method}")
# print(f" at: 0x{addr:08x}")
def handle_cnstr_new_inst_data(data):
constructor = get_method_id(data["constructor"])
caller_method = "?" # get_method_id(data["caller_method"])
addr = data["addr"]
constructor = data["constructor"]
if not constructor.startswith("Lcom/example/theseus"):
return
# caller_method = "?" # get_method_id(data["caller_method"])
# addr = data["addr"]
print("Constructor.newInstance:")
print(f" called: {constructor}")
print(f" by: {caller_method}")
print(f" at: 0x{addr:08x}")
print(f" stack:")
print_stack(data["stack"], " ")
# print(f" by: {caller_method}")
# print(f" at: 0x{addr:08x}")
def main():
@ -105,6 +122,11 @@ def main():
with FRIDA_SCRIPT.open("r") as file:
script = file.read()
with STACK_CONSUMER_B64.open("r") as file:
script = script.replace(
"<PYTHON REPLACE StackConsumer.dex.b64>",
file.read().replace("\n", "").strip(),
)
pid = device.spawn([app])
session = device.attach(pid)