Ejemplo n.º 1
0
 def test_basics(self):
     never = threading.Event()
     reactor = Reactor(never.wait)
     def start():
         tp = TracerProfileBuilder().include("open*")
         t = Tracer(reactor, MemoryRepository(), tp.build())
         targets = t.start_trace(self.process, UI())
         t.stop()
         reactor.stop()
     reactor.schedule(start)
     reactor.run()
Ejemplo n.º 2
0
    def __init__(self, launch_args=[]):
        self._launch_args = launch_args
        self._stop_requested = threading.Event()
        self._reactor = Reactor(
            run_until_return=lambda _: self._stop_requested.wait())

        self._device = frida.get_local_device()
        self._sessions = set()

        self._device.on(
            'child-added', lambda child: self._reactor.schedule(
                lambda: self._on_delivered(child)))
Ejemplo n.º 3
0
 def test_basics(self):
     done = threading.Event()
     reactor = Reactor(lambda reactor: done.wait())
     def start():
         tp = TracerProfileBuilder().include("open*")
         t = Tracer(reactor, MemoryRepository(), tp.build())
         targets = t.start_trace(self.session, UI())
         t.stop()
         reactor.stop()
         done.set()
     reactor.schedule(start)
     reactor.run()
Ejemplo n.º 4
0
    def __init__(self, argv, env):
        self._stop_requested = threading.Event()
        self._reactor = Reactor(run_until_return=lambda reactor: self._stop_requested.wait())

        self._device = frida.get_usb_device()
        self._sessions = set()

        self._device.on("child-added", lambda child: self._reactor.schedule(lambda: self._on_child_added(child)))
        self._device.on("child-removed", lambda child: self._reactor.schedule(lambda: self._on_child_removed(child)))
        self._device.on("output", lambda pid, fd, data: self._reactor.schedule(lambda: self._on_output(pid, fd, data)))

        self.argv = argv
        self.env = env
        self.output = []  # stdout will pushed into array
Ejemplo n.º 5
0
    def __init__(self):
        self._stop_requested = threading.Event()
        self._reactor = Reactor(
            run_until_return=lambda reactor: self._stop_requested.wait())

        self._device = frida.get_local_device()
        self._sessions = set()

        self._device.on(
            "child-added", lambda child: self._reactor.schedule(
                lambda: self._on_child_added(child)))
        self._device.on(
            "child-removed", lambda child: self._reactor.schedule(
                lambda: self._on_child_removed(child)))
        self._device.on(
            "output", lambda pid, fd, data: self._reactor.schedule(
                lambda: self._on_output(pid, fd, data)))
Ejemplo n.º 6
0
 def test_basics(self):
     test_ui = TestUI()
     reactor = Reactor(test_ui.on_result.wait)
     def start():
         d = Discoverer(reactor)
         d.start(self.process, test_ui)
     reactor.schedule(start)
     reactor.run()
     self.assertIsInstance(test_ui.module_functions, dict)
     self.assertIsInstance(test_ui.dynamic_functions, list)
Ejemplo n.º 7
0
 def test_basics(self):
     never = threading.Event()
     reactor = Reactor(never.wait)
     def start():
         tp = TracerProfileBuilder().include("open*")
         t = Tracer(reactor, MemoryRepository(), tp.build())
         targets = t.start_trace(self.session, UI())
         t.stop()
         reactor.stop()
     reactor.schedule(start)
     reactor.run()
Ejemplo n.º 8
0
class Shell(object):
    def __init__(self, argv, env):
        self._stop_requested = threading.Event()
        self._reactor = Reactor(
            run_until_return=lambda reactor: self._stop_requested.wait())

        self._device = frida.get_usb_device()
        self._sessions = set()

        self._device.on(
            "child-added", lambda child: self._reactor.schedule(
                lambda: self._on_child_added(child)))
        self._device.on(
            "child-removed", lambda child: self._reactor.schedule(
                lambda: self._on_child_removed(child)))
        self._device.on(
            "output", lambda pid, fd, data: self._reactor.schedule(
                lambda: self._on_output(pid, fd, data)))

        self.argv = argv
        self.env = env
        self.output = []  # stdout will pushed into array

    def exec(self):
        self._reactor.schedule(lambda: self._start())
        self._reactor.run()

    def _start(self):
        click.secho("✔ spawn(argv={})".format(self.argv), fg='green', dim=True)
        pid = self._device.spawn(self.argv, env=self.env, stdio='pipe')
        self._instrument(pid)

    def _stop_if_idle(self):
        if len(self._sessions) == 0:
            self._stop_requested.set()

    def _instrument(self, pid):
        click.secho("✔ attach(pid={})".format(pid), fg='green', dim=True)
        session = self._device.attach(pid)
        session.on(
            "detached",
            lambda reason: self._reactor.schedule(lambda: self._on_detached(
                pid, session, reason)))
        click.secho("✔ enable_child_gating()", fg='green', dim=True)
        session.enable_child_gating()
        # print("✔ resume(pid={})".format(pid))
        self._device.resume(pid)
        self._sessions.add(session)

    def _on_child_added(self, child):
        click.secho("⚡ child_added: {}".format(child), fg='green', dim=True)
        self._instrument(child.pid)

    @staticmethod
    def _on_child_removed(child):
        click.secho("⚡ child_removed: {}".format(child), fg='green', dim=True)

    def _on_output(self, pid, fd, data):
        # if len(data) > 0:
        # print("⚡ output: pid={}, fd={}, data={}".format(pid, fd, repr(data)))
        self.output.append(data)

    def _on_detached(self, pid, session, reason):
        click.secho("⚡ detached: pid={}, reason='{}'".format(pid, reason),
                    fg='green',
                    dim=True)
        self._sessions.remove(session)
        self._reactor.schedule(self._stop_if_idle, delay=0.5)

    @staticmethod
    def _on_message(pid, message):
        click.secho("⚡ message: pid={}, payload={}".format(pid, message),
                    fg='green',
                    dim=True)
Ejemplo n.º 9
0
class Analyzer(object):
    def __init__(self, launch_args=[]):
        self._launch_args = launch_args
        self._stop_requested = threading.Event()
        self._reactor = Reactor(
            run_until_return=lambda _: self._stop_requested.wait())

        self._device = frida.get_local_device()
        self._sessions = set()

        self._device.on(
            'child-added', lambda child: self._reactor.schedule(
                lambda: self._on_delivered(child)))

    def run(self):
        self._reactor.schedule(lambda: self._start())
        self._reactor.run()

    def _start(self):
        argv = ['myapp.exe']
        print('spawning with argv={}'.format(self._launch_args))
        pid = self._device.spawn(self._launch_args)
        self._instrument(pid)

    def _stop_if_idle(self):
        if len(self._sessions) == 0:
            self._stop_requested.set()

    def _instrument(self, pid):
        print('attaching to PID={}'.format(pid))
        session = self._device.attach(pid)
        session.on(
            'detached',
            lambda reason: self._reactor.schedule(lambda: self._on_detached(
                pid, session, reason)))
        print('enabling child_gating()')
        session.enable_child_gating()
        with open('script.js', 'r') as temp_js:
            script = session.create_script(temp_js.read())

        script.on(
            'message', lambda message, data: self._reactor.schedule(
                lambda: self._on_message(pid, message)))
        print('loading script...')
        script.load()
        print('resuming PID={}'.format(pid))
        self._device.resume(pid)
        self._sessions.add(session)

    def _on_delivered(self, child):
        print('delivered={}'.format(child))
        self._instrument(child.pid)

    def _on_detached(self, pid, session, reason):
        print('detached from PID={}, reason="{}"'.format(pid, reason))
        self._reactor.schedule(self._stop_if_idle, delay=0.5)

    def _on_message(self, pid, message):
        try:
            print('message: PID={}, payload={}'.format(
                pid, json.dumps(message['payload'])))
        except Exception as e:
            print(message)
Ejemplo n.º 10
0
class Application(object):
    def __init__(self):
        self._stop_requested = threading.Event()
        self._reactor = Reactor(
            run_until_return=lambda reactor: self._stop_requested.wait())

        self._device = frida.get_local_device()
        self._sessions = set()

        self._device.on(
            "child-added", lambda child: self._reactor.schedule(
                lambda: self._on_child_added(child)))
        self._device.on(
            "child-removed", lambda child: self._reactor.schedule(
                lambda: self._on_child_removed(child)))
        self._device.on(
            "output", lambda pid, fd, data: self._reactor.schedule(
                lambda: self._on_output(pid, fd, data)))

    def run(self):
        self._reactor.schedule(lambda: self._start())
        self._reactor.run()

    def _start(self):
        argv = ["/bin/sh", "-c", "cat /etc/hosts"]
        env = {
            "BADGER": "badger-badger-badger",
            "SNAKE": "mushroom-mushroom",
        }
        print("✔ spawn(argv={})".format(argv))
        pid = self._device.spawn(argv, env=env, stdio='pipe')
        self._instrument(pid)

    def _stop_if_idle(self):
        if len(self._sessions) == 0:
            self._stop_requested.set()

    def _instrument(self, pid):
        print("✔ attach(pid={})".format(pid))
        session = self._device.attach(pid)
        session.on(
            "detached",
            lambda reason: self._reactor.schedule(lambda: self._on_detached(
                pid, session, reason)))
        print("✔ enable_child_gating()")
        session.enable_child_gating()
        print("✔ create_script()")
        script = session.create_script("""'use strict';

Interceptor.attach(Module.findExportByName(null, 'open'), {
  onEnter: function (args) {
    send({
      type: 'open',
      path: Memory.readUtf8String(args[0])
    });
  }
});
""")
        script.on(
            "message", lambda message, data: self._reactor.schedule(
                lambda: self._on_message(pid, message)))
        print("✔ load()")
        script.load()
        print("✔ resume(pid={})".format(pid))
        self._device.resume(pid)
        self._sessions.add(session)

    def _on_child_added(self, child):
        print("⚡ child_added: {}".format(child))
        self._instrument(child.pid)

    def _on_child_removed(self, child):
        print("⚡ child_removed: {}".format(child))

    def _on_output(self, pid, fd, data):
        print("⚡ output: pid={}, fd={}, data={}".format(pid, fd, repr(data)))

    def _on_detached(self, pid, session, reason):
        print("⚡ detached: pid={}, reason='{}'".format(pid, reason))
        self._sessions.remove(session)
        self._reactor.schedule(self._stop_if_idle, delay=0.5)

    def _on_message(self, pid, message):
        print("⚡ message: pid={}, payload={}".format(pid, message["payload"]))