def rm_breakpoint(name, path, line): fullcode = safe_read(f"{ORKESTRA_OUTPUT_DIR}/{name}/sources/{path}") text = fullcode.split("\n")[int(line)] if not java_is_declaration(text): return jsonify({"removed": False}) method, overloads = java_parse_declaration(text, fullcode) breakpoints[path_to_class_name(path)].remove( f"{line}/{path_to_class_name(path)}/{method}") logger.info( f"stopped monitoring Class={path_to_class_name(path)}, Method={method}, Overloads={overloads}" ) return jsonify({ "removed": dbg.method.detach(path_to_class_name(path), method, overloads), "class": path_to_class_name(path), "method": method, "overloads": overloads, "line": line, "text": text })
def set_breakpoint(name, path, line): fullcode = safe_read(f"{ORKESTRA_OUTPUT_DIR}/{name}/sources/{path}") text = fullcode.split("\n")[int(line)] if not java_is_declaration(text): return jsonify({"added": False, "text": text}) method, overloads = java_parse_declaration(text, fullcode) dbg.method.monitor( class_name=path_to_class_name(path), overloads=overloads, method=method, ) logger.info( f"started monitoring Class={path_to_class_name(path)}, Method={method}, Overloads={overloads}" ) bp = breakpoints.get(path_to_class_name(path), []) bp.append(f"{line}/{path_to_class_name(path)}/{method}") breakpoints[path_to_class_name(path)] = bp return jsonify({ "added": True, "class": path_to_class_name(path), "method": method, "overloads": overloads, "line": line, "text": text, })
def decompile(name): Jadx(f"{ORKESTRA_UPLOAD_DIR}/{name}").decompile() manifest = safe_read( f"{ORKESTRA_OUTPUT_DIR}/{name}/resources/AndroidManifest.xml") package = re.findall('package="(.*?)"', manifest)[0] logger.info(f"decompiled package={package} file={name}") return redirect(f"/?apk={name}&package={package}")
def upload(): uploaded_file = request.files['file'] if uploaded_file.filename != '': uploaded_file.save( f"{ORKESTRA_UPLOAD_DIR}/{os.path.basename(uploaded_file.filename)}" ) logger.info( f"uploaded file={uploaded_file.filename} path={uploaded_file.filename}" ) return redirect( f"/apk/{os.path.basename(uploaded_file.filename)}/decompile")
def code(name, path): content = safe_read(f'{ORKESTRA_OUTPUT_DIR}/{name}/sources/{path}') if content == -1: return make_response('', 404) logger.info(f"requested file read on dir={name} path={path}") return (f""" <input id='workPackage' value='{name}' type='hidden'/> <input id='workFile' value='{name}/{path}' type='hidden'/> <input id='workClass' value='{path_to_class_name(path)}' type='hidden'/> <input id='workBP' value='{",".join(breakpoints.get(path_to_class_name(path), ""))}' type='hidden'/> <pre><code class='java'>{content}</code></pre> """)
def download_files(self): if not os.path.isdir(self.__bin_dir): logger.info( f"unable to found {self.__bin_dir} directory .. is this the first run?" ) os.mkdir(self.__bin_dir) else: logger.info(f"found servers directory on {self.__bin_dir}") return # FIXME logger.info(f"downloading required server files to {self.__bin_dir}") response = requests.get( "https://github.com/frida/frida/releases/latest").text urls = re.findall('<a href=\"/frida/frida/releases/download/.*?\"', response) servers = [ "https://github.com" + re.findall('"(.*)"', url)[0] for url in urls if url.find("frida-server") != -1 and url.find("android") != -1 ] for server in servers: self.__download(server, self.__bin_dir + "/" + server.split("/")[-1])
def decompile(self): if os.name != "nt": subprocess.check_call(f"chmod +x {JADX_BIN}", shell=True) cmd = f'{JADX_BIN} "{self.input}" -d "output/{os.path.basename(self.input)}"' logger.info(f"starting jadx using command: {cmd} ") subprocess.check_call(cmd,shell=True)
def debugger_sync(): if len(dbg.method.invokes): result = dbg.method.invokes.pop(0) logger.info(f"received invoke {result}") return jsonify(result) return jsonify({})
def debugger_spawn(package): if dbg.spawn(package): logger.done(f"spawned package={package}") return jsonify({"spawned": True}) logger.info(f"unable to spawn package={package}") return jsonify({"spawned": False})
def decompile(self): cmd = f"{JADX_BIN} {self.input} -d output/{os.path.basename(self.input)}" logger.info(f"starting jadx using command: {cmd} ") subprocess.check_call(cmd)