Und3r__Score__

_Frida Hooking Script 02_ trace intent, cipher 본문

취약점진단/Mobile (Android, iOS)

_Frida Hooking Script 02_ trace intent, cipher

_underscore_ 2024. 2. 20. 14:30

(in Android)

Android 취약점 진단을 하면서 보조 스크립트 용도로 제작한 hooking 스크립트입니다. 앱 내에서 intent와 cipher가 사용되고 있는 부분을 확인하기 위해 제작하였습니다.

import frida
import time
import sys
    
def main():
    
    jscode = """
    Java.perform(function() {
        var targetIntent = Java.use("android.content.Intent");
        
        targetIntent.$init.overload().implementation = function() {
              console.log("intent");
        };
        
        targetIntent.$init.overload('java.lang.String').implementation = function(action) {
              console.log("action : " + action);
        };
        targetIntent.$init.overload('android.content.Intent').implementation = function(o) {
              console.log("intent : " + o);
        };
        
        targetIntent.$init.overload('java.lang.String', 'android.net.Uri').implementation = function(action, uri) {
              console.log("action : " + action);
              console.log("uri : " + uri);
        };
        
        targetIntent.$init.overload('android.content.Intent','boolean').implementation = function(o, all) {
              console.log("intent : " + o);
              console.log("boolean : " + all);
        };     

        targetIntent.$init.overload('android.content.Context','java.lang.Class').implementation = function(PackageContext,cls) {
              console.log("Context : " + PackageContext);
              console.log("Class : " + cls);
        };
        
        targetIntent.$init.overload('java.lang.String', 'android.net.Uri','android.content.Context','java.lang.Class').implementation = function(action, uri,PackageContext,cls) {
              console.log("action : " + action);
              console.log("uri : " + uri);
              console.log("Context : " + PackageContext);
              console.log("Class : " + cls);
        }; 

		var targetCipher = Java.use("javax.crypto.spec.SecretKeySpec");
        
        targetCipher.$init.overload('[B','java.lang.String').implementation = function(key,algorithm) {
              console.log("key : " + covert_hex(key));
              console.log("algorithm : " + algorithm);
              
              return this.$init(key,algorithm);
        };     

        function covert_hex(byte_array) {
            var result = '';
            console.log('len = ' + byte_array.length);
            for(var i = 0; i < byte_array.length; ++i)
                result += ('0' + (byte_array[i] & 0xFF).toString(16)).slice(-2);
            return result;
        }        
    });
    """ 

    device = frida.get_device_manager().enumerate_devices()[-1]
    pid = device.spawn([pkgNm])
    session = device.attach(pid)
    script = session.create_script(jscode)
	time.sleep(3)
	script.load()
	print("[*] Start Script")
	sys.stdin.read()

if __name__ == "__main__":
    main()

'취약점진단 > Mobile (Android, iOS)' 카테고리의 다른 글

_Frida Hooking Script 04_ 무결성 검증 우회  (0) 2024.02.21
_Frida Hooking Script 03_ native code hooking  (0) 2024.02.21
_Frida Hooking Script 01_ 휴대폰 번호 변조  (0) 2024.02.20
Firebase Real-time Databases Misconfiguration  (0) 2024.02.20
Memory dump without frida  (0) 2024.02.19
'취약점진단/Mobile (Android, iOS)' Related Articles more