Frida Tutorial 1

Reading time: 4 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Hii ni muhtasari wa chapisho: https://medium.com/infosec-adventures/introduction-to-frida-5a3f51595ca1
APK: https://github.com/t0thkr1s/frida-demo/releases
Msimbo wa Chanzo: https://github.com/t0thkr1s/frida-demo

Python

Frida inakuwezesha kuingiza msimbo wa JavaScript ndani ya kazi za programu inayotembea. Lakini unaweza kutumia python kuita viungio na hata kuingiliana na viungio.

Hii ni skripti rahisi ya python ambayo unaweza kutumia na mifano yote iliyopendekezwa katika tutorial hii:

python
#hooking.py
import frida, sys

with open(sys.argv[1], 'r') as f:
jscode = f.read()
process = frida.get_usb_device().attach('infosecadventures.fridademo')
script = process.create_script(jscode)
print('[ * ] Running Frida Demo application')
script.load()
sys.stdin.read()

Call the script:

bash
python hooking.py <hookN.js>

Ni muhimu kujua jinsi ya kutumia python na frida, lakini kwa mifano hii unaweza pia kuita moja kwa moja Frida ukitumia zana za amri za frida:

bash
frida -U --no-pause -l hookN.js -f infosecadventures.fridademo

Hook 1 - Boolean Bypass

Hapa unaweza kuona jinsi ya hook njia ya boolean (checkPin) kutoka darasa: infosecadventures.fridademo.utils.PinUtil

javascript
//hook1.js
Java.perform(function () {
console.log("[ * ] Starting implementation override...")
var MainActivity = Java.use("infosecadventures.fridademo.utils.PinUtil")
MainActivity.checkPin.implementation = function (pin) {
console.log("[ + ] PIN check successfully bypassed!")
return true
}
})

python hooking.py hook1.js

Tazama: Kazi inapata kama parameter String, je, si lazima overload?

Hook 2 - Function Bruteforce

Kazi Isiyo ya Kawaida

Ikiwa unataka kuita kazi isiyo ya kawaida ya darasa, kwanza unahitaji mfano wa darasa hilo. Kisha, unaweza kutumia mfano huo kuita kazi hiyo.
Ili kufanya hivyo, unaweza kupata mfano uliopo na kuutumia:

javascript
Java.perform(function () {
console.log("[ * ] Starting PIN Brute-force, please wait...")
Java.choose("infosecadventures.fridademo.utils.PinUtil", {
onMatch: function (instance) {
console.log("[ * ] Instance found in memory: " + instance)
for (var i = 1000; i < 9999; i++) {
if (instance.checkPin(i + "") == true) {
console.log("[ + ] Found correct PIN: " + i)
break
}
}
},
onComplete: function () {},
})
})

Katika kesi hii hii haifanyi kazi kwani hakuna mfano wowote na kazi ni Static

Static Function

Ikiwa kazi ni static, unaweza kuikalia tu:

javascript
//hook2.js
Java.perform(function () {
console.log("[ * ] Starting PIN Brute-force, please wait...")
var PinUtil = Java.use("infosecadventures.fridademo.utils.PinUtil")

for (var i = 1000; i < 9999; i++) {
if (PinUtil.checkPin(i + "") == true) {
console.log("[ + ] Found correct PIN: " + i)
}
}
})

Hook 3 - Kupata hoja na thamani ya kurudi

Unaweza kuunganisha kazi na kufanya iwe chapishe thamani ya hoja zilizopitishwa na thamani ya kurudi:

javascript
//hook3.js
Java.perform(function () {
console.log("[ * ] Starting implementation override...")

var EncryptionUtil = Java.use(
"infosecadventures.fridademo.utils.EncryptionUtil"
)
EncryptionUtil.encrypt.implementation = function (key, value) {
console.log("Key: " + key)
console.log("Value: " + value)
var encrypted_ret = this.encrypt(key, value) //Call the original function
console.log("Encrypted value: " + encrypted_ret)
return encrypted_ret
}
})

Muhimu

Katika tutorial hii umeshikilia mbinu ukitumia jina la mbinu na .implementation. Lakini kama kuna mbinu zaidi ya moja zenye jina sawa, utahitaji kueleza mbinu unayotaka kushikilia ukionyesha aina ya hoja.

Unaweza kuona hilo katika tutorial inayofuata.

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks