@jshookmcp/jshook 0.2.8 → 0.3.0

package/dist/manifest-D7YZM_2e.mjs

@@ -0,0 +1,194 @@
+import { n as toolLookup } from "./registry-Bl8ZQW61.mjs";
+import { n as defineMethodRegistrations } from "./bind-helpers-ClV34xdn.mjs";
+import { t as tool } from "./tool-builder-BHJp32mV.mjs";
+//#region src/server/domains/binary-instrument/definitions.ts
+const binaryInstrumentTools = [
+	tool("binary_instrument_capabilities", (t) => t.desc("Report binary instrumentation backend availability.").query()),
+	tool("frida_attach", (t) => t.desc("Attach Frida to a local target and open a session.").string("target", "Process name, PID, or binary path to attach to").required("target")),
+	tool("frida_enumerate_modules", (t) => t.desc("Enumerate modules for an attached Frida session.").string("sessionId", "Session id returned by frida_attach").required("sessionId").query()),
+	tool("ghidra_analyze", (t) => t.desc("Analyze a binary and return metadata.").string("binaryPath", "Path to the binary file").number("timeout", "Optional timeout in milliseconds for headless analysis").required("binaryPath")),
+	tool("generate_hooks", (t) => t.desc("Generate a Frida interceptor script for a list of symbols.").array("symbols", { type: "string" }, "Symbol names to hook").object("options", {
+		includeArgs: {
+			type: "boolean",
+			description: "Emit argument logging on function entry"
+		},
+		includeRetAddr: {
+			type: "boolean",
+			description: "Emit return-address logging on function entry"
+		}
+	}, "Optional Frida hook generation flags").required("symbols")),
+	tool("unidbg_emulate", (t) => t.desc("Emulate a native function with Unidbg when available.").string("binaryPath", "Path to the binary file").string("functionName", "Function name to emulate").array("args", { type: "string" }, "Optional string arguments forwarded to emulation").required("binaryPath", "functionName")),
+	tool("frida_run_script", (t) => t.desc("Execute a Frida JavaScript snippet inside an attached Frida session.").string("sessionId", "Session id returned by frida_attach").string("script", "Frida JavaScript to execute").required("sessionId", "script")),
+	tool("frida_detach", (t) => t.desc("Detach from a Frida session and clean up resources.").string("sessionId", "Session id returned by frida_attach").required("sessionId")),
+	tool("frida_list_sessions", (t) => t.desc("List all active Frida sessions.").query()),
+	tool("frida_generate_script", (t) => t.desc("Generate a Frida hook script from a template.").string("target", "Target binary or module name").string("template", "Hook template type: trace, intercept, replace, log").string("functionName", "Function name to generate hook for").required("target", "template")),
+	tool("get_available_plugins", (t) => t.desc("List installed binary analysis plugins.").query()),
+	tool("ghidra_decompile", (t) => t.desc("Decompile a specific function using Ghidra headless analysis.").string("binaryPath", "Path to the binary file").string("functionName", "Function name to decompile").required("binaryPath", "functionName")),
+	tool("ida_decompile", (t) => t.desc("Decompile a function using IDA Pro via plugin bridge.").string("binaryPath", "Path to the binary file").string("functionName", "Function name to decompile").required("binaryPath", "functionName")),
+	tool("jadx_decompile", (t) => t.desc("Decompile an APK class or method using JADX via plugin bridge.").string("apkPath", "Path to the APK file").string("className", "Fully qualified class name").string("methodName", "Method name to decompile").required("apkPath", "className")),
+	tool("unidbg_launch", (t) => t.desc("Launch a shared library in Unidbg.").string("soPath", "Path to the .so library file").string("arch", "Architecture: arm or arm64").required("soPath")),
+	tool("unidbg_call", (t) => t.desc("Call a JNI function in a running Unidbg emulator session.").string("sessionId", "Session id from unidbg_launch").string("functionName", "JNI function name to call").required("sessionId", "functionName")),
+	tool("unidbg_trace", (t) => t.desc("Get an execution trace from an Unidbg session (full/basic/instruction modes).").string("sessionId", "Session id from unidbg_launch").required("sessionId")),
+	tool("export_hook_script", (t) => t.desc("Export generated hook templates as a complete, runnable Frida script.").string("hookTemplates", "JSON array of hook template objects")),
+	tool("frida_enumerate_functions", (t) => t.desc("Enumerate exported functions for a specific module in a Frida session.").string("sessionId", "Session id returned by frida_attach").string("moduleName", "Module name to enumerate exports from").required("sessionId", "moduleName").query()),
+	tool("frida_find_symbols", (t) => t.desc("Search for symbols matching a pattern in a Frida session using ApiResolver.").string("sessionId", "Session id returned by frida_attach").string("pattern", "Symbol search pattern (e.g. \"exports:*libssl*SSL*\")").required("sessionId", "pattern").query())
+];
+//#endregion
+//#region src/server/domains/binary-instrument/manifest.ts
+const DOMAIN = "binary-instrument";
+const DEP_KEY = "binaryInstrumentHandlers";
+const registrations = defineMethodRegistrations({
+	domain: DOMAIN,
+	depKey: DEP_KEY,
+	lookup: toolLookup(binaryInstrumentTools),
+	entries: [
+		{
+			tool: "binary_instrument_capabilities",
+			method: "handleBinaryInstrumentCapabilities"
+		},
+		{
+			tool: "frida_attach",
+			method: "handleFridaAttach"
+		},
+		{
+			tool: "frida_enumerate_modules",
+			method: "handleFridaEnumerateModules"
+		},
+		{
+			tool: "ghidra_analyze",
+			method: "handleGhidraAnalyze"
+		},
+		{
+			tool: "generate_hooks",
+			method: "handleGenerateHooks"
+		},
+		{
+			tool: "unidbg_emulate",
+			method: "handleUnidbgEmulate"
+		},
+		{
+			tool: "frida_run_script",
+			method: "handleFridaRunScript"
+		},
+		{
+			tool: "frida_detach",
+			method: "handleFridaDetach"
+		},
+		{
+			tool: "frida_list_sessions",
+			method: "handleFridaListSessions"
+		},
+		{
+			tool: "frida_generate_script",
+			method: "handleFridaGenerateScript"
+		},
+		{
+			tool: "get_available_plugins",
+			method: "handleGetAvailablePlugins"
+		},
+		{
+			tool: "ghidra_decompile",
+			method: "handleGhidraDecompile"
+		},
+		{
+			tool: "ida_decompile",
+			method: "handleIdaDecompile"
+		},
+		{
+			tool: "jadx_decompile",
+			method: "handleJadxDecompile"
+		},
+		{
+			tool: "unidbg_launch",
+			method: "handleUnidbgLaunch"
+		},
+		{
+			tool: "unidbg_call",
+			method: "handleUnidbgCall"
+		},
+		{
+			tool: "unidbg_trace",
+			method: "handleUnidbgTrace"
+		},
+		{
+			tool: "export_hook_script",
+			method: "handleExportHookScript"
+		},
+		{
+			tool: "frida_enumerate_functions",
+			method: "handleFridaEnumerateFunctions"
+		},
+		{
+			tool: "frida_find_symbols",
+			method: "handleFridaFindSymbols"
+		}
+	]
+});
+async function ensure(ctx) {
+	const { BinaryInstrumentHandlers } = await import("./handlers-CRyRWj2b.mjs");
+	const { GhidraAnalyzer, HookGenerator } = await import("./binary-instrument--V3MAhJ4.mjs").then((n) => n.t);
+	let handlers = ctx.getDomainInstance(DEP_KEY);
+	if (!handlers) {
+		handlers = new BinaryInstrumentHandlers(ctx, new GhidraAnalyzer(), new HookGenerator());
+		ctx.setDomainInstance(DEP_KEY, handlers);
+	}
+	return handlers;
+}
+const manifest = {
+	kind: "domain-manifest",
+	version: 1,
+	domain: DOMAIN,
+	depKey: DEP_KEY,
+	profiles: ["full"],
+	ensure,
+	registrations,
+	workflowRule: {
+		patterns: [/\b(frida|ghidra|ida|unidbg|jadx|binary|disassemb|decompil|dump\s?so)\b/i, /(binary|native|so|dll|elf|apk).*(analyze|hook|instrument|decompile)/i],
+		priority: 88,
+		tools: [
+			"frida_attach",
+			"ghidra_analyze",
+			"generate_hooks",
+			"unidbg_launch"
+		],
+		hint: "Binary analysis pipeline: attach Frida → decompile (Ghidra/IDA/JADX) → generate hook scripts → emulate with Unidbg."
+	},
+	prerequisites: {
+		frida_attach: [{
+			condition: "plugin_frida_bridge must be installed and frida-server reachable",
+			fix: "Install @jshookmcpextension/plugin-frida-bridge; launch frida-server on the target"
+		}],
+		frida_run_script: [{
+			condition: "A Frida session must be active",
+			fix: "Call frida_attach before running a script"
+		}],
+		ghidra_analyze: [{
+			condition: "plugin_ghidra_bridge must be installed with Ghidra headless available",
+			fix: "Install @jshookmcpextension/plugin-ghidra-bridge and configure Ghidra path"
+		}],
+		ida_decompile: [{
+			condition: "plugin_ida_bridge must be installed",
+			fix: "Install @jshookmcpextension/plugin-ida-bridge and provide IDA Pro license"
+		}],
+		jadx_decompile: [{
+			condition: "plugin_jadx_bridge must be installed",
+			fix: "Install @jshookmcpextension/plugin-jadx-bridge"
+		}],
+		unidbg_launch: [{
+			condition: "Java 17+ and unidbg JAR must be reachable",
+			fix: "Install JDK 17+ and download unidbg from its official release"
+		}],
+		generate_hooks: [{
+			condition: "Ghidra analysis output required",
+			fix: "Run ghidra_analyze first and pass the output to generate_hooks"
+		}]
+	},
+	toolDependencies: [{
+		from: "process",
+		to: "binary-instrument",
+		relation: "uses",
+		weight: .6
+	}]
+};
+//#endregion
+export { manifest as default };

package/dist/manifest-DE_VrAeQ.mjs

@@ -0,0 +1,314 @@
+import { t as logger } from "./logger-Dh_xb7_2.mjs";
+import { t as createProgressDebouncer } from "./EventBus-DFKvADm3.mjs";
+import { n as toolLookup, t as ensureBrowserCore } from "./registry-Bl8ZQW61.mjs";
+import { t as coreTools } from "./definitions-CDOg_b-l.mjs";
+//#region src/modules/deobfuscator/LLMDeobfuscator.ts
+/** Maximum code snippet size sent to the LLM (chars) to avoid token overflow */
+const MAX_CODE_SNIPPET = 2e3;
+/** Maximum number of identifiers to send in one request */
+const MAX_IDENTIFIERS = 20;
+var LLMDeobfuscator = class {
+	constructor(bridge) {
+		this.bridge = bridge;
+	}
+	/**
+	* Check if the underlying sampling bridge supports LLM delegation.
+	*/
+	isAvailable() {
+		return this.bridge.isSamplingSupported();
+	}
+	/**
+	* Use the client's LLM to suggest meaningful names for obfuscated identifiers.
+	*
+	* @param code - The obfuscated code snippet (truncated to MAX_CODE_SNIPPET)
+	* @param identifiers - Array of obfuscated identifier names to rename
+	* @returns Map of old → new names, or `null` if sampling unavailable/failed
+	*/
+	async suggestVariableNames(code, identifiers) {
+		if (!this.bridge.isSamplingSupported()) {
+			logger.debug("LLMDeobfuscator: sampling not available, skipping name suggestion");
+			return null;
+		}
+		const trimmedIds = identifiers.slice(0, MAX_IDENTIFIERS);
+		const trimmedCode = code.slice(0, MAX_CODE_SNIPPET);
+		const userMessage = [
+			"Given this obfuscated JavaScript code, suggest meaningful variable/function names",
+			`for these identifiers: ${trimmedIds.join(", ")}`,
+			"",
+			"```javascript",
+			trimmedCode,
+			"```",
+			"",
+			"Respond ONLY with a valid JSON array of objects with fields:",
+			"  { \"original\": \"<old_name>\", \"suggested\": \"<new_name>\", \"confidence\": \"high\"|\"medium\"|\"low\" }",
+			"",
+			"Rules:",
+			"- Use camelCase for variables/functions, PascalCase for classes",
+			"- If uncertain, use confidence \"low\"",
+			"- If the name is already meaningful, keep it and mark confidence \"high\""
+		].join("\n");
+		const result = await this.bridge.sampleText({
+			systemPrompt: "You are an expert JavaScript reverse engineer. You specialize in deobfuscation and renaming obfuscated identifiers to semantically meaningful names. Output only valid JSON.",
+			userMessage,
+			maxTokens: 256,
+			temperature: .3,
+			modelHint: "haiku"
+		});
+		if (!result) return null;
+		return this.parseNameSuggestions(result, trimmedIds);
+	}
+	/**
+	* Use the client's LLM to infer the purpose of a function from its code.
+	*
+	* @param code - The function's code snippet
+	* @returns A brief description of the function's purpose, or null
+	*/
+	async inferFunctionPurpose(code) {
+		if (!this.bridge.isSamplingSupported()) return null;
+		const trimmedCode = code.slice(0, MAX_CODE_SNIPPET);
+		return (await this.bridge.sampleText({
+			systemPrompt: "You are a JavaScript reverse engineer. Analyze code and describe its purpose in one concise sentence.",
+			userMessage: `What does this function do?\n\n\`\`\`javascript\n${trimmedCode}\n\`\`\`\n\nRespond with a single sentence.`,
+			maxTokens: 100,
+			temperature: .2,
+			modelHint: "haiku"
+		}))?.trim() ?? null;
+	}
+	/**
+	* Parse the LLM's JSON response into structured name suggestions.
+	* Robust against malformed output.
+	*/
+	parseNameSuggestions(rawResponse, expectedIds) {
+		try {
+			const jsonMatch = rawResponse.match(/\[[\s\S]*\]/);
+			if (!jsonMatch) {
+				logger.warn("LLMDeobfuscator: no JSON array found in LLM response");
+				return [];
+			}
+			const parsed = JSON.parse(jsonMatch[0]);
+			if (!Array.isArray(parsed)) return [];
+			const expectedSet = new Set(expectedIds);
+			return parsed.filter((item) => typeof item === "object" && item !== null && typeof item.original === "string" && typeof item.suggested === "string").filter((item) => expectedSet.has(item.original)).map((item) => ({
+				original: item.original,
+				suggested: item.suggested,
+				confidence: [
+					"high",
+					"medium",
+					"low"
+				].includes(item.confidence) ? item.confidence : "low"
+			}));
+		} catch (error) {
+			logger.warn("LLMDeobfuscator: failed to parse LLM response:", error);
+			return [];
+		}
+	}
+};
+//#endregion
+//#region src/server/domains/analysis/manifest.ts
+const DOMAIN = "core";
+const DEP_KEY = "coreAnalysisHandlers";
+const t = toolLookup(coreTools);
+let globalContext = null;
+/**
+* Analysis-domain bind helper that threads `_meta.progressToken` into
+* a throttled `onProgress` callback — same pattern as memory/manifest.ts.
+*/
+function bindWithProgress(invoke) {
+	return (deps) => {
+		const handler = deps[DEP_KEY];
+		return (args) => {
+			const meta = args._meta;
+			let onProgress;
+			if (meta?.progressToken !== void 0 && globalContext) onProgress = createProgressDebouncer(globalContext.eventBus, meta.progressToken);
+			return invoke(handler, {
+				...args,
+				onProgress
+			});
+		};
+	};
+}
+const b = bindWithProgress;
+async function ensure(ctx) {
+	const { Deobfuscator, AdvancedDeobfuscator, ObfuscationDetector, CodeAnalyzer, CryptoDetector, HookManager } = await import("./modules-tZozf0LQ.mjs").then((n) => n.t);
+	const { CoreAnalysisHandlers } = await import("./analysis-BHeJW2Nb.mjs");
+	globalContext = ctx;
+	await ensureBrowserCore(ctx);
+	if (!ctx.deobfuscator || !ctx.advancedDeobfuscator || !ctx.obfuscationDetector || !ctx.analyzer || !ctx.cryptoDetector || !ctx.hookManager || !ctx.coreAnalysisHandlers) {
+		if (!ctx.deobfuscator) ctx.deobfuscator = new Deobfuscator();
+		if (!ctx.advancedDeobfuscator) ctx.advancedDeobfuscator = new AdvancedDeobfuscator();
+		if (!ctx.obfuscationDetector) ctx.obfuscationDetector = new ObfuscationDetector();
+		if (!ctx.analyzer) ctx.analyzer = new CodeAnalyzer();
+		if (!ctx.cryptoDetector) ctx.cryptoDetector = new CryptoDetector();
+		if (!ctx.hookManager) ctx.hookManager = new HookManager();
+		if (!ctx.coreAnalysisHandlers) ctx.coreAnalysisHandlers = new CoreAnalysisHandlers({
+			collector: ctx.collector,
+			scriptManager: ctx.scriptManager,
+			deobfuscator: ctx.deobfuscator,
+			advancedDeobfuscator: ctx.advancedDeobfuscator,
+			obfuscationDetector: ctx.obfuscationDetector,
+			analyzer: ctx.analyzer,
+			cryptoDetector: ctx.cryptoDetector,
+			hookManager: ctx.hookManager
+		});
+	}
+	return ctx.coreAnalysisHandlers;
+}
+const manifest = {
+	kind: "domain-manifest",
+	version: 1,
+	domain: DOMAIN,
+	depKey: DEP_KEY,
+	profiles: ["workflow", "full"],
+	ensure,
+	workflowRule: {
+		patterns: [/(deobfuscate|deobfusc|beautify|analyze).*(javascript|js|script|code)/i, /(反混淆|美化|分析).*(javascript|js|脚本|代码)/i],
+		priority: 85,
+		tools: [
+			"deobfuscate",
+			"extract_function_tree",
+			"llm_suggest_names"
+		],
+		hint: "JavaScript analysis workflow: collect -> deobfuscate -> inspect function tree | LLM-powered naming"
+	},
+	prerequisites: { collect_code: [{
+		condition: "Browser must be launched",
+		fix: "Call browser_launch or browser_attach first"
+	}] },
+	registrations: [
+		{
+			tool: t("collect_code"),
+			domain: DOMAIN,
+			bind: b((h, a) => h.handleCollectCode(a))
+		},
+		{
+			tool: t("search_in_scripts"),
+			domain: DOMAIN,
+			profiles: [
+				"search",
+				"workflow",
+				"full"
+			],
+			bind: b((h, a) => h.handleSearchInScripts(a))
+		},
+		{
+			tool: t("extract_function_tree"),
+			domain: DOMAIN,
+			bind: b((h, a) => h.handleExtractFunctionTree(a))
+		},
+		{
+			tool: t("deobfuscate"),
+			domain: DOMAIN,
+			bind: b((h, a) => h.handleDeobfuscate(a))
+		},
+		{
+			tool: t("understand_code"),
+			domain: DOMAIN,
+			profiles: [
+				"search",
+				"workflow",
+				"full"
+			],
+			bind: b((h, a) => h.handleUnderstandCode(a))
+		},
+		{
+			tool: t("detect_crypto"),
+			domain: DOMAIN,
+			profiles: [
+				"search",
+				"workflow",
+				"full"
+			],
+			bind: b((h, a) => h.handleDetectCrypto(a))
+		},
+		{
+			tool: t("manage_hooks"),
+			domain: DOMAIN,
+			bind: b((h, a) => h.handleManageHooks(a))
+		},
+		{
+			tool: t("detect_obfuscation"),
+			domain: DOMAIN,
+			profiles: [
+				"search",
+				"workflow",
+				"full"
+			],
+			bind: b((h, a) => h.handleDetectObfuscation(a))
+		},
+		{
+			tool: t("webcrack_unpack"),
+			domain: DOMAIN,
+			bind: b((h, a) => h.handleWebcrackUnpack(a))
+		},
+		{
+			tool: t("clear_collected_data"),
+			domain: DOMAIN,
+			bind: b((h) => h.handleClearCollectedData())
+		},
+		{
+			tool: t("get_collection_stats"),
+			domain: DOMAIN,
+			bind: b((h) => h.handleGetCollectionStats())
+		},
+		{
+			tool: t("webpack_enumerate"),
+			domain: DOMAIN,
+			bind: b((h, a) => h.handleWebpackEnumerate(a))
+		},
+		{
+			tool: t("llm_suggest_names"),
+			domain: DOMAIN,
+			bind: bindWithProgress(async (_h, args) => {
+				if (!globalContext) return { content: [{
+					type: "text",
+					text: JSON.stringify({
+						success: false,
+						error: "Server context not initialized"
+					})
+				}] };
+				const deob = new LLMDeobfuscator(globalContext.samplingBridge);
+				if (!deob.isAvailable()) return { content: [{
+					type: "text",
+					text: JSON.stringify({
+						success: false,
+						error: "Sampling not supported by this client",
+						hint: "The connected MCP client does not declare sampling capabilities. Try using Claude Desktop or another sampling-capable client."
+					})
+				}] };
+				const code = typeof args.code === "string" ? args.code : "";
+				const identifiers = Array.isArray(args.identifiers) ? args.identifiers.filter((id) => typeof id === "string") : [];
+				const suggestions = await deob.suggestVariableNames(code, identifiers);
+				return { content: [{
+					type: "text",
+					text: JSON.stringify({
+						success: true,
+						suggestions: suggestions ?? [],
+						samplingUsed: true
+					})
+				}] };
+			})
+		},
+		{
+			tool: t("js_deobfuscate_jsvmp"),
+			domain: DOMAIN,
+			bind: b((h, a) => h.handleJsDeobfuscateJsvmp(a))
+		},
+		{
+			tool: t("js_deobfuscate_pipeline"),
+			domain: DOMAIN,
+			bind: b((h, a) => h.handleJsDeobfuscatePipeline(a))
+		},
+		{
+			tool: t("js_analyze_vm"),
+			domain: DOMAIN,
+			bind: b((h, a) => h.handleJsAnalyzeVm(a))
+		},
+		{
+			tool: t("js_solve_constraints"),
+			domain: DOMAIN,
+			bind: b((h, a) => h.handleJsSolveConstraints(a))
+		}
+	]
+};
+//#endregion
+export { manifest as default };

package/dist/manifest-DGsXSCpT.mjs

@@ -0,0 +1,39 @@
+import { n as toolLookup } from "./registry-Bl8ZQW61.mjs";
+import { n as defineMethodRegistrations } from "./bind-helpers-ClV34xdn.mjs";
+import { t as antidebugTools } from "./definitions-DUE5gmdn.mjs";
+//#region src/server/domains/antidebug/manifest.ts
+const DOMAIN = "antidebug";
+const DEP_KEY = "antidebugHandlers";
+const registrations = defineMethodRegistrations({
+	domain: DOMAIN,
+	depKey: DEP_KEY,
+	lookup: toolLookup(antidebugTools),
+	entries: [{
+		tool: "antidebug_bypass",
+		method: "handleAntidebugBypass"
+	}, {
+		tool: "antidebug_detect_protections",
+		method: "handleAntiDebugDetectProtections"
+	}]
+});
+async function ensure(ctx) {
+	const { CodeCollector } = await import("./modules-tZozf0LQ.mjs").then((n) => n.t);
+	const { AntiDebugToolHandlers } = await import("./antidebug-BRKeyt27.mjs");
+	if (!ctx.collector) {
+		ctx.collector = new CodeCollector(ctx.config.puppeteer);
+		ctx.registerCaches();
+	}
+	if (!ctx.antidebugHandlers) ctx.antidebugHandlers = new AntiDebugToolHandlers(ctx.collector);
+	return ctx.antidebugHandlers;
+}
+const manifest = {
+	kind: "domain-manifest",
+	version: 1,
+	domain: DOMAIN,
+	depKey: DEP_KEY,
+	profiles: ["full"],
+	ensure,
+	registrations
+};
+//#endregion
+export { manifest as default };