frida-java-bridge 6.2.2 → 6.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +7 -3
- package/lib/android.js +56 -37
- package/lib/class-model.js +8 -2
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -440,9 +440,13 @@ class Runtime {
|
|
|
440
440
|
handleBindApplication.apply(this, arguments);
|
|
441
441
|
};
|
|
442
442
|
|
|
443
|
-
const
|
|
444
|
-
|
|
445
|
-
|
|
443
|
+
const getPackageInfoCandidates = ActivityThread.getPackageInfo.overloads
|
|
444
|
+
.map(m => [m.argumentTypes.length, m])
|
|
445
|
+
.sort(([arityA,], [arityB,]) => arityB - arityA)
|
|
446
|
+
.map(([_, method]) => method);
|
|
447
|
+
const getPackageInfo = getPackageInfoCandidates[0];
|
|
448
|
+
getPackageInfo.implementation = function (...args) {
|
|
449
|
+
const apk = getPackageInfo.call(this, ...args);
|
|
446
450
|
|
|
447
451
|
if (!initialized && hookpoint === 'early') {
|
|
448
452
|
initialized = true;
|
package/lib/android.js
CHANGED
|
@@ -81,7 +81,6 @@ const SOCK_STREAM = 1;
|
|
|
81
81
|
|
|
82
82
|
const getArtRuntimeSpec = memoize(_getArtRuntimeSpec);
|
|
83
83
|
const getArtInstrumentationSpec = memoize(_getArtInstrumentationSpec);
|
|
84
|
-
const getArtClassLinkerSpec = memoize(_getArtClassLinkerSpec);
|
|
85
84
|
const getArtMethodSpec = memoize(_getArtMethodSpec);
|
|
86
85
|
const getArtThreadSpec = memoize(_getArtThreadSpec);
|
|
87
86
|
const getArtManagedStackSpec = memoize(_getArtManagedStackSpec);
|
|
@@ -103,6 +102,7 @@ const nativeFunctionOptions = {
|
|
|
103
102
|
const artThreadStateTransitions = {};
|
|
104
103
|
|
|
105
104
|
let cachedApi = null;
|
|
105
|
+
let cachedArtClassLinkerSpec = null;
|
|
106
106
|
let MethodMangler = null;
|
|
107
107
|
let artController = null;
|
|
108
108
|
const inlineHooks = [];
|
|
@@ -448,7 +448,8 @@ function _getApi () {
|
|
|
448
448
|
|
|
449
449
|
const artRuntime = temporaryApi.vm.add(pointerSize).readPointer();
|
|
450
450
|
temporaryApi.artRuntime = artRuntime;
|
|
451
|
-
const
|
|
451
|
+
const runtimeSpec = getArtRuntimeSpec(temporaryApi);
|
|
452
|
+
const runtimeOffset = runtimeSpec.offset;
|
|
452
453
|
const instrumentationOffset = runtimeOffset.instrumentation;
|
|
453
454
|
temporaryApi.artInstrumentation = (instrumentationOffset !== null) ? artRuntime.add(instrumentationOffset) : null;
|
|
454
455
|
|
|
@@ -463,7 +464,7 @@ function _getApi () {
|
|
|
463
464
|
*/
|
|
464
465
|
const classLinker = artRuntime.add(runtimeOffset.classLinker).readPointer();
|
|
465
466
|
|
|
466
|
-
const classLinkerOffsets = getArtClassLinkerSpec(
|
|
467
|
+
const classLinkerOffsets = getArtClassLinkerSpec(artRuntime, runtimeSpec).offset;
|
|
467
468
|
const quickResolutionTrampoline = classLinker.add(classLinkerOffsets.quickResolutionTrampoline).readPointer();
|
|
468
469
|
const quickImtConflictTrampoline = classLinker.add(classLinkerOffsets.quickImtConflictTrampoline).readPointer();
|
|
469
470
|
const quickGenericJniTrampoline = classLinker.add(classLinkerOffsets.quickGenericJniTrampoline).readPointer();
|
|
@@ -613,49 +614,57 @@ function _getArtRuntimeSpec (api) {
|
|
|
613
614
|
const endOffset = startOffset + (100 * pointerSize);
|
|
614
615
|
|
|
615
616
|
const apiLevel = getAndroidApiLevel();
|
|
617
|
+
const codename = getAndroidCodename();
|
|
616
618
|
|
|
617
619
|
let spec = null;
|
|
618
620
|
|
|
619
621
|
for (let offset = startOffset; offset !== endOffset; offset += pointerSize) {
|
|
620
622
|
const value = runtime.add(offset).readPointer();
|
|
621
623
|
if (value.equals(vm)) {
|
|
622
|
-
let
|
|
624
|
+
let classLinkerOffsets;
|
|
623
625
|
let jniIdManagerOffset = null;
|
|
624
|
-
if (apiLevel >= 33 ||
|
|
625
|
-
|
|
626
|
+
if (apiLevel >= 33 || codename === 'Tiramisu') {
|
|
627
|
+
classLinkerOffsets = [offset - (4 * pointerSize)];
|
|
626
628
|
jniIdManagerOffset = offset - pointerSize;
|
|
627
|
-
} else if (apiLevel >= 30 ||
|
|
628
|
-
|
|
629
|
+
} else if (apiLevel >= 30 || codename === 'R') {
|
|
630
|
+
classLinkerOffsets = [offset - (3 * pointerSize), offset - (4 * pointerSize)];
|
|
629
631
|
jniIdManagerOffset = offset - pointerSize;
|
|
630
632
|
} else if (apiLevel >= 29) {
|
|
631
|
-
|
|
633
|
+
classLinkerOffsets = [offset - (2 * pointerSize)];
|
|
632
634
|
} else if (apiLevel >= 27) {
|
|
633
|
-
|
|
635
|
+
classLinkerOffsets = [offset - STD_STRING_SIZE - (3 * pointerSize)];
|
|
634
636
|
} else {
|
|
635
|
-
|
|
637
|
+
classLinkerOffsets = [offset - STD_STRING_SIZE - (2 * pointerSize)];
|
|
636
638
|
}
|
|
637
639
|
|
|
638
|
-
const
|
|
639
|
-
|
|
640
|
+
for (const classLinkerOffset of classLinkerOffsets) {
|
|
641
|
+
const internTableOffset = classLinkerOffset - pointerSize;
|
|
642
|
+
const threadListOffset = internTableOffset - pointerSize;
|
|
640
643
|
|
|
641
|
-
|
|
642
|
-
|
|
643
|
-
|
|
644
|
-
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
|
|
644
|
+
let heapOffset;
|
|
645
|
+
if (apiLevel >= 24) {
|
|
646
|
+
heapOffset = threadListOffset - (8 * pointerSize);
|
|
647
|
+
} else if (apiLevel >= 23) {
|
|
648
|
+
heapOffset = threadListOffset - (7 * pointerSize);
|
|
649
|
+
} else {
|
|
650
|
+
heapOffset = threadListOffset - (4 * pointerSize);
|
|
651
|
+
}
|
|
649
652
|
|
|
650
|
-
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
|
|
654
|
-
|
|
655
|
-
|
|
656
|
-
|
|
653
|
+
const candidate = {
|
|
654
|
+
offset: {
|
|
655
|
+
heap: heapOffset,
|
|
656
|
+
threadList: threadListOffset,
|
|
657
|
+
internTable: internTableOffset,
|
|
658
|
+
classLinker: classLinkerOffset,
|
|
659
|
+
jniIdManager: jniIdManagerOffset
|
|
660
|
+
}
|
|
661
|
+
};
|
|
662
|
+
if (tryGetArtClassLinkerSpec(runtime, candidate) !== null) {
|
|
663
|
+
spec = candidate;
|
|
664
|
+
break;
|
|
657
665
|
}
|
|
658
|
-
}
|
|
666
|
+
}
|
|
667
|
+
|
|
659
668
|
break;
|
|
660
669
|
}
|
|
661
670
|
}
|
|
@@ -833,7 +842,19 @@ function _getArtInstrumentationSpec () {
|
|
|
833
842
|
};
|
|
834
843
|
}
|
|
835
844
|
|
|
836
|
-
function
|
|
845
|
+
function getArtClassLinkerSpec (runtime, runtimeSpec) {
|
|
846
|
+
const spec = tryGetArtClassLinkerSpec(runtime, runtimeSpec);
|
|
847
|
+
if (spec === null) {
|
|
848
|
+
throw new Error('Unable to determine ClassLinker field offsets');
|
|
849
|
+
}
|
|
850
|
+
return spec;
|
|
851
|
+
}
|
|
852
|
+
|
|
853
|
+
function tryGetArtClassLinkerSpec (runtime, runtimeSpec) {
|
|
854
|
+
if (cachedArtClassLinkerSpec !== null) {
|
|
855
|
+
return cachedArtClassLinkerSpec;
|
|
856
|
+
}
|
|
857
|
+
|
|
837
858
|
/*
|
|
838
859
|
* On Android 5.x:
|
|
839
860
|
*
|
|
@@ -862,11 +883,9 @@ function _getArtClassLinkerSpec (api) {
|
|
|
862
883
|
* }
|
|
863
884
|
*/
|
|
864
885
|
|
|
865
|
-
const
|
|
866
|
-
const
|
|
867
|
-
|
|
868
|
-
const classLinker = runtime.add(runtimeSpec.offset.classLinker).readPointer();
|
|
869
|
-
const internTable = runtime.add(runtimeSpec.offset.internTable).readPointer();
|
|
886
|
+
const { classLinker: classLinkerOffset, internTable: internTableOffset } = runtimeSpec.offset;
|
|
887
|
+
const classLinker = runtime.add(classLinkerOffset).readPointer();
|
|
888
|
+
const internTable = runtime.add(internTableOffset).readPointer();
|
|
870
889
|
|
|
871
890
|
const startOffset = (pointerSize === 4) ? 100 : 200;
|
|
872
891
|
const endOffset = startOffset + (100 * pointerSize);
|
|
@@ -911,8 +930,8 @@ function _getArtClassLinkerSpec (api) {
|
|
|
911
930
|
}
|
|
912
931
|
}
|
|
913
932
|
|
|
914
|
-
if (spec
|
|
915
|
-
|
|
933
|
+
if (spec !== null) {
|
|
934
|
+
cachedArtClassLinkerSpec = spec;
|
|
916
935
|
}
|
|
917
936
|
|
|
918
937
|
return spec;
|
package/lib/class-model.js
CHANGED
|
@@ -390,7 +390,10 @@ model_add_method (Model * self,
|
|
|
390
390
|
gchar * key, type;
|
|
391
391
|
const gchar * value;
|
|
392
392
|
|
|
393
|
-
|
|
393
|
+
if (name[0] == '$')
|
|
394
|
+
key = g_strdup_printf ("_%s", name);
|
|
395
|
+
else
|
|
396
|
+
key = g_strdup (name);
|
|
394
397
|
|
|
395
398
|
type = (modifiers & kAccStatic) != 0 ? 's' : 'i';
|
|
396
399
|
|
|
@@ -410,7 +413,10 @@ model_add_field (Model * self,
|
|
|
410
413
|
GHashTable * members = self->members;
|
|
411
414
|
gchar * key, type;
|
|
412
415
|
|
|
413
|
-
|
|
416
|
+
if (name[0] == '$')
|
|
417
|
+
key = g_strdup_printf ("_%s", name);
|
|
418
|
+
else
|
|
419
|
+
key = g_strdup (name);
|
|
414
420
|
while (g_hash_table_contains (members, key))
|
|
415
421
|
{
|
|
416
422
|
gchar * new_key = g_strdup_printf ("_%s", key);
|