frida-fusion 0.1.10__tar.gz → 0.1.11__tar.gz

{frida_fusion-0.1.10 → frida_fusion-0.1.11}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: frida-fusion
-Version: 0.1.10
+Version: 0.1.11
 Summary: Hook your mobile tests with Frida
 Author-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>
 Maintainer-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>

{frida_fusion-0.1.10 → frida_fusion-0.1.11}/frida_fusion/__meta__.py

@@ -1,8 +1,8 @@
-__version__ = '0.1.10'
+__version__ = '0.1.11'
 __title__ = "Frida Fusion"
 __description__ = "📱 frida-fusion - runtime mobile exploration"
 __url__ = "https://github.com/helviojunior/frida-fusion"
-__build__ = 0x3c147be
+__build__ = 0xc8879a3
 __author__ = "Helvio Junior (M4v3r1ck)"
 __author_email__ = "helvio_junior@hotmail.com"
 __license__ = "GPL-3.0"

{frida_fusion-0.1.10 → frida_fusion-0.1.11}/frida_fusion/fusion.py

@@ -194,9 +194,29 @@ class Fusion(object):
             s.on("message", self.make_handler("fusion_bundle.js"))  # register the message handler
             s.load()
         except Exception as e:
-            Logger.pl('{!} {R}Error:{O} %s{W}' % str(e))
-            print("")
-            sys.exit(1)
+
+            try:
+                err = str(e)
+                pattern = re.compile(r'script\(line (\d+)\):')
+                matches = [
+                    (
+                        m.group(0),
+                        self.translate_location(dict(
+                            file_name="fusion_bundle.js",
+                            line=m.group(1),
+                        ))
+                    )
+                    for m in pattern.finditer(err)
+                ]
+                for m in matches:
+                    err = err.replace(m[0], f"{m[1].file_name}(line {m[1].line})")
+                Logger.pl('{!} {R}Error:{O} %s{W}' % err)
+                print("")
+                sys.exit(1)
+            except Exception:
+                Logger.pl('{!} {R}Error:{O} %s{W}' % str(e))
+                print("")
+                sys.exit(1)
 
     def attach(self, pid: int):
         self.running = True

frida_fusion-0.1.11/frida_fusion/modules/android_setings/settings.js

@@ -0,0 +1,172 @@
+/*
+Documentation
+https://developer.android.com/reference/android/provider/Settings
+
+*/
+
+const SET_MODULES = {
+    Global: true,
+    Secure: true,
+    System: true,
+};
+
+setTimeout(function() {
+    Java.perform(function() {
+
+        // Bypass Settings
+        var androidSettings = [
+            ['adb_enabled', 0],
+            ['development_settings_enabled', 0],
+            ['play_protect_enabled', 1],
+            ['adb_enabled', 0]
+        ];
+
+        function settings_bypassValue(name, originalValue) {
+            androidSettings.forEach(function(item) {
+                let name = item[0];
+                let value = item[1];
+
+                if (name === name) {
+                    fusion_sendMessage('D', `Bypassing ${name}`)
+                    return value;
+                }
+            });
+            return originalValue;
+        }
+
+        if (SET_MODULES.System) {
+
+            fusion_sendMessage('D', "Module attached: android.provider.Settings.System");
+            const settingsSystem = Java.use("android.provider.Settings$System");
+
+            settingsSystem.getString.overload('android.content.ContentResolver', 'java.lang.String').implementation = function (cr, name) {
+                var data = this.getString.overload('android.content.ContentResolver', 'java.lang.String').call(this, cr, name);
+                fusion_sendKeyValueData("Settings$System.getString", [
+                    {key: "Name", value: name},
+                    {key: "Result", value: data}
+                ]);
+                return data
+            };
+
+            settingsSystem.putString.overload('android.content.ContentResolver', 'java.lang.String', 'java.lang.String').implementation = function (cr, name, value) {
+                fusion_sendKeyValueData("Settings$System.putString", [
+                    {key: "Name", value: name},
+                    {key: "Value", value: value}
+                ]);
+                return this.putString.overload('android.content.ContentResolver', 'java.lang.String', 'java.lang.String').call(this, cr, name, value);
+            };
+
+            settingsSystem.getUriFor.overload('java.lang.String').implementation = function (name) {
+                var data = this.getUriFor.overload('java.lang.String').call(this, name);
+                fusion_sendKeyValueData("Settings$System.getUriFor", [
+                    {key: "Name", value: name},
+                    {key: "Result", value: data}
+                ]);
+                return data
+            };
+
+            settingsSystem.getInt.overload('android.content.ContentResolver', 'java.lang.String', 'int').implementation = function(cr, name, flag) {
+                var data = this.getInt.overload('android.content.ContentResolver', 'java.lang.String', 'int').call(this, cr, name, flag);
+                fusion_sendKeyValueData("Settings$System.getInt", [
+                    {key: "Name", value: name},
+                    {key: "Flag", value: flag},
+                    {key: "Result", value: data}
+                ]);
+
+                return settings_bypassValue(name, data);
+            }
+
+            settingsSystem.getInt.overload('android.content.ContentResolver', 'java.lang.String').implementation = function(cr, name) {
+                var data = this.getInt.overload('android.content.ContentResolver', 'java.lang.String').call(this, cr, name);
+                fusion_sendKeyValueData("Settings$System.getInt", [
+                    {key: "Name", value: name},
+                    {key: "Result", value: data}
+                ]);
+                return settings_bypassValue(name, data);
+            }
+
+        }
+
+        if (SET_MODULES.Secure) {
+
+            fusion_sendMessage('D', "Module attached: android.provider.Settings.Secure");
+            const settingsSecure = Java.use("android.provider.Settings$Secure");
+
+            settingsSecure.getString.overload('android.content.ContentResolver', 'java.lang.String').implementation = function (cr, name) {
+                var data = this.getString.overload('android.content.ContentResolver', 'java.lang.String').call(this, cr, name);
+                fusion_sendKeyValueData("Settings$Secure.getString", [
+                    {key: "Name", value: name},
+                    {key: "Result", value: data}
+                ]);
+                return data
+            };
+
+            settingsSecure.putString.overload('android.content.ContentResolver', 'java.lang.String', 'java.lang.String').implementation = function (cr, name, value) {
+                fusion_sendKeyValueData("Settings$Secure.putString", [
+                    {key: "Name", value: name},
+                    {key: "Value", value: value}
+                ]);
+                return this.putString.overload('android.content.ContentResolver', 'java.lang.String', 'java.lang.String').call(this, cr, name, value);
+            };
+
+            settingsSecure.getUriFor.overload('java.lang.String').implementation = function (name) {
+                var data = this.getUriFor.overload('java.lang.String').call(this, name);
+                fusion_sendKeyValueData("Settings$Secure.getUriFor", [
+                    {key: "Name", value: name},
+                    {key: "Result", value: data}
+                ]);
+                return data
+            };
+
+            settingsSecure.getInt.overload('android.content.ContentResolver', 'java.lang.String', 'int').implementation = function(cr, name, flag) {
+                var data = this.getInt.overload('android.content.ContentResolver', 'java.lang.String', 'int').call(this, cr, name, flag);
+                fusion_sendKeyValueData("Settings$Secure.getInt", [
+                    {key: "Name", value: name},
+                    {key: "Flag", value: flag},
+                    {key: "Result", value: data}
+                ]);
+
+                return settings_bypassValue(name, data);
+            }
+
+            settingsSecure.getInt.overload('android.content.ContentResolver', 'java.lang.String').implementation = function(cr, name) {
+                var data = this.getInt.overload('android.content.ContentResolver', 'java.lang.String').call(this, cr, name);
+                fusion_sendKeyValueData("Settings$Secure.getInt", [
+                    {key: "Name", value: name},
+                    {key: "Result", value: data}
+                ]);
+                return settings_bypassValue(name, data);
+            }
+
+        }
+
+        if (SET_MODULES.Global) {
+
+            fusion_sendMessage('D', "Module attached: android.provider.Settings.Global");
+            const settingGlobal = Java.use('android.provider.Settings$Global');
+
+            settingGlobal.getInt.overload('android.content.ContentResolver', 'java.lang.String', 'int').implementation = function(cr, name, flag) {
+                var data = this.getInt.overload('android.content.ContentResolver', 'java.lang.String', 'int').call(this, cr, name, flag);
+                fusion_sendKeyValueData("Settings$Global.getInt", [
+                    {key: "Name", value: name},
+                    {key: "Flag", value: flag},
+                    {key: "Result", value: data}
+                ]);
+                return settings_bypassValue(name, data);
+            }
+
+            settingGlobal.getInt.overload('android.content.ContentResolver', 'java.lang.String').implementation = function(cr, name) {
+                var data = this.getInt.overload('android.content.ContentResolver', 'java.lang.String').call(this, cr, name);
+                fusion_sendKeyValueData("Settings$Global.getInt", [
+                    {key: "Name", value: name},
+                    {key: "Result", value: data}
+                ]);
+                return settings_bypassValue(name, data);
+            }
+
+        }
+
+        fusion_sendMessage("W", "Android Settings hook module have been successfully initialized.")
+    });
+    
+}, 0);

frida_fusion-0.1.11/frida_fusion/modules/android_setings/settings.py

@@ -0,0 +1,106 @@
+import json
+import os.path
+from pathlib import Path
+import base64
+import string
+
+from frida_fusion.libs.logger import Logger
+from frida_fusion.libs.database import Database
+from frida_fusion.libs.scriptlocation import ScriptLocation
+from frida_fusion.module import ModuleBase
+
+
+class Settings(ModuleBase):
+    class SettingsDB(Database):
+        dbName = ""
+
+        def __init__(self, db_name: str):
+            super().__init__(
+                auto_create=True,
+                db_name=db_name
+            )
+            self.create_db()
+
+        def create_db(self):
+            super().create_db()
+            conn = self.connect_to_db(check=False)
+
+            # definindo um cursor
+            cursor = conn.cursor()
+
+            # criando a tabela (schema)
+            cursor.execute("""
+                CREATE TABLE IF NOT EXISTS [android_settings] (
+                    id INTEGER PRIMARY KEY AUTOINCREMENT,
+                    module TEXT NULL,
+                    name TEXT NULL,
+                    flag INTEGER NULL DEFAULT (0),
+                    data TEXT NULL,
+                    created_date datetime not null DEFAULT (datetime('now','localtime')),
+                    UNIQUE (module, name, flag, data)
+                );
+            """)
+
+            conn.commit()
+
+            # Must get the constraints
+            self.get_constraints(conn)
+
+    def __init__(self):
+        super().__init__('Settings', 'Hook Android Settings functions')
+        self._settings_db = None
+        self.mod_path = str(Path(__file__).resolve().parent)
+
+    def start_module(self, **kwargs) -> bool:
+        if 'db_path' not in kwargs:
+            raise Exception("parameter db_path not found")
+
+        self._settings_db = Settings.SettingsDB(db_name=kwargs['db_path'])
+        return True
+
+    def js_files(self) -> list:
+        return [
+            os.path.join(self.mod_path, "settings.js")
+        ]
+
+    def key_value_event(self,
+                        script_location: ScriptLocation = None,
+                        stack_trace: str = None,
+                        module: str = None,
+                        received_data: dict = None
+                        ) -> bool:
+
+        if module in ["Settings$Secure.getString",
+                      "Settings$Secure.putString",
+                      "Settings$Secure.getUriFor",
+                      "Settings$Secure.getInt",
+                      "Settings$System.getString",
+                      "Settings$System.putString",
+                      "Settings$System.getUriFor",
+                      "Settings$System.getInt",
+                      "Settings$Global.getInt"
+                      ]:
+            name = received_data.get('name', None)
+            flag = received_data.get('flag', 0)
+            value = received_data.get('value', None)
+            result = received_data.get('result', value)
+
+            self._settings_db.insert_ignore_one(
+                table_name='android_settings',
+                module=module,
+                name=name,
+                flag=flag,
+                data=result
+            )
+
+        return True
+
+    def data_event(self,
+                   script_location: ScriptLocation = None,
+                   stack_trace: str = None,
+                   received_data: str = None
+                   ) -> bool:
+        #Nothing by now
+        return True
+
+

{frida_fusion-0.1.10 → frida_fusion-0.1.11}/frida_fusion/modules/crypto/crypto.js

@@ -1,5 +1,5 @@
 
-const MODULES = {
+const CRYPTO_MODULES = {
     KeyGenerator: true,
     KeyPairGenerator: true,
     SecretKeySpec: true,
@@ -20,7 +20,7 @@ setTimeout(function() {
 
         const System = Java.use("java.lang.System");
 
-        if (MODULES.KeyGenerator) {
+        if (CRYPTO_MODULES.KeyGenerator) {
             fusion_sendMessage('*', "Module attached: javax.crypto.KeyGenerator");
             const keyGenerator = Java.use("javax.crypto.KeyGenerator");
 
@@ -54,7 +54,7 @@ setTimeout(function() {
 
         }
 
-        if (MODULES.KeyPairGenerator) {
+        if (CRYPTO_MODULES.KeyPairGenerator) {
             fusion_sendMessage('*', "Module attached: java.security.KeyPairGenerator");
             const keyPairGenerator = Java.use("java.security.KeyPairGenerator");
             keyPairGenerator.getInstance.overload("java.lang.String").implementation = function (arg0) {
@@ -81,7 +81,7 @@ setTimeout(function() {
             };
         }
 
-        if (MODULES.SecretKeySpec) {
+        if (CRYPTO_MODULES.SecretKeySpec) {
             fusion_sendMessage('*', "Module attached: javax.crypto.spec.SecretKeySpec");
             const secretKeySpec = Java.use("javax.crypto.spec.SecretKeySpec");
             secretKeySpec.$init.overload("[B", "java.lang.String").implementation = function (key, cipher) {
@@ -95,7 +95,7 @@ setTimeout(function() {
             }
         }
 
-        if (MODULES.MessageDigest) {
+        if (CRYPTO_MODULES.MessageDigest) {
             fusion_sendMessage('*', "Module attached: java.security.MessageDigest");
             const messageDigest = Java.use("java.security.MessageDigest");
             messageDigest.getInstance.overload("java.lang.String").implementation = function (arg0) {
@@ -144,7 +144,7 @@ setTimeout(function() {
 
         }
 
-        if (MODULES.SecretKeyFactory) {
+        if (CRYPTO_MODULES.SecretKeyFactory) {
             fusion_sendMessage('*', "Module attached: javax.crypto.SecretKeyFactory");
             const secretKeyFactory = Java.use("javax.crypto.SecretKeyFactory");
             secretKeyFactory.getInstance.overload("java.lang.String").implementation = function (arg0) {
@@ -171,7 +171,7 @@ setTimeout(function() {
             };
         }
 
-        if (MODULES.Signature) {
+        if (CRYPTO_MODULES.Signature) {
             fusion_sendMessage('*', "Module attached: java.security.Signature");
             const signature = Java.use("java.security.Signature");
             signature.getInstance.overload("java.lang.String").implementation = function (arg0) {
@@ -198,7 +198,7 @@ setTimeout(function() {
             };
         }
 
-        if (MODULES.Cipher) {
+        if (CRYPTO_MODULES.Cipher) {
             fusion_sendMessage('*', "Module attached: javax.crypto.Cipher");
             var iv_parameter_spec = Java.use("javax.crypto.spec.IvParameterSpec");
             var pbe_parameter_spec = Java.use("javax.crypto.spec.PBEParameterSpec");
@@ -365,7 +365,7 @@ setTimeout(function() {
         }
 
 
-        if (MODULES.Mac) {
+        if (CRYPTO_MODULES.Mac) {
             fusion_sendMessage('*', "Module attached: javax.crypto.Mac");
             const mac = Java.use("javax.crypto.Mac");
             mac.getInstance.overload("java.lang.String").implementation = function (arg0) {
@@ -392,7 +392,7 @@ setTimeout(function() {
             };
         }
 
-        if (MODULES.KeyGenParameterSpec) {
+        if (CRYPTO_MODULES.KeyGenParameterSpec) {
             fusion_sendMessage('*', "Module attached: android.security.keystore.KeyGenParameterSpec$Builder");
             const useKeyGen = Java.use("android.security.keystore.KeyGenParameterSpec$Builder");
             useKeyGen.$init.overload("java.lang.String", "int").implementation = function (keyStoreAlias, purpose) {
@@ -466,7 +466,7 @@ setTimeout(function() {
             }
         }
 
-        if (MODULES.IvParameterSpec) {
+        if (CRYPTO_MODULES.IvParameterSpec) {
             fusion_sendMessage('*', "Module attached: javax.crypto.spec.IvParameterSpec");
             const ivParameter = Java.use("javax.crypto.spec.IvParameterSpec");
             ivParameter.$init.overload("[B").implementation = function (ivKey) {
@@ -488,7 +488,7 @@ setTimeout(function() {
             }
         }
 
-        if (MODULES.GCMParameterSpec) {
+        if (CRYPTO_MODULES.GCMParameterSpec) {
             fusion_sendMessage('*', "Module attached: javax.crypto.spec.GCMParameterSpec");
             const gcmParameter = Java.use("javax.crypto.spec.GCMParameterSpec");
             gcmParameter.$init.overload("int", "[B").implementation = function (tLen, ivKey) {
@@ -512,7 +512,7 @@ setTimeout(function() {
             }
         }
 
-        if (MODULES.PBEParameterSpec) {
+        if (CRYPTO_MODULES.PBEParameterSpec) {
             fusion_sendMessage('*', "Module attached: javax.crypto.spec.PBEParameterSpec");
             const pbeParameter = Java.use("javax.crypto.spec.PBEParameterSpec");
             pbeParameter.$init.overload("[B", "int").implementation = function (salt, iterationCount) {
@@ -547,7 +547,7 @@ setTimeout(function() {
             }
         }
 
-        if (MODULES.X509EncodedKeySpec) {
+        if (CRYPTO_MODULES.X509EncodedKeySpec) {
             fusion_sendMessage('*', "Module attached: java.security.spec.X509EncodedKeySpec");
             const x509EncodedKeySpec = Java.use("java.security.spec.X509EncodedKeySpec");
             x509EncodedKeySpec.$init.overload("[B").implementation = function (encodedKey) {

{frida_fusion-0.1.10 → frida_fusion-0.1.11}/frida_fusion.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: frida-fusion
-Version: 0.1.10
+Version: 0.1.11
 Summary: Hook your mobile tests with Frida
 Author-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>
 Maintainer-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>

{frida_fusion-0.1.10 → frida_fusion-0.1.11}/frida_fusion.egg-info/SOURCES.txt

@@ -22,6 +22,9 @@ frida_fusion/libs/helpers.js
 frida_fusion/libs/logger.py
 frida_fusion/libs/scriptlocation.py
 frida_fusion/modules/__init__.py
+frida_fusion/modules/android_setings/__init__.py
+frida_fusion/modules/android_setings/settings.js
+frida_fusion/modules/android_setings/settings.py
 frida_fusion/modules/crypto/__init__.py
 frida_fusion/modules/crypto/crypto.js
 frida_fusion/modules/crypto/crypto.py