frida-fusion 0.1.13__tar.gz → 0.1.15__tar.gz

{frida_fusion-0.1.13 → frida_fusion-0.1.15}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: frida-fusion
-Version: 0.1.13
+Version: 0.1.15
 Summary: Hook your mobile tests with Frida
 Author-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>
 Maintainer-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>
@@ -105,7 +105,7 @@ void    fusion_printMethods(String name);
 void    fusion_waitForClass(String name, CallbackFunction onReady)
 
 # Conversions
-byte[]  fusion_stringToBase64(String message);
+String  fusion_stringToBase64(String message);
 String  fusion_bytesToBase64(byte[] byteArray);
 String  fusion_encodeHex(byte[] byteArray);
 ```

{frida_fusion-0.1.13 → frida_fusion-0.1.15}/README.md

@@ -70,7 +70,7 @@ void    fusion_printMethods(String name);
 void    fusion_waitForClass(String name, CallbackFunction onReady)
 
 # Conversions
-byte[]  fusion_stringToBase64(String message);
+String  fusion_stringToBase64(String message);
 String  fusion_bytesToBase64(byte[] byteArray);
 String  fusion_encodeHex(byte[] byteArray);
 ```

{frida_fusion-0.1.13 → frida_fusion-0.1.15}/frida_fusion/__meta__.py

@@ -1,8 +1,8 @@
-__version__ = '0.1.13'
+__version__ = '0.1.15'
 __title__ = "Frida Fusion"
 __description__ = "📱 frida-fusion - runtime mobile exploration"
 __url__ = "https://github.com/helviojunior/frida-fusion"
-__build__ = 0xf8869e4
+__build__ = 0xef43fce
 __author__ = "Helvio Junior (M4v3r1ck)"
 __author_email__ = "helvio_junior@hotmail.com"
 __license__ = "GPL-3.0"

{frida_fusion-0.1.13 → frida_fusion-0.1.15}/frida_fusion/args.py

@@ -6,6 +6,8 @@ import sys
 
 from .libs.color import Color
 from .__meta__ import __description__
+from .module import ModuleManager
+
 
 class Arguments(object):
     ''' Holds arguments used by the Frida Fusion '''
@@ -43,8 +45,37 @@ class Arguments(object):
         modules_group = parser.add_argument_group('Modules')
         self._add_modules_args(modules_group)
 
+        # Add module args
+        for mod in self._get_requested_module_list():
+            flags = parser.add_argument_group(f'{mod.name} Flags')
+            mod.create_instance().add_params(flags)
+
         return parser.parse_args()
 
+    def _get_requested_module_list(self):
+        mods = ModuleManager.list_modules()
+        parser = argparse.ArgumentParser()
+        parser.add_argument('-m',
+                            '--module',
+                            action='append',
+                            dest='enabled_modules')
+
+        t_args, _ = parser.parse_known_args([
+            word
+            for word in sys.argv
+            if word != "-h" and word != "--list-modules"
+        ])
+        if t_args is None or t_args.enabled_modules is None:
+            return []
+        return [
+            m
+            for md in t_args.enabled_modules
+            for mn in md.split(",")
+            if mn.strip() != ""
+            for _, m in mods.items()
+            if m.safe_name() == mn.lower()
+        ]
+
     def _add_app_args(self, app):
         app.add_argument('-f',
                          '--package',

{frida_fusion-0.1.13 → frida_fusion-0.1.15}/frida_fusion/config.py

@@ -4,6 +4,7 @@ import os
 import errno
 import sys
 import signal
+from argparse import Namespace
 from pathlib import Path
 
 from .module import Module, ModuleManager, InternalModule, ExternalModule
@@ -17,6 +18,7 @@ class Configuration(object):
     version = '0.0.0'
 
     initialized = False  # Flag indicating config has been initialized
+    args: Namespace = {}
     debug_level = 0
     cmd_line = ''
     base_path = str(Path(__file__).resolve().parent)
@@ -98,6 +100,7 @@ class Configuration(object):
             sys.exit(0)
 
         args = Arguments().args
+        Configuration.args = args
 
         Color.pl('{+} {W}Startup parameters')
 

frida_fusion-0.1.15/frida_fusion/exceptions.py

@@ -0,0 +1,19 @@
+
+class SilentKillError(Exception):
+    def __init__(self, *args, **kwargs):
+        # args -> vão para a Exception (ex.: a mensagem)
+        # kwargs -> metadados opcionais seus
+        self.meta = kwargs
+        self._msg = kwargs.get("message") or ""
+        if args is not None and len(args) > 0 and self._msg == "":
+            self._msg = args[0]
+        super().__init__(*args)
+
+    def __str__(self):
+        if self._msg != "":
+            return self._msg
+        else:
+            return str(super(SilentKillError, self).__str__())
+
+    def __repr__(self):
+        return str(self)

{frida_fusion-0.1.13 → frida_fusion-0.1.15}/frida_fusion/fusion.py

@@ -2,6 +2,7 @@
 # -*- coding: UTF-8 -*-
 from __future__ import annotations
 
+from .exceptions import SilentKillError
 from .libs.color import Color
 from .libs.scriptlocation import ScriptLocation
 
@@ -64,10 +65,12 @@ class Fusion(object):
         try:
             self.session.detach()
         except:
-            try:
-                self.device.kill(self.pid)
-            except:
-                pass
+            pass
+
+        try:
+            self.device.kill(self.pid)
+        except:
+            pass
 
     def get_device(self):
         try:
@@ -150,6 +153,13 @@ class Fusion(object):
 
         for m in self._modules:
             files_js += m.js_files()
+            dyn = m.dynamic_script()
+            if dyn is not None and dyn.strip(" \r\n") != "":
+                dyn += "\n\n"
+                line_cnt = len(dyn.split("\n")) - 1
+                self.script_trace[f"dyn_{m.safe_name()}.js"] = (offset, offset + line_cnt)
+                offset += line_cnt
+                src += dyn
 
         if os.path.isfile(Configuration.frida_scripts):
             files_js += [Configuration.frida_scripts]
@@ -220,9 +230,16 @@ class Fusion(object):
                 sys.exit(1)
 
     def attach(self, pid: int):
-        self.running = True
+        Fusion.running = True
         self.pid = pid
 
+        if self.session is not None:
+            try:
+                self.session.off("detached", self.on_detached)
+            except:
+                pass
+            self.session = None
+
         self.session = self.device.attach(self.pid)
         self.session.on("detached", self.on_detached)
 
@@ -231,7 +248,14 @@ class Fusion(object):
         self.device.resume(self.pid)
 
     def std_spawn(self):
-        self.running = True
+        Fusion.running = True
+
+        if self.session is not None:
+            try:
+                self.session.off("detached", self.on_detached)
+            except:
+                pass
+            self.session = None
 
         self.pid = self.device.spawn([Configuration.package])
         self.session = self.device.attach(self.pid)
@@ -242,7 +266,14 @@ class Fusion(object):
         self.device.resume(self.pid)
 
     def wait_spawn(self):
-        self.running = True
+        Fusion.running = True
+
+        if self.session is not None:
+            try:
+                self.session.off("detached", self.on_detached)
+            except:
+                pass
+            self.session = None
 
         self.pid = self.device.spawn([Configuration.package])
         self.device.resume(self.pid)
@@ -365,6 +396,18 @@ class Fusion(object):
                     else:
                         self.print_message(mLevel, message, script_location=script_location)
 
+                except SilentKillError as sk:
+                    skm = str(sk)
+
+                    self.print_message("D", "Silent kill requested",
+                                       script_location=Logger.get_caller_info(stack_index=1))
+                    Fusion.running = False
+                    time.sleep(0.2)
+                    if skm != "":
+                        Logger.pl(f'\n{skm}')
+                    Logger.pl('\n{+} {O}Exiting...{O}{W}')
+                    self.done.set()
+
                 except Exception as err:
                     script_location = ScriptLocation(file_name=Fusion._script_name)
                     self.print_message("E", message, script_location=script_location)
@@ -436,6 +479,7 @@ class Fusion(object):
         elif crash is not None:
             Logger.pl("[CRASH] details: " + str(crash))
 
+        Logger.pl("")
         self.done.set()
 
     def _raise_key_value_event(self,
@@ -451,6 +495,8 @@ class Fusion(object):
                     module=module,
                     received_data=received_data
                 )
+            except SilentKillError as ske:
+                raise ske
             except Exception as e:
                 if Configuration.debug_level >= 2:
                     self.print_message("E", f"Error resizing event to module {m.name}: {str(e)}")
@@ -468,6 +514,8 @@ class Fusion(object):
                     stack_trace=stack_trace,
                     received_data=received_data
                 )
+            except SilentKillError as ske:
+                raise ske
             except Exception as e:
                 if Configuration.debug_level >= 2:
                     self.print_message("E", f"Error resizing event to module {m.name}: {str(e)}")
@@ -626,6 +674,7 @@ class Fusion(object):
             if len(self._modules) > 0:
                 Logger.pl("{+} Starting selected modules")
                 for m in self._modules:
+                    m.load_from_arguments(Configuration.args)
                     m.start_module(
                         package=Configuration.package,
                         db_path=Configuration.db_path

{frida_fusion-0.1.13 → frida_fusion-0.1.15}/frida_fusion/libs/helpers.js

@@ -2,12 +2,24 @@
     Author: Helvio Junior - M4v3r1ck
 */
 
+function fusion_rawSend(payload1){
+    send(payload1);
+}
+
 function fusion_Send(payload1, payload2){
     const info = fusion_getCallerInfo();
-    send({
-      payload: payload1,
-      location: info
-    }, payload2);
+
+    const message = {
+        payload: payload1,
+        location: info
+    };
+
+    // if payload1 is objet and has "type"
+    if (payload1 && typeof payload1 === 'object' && 'type' in payload1) {
+        message.type = payload1.type;
+    }
+
+    send(message, payload2);
 }
 
 function fusion_waitForClass(name, onReady) {
@@ -80,6 +92,12 @@ function fusion_bytesToBase64(byteArray){
     }
 }
 
+function fusion_normalizePtr(addr) {
+  let p = ptr(addr);
+  if (Process.arch === 'arm64') p = p.and('0x00FFFFFFFFFFFFFF'); // limpa TBI
+  return p;
+}
+
 function fusion_getCallerInfo() {
   try{
     const stack = new Error().stack.split("\n");
@@ -244,6 +262,38 @@ function fusion_getClassName(obj)
 
 }
 
+function fusion_getReadableRange(p) {
+  try { p = ptr(p); } catch (_) { return null; }
+  const range = Process.findRangeByAddress(p); // não lança exceção
+  if (!range) return null;
+  // range.protection exemplo: 'r-x', 'rw-'
+  return range.protection.indexOf('r') !== -1 ? range : null;
+}
+
+function fusion_isAddressReadable(p) {
+  const r = fusion_getReadableRange(p);
+  if (!r) return false;
+  // tenta ler 1 byte para confirmar acessibilidade
+  try { Memory.readU8(ptr(p)); return true; }
+  catch (_) { return false; }
+}
+
+function fusion_describeAddress(p) {
+  try { p = ptr(p); } catch (_) { return { ok:false, reason:'not a pointer' }; }
+  if (Process.arch === 'arm64') p = p.and('0x00FFFFFFFFFFFFFF'); // remove top byte
+  if (!fusion_isAddressReadable(p)) return { ok:false, reason:'invalid pointer' };
+  const range = Process.findRangeByAddress(p);
+  if (!range) return { ok:false, reason:'unmapped' };
+  return {
+    ok: true,
+    base: range.base,
+    size: range.size,
+    protection: range.protection,
+    file: range.file ? range.file.path : null
+  };
+}
+
+
 Java.perform(function () {
   const Thread = Java.use('java.lang.Thread');
   const UEH = Java.registerClass({

{frida_fusion-0.1.13 → frida_fusion-0.1.15}/frida_fusion/module.py

@@ -1,6 +1,8 @@
 import os
 import sys
 import re
+from argparse import _ArgumentGroup, Namespace
+
 import frida
 import pkgutil
 import importlib
@@ -35,12 +37,21 @@ class ModuleBase(object):
     def start_module(self, **kwargs) -> bool:
         raise Exception('Method "start_module" is not yet implemented.')
 
+    def load_from_arguments(self, args: Namespace) -> bool:
+        return True
+
     def js_files(self) -> list:
         return []
 
+    def dynamic_script(self) -> str:
+        return ""
+
     def suppress_messages(self):
         pass
 
+    def add_params(self, flags: _ArgumentGroup):
+        pass
+
     def key_value_event(self,
                         script_location: ScriptLocation = None,
                         stack_trace: str = None,
@@ -125,6 +136,9 @@ class ExternalModule(Module):
 
 
 class ModuleManager:
+    initialized = False  # Flag indicating modules has been initialized
+    modules: dict[str, Module] = {}
+
     @classmethod
     def _safe_import_from_path(cls, path: Path, loaded_files: set):
         """
@@ -188,9 +202,12 @@ class ModuleManager:
 
     @classmethod
     def list_modules(cls) -> dict:
+        if ModuleManager.initialized:
+            return ModuleManager.modules
+
         try:
             base_module = Module.get_base_module()
-            modules: dict[str, Module] = {}
+            ModuleManager.modules = {}
 
             # --- 1) Varredura padrão do seu pacote interno: <este_arquivo>/modules ---
             base_path = Path(__file__).resolve().parent / "modules"
@@ -242,13 +259,13 @@ class ModuleManager:
             for i_class in ModuleBase.__subclasses__():
                 t = i_class()
                 key = t.safe_name()
-                if key in modules:
+                if key in ModuleManager.modules:
                     raise ModuleLoaderError(
                         f"Duplicated Module name: {i_class.__module__}.{i_class.__qualname__}"
                     )
 
                 if str(i_class.__module__) in internal_mods:
-                    modules[key] = InternalModule(
+                    ModuleManager.modules[key] = InternalModule(
                         name=t.name,
                         description=t.description,
                         module=str(i_class.__module__),
@@ -256,7 +273,7 @@ class ModuleManager:
                         class_name=i_class,
                     )
                 else:
-                    modules[key] = ExternalModule(
+                    ModuleManager.modules[key] = ExternalModule(
                         name=t.name,
                         description=t.description,
                         module=str(i_class.__module__),
@@ -264,7 +281,8 @@ class ModuleManager:
                         class_name=i_class,
                     )
 
-            return modules
+            ModuleManager.initialized = True
+            return ModuleManager.modules
 
         except Exception as e:
             # Envolve a exceção original para manter contexto

frida_fusion-0.1.15/frida_fusion/modules/reflection/reflection-stalker.js

@@ -0,0 +1,293 @@
+// Script Frida: Method.invoke -> build object + enviar via fusion_sendKeyValueData
+Java.perform(function () {
+
+    var jlrmethod = Java.use("java.lang.reflect.Method");
+    var origInvoke = jlrmethod.invoke; // referência original
+
+    function safeGetClassName(obj) {
+        try {
+            if (obj === null || obj === undefined) return null;
+            var cls = obj.getClass();
+            return cls.getName();
+        } catch (e) {
+            try { if (obj && obj.$className) return obj.$className; } catch(e2) {}
+            try { return Object.prototype.toString.call(obj); } catch(_) { return typeof obj; }
+        }
+    }
+
+    function buildParamInfo(param, depth) {
+        depth = depth || 0;
+        var maxDepth = 3;
+        var info = { type: null, class_name: null, value: null };
+
+        if (param === null || param === undefined) {
+            info.type = 'null';
+            return info;
+        }
+
+        var className = safeGetClassName(param);
+        info.class_name = className;
+        info.type = className;
+
+        try {
+            if (className && className.charAt(0) === '[') {
+                info.type = className;
+                if (className === '[B') {
+                    try {
+                        var buffer = Java.array('byte', param);
+                        try { info.value = toBase64(buffer); } catch (e) { 
+                            var sb = []; for (var i=0;i<Math.min(buffer.length,256);i++) sb.push((buffer[i]&0xff).toString(16));
+                            info.value = sb.join('');
+                        }
+                    } catch (errByte) { info.value = '[unreadable byte array]'; }
+                    return info;
+                }
+                if (className.indexOf('Ljava.lang.String') !== -1) {
+                    try {
+                        var arrLen = param.length;
+                        var vals = [];
+                        for (var i=0;i<Math.min(arrLen,50);i++) { vals.push(String(param[i])); }
+                        info.value = { length: arrLen, preview: vals };
+                    } catch(e) { info.value = '[unreadable string array]'; }
+                    return info;
+                }
+                if (depth >= maxDepth) { info.value = '[array - depth limit]'; return info; }
+                try {
+                    var n = param.length;
+                    var items = [];
+                    for (var j=0; j<Math.min(n,50); j++) items.push(buildParamInfo(param[j], depth+1));
+                    info.value = { length: n, preview: items };
+                } catch(e) { info.value = '[unreadable array]'; }
+                return info;
+            }
+        } catch(eArrDetect) {}
+
+        try {
+            if (className === 'java.lang.String' || (typeof param === 'string')) { info.value = String(param); return info; }
+            if (className && (
+                className.indexOf('java.lang.Number') !== -1 ||
+                className.indexOf('java.lang.Integer') !== -1 ||
+                className.indexOf('java.lang.Long') !== -1 ||
+                className.indexOf('java.lang.Boolean') !== -1 ||
+                className.indexOf('java.lang.Double') !== -1 ||
+                className.indexOf('java.lang.Float') !== -1 ||
+                className.indexOf('java.lang.Short') !== -1 ||
+                className.indexOf('java.lang.Character') !== -1)) {
+                try { info.value = param.toString(); } catch(e){ info.value = String(param); }
+                return info;
+            }
+            try { info.value = param.toString(); } catch (e) { info.value = '[toString failed]'; }
+            return info;
+        } catch(errGeneric) {
+            info.value = '[error building param]';
+            return info;
+        }
+    }
+
+    function buildInvokeObject(methodRef, targetObject, parameters) {
+        var obj = {
+            timestamp: (new Date()).toISOString(),
+            method: {
+                toString: String(methodRef),
+                name: null,
+                declaring_class: null,
+                b64: null
+            },
+            target: {
+                class_name: null,
+                toString: null
+            },
+            parameters: [],
+            return: {
+                class_name: null,
+                value: null
+            }
+        };
+
+        try {
+            if (methodRef && methodRef.getName) obj.method.name = methodRef.getName(); else obj.method.name = String(methodRef);
+            try {
+                var decl = methodRef.getDeclaringClass();
+                obj.method.declaring_class = decl ? decl.getName() : null;
+            } catch(e) { obj.method.declaring_class = null; }
+        } catch(_) {}
+
+        try {
+            var tName = "" + methodRef;
+            try { obj.method.b64 = fusion_stringToBase64(tName); } catch(e){ obj.method.b64 = null; }
+        } catch(_) { obj.method.b64 = null; }
+
+        try {
+            if (targetObject === null || targetObject === undefined) {
+                obj.target.class_name = null; obj.target.toString = null;
+            } else {
+                obj.target.class_name = safeGetClassName(targetObject);
+                try { obj.target.toString = targetObject.toString(); } catch(e){ obj.target.toString = '[toString failed]'; }
+            }
+        } catch(e) {}
+
+        try {
+            var type = Object.prototype.toString.call(parameters);
+            if (parameters === null || parameters === undefined) {
+                obj.parameters = [];
+            } else if (type === '[object Array]') {
+                var arrLen = parameters.length;
+                for (var i=0; i<Math.min(arrLen,200); i++) {
+                    obj.parameters.push({ index: i, info: buildParamInfo(parameters[i], 0) });
+                }
+                if (arrLen > 200) obj.parameters_truncated = true;
+            } else {
+                try {
+                    var maybeLen = parameters.length;
+                    if (typeof maybeLen === 'number') {
+                        for (var k=0; k<Math.min(maybeLen,100); k++) obj.parameters.push({ index: k, info: buildParamInfo(parameters[k],0) });
+                    } else {
+                        obj.parameters.push({ index: 0, info: buildParamInfo(parameters,0) });
+                    }
+                } catch(e2) {
+                    obj.parameters.push({ index: 0, info: buildParamInfo(parameters,0) });
+                }
+            }
+        } catch(errParams) {
+            obj.parameters = [{ index:0, info: { type: '[error enumerating parameters]' } }];
+        }
+
+        return obj;
+    }
+
+    // coleta backtrace da Thread Java atual e retorna [pretty, raw]
+    function collectBacktrace() {
+        var pretty = "[unavailable]";
+        var raw = [];
+        try {
+            var Thread = Java.use('java.lang.Thread');
+            var trace = Thread.currentThread().getStackTrace(); // array of StackTraceElement
+            var prettyLines = [];
+            for (var i=0; i<trace.length; i++) {
+                try {
+                    var ste = trace[i];
+                    var line = ste.toString(); // ex: com.foo.Bar.method(File.java:123)
+                    prettyLines.push(line);
+                    raw.push(String(ste));
+                } catch(eSte) { /* ignore */ }
+            }
+            pretty = prettyLines.join('\n');
+        } catch(e) {
+            try {
+                // fallback: usar Java.perform stack (menos informativo)
+                pretty = (new Error()).stack;
+                raw = [pretty];
+            } catch(e2) {}
+        }
+        return { pretty: pretty, raw: raw };
+    }
+
+    // sobrescreve invoke para montar objeto e enviar via fusion_sendKeyValueData
+    jlrmethod.invoke.implementation = function(object, parameters) {
+        // monta objeto
+        var infoObj = buildInvokeObject(this, object, parameters);
+
+        // coletar backtrace
+        var bt = collectBacktrace();
+
+        // chamar o método original e capturar retorno
+        var retvalue;
+        try {
+            retvalue = origInvoke.call(this, object, parameters);
+        } catch (invokeErr) {
+            // enviar também quando lançar (pode ser útil)
+            try {
+                fusion_sendKeyValueData("java.lang.reflect.Method!invoke!throw", [
+                    { key: "method", value: String(infoObj.method.toString) },
+                    { key: "declaring_class", value: String(infoObj.method.declaring_class) },
+                    { key: "method_b64", value: String(infoObj.method.b64) },
+                    { key: "target_class", value: String(infoObj.target.class_name) },
+                    { key: "params_count", value: String(infoObj.parameters.length) },
+                    { key: "params_preview", value: JSON.stringify(infoObj.parameters) },
+                    { key: "backtrace", value: bt.pretty },
+                    { key: "backtrace_raw", value: JSON.stringify(bt.raw) },
+                    { key: "error", value: String(invokeErr) }
+                ]);
+            } catch(eSendErr) { fusion_sendMessage("W", "fusion_sendKeyValueData error: " + eSendErr); }
+
+            throw invokeErr; // rethrow para manter comportamento
+        }
+
+        // preencher retorno infoObj.return
+        try {
+            if (retvalue === null || retvalue === undefined) {
+                infoObj.return.class_name = null; infoObj.return.value = null;
+            } else {
+                infoObj.return.class_name = safeGetClassName(retvalue);
+                if (infoObj.return.class_name && infoObj.return.class_name.charAt(0) === '[') {
+                    if (infoObj.return.class_name === '[B') {
+                        try { infoObj.return.value = toBase64(Java.array('byte', retvalue)); } catch(e) { infoObj.return.value = '[unreadable byte array]'; }
+                    } else {
+                        try {
+                            var lenR = retvalue.length, itemsR = [];
+                            for (var ri=0; ri<Math.min(lenR,50); ri++) { itemsR.push(String(retvalue[ri])); }
+                            infoObj.return.value = { length: lenR, preview: itemsR };
+                        } catch(eArrR) { infoObj.return.value = '[unreadable array]'; }
+                    }
+                } else {
+                    try { infoObj.return.value = retvalue.toString(); } catch(e) { infoObj.return.value = '[toString failed]'; }
+                }
+            }
+        } catch(eRetFill) { infoObj.return.value = '[error reading return]'; }
+
+        // preparar payload para fusion_sendKeyValueData (array de {key, value})
+        var payload = [];
+        try {
+            payload.push({ key: "method", value: String(infoObj.method.toString) });
+            payload.push({ key: "method_name", value: String(infoObj.method.name) });
+            payload.push({ key: "declaring_class", value: String(infoObj.method.declaring_class) });
+            payload.push({ key: "method_b64", value: String(infoObj.method.b64) });
+            payload.push({ key: "target_class", value: String(infoObj.target.class_name) });
+            payload.push({ key: "target_tostring", value: String(infoObj.target.toString) });
+            payload.push({ key: "params_count", value: String(infoObj.parameters.length) });
+
+            // params_preview como JSON string (pode truncar se muito grande)
+            try {
+                var paramsJson = JSON.stringify(infoObj.parameters);
+                if (paramsJson.length > 20000) paramsJson = paramsJson.slice(0,20000) + "...(truncated)";
+                payload.push({ key: "params_preview", value: paramsJson });
+            } catch(ePJ) {
+                payload.push({ key: "params_preview", value: "[error serializing params]" });
+            }
+
+            // retorno
+            try {
+                var retSummary = (infoObj.return.class_name === null && infoObj.return.value === null) ? "null" :
+                                 ("(" + String(infoObj.return.class_name) + ") " + String(infoObj.return.value));
+                if (retSummary.length > 4000) retSummary = retSummary.slice(0,4000) + "...(truncated)";
+                payload.push({ key: "return_summary", value: retSummary });
+                payload.push({ key: "return_class", value: String(infoObj.return.class_name) });
+            } catch(eRetPush) {
+                payload.push({ key: "return_summary", value: "[error]" });
+            }
+
+            // backtrace
+            payload.push({ key: "backtrace", value: bt.pretty });
+            payload.push({ key: "backtrace_raw", value: JSON.stringify(bt.raw) });
+
+            // timestamp
+            payload.push({ key: "timestamp", value: infoObj.timestamp });
+
+        } catch(ePayload) {
+            fusion_sendMessage("W", "Erro ao preparar payload: " + ePayload);
+        }
+
+        // enviar pelo canal customizado
+        try {
+            fusion_sendKeyValueData("java.lang.reflect.Method!invoke!call", payload);
+        } catch(eSend) {
+            // se fusion_sendKeyValueData não existir, fallback para console + fusion_sendMessage (se existir)
+            try { fusion_sendMessage("E", "fusion_sendKeyValueData missing or failed"); } catch(_) {}
+        }
+
+        return retvalue;
+    };
+
+    try { fusion_sendMessage("I", "Reflection module with fusion_sendKeyValueData loaded!"); } catch(e) { fusion_sendMessage("W", "Reflection module loaded!"); }
+
+});

frida_fusion-0.1.15/frida_fusion/modules/reflection/reflection-stalker.py

@@ -0,0 +1,206 @@
+import errno
+import sys
+import json
+import os.path
+from pathlib import Path
+from argparse import _ArgumentGroup, Namespace
+from frida_fusion.libs.logger import Logger
+from frida_fusion.libs.database import Database
+from frida_fusion.module import ModuleBase
+from frida_fusion.libs.scriptlocation import ScriptLocation
+from frida_fusion.exceptions import SilentKillError
+
+
+class Reflection(ModuleBase):
+
+    _EXCLUSION_LIST = [
+        "android.view.View.onDraw", 
+        "android.graphics.Picture",
+        "com.facebook.fbreact.specs.NativeAnimatedModuleSpec",
+        "com.facebook.react.uimanager.BaseViewManager.setTransform",
+        "com.facebook.react.uimanager.ReanimatedUIManager.updateView",
+        "com.facebook.fbreact.specs.NativeStatusBarManagerAndroidSpec"
+    ]
+
+    class StalkerDB(Database):
+        dbName = ""
+
+        def __init__(self, db_name: str):
+            super().__init__(
+                auto_create=True,
+                db_name=db_name
+            )
+            self.create_db()
+
+        def create_db(self):
+            super().create_db()
+            conn = self.connect_to_db(check=False)
+
+            # definindo um cursor
+            cursor = conn.cursor()
+
+            # criando a tabela (schema)
+            cursor.execute("""
+                CREATE TABLE IF NOT EXISTS [reflection_stalker] (
+                    id INTEGER PRIMARY KEY AUTOINCREMENT,
+                    method TEXT NOT NULL,
+                    method_b64 TEXT NULL,
+                    method_name TEXT NULL,
+                    target_class TEXT NULL,
+                    target_tostring TEXT NULL,
+                    params_count TEXT NULL,
+                    params TEXT NULL,
+                    error TEXT NULL,
+                    return_summary TEXT NULL,
+                    return_class TEXT NULL,
+                    stack_trace TEXT NULL,
+                    created_date datetime not null DEFAULT (datetime('now','localtime'))
+                );
+            """)
+
+            conn.commit()
+
+            # Must get the constraints
+            self.get_constraints(conn)
+
+    def __init__(self):
+        super().__init__('Reflection Stalker', 'Monitor reflection calls/invoke by Helvio Junior (M4v3r1ck)')
+        self.mod_path = str(Path(__file__).resolve().parent)
+        self._stalker_db = None
+        self._suppress_messages = False
+        self._ignore_list = []
+        self.js_file = os.path.join(self.mod_path, "reflection-stalker.js")
+
+    def start_module(self, **kwargs) -> bool:
+        if 'db_path' not in kwargs:
+            raise Exception("parameter db_path not found")
+
+        self._stalker_db = Reflection.StalkerDB(db_name=kwargs['db_path'])
+
+    def js_files(self) -> list:
+        return [
+            self.js_file
+        ]
+
+    def suppress_messages(self):
+        self._suppress_messages = True
+
+    def dynamic_script(self) -> str:
+        return f""
+    
+
+    def add_params(self, flags: _ArgumentGroup):
+        flags.add_argument('--ignore-stalker-text',
+                         dest='reflection_stalker_ignore',
+                         metavar='text',
+                         action='append',
+                         help='Text to ignore at screen output. You can specify multiple values repeating the flag.')
+
+    def load_from_arguments(self, args: Namespace) -> bool:
+        self._ignore_list = []
+
+        if args.reflection_stalker_ignore is None or len(args.reflection_stalker_ignore) == 0:
+            return True
+
+        self._ignore_list = list(set([
+            txt.lower()
+            for t1 in args.reflection_stalker_ignore
+            if (txt := t1.strip()) != ''
+            ]))
+
+        return True
+
+    def key_value_event(self,
+                        script_location: ScriptLocation = None,
+                        stack_trace: str = None,
+                        module: str = None,
+                        received_data: dict = None
+                        ) -> bool:
+
+
+        if module in ["java.lang.reflect.Method!invoke!throw",
+                      "java.lang.reflect.Method!invoke!call"
+                      ]:
+            
+            # Exclusion list
+            method = received_data.get('method', '')
+            for em in Reflection._EXCLUSION_LIST:
+                if em in method:
+                    return
+
+            params_preview = received_data.get('params_preview', '[]')
+            try:
+                params = json.dumps(json.loads(params_preview), default=Logger.json_serial)
+            except Exception:
+                params = params_preview
+
+            return_summary = received_data.get('return_summary', None)
+            try:
+                return_summary = json.dumps(json.loads(return_summary), default=Logger.json_serial)
+            except Exception:
+                pass
+
+            backtrace = received_data.get('backtrace_raw', None)
+            try:
+                if backtrace is None:
+                    raise Exception()
+
+                if isinstance(backtrace, str):
+                    backtrace = json.loads(backtrace)
+
+                bt = "Stack trace:\n    at "
+                bt += '\n    at '.join([
+                    ln 
+                    for ln in backtrace
+                    if 'dalvik.system.VMStack.getThreadStackTrace' not in ln
+                    and 'java.lang.Thread.getStackTrace' not in ln
+                    ])
+
+                backtrace = bt
+            except Exception:
+                backtrace = received_data.get('backtrace', stack_trace)
+
+            self._stalker_db.insert_one(
+                table_name='reflection_stalker',
+                stack_trace=backtrace,
+                error=received_data.get('error', ''),
+                method=received_data.get('method', ''),
+                method_b64=received_data.get('method_b64', ''),
+                method_name=received_data.get('method_name', ''),
+                target_class=received_data.get('target_class', ''),
+                target_tostring=received_data.get('target_tostring', ''),
+                params_count=received_data.get('params_count', ''),
+                params=params,
+                return_summary=return_summary,
+                return_class=received_data.get('return_class', '')
+            )
+
+            if not self._suppress_messages:
+                txt = json.dumps(received_data, indent=4)
+                for em in self._ignore_list:
+                    if em in txt.lower():
+                        return
+
+                Logger.print_message(
+                        level="I",
+                        message=f"Reflection: {received_data.get('method', '')}",
+                        script_location=script_location
+                    )
+                
+                
+                Logger.print_message(
+                        level="D",
+                        message=f"Reflection: {module}\n{txt}",
+                        script_location=script_location
+                    )
+
+        return True
+
+    def data_event(self,
+                   script_location: ScriptLocation = None,
+                   stack_trace: str = None,
+                   received_data: str = None
+                   ) -> bool:
+        return True
+
+

{frida_fusion-0.1.13 → frida_fusion-0.1.15}/frida_fusion.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: frida-fusion
-Version: 0.1.13
+Version: 0.1.15
 Summary: Hook your mobile tests with Frida
 Author-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>
 Maintainer-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>
@@ -105,7 +105,7 @@ void    fusion_printMethods(String name);
 void    fusion_waitForClass(String name, CallbackFunction onReady)
 
 # Conversions
-byte[]  fusion_stringToBase64(String message);
+String  fusion_stringToBase64(String message);
 String  fusion_bytesToBase64(byte[] byteArray);
 String  fusion_encodeHex(byte[] byteArray);
 ```

{frida_fusion-0.1.13 → frida_fusion-0.1.15}/frida_fusion.egg-info/SOURCES.txt

@@ -7,6 +7,7 @@ frida_fusion/__main__.py
 frida_fusion/__meta__.py
 frida_fusion/args.py
 frida_fusion/config.py
+frida_fusion/exceptions.py
 frida_fusion/fusion.py
 frida_fusion/module.py
 frida_fusion.egg-info/PKG-INFO
@@ -28,5 +29,7 @@ frida_fusion/modules/android_setings/settings.py
 frida_fusion/modules/crypto/__init__.py
 frida_fusion/modules/crypto/crypto.js
 frida_fusion/modules/crypto/crypto.py
+frida_fusion/modules/reflection/reflection-stalker.js
+frida_fusion/modules/reflection/reflection-stalker.py
 frida_fusion/modules/tls_unpinning/__init__.py
 frida_fusion/modules/tls_unpinning/frida_multiple_unpinning.py