frida-fusion 0.1.14__tar.gz → 0.1.15__tar.gz

{frida_fusion-0.1.14 → frida_fusion-0.1.15}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: frida-fusion
-Version: 0.1.14
+Version: 0.1.15
 Summary: Hook your mobile tests with Frida
 Author-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>
 Maintainer-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>
@@ -105,7 +105,7 @@ void    fusion_printMethods(String name);
 void    fusion_waitForClass(String name, CallbackFunction onReady)
 
 # Conversions
-byte[]  fusion_stringToBase64(String message);
+String  fusion_stringToBase64(String message);
 String  fusion_bytesToBase64(byte[] byteArray);
 String  fusion_encodeHex(byte[] byteArray);
 ```

{frida_fusion-0.1.14 → frida_fusion-0.1.15}/README.md

@@ -70,7 +70,7 @@ void    fusion_printMethods(String name);
 void    fusion_waitForClass(String name, CallbackFunction onReady)
 
 # Conversions
-byte[]  fusion_stringToBase64(String message);
+String  fusion_stringToBase64(String message);
 String  fusion_bytesToBase64(byte[] byteArray);
 String  fusion_encodeHex(byte[] byteArray);
 ```

{frida_fusion-0.1.14 → frida_fusion-0.1.15}/frida_fusion/__meta__.py

@@ -1,8 +1,8 @@
-__version__ = '0.1.14'
+__version__ = '0.1.15'
 __title__ = "Frida Fusion"
 __description__ = "📱 frida-fusion - runtime mobile exploration"
 __url__ = "https://github.com/helviojunior/frida-fusion"
-__build__ = 0x8a5c3b4
+__build__ = 0xef43fce
 __author__ = "Helvio Junior (M4v3r1ck)"
 __author_email__ = "helvio_junior@hotmail.com"
 __license__ = "GPL-3.0"

frida_fusion-0.1.15/frida_fusion/modules/reflection/reflection-stalker.js

@@ -0,0 +1,293 @@
+// Script Frida: Method.invoke -> build object + enviar via fusion_sendKeyValueData
+Java.perform(function () {
+
+    var jlrmethod = Java.use("java.lang.reflect.Method");
+    var origInvoke = jlrmethod.invoke; // referência original
+
+    function safeGetClassName(obj) {
+        try {
+            if (obj === null || obj === undefined) return null;
+            var cls = obj.getClass();
+            return cls.getName();
+        } catch (e) {
+            try { if (obj && obj.$className) return obj.$className; } catch(e2) {}
+            try { return Object.prototype.toString.call(obj); } catch(_) { return typeof obj; }
+        }
+    }
+
+    function buildParamInfo(param, depth) {
+        depth = depth || 0;
+        var maxDepth = 3;
+        var info = { type: null, class_name: null, value: null };
+
+        if (param === null || param === undefined) {
+            info.type = 'null';
+            return info;
+        }
+
+        var className = safeGetClassName(param);
+        info.class_name = className;
+        info.type = className;
+
+        try {
+            if (className && className.charAt(0) === '[') {
+                info.type = className;
+                if (className === '[B') {
+                    try {
+                        var buffer = Java.array('byte', param);
+                        try { info.value = toBase64(buffer); } catch (e) { 
+                            var sb = []; for (var i=0;i<Math.min(buffer.length,256);i++) sb.push((buffer[i]&0xff).toString(16));
+                            info.value = sb.join('');
+                        }
+                    } catch (errByte) { info.value = '[unreadable byte array]'; }
+                    return info;
+                }
+                if (className.indexOf('Ljava.lang.String') !== -1) {
+                    try {
+                        var arrLen = param.length;
+                        var vals = [];
+                        for (var i=0;i<Math.min(arrLen,50);i++) { vals.push(String(param[i])); }
+                        info.value = { length: arrLen, preview: vals };
+                    } catch(e) { info.value = '[unreadable string array]'; }
+                    return info;
+                }
+                if (depth >= maxDepth) { info.value = '[array - depth limit]'; return info; }
+                try {
+                    var n = param.length;
+                    var items = [];
+                    for (var j=0; j<Math.min(n,50); j++) items.push(buildParamInfo(param[j], depth+1));
+                    info.value = { length: n, preview: items };
+                } catch(e) { info.value = '[unreadable array]'; }
+                return info;
+            }
+        } catch(eArrDetect) {}
+
+        try {
+            if (className === 'java.lang.String' || (typeof param === 'string')) { info.value = String(param); return info; }
+            if (className && (
+                className.indexOf('java.lang.Number') !== -1 ||
+                className.indexOf('java.lang.Integer') !== -1 ||
+                className.indexOf('java.lang.Long') !== -1 ||
+                className.indexOf('java.lang.Boolean') !== -1 ||
+                className.indexOf('java.lang.Double') !== -1 ||
+                className.indexOf('java.lang.Float') !== -1 ||
+                className.indexOf('java.lang.Short') !== -1 ||
+                className.indexOf('java.lang.Character') !== -1)) {
+                try { info.value = param.toString(); } catch(e){ info.value = String(param); }
+                return info;
+            }
+            try { info.value = param.toString(); } catch (e) { info.value = '[toString failed]'; }
+            return info;
+        } catch(errGeneric) {
+            info.value = '[error building param]';
+            return info;
+        }
+    }
+
+    function buildInvokeObject(methodRef, targetObject, parameters) {
+        var obj = {
+            timestamp: (new Date()).toISOString(),
+            method: {
+                toString: String(methodRef),
+                name: null,
+                declaring_class: null,
+                b64: null
+            },
+            target: {
+                class_name: null,
+                toString: null
+            },
+            parameters: [],
+            return: {
+                class_name: null,
+                value: null
+            }
+        };
+
+        try {
+            if (methodRef && methodRef.getName) obj.method.name = methodRef.getName(); else obj.method.name = String(methodRef);
+            try {
+                var decl = methodRef.getDeclaringClass();
+                obj.method.declaring_class = decl ? decl.getName() : null;
+            } catch(e) { obj.method.declaring_class = null; }
+        } catch(_) {}
+
+        try {
+            var tName = "" + methodRef;
+            try { obj.method.b64 = fusion_stringToBase64(tName); } catch(e){ obj.method.b64 = null; }
+        } catch(_) { obj.method.b64 = null; }
+
+        try {
+            if (targetObject === null || targetObject === undefined) {
+                obj.target.class_name = null; obj.target.toString = null;
+            } else {
+                obj.target.class_name = safeGetClassName(targetObject);
+                try { obj.target.toString = targetObject.toString(); } catch(e){ obj.target.toString = '[toString failed]'; }
+            }
+        } catch(e) {}
+
+        try {
+            var type = Object.prototype.toString.call(parameters);
+            if (parameters === null || parameters === undefined) {
+                obj.parameters = [];
+            } else if (type === '[object Array]') {
+                var arrLen = parameters.length;
+                for (var i=0; i<Math.min(arrLen,200); i++) {
+                    obj.parameters.push({ index: i, info: buildParamInfo(parameters[i], 0) });
+                }
+                if (arrLen > 200) obj.parameters_truncated = true;
+            } else {
+                try {
+                    var maybeLen = parameters.length;
+                    if (typeof maybeLen === 'number') {
+                        for (var k=0; k<Math.min(maybeLen,100); k++) obj.parameters.push({ index: k, info: buildParamInfo(parameters[k],0) });
+                    } else {
+                        obj.parameters.push({ index: 0, info: buildParamInfo(parameters,0) });
+                    }
+                } catch(e2) {
+                    obj.parameters.push({ index: 0, info: buildParamInfo(parameters,0) });
+                }
+            }
+        } catch(errParams) {
+            obj.parameters = [{ index:0, info: { type: '[error enumerating parameters]' } }];
+        }
+
+        return obj;
+    }
+
+    // coleta backtrace da Thread Java atual e retorna [pretty, raw]
+    function collectBacktrace() {
+        var pretty = "[unavailable]";
+        var raw = [];
+        try {
+            var Thread = Java.use('java.lang.Thread');
+            var trace = Thread.currentThread().getStackTrace(); // array of StackTraceElement
+            var prettyLines = [];
+            for (var i=0; i<trace.length; i++) {
+                try {
+                    var ste = trace[i];
+                    var line = ste.toString(); // ex: com.foo.Bar.method(File.java:123)
+                    prettyLines.push(line);
+                    raw.push(String(ste));
+                } catch(eSte) { /* ignore */ }
+            }
+            pretty = prettyLines.join('\n');
+        } catch(e) {
+            try {
+                // fallback: usar Java.perform stack (menos informativo)
+                pretty = (new Error()).stack;
+                raw = [pretty];
+            } catch(e2) {}
+        }
+        return { pretty: pretty, raw: raw };
+    }
+
+    // sobrescreve invoke para montar objeto e enviar via fusion_sendKeyValueData
+    jlrmethod.invoke.implementation = function(object, parameters) {
+        // monta objeto
+        var infoObj = buildInvokeObject(this, object, parameters);
+
+        // coletar backtrace
+        var bt = collectBacktrace();
+
+        // chamar o método original e capturar retorno
+        var retvalue;
+        try {
+            retvalue = origInvoke.call(this, object, parameters);
+        } catch (invokeErr) {
+            // enviar também quando lançar (pode ser útil)
+            try {
+                fusion_sendKeyValueData("java.lang.reflect.Method!invoke!throw", [
+                    { key: "method", value: String(infoObj.method.toString) },
+                    { key: "declaring_class", value: String(infoObj.method.declaring_class) },
+                    { key: "method_b64", value: String(infoObj.method.b64) },
+                    { key: "target_class", value: String(infoObj.target.class_name) },
+                    { key: "params_count", value: String(infoObj.parameters.length) },
+                    { key: "params_preview", value: JSON.stringify(infoObj.parameters) },
+                    { key: "backtrace", value: bt.pretty },
+                    { key: "backtrace_raw", value: JSON.stringify(bt.raw) },
+                    { key: "error", value: String(invokeErr) }
+                ]);
+            } catch(eSendErr) { fusion_sendMessage("W", "fusion_sendKeyValueData error: " + eSendErr); }
+
+            throw invokeErr; // rethrow para manter comportamento
+        }
+
+        // preencher retorno infoObj.return
+        try {
+            if (retvalue === null || retvalue === undefined) {
+                infoObj.return.class_name = null; infoObj.return.value = null;
+            } else {
+                infoObj.return.class_name = safeGetClassName(retvalue);
+                if (infoObj.return.class_name && infoObj.return.class_name.charAt(0) === '[') {
+                    if (infoObj.return.class_name === '[B') {
+                        try { infoObj.return.value = toBase64(Java.array('byte', retvalue)); } catch(e) { infoObj.return.value = '[unreadable byte array]'; }
+                    } else {
+                        try {
+                            var lenR = retvalue.length, itemsR = [];
+                            for (var ri=0; ri<Math.min(lenR,50); ri++) { itemsR.push(String(retvalue[ri])); }
+                            infoObj.return.value = { length: lenR, preview: itemsR };
+                        } catch(eArrR) { infoObj.return.value = '[unreadable array]'; }
+                    }
+                } else {
+                    try { infoObj.return.value = retvalue.toString(); } catch(e) { infoObj.return.value = '[toString failed]'; }
+                }
+            }
+        } catch(eRetFill) { infoObj.return.value = '[error reading return]'; }
+
+        // preparar payload para fusion_sendKeyValueData (array de {key, value})
+        var payload = [];
+        try {
+            payload.push({ key: "method", value: String(infoObj.method.toString) });
+            payload.push({ key: "method_name", value: String(infoObj.method.name) });
+            payload.push({ key: "declaring_class", value: String(infoObj.method.declaring_class) });
+            payload.push({ key: "method_b64", value: String(infoObj.method.b64) });
+            payload.push({ key: "target_class", value: String(infoObj.target.class_name) });
+            payload.push({ key: "target_tostring", value: String(infoObj.target.toString) });
+            payload.push({ key: "params_count", value: String(infoObj.parameters.length) });
+
+            // params_preview como JSON string (pode truncar se muito grande)
+            try {
+                var paramsJson = JSON.stringify(infoObj.parameters);
+                if (paramsJson.length > 20000) paramsJson = paramsJson.slice(0,20000) + "...(truncated)";
+                payload.push({ key: "params_preview", value: paramsJson });
+            } catch(ePJ) {
+                payload.push({ key: "params_preview", value: "[error serializing params]" });
+            }
+
+            // retorno
+            try {
+                var retSummary = (infoObj.return.class_name === null && infoObj.return.value === null) ? "null" :
+                                 ("(" + String(infoObj.return.class_name) + ") " + String(infoObj.return.value));
+                if (retSummary.length > 4000) retSummary = retSummary.slice(0,4000) + "...(truncated)";
+                payload.push({ key: "return_summary", value: retSummary });
+                payload.push({ key: "return_class", value: String(infoObj.return.class_name) });
+            } catch(eRetPush) {
+                payload.push({ key: "return_summary", value: "[error]" });
+            }
+
+            // backtrace
+            payload.push({ key: "backtrace", value: bt.pretty });
+            payload.push({ key: "backtrace_raw", value: JSON.stringify(bt.raw) });
+
+            // timestamp
+            payload.push({ key: "timestamp", value: infoObj.timestamp });
+
+        } catch(ePayload) {
+            fusion_sendMessage("W", "Erro ao preparar payload: " + ePayload);
+        }
+
+        // enviar pelo canal customizado
+        try {
+            fusion_sendKeyValueData("java.lang.reflect.Method!invoke!call", payload);
+        } catch(eSend) {
+            // se fusion_sendKeyValueData não existir, fallback para console + fusion_sendMessage (se existir)
+            try { fusion_sendMessage("E", "fusion_sendKeyValueData missing or failed"); } catch(_) {}
+        }
+
+        return retvalue;
+    };
+
+    try { fusion_sendMessage("I", "Reflection module with fusion_sendKeyValueData loaded!"); } catch(e) { fusion_sendMessage("W", "Reflection module loaded!"); }
+
+});

frida_fusion-0.1.15/frida_fusion/modules/reflection/reflection-stalker.py

@@ -0,0 +1,206 @@
+import errno
+import sys
+import json
+import os.path
+from pathlib import Path
+from argparse import _ArgumentGroup, Namespace
+from frida_fusion.libs.logger import Logger
+from frida_fusion.libs.database import Database
+from frida_fusion.module import ModuleBase
+from frida_fusion.libs.scriptlocation import ScriptLocation
+from frida_fusion.exceptions import SilentKillError
+
+
+class Reflection(ModuleBase):
+
+    _EXCLUSION_LIST = [
+        "android.view.View.onDraw", 
+        "android.graphics.Picture",
+        "com.facebook.fbreact.specs.NativeAnimatedModuleSpec",
+        "com.facebook.react.uimanager.BaseViewManager.setTransform",
+        "com.facebook.react.uimanager.ReanimatedUIManager.updateView",
+        "com.facebook.fbreact.specs.NativeStatusBarManagerAndroidSpec"
+    ]
+
+    class StalkerDB(Database):
+        dbName = ""
+
+        def __init__(self, db_name: str):
+            super().__init__(
+                auto_create=True,
+                db_name=db_name
+            )
+            self.create_db()
+
+        def create_db(self):
+            super().create_db()
+            conn = self.connect_to_db(check=False)
+
+            # definindo um cursor
+            cursor = conn.cursor()
+
+            # criando a tabela (schema)
+            cursor.execute("""
+                CREATE TABLE IF NOT EXISTS [reflection_stalker] (
+                    id INTEGER PRIMARY KEY AUTOINCREMENT,
+                    method TEXT NOT NULL,
+                    method_b64 TEXT NULL,
+                    method_name TEXT NULL,
+                    target_class TEXT NULL,
+                    target_tostring TEXT NULL,
+                    params_count TEXT NULL,
+                    params TEXT NULL,
+                    error TEXT NULL,
+                    return_summary TEXT NULL,
+                    return_class TEXT NULL,
+                    stack_trace TEXT NULL,
+                    created_date datetime not null DEFAULT (datetime('now','localtime'))
+                );
+            """)
+
+            conn.commit()
+
+            # Must get the constraints
+            self.get_constraints(conn)
+
+    def __init__(self):
+        super().__init__('Reflection Stalker', 'Monitor reflection calls/invoke by Helvio Junior (M4v3r1ck)')
+        self.mod_path = str(Path(__file__).resolve().parent)
+        self._stalker_db = None
+        self._suppress_messages = False
+        self._ignore_list = []
+        self.js_file = os.path.join(self.mod_path, "reflection-stalker.js")
+
+    def start_module(self, **kwargs) -> bool:
+        if 'db_path' not in kwargs:
+            raise Exception("parameter db_path not found")
+
+        self._stalker_db = Reflection.StalkerDB(db_name=kwargs['db_path'])
+
+    def js_files(self) -> list:
+        return [
+            self.js_file
+        ]
+
+    def suppress_messages(self):
+        self._suppress_messages = True
+
+    def dynamic_script(self) -> str:
+        return f""
+    
+
+    def add_params(self, flags: _ArgumentGroup):
+        flags.add_argument('--ignore-stalker-text',
+                         dest='reflection_stalker_ignore',
+                         metavar='text',
+                         action='append',
+                         help='Text to ignore at screen output. You can specify multiple values repeating the flag.')
+
+    def load_from_arguments(self, args: Namespace) -> bool:
+        self._ignore_list = []
+
+        if args.reflection_stalker_ignore is None or len(args.reflection_stalker_ignore) == 0:
+            return True
+
+        self._ignore_list = list(set([
+            txt.lower()
+            for t1 in args.reflection_stalker_ignore
+            if (txt := t1.strip()) != ''
+            ]))
+
+        return True
+
+    def key_value_event(self,
+                        script_location: ScriptLocation = None,
+                        stack_trace: str = None,
+                        module: str = None,
+                        received_data: dict = None
+                        ) -> bool:
+
+
+        if module in ["java.lang.reflect.Method!invoke!throw",
+                      "java.lang.reflect.Method!invoke!call"
+                      ]:
+            
+            # Exclusion list
+            method = received_data.get('method', '')
+            for em in Reflection._EXCLUSION_LIST:
+                if em in method:
+                    return
+
+            params_preview = received_data.get('params_preview', '[]')
+            try:
+                params = json.dumps(json.loads(params_preview), default=Logger.json_serial)
+            except Exception:
+                params = params_preview
+
+            return_summary = received_data.get('return_summary', None)
+            try:
+                return_summary = json.dumps(json.loads(return_summary), default=Logger.json_serial)
+            except Exception:
+                pass
+
+            backtrace = received_data.get('backtrace_raw', None)
+            try:
+                if backtrace is None:
+                    raise Exception()
+
+                if isinstance(backtrace, str):
+                    backtrace = json.loads(backtrace)
+
+                bt = "Stack trace:\n    at "
+                bt += '\n    at '.join([
+                    ln 
+                    for ln in backtrace
+                    if 'dalvik.system.VMStack.getThreadStackTrace' not in ln
+                    and 'java.lang.Thread.getStackTrace' not in ln
+                    ])
+
+                backtrace = bt
+            except Exception:
+                backtrace = received_data.get('backtrace', stack_trace)
+
+            self._stalker_db.insert_one(
+                table_name='reflection_stalker',
+                stack_trace=backtrace,
+                error=received_data.get('error', ''),
+                method=received_data.get('method', ''),
+                method_b64=received_data.get('method_b64', ''),
+                method_name=received_data.get('method_name', ''),
+                target_class=received_data.get('target_class', ''),
+                target_tostring=received_data.get('target_tostring', ''),
+                params_count=received_data.get('params_count', ''),
+                params=params,
+                return_summary=return_summary,
+                return_class=received_data.get('return_class', '')
+            )
+
+            if not self._suppress_messages:
+                txt = json.dumps(received_data, indent=4)
+                for em in self._ignore_list:
+                    if em in txt.lower():
+                        return
+
+                Logger.print_message(
+                        level="I",
+                        message=f"Reflection: {received_data.get('method', '')}",
+                        script_location=script_location
+                    )
+                
+                
+                Logger.print_message(
+                        level="D",
+                        message=f"Reflection: {module}\n{txt}",
+                        script_location=script_location
+                    )
+
+        return True
+
+    def data_event(self,
+                   script_location: ScriptLocation = None,
+                   stack_trace: str = None,
+                   received_data: str = None
+                   ) -> bool:
+        return True
+
+

{frida_fusion-0.1.14 → frida_fusion-0.1.15}/frida_fusion.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: frida-fusion
-Version: 0.1.14
+Version: 0.1.15
 Summary: Hook your mobile tests with Frida
 Author-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>
 Maintainer-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>
@@ -105,7 +105,7 @@ void    fusion_printMethods(String name);
 void    fusion_waitForClass(String name, CallbackFunction onReady)
 
 # Conversions
-byte[]  fusion_stringToBase64(String message);
+String  fusion_stringToBase64(String message);
 String  fusion_bytesToBase64(byte[] byteArray);
 String  fusion_encodeHex(byte[] byteArray);
 ```

{frida_fusion-0.1.14 → frida_fusion-0.1.15}/frida_fusion.egg-info/SOURCES.txt

@@ -29,5 +29,7 @@ frida_fusion/modules/android_setings/settings.py
 frida_fusion/modules/crypto/__init__.py
 frida_fusion/modules/crypto/crypto.js
 frida_fusion/modules/crypto/crypto.py
+frida_fusion/modules/reflection/reflection-stalker.js
+frida_fusion/modules/reflection/reflection-stalker.py
 frida_fusion/modules/tls_unpinning/__init__.py
 frida_fusion/modules/tls_unpinning/frida_multiple_unpinning.py