PyPI - frida-fusion - Versions diffs - 0.1.14__tar.gz → 0.1.16__tar.gz - Mend

frida-fusion 0.1.14tar.gz → 0.1.16tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of frida-fusion might be problematic. Click here for more details.

Files changed (37) hide show

{frida_fusion-0.1.14 → frida_fusion-0.1.16}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: frida-fusion
-Version: 0.1.14
+Version: 0.1.16
 Summary: Hook your mobile tests with Frida
 Author-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>
 Maintainer-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>
@@ -101,11 +101,14 @@ void    fusion_printStackTrace();
 # Print all methods of class 'name'
 void    fusion_printMethods(String name);
+# Get value of a field inside an class instance
+Object fusion_getFieldValue(Object obj, String fieldName);
 # Wait until the class 'name' exists in memory to execute the callback function
 void    fusion_waitForClass(String name, CallbackFunction onReady)
 # Conversions
-byte[]  fusion_stringToBase64(String message);
+String  fusion_stringToBase64(String message);
 String  fusion_bytesToBase64(byte[] byteArray);
 String  fusion_encodeHex(byte[] byteArray);
 ```

{frida_fusion-0.1.14 → frida_fusion-0.1.16}/README.md RENAMED Viewed

@@ -66,11 +66,14 @@ void    fusion_printStackTrace();
 # Print all methods of class 'name'
 void    fusion_printMethods(String name);
+# Get value of a field inside an class instance
+Object fusion_getFieldValue(Object obj, String fieldName);
 # Wait until the class 'name' exists in memory to execute the callback function
 void    fusion_waitForClass(String name, CallbackFunction onReady)
 # Conversions
-byte[]  fusion_stringToBase64(String message);
+String  fusion_stringToBase64(String message);
 String  fusion_bytesToBase64(byte[] byteArray);
 String  fusion_encodeHex(byte[] byteArray);
 ```

{frida_fusion-0.1.14 → frida_fusion-0.1.16}/frida_fusion/__meta__.py RENAMED Viewed

@@ -1,8 +1,8 @@
-__version__ = '0.1.14'
+__version__ = '0.1.16'
 __title__ = "Frida Fusion"
 __description__ = "📱 frida-fusion - runtime mobile exploration"
 __url__ = "https://github.com/helviojunior/frida-fusion"
-__build__ = 0x8a5c3b4
+__build__ = 0xfe136e5
 __author__ = "Helvio Junior (M4v3r1ck)"
 __author_email__ = "helvio_junior@hotmail.com"
 __license__ = "GPL-3.0"

{frida_fusion-0.1.14 → frida_fusion-0.1.16}/frida_fusion/libs/helpers.js RENAMED Viewed

@@ -128,22 +128,26 @@ function fusion_getCallerInfo() {
 }
 function fusion_sendKeyValueData(module, items) {
-    var st = fusion_getB64StackTrace();
-    var data = [];
+    try{
+      var st = fusion_getB64StackTrace();
-    // Force as String
-    for (let i = 0; i < items.length; i++) {
-        data = data.concat([{key: `${items[i].key}`, value:`${items[i].value}`}]);
-    }
+      var data = [];
-    fusion_Send({
-      type: "key_value_data",
-      module: module,
-      data: data,
-      stack_trace: st
-    }, null);
+      // Force as String
+      for (let i = 0; i < items.length; i++) {
+          data = data.concat([{key: `${items[i].key}`, value:`${items[i].value}`}]);
+      }
+      fusion_Send({
+        type: "key_value_data",
+        module: module,
+        data: data,
+        stack_trace: st
+      }, null);
+    } catch (err) {
+      fusion_sendMessage("W", `Error: ${err}`)
+    }
+    return null;
 }
 function fusion_sendMessage(level, message){
@@ -160,7 +164,7 @@ function fusion_sendMessage(level, message){
           message: b64Msg
         }, null)
     } catch (err) {
-        fusion_sendMessage("W", err)
+        fusion_sendMessage("W", `Error: ${err}`)
     }
 }
@@ -184,7 +188,7 @@ function fusion_sendMessageWithTrace(level, message){
           message: b64Msg
         }, null)
     } catch (err) {
-        fusion_sendMessage("W", err)
+        fusion_sendMessage("W", `Error: ${err}`)
     }
 }
@@ -218,7 +222,7 @@ function fusion_getB64StackTrace(){
         return b64Msg
     } catch (err) {
-        fusion_sendMessage("W", err);
+        fusion_sendMessage("W", `Error: ${err}`)
         return '';
     }
 }
@@ -256,12 +260,32 @@ function fusion_getClassName(obj)
         // Se for algo não Java, apenas retorna tipo do JS
         return typeof obj;
     } catch (err) {
-        fusion_sendMessage("W", err);
+        fusion_sendMessage("W", `Error: ${err}`)
         return '';
     }
 }
+function fusion_getFieldValue(obj, fieldName) {
+  if (obj === null || obj === undefined) return "";
+  try {
+    var cls = obj.getClass();
+    while (cls != null) {
+      try {
+        var f = cls.getDeclaredField(fieldName);
+        f.setAccessible(true);
+        return f.get(obj);
+      } catch (e) {
+        cls = cls.getSuperclass();
+      }
+    }
+  } catch (err) {
+      fusion_sendMessage("W", `Error: ${err}`)
+      return '';
+  }
+}
 function fusion_getReadableRange(p) {
   try { p = ptr(p); } catch (_) { return null; }
   const range = Process.findRangeByAddress(p); // não lança exceção

{frida_fusion-0.1.14 → frida_fusion-0.1.16}/frida_fusion/modules/crypto/crypto.js RENAMED Viewed

@@ -3,7 +3,8 @@ const CRYPTO_MODULES = {
     KeyGenerator: true,
     KeyPairGenerator: true,
     SecretKeySpec: true,
-    MessageDigest: true,
+    MessageDigest: false,
+    KeyFactory: true,
     SecretKeyFactory: true,
     Signature: true,
     Cipher: true,
@@ -12,7 +13,7 @@ const CRYPTO_MODULES = {
     IvParameterSpec: true,
     GCMParameterSpec: true,
     PBEParameterSpec: true,
-    X509EncodedKeySpec: true
+    X509EncodedKeySpec: true,
 };
 setTimeout(function() {
@@ -144,6 +145,53 @@ setTimeout(function() {
         }
+        if (CRYPTO_MODULES.KeyFactory) {
+            fusion_sendMessage('*', "Module attached: java.security.KeyFactory");
+            const keyFactory = Java.use("java.security.KeyFactory");
+            keyFactory.getInstance.overload("java.lang.String").implementation = function (arg0) {
+                fusion_sendKeyValueData("KeyFactory.getInstance", [
+                    {key: "Algorithm", value: arg0}
+                ]);
+                return this.getInstance(arg0);
+            };
+            keyFactory.getInstance.overload("java.lang.String", "java.lang.String").implementation = function (arg0, arg1) {
+                fusion_sendKeyValueData("KeyFactory.getInstance", [
+                    {key: "Algorithm", value: arg0},
+                    {key: "Provider", value: arg1}
+                ]);
+                return this.getInstance(arg0, arg1);
+            };
+            keyFactory.getInstance.overload("java.lang.String", "java.security.Provider").implementation = function (arg0, arg1) {
+                fusion_sendKeyValueData("KeyFactory.getInstance", [
+                    {key: "Algorithm", value: arg0},
+                    {key: "Provider", value: arg1}
+                ]);
+                return this.getInstance(arg0, arg1);
+            };
+            keyFactory.generatePrivate.overload('java.security.spec.KeySpec').implementation = function (keySpec) {
+                fusion_sendKeyValueData("KeyFactory.generatePrivate", [
+                    {key: "ClassType", value: fusion_getClassName(this)},
+                    {key: "KeySpecClassType", value: fusion_getClassName(keySpec)},
+                    {key: "Algorithm", value: this.getAlgorithm()},
+                    {key: "Key", value: fusion_keyToBase64(keySpec)},
+                ]);
+                return this.generatePrivate(keySpec);
+            };
+            keyFactory.generatePublic.overload('java.security.spec.KeySpec').implementation = function (keySpec) {
+                fusion_sendKeyValueData("KeyFactory.generatePublic", [
+                    {key: "ClassType", value: fusion_getClassName(this)},
+                    {key: "KeySpecClassType", value: fusion_getClassName(keySpec)},
+                    {key: "Algorithm", value: this.getAlgorithm()},
+                ]);
+                return this.generatePublic(keySpec);
+            };
+        }
         if (CRYPTO_MODULES.SecretKeyFactory) {
             fusion_sendMessage('*', "Module attached: javax.crypto.SecretKeyFactory");
             const secretKeyFactory = Java.use("javax.crypto.SecretKeyFactory");
@@ -281,26 +329,73 @@ setTimeout(function() {
             }
             cipher.getInstance.overload("java.lang.String").implementation = function (arg0) {
-                fusion_sendKeyValueData("cipher.getInstance", [
+                var data = [
                     {key: "Algorithm", value: arg0}
-                ]);
-                return this.getInstance(arg0);
+                ];
+                var instance = this.getInstance(arg0);
+                try{
+                    data = data.concat([
+                        {key: "HashCode", value: instance.hashCode().toString()},
+                    ]);
+                    data = data.concat([
+                        {key: "Algorithm", value: instance.getAlgorithm()}
+                    ]);
+                } catch (err1) {
+                    fusion_sendError(err1)
+                }
+                fusion_sendKeyValueData("cipher.getInstance", data);
+                return instance;
             };
             cipher.getInstance.overload("java.lang.String", "java.lang.String").implementation = function (arg0, arg1) {
-                fusion_sendKeyValueData("cipher.getInstance", [
+                var data = [
                     {key: "Algorithm", value: arg0},
                     {key: "Provider", value: arg1}
-                ]);
-                return this.getInstance(arg0, arg1);
+                ];
+                var instance = this.getInstance(arg0, arg1);
+                try{
+                    data = data.concat([
+                        {key: "HashCode", value: instance.hashCode().toString()},
+                    ]);
+                    data = data.concat([
+                        {key: "Algorithm", value: instance.getAlgorithm()}
+                    ]);
+                } catch (err1) {
+                    fusion_sendError(err1)
+                }
+                fusion_sendKeyValueData("cipher.getInstance", data);
+                return instance;
             };
             cipher.getInstance.overload("java.lang.String", "java.security.Provider").implementation = function (arg0, arg1) {
-                fusion_sendKeyValueData("cipher.getInstance", [
+                var data = [
                     {key: "Algorithm", value: arg0},
                     {key: "Provider", value: arg1}
-                ]);
-                return this.getInstance(arg0, arg1);
+                ];
+                var instance = this.getInstance(arg0, arg1);
+                try{
+                    data = data.concat([
+                        {key: "HashCode", value: instance.hashCode().toString()},
+                    ]);
+                    data = data.concat([
+                        {key: "Algorithm", value: instance.getAlgorithm()}
+                    ]);
+                } catch (err1) {
+                    fusion_sendError(err1)
+                }
+                fusion_sendKeyValueData("cipher.getInstance", data);
+                return instance;
             };
             cipher.doFinal.overload("[B").implementation = function (arg0) {
@@ -568,12 +663,39 @@ setTimeout(function() {
 function fusion_keyToBase64(key){
     if (key === null || key === undefined) return "IA==";
+    const cName = fusion_getClassName(key);
     try{
+        try{
+            if (cName == "java.security.spec.RSAPrivateKeySpec" || (cName == "javax.crypto.spec.SecretKeySpec" && key.getAlgorithm() == "RSA")){
+                return {
+                    classType: cName,
+                    modulus: key.getModulus(),
+                    privateExponent: key.getPrivateExponent(),
+                }
+            }
+        } catch (e1) {}
+        /*
+        const cName = fusion_getClassName(key);
+        if ("com.android.org.conscrypt.OpenSSLRSAPrivateKey" == cName) return "IA==";
+        fusion_sendMessageWithTrace("W", "fusion_keyToBase64\n" + fusion_getClassName(key));
+        if ("javax.crypto.spec.SecretKeySpec" == cName) {
+            var algo = key.getAlgorithm();
+            if (algo == "AES") return "IA==";
+        }
+        var tst = key.getEncoded();
+        fusion_sendMessageWithTrace("W", "fusion_keyToBase64\n" + fusion_getClassName(tst));
+        */
-        return fusion_bytesToBase64(key.getEncoded())
+        return fusion_bytesToBase64(key.getEncoded());
     } catch (err) {
-        fusion_sendMessage("W", err);
-        return "IA==";
+        //fusion_sendMessage("W", `Error: ${err}`)
+        return fusion_stringToBase64(`Error getting key from class (${cName}): ${err}`);
     }
 }

{frida_fusion-0.1.14 → frida_fusion-0.1.16}/frida_fusion/modules/crypto/crypto.py RENAMED Viewed

@@ -457,6 +457,24 @@ class Crypto(ModuleBase):
                     message=f"Cipher init received\nHashcode: {hashcode}\nOpmode: {opmode}\nKeytype: {key_class}",
                     script_location=script_location
                 )
+        elif module == "cipher.getInstance":
+            hashcode = received_data.get('hashcode', None)
+            algorithm = received_data.get('algorithm', None)
+            self._crypto_db.insert_crypto(
+                package=self._package,
+                hashcode=hashcode,
+                algorithm=algorithm,
+                init_key=None
+            )
+            if not self._suppress_messages:
+                Logger.print_message(
+                    level="D",
+                    message=f"Cipher getInstance received\n{stack_trace}",
+                    script_location=script_location
+                )
         elif module == "cipher.doFinal":
             hashcode = received_data.get('hashcode', None)
@@ -516,6 +534,18 @@ class Crypto(ModuleBase):
                         script_location=script_location
                     )
+        elif module == "KeyFactory.generatePrivate":
+            #print(received_data)
+            pass
+        elif module == "KeyFactory.generatePublic":
+            #print(received_data)
+            pass
+        elif module == "org.bouncycastle.asn1!init":
+            #print(received_data)
+            pass
         return True
     def data_event(self,

frida_fusion-0.1.16/frida_fusion/modules/reflection/reflection-stalker.js ADDED Viewed

@@ -0,0 +1,293 @@
+// Script Frida: Method.invoke -> build object + enviar via fusion_sendKeyValueData
+Java.perform(function () {
+    var jlrmethod = Java.use("java.lang.reflect.Method");
+    var origInvoke = jlrmethod.invoke; // referência original
+    function safeGetClassName(obj) {
+        try {
+            if (obj === null || obj === undefined) return null;
+            var cls = obj.getClass();
+            return cls.getName();
+        } catch (e) {
+            try { if (obj && obj.$className) return obj.$className; } catch(e2) {}
+            try { return Object.prototype.toString.call(obj); } catch(_) { return typeof obj; }
+        }
+    }
+    function buildParamInfo(param, depth) {
+        depth = depth || 0;
+        var maxDepth = 3;
+        var info = { type: null, class_name: null, value: null };
+        if (param === null || param === undefined) {
+            info.type = 'null';
+            return info;
+        }
+        var className = safeGetClassName(param);
+        info.class_name = className;
+        info.type = className;
+        try {
+            if (className && className.charAt(0) === '[') {
+                info.type = className;
+                if (className === '[B') {
+                    try {
+                        var buffer = Java.array('byte', param);
+                        try { info.value = toBase64(buffer); } catch (e) {
+                            var sb = []; for (var i=0;i<Math.min(buffer.length,256);i++) sb.push((buffer[i]&0xff).toString(16));
+                            info.value = sb.join('');
+                        }
+                    } catch (errByte) { info.value = '[unreadable byte array]'; }
+                    return info;
+                }
+                if (className.indexOf('Ljava.lang.String') !== -1) {
+                    try {
+                        var arrLen = param.length;
+                        var vals = [];
+                        for (var i=0;i<Math.min(arrLen,50);i++) { vals.push(String(param[i])); }
+                        info.value = { length: arrLen, preview: vals };
+                    } catch(e) { info.value = '[unreadable string array]'; }
+                    return info;
+                }
+                if (depth >= maxDepth) { info.value = '[array - depth limit]'; return info; }
+                try {
+                    var n = param.length;
+                    var items = [];
+                    for (var j=0; j<Math.min(n,50); j++) items.push(buildParamInfo(param[j], depth+1));
+                    info.value = { length: n, preview: items };
+                } catch(e) { info.value = '[unreadable array]'; }
+                return info;
+            }
+        } catch(eArrDetect) {}
+        try {
+            if (className === 'java.lang.String' || (typeof param === 'string')) { info.value = String(param); return info; }
+            if (className && (
+                className.indexOf('java.lang.Number') !== -1 ||
+                className.indexOf('java.lang.Integer') !== -1 ||
+                className.indexOf('java.lang.Long') !== -1 ||
+                className.indexOf('java.lang.Boolean') !== -1 ||
+                className.indexOf('java.lang.Double') !== -1 ||
+                className.indexOf('java.lang.Float') !== -1 ||
+                className.indexOf('java.lang.Short') !== -1 ||
+                className.indexOf('java.lang.Character') !== -1)) {
+                try { info.value = param.toString(); } catch(e){ info.value = String(param); }
+                return info;
+            }
+            try { info.value = param.toString(); } catch (e) { info.value = '[toString failed]'; }
+            return info;
+        } catch(errGeneric) {
+            info.value = '[error building param]';
+            return info;
+        }
+    }
+    function buildInvokeObject(methodRef, targetObject, parameters) {
+        var obj = {
+            timestamp: (new Date()).toISOString(),
+            method: {
+                toString: String(methodRef),
+                name: null,
+                declaring_class: null,
+                b64: null
+            },
+            target: {
+                class_name: null,
+                toString: null
+            },
+            parameters: [],
+            return: {
+                class_name: null,
+                value: null
+            }
+        };
+        try {
+            if (methodRef && methodRef.getName) obj.method.name = methodRef.getName(); else obj.method.name = String(methodRef);
+            try {
+                var decl = methodRef.getDeclaringClass();
+                obj.method.declaring_class = decl ? decl.getName() : null;
+            } catch(e) { obj.method.declaring_class = null; }
+        } catch(_) {}
+        try {
+            var tName = "" + methodRef;
+            try { obj.method.b64 = fusion_stringToBase64(tName); } catch(e){ obj.method.b64 = null; }
+        } catch(_) { obj.method.b64 = null; }
+        try {
+            if (targetObject === null || targetObject === undefined) {
+                obj.target.class_name = null; obj.target.toString = null;
+            } else {
+                obj.target.class_name = safeGetClassName(targetObject);
+                try { obj.target.toString = targetObject.toString(); } catch(e){ obj.target.toString = '[toString failed]'; }
+            }
+        } catch(e) {}
+        try {
+            var type = Object.prototype.toString.call(parameters);
+            if (parameters === null || parameters === undefined) {
+                obj.parameters = [];
+            } else if (type === '[object Array]') {
+                var arrLen = parameters.length;
+                for (var i=0; i<Math.min(arrLen,200); i++) {
+                    obj.parameters.push({ index: i, info: buildParamInfo(parameters[i], 0) });
+                }
+                if (arrLen > 200) obj.parameters_truncated = true;
+            } else {
+                try {
+                    var maybeLen = parameters.length;
+                    if (typeof maybeLen === 'number') {
+                        for (var k=0; k<Math.min(maybeLen,100); k++) obj.parameters.push({ index: k, info: buildParamInfo(parameters[k],0) });
+                    } else {
+                        obj.parameters.push({ index: 0, info: buildParamInfo(parameters,0) });
+                    }
+                } catch(e2) {
+                    obj.parameters.push({ index: 0, info: buildParamInfo(parameters,0) });
+                }
+            }
+        } catch(errParams) {
+            obj.parameters = [{ index:0, info: { type: '[error enumerating parameters]' } }];
+        }
+        return obj;
+    }
+    // coleta backtrace da Thread Java atual e retorna [pretty, raw]
+    function collectBacktrace() {
+        var pretty = "[unavailable]";
+        var raw = [];
+        try {
+            var Thread = Java.use('java.lang.Thread');
+            var trace = Thread.currentThread().getStackTrace(); // array of StackTraceElement
+            var prettyLines = [];
+            for (var i=0; i<trace.length; i++) {
+                try {
+                    var ste = trace[i];
+                    var line = ste.toString(); // ex: com.foo.Bar.method(File.java:123)
+                    prettyLines.push(line);
+                    raw.push(String(ste));
+                } catch(eSte) { /* ignore */ }
+            }
+            pretty = prettyLines.join('\n');
+        } catch(e) {
+            try {
+                // fallback: usar Java.perform stack (menos informativo)
+                pretty = (new Error()).stack;
+                raw = [pretty];
+            } catch(e2) {}
+        }
+        return { pretty: pretty, raw: raw };
+    }
+    // sobrescreve invoke para montar objeto e enviar via fusion_sendKeyValueData
+    jlrmethod.invoke.implementation = function(object, parameters) {
+        // monta objeto
+        var infoObj = buildInvokeObject(this, object, parameters);
+        // coletar backtrace
+        var bt = collectBacktrace();
+        // chamar o método original e capturar retorno
+        var retvalue;
+        try {
+            retvalue = origInvoke.call(this, object, parameters);
+        } catch (invokeErr) {
+            // enviar também quando lançar (pode ser útil)
+            try {
+                fusion_sendKeyValueData("java.lang.reflect.Method!invoke!throw", [
+                    { key: "method", value: String(infoObj.method.toString) },
+                    { key: "declaring_class", value: String(infoObj.method.declaring_class) },
+                    { key: "method_b64", value: String(infoObj.method.b64) },
+                    { key: "target_class", value: String(infoObj.target.class_name) },
+                    { key: "params_count", value: String(infoObj.parameters.length) },
+                    { key: "params_preview", value: JSON.stringify(infoObj.parameters) },
+                    { key: "backtrace", value: bt.pretty },
+                    { key: "backtrace_raw", value: JSON.stringify(bt.raw) },
+                    { key: "error", value: String(invokeErr) }
+                ]);
+            } catch(eSendErr) { fusion_sendMessage("W", "fusion_sendKeyValueData error: " + eSendErr); }
+            throw invokeErr; // rethrow para manter comportamento
+        }
+        // preencher retorno infoObj.return
+        try {
+            if (retvalue === null || retvalue === undefined) {
+                infoObj.return.class_name = null; infoObj.return.value = null;
+            } else {
+                infoObj.return.class_name = safeGetClassName(retvalue);
+                if (infoObj.return.class_name && infoObj.return.class_name.charAt(0) === '[') {
+                    if (infoObj.return.class_name === '[B') {
+                        try { infoObj.return.value = toBase64(Java.array('byte', retvalue)); } catch(e) { infoObj.return.value = '[unreadable byte array]'; }
+                    } else {
+                        try {
+                            var lenR = retvalue.length, itemsR = [];
+                            for (var ri=0; ri<Math.min(lenR,50); ri++) { itemsR.push(String(retvalue[ri])); }
+                            infoObj.return.value = { length: lenR, preview: itemsR };
+                        } catch(eArrR) { infoObj.return.value = '[unreadable array]'; }
+                    }
+                } else {
+                    try { infoObj.return.value = retvalue.toString(); } catch(e) { infoObj.return.value = '[toString failed]'; }
+                }
+            }
+        } catch(eRetFill) { infoObj.return.value = '[error reading return]'; }
+        // preparar payload para fusion_sendKeyValueData (array de {key, value})
+        var payload = [];
+        try {
+            payload.push({ key: "method", value: String(infoObj.method.toString) });
+            payload.push({ key: "method_name", value: String(infoObj.method.name) });
+            payload.push({ key: "declaring_class", value: String(infoObj.method.declaring_class) });
+            payload.push({ key: "method_b64", value: String(infoObj.method.b64) });
+            payload.push({ key: "target_class", value: String(infoObj.target.class_name) });
+            payload.push({ key: "target_tostring", value: String(infoObj.target.toString) });
+            payload.push({ key: "params_count", value: String(infoObj.parameters.length) });
+            // params_preview como JSON string (pode truncar se muito grande)
+            try {
+                var paramsJson = JSON.stringify(infoObj.parameters);
+                if (paramsJson.length > 20000) paramsJson = paramsJson.slice(0,20000) + "...(truncated)";
+                payload.push({ key: "params_preview", value: paramsJson });
+            } catch(ePJ) {
+                payload.push({ key: "params_preview", value: "[error serializing params]" });
+            }
+            // retorno
+            try {
+                var retSummary = (infoObj.return.class_name === null && infoObj.return.value === null) ? "null" :
+                                 ("(" + String(infoObj.return.class_name) + ") " + String(infoObj.return.value));
+                if (retSummary.length > 4000) retSummary = retSummary.slice(0,4000) + "...(truncated)";
+                payload.push({ key: "return_summary", value: retSummary });
+                payload.push({ key: "return_class", value: String(infoObj.return.class_name) });
+            } catch(eRetPush) {
+                payload.push({ key: "return_summary", value: "[error]" });
+            }
+            // backtrace
+            payload.push({ key: "backtrace", value: bt.pretty });
+            payload.push({ key: "backtrace_raw", value: JSON.stringify(bt.raw) });
+            // timestamp
+            payload.push({ key: "timestamp", value: infoObj.timestamp });
+        } catch(ePayload) {
+            fusion_sendMessage("W", "Erro ao preparar payload: " + ePayload);
+        }
+        // enviar pelo canal customizado
+        try {
+            fusion_sendKeyValueData("java.lang.reflect.Method!invoke!call", payload);
+        } catch(eSend) {
+            // se fusion_sendKeyValueData não existir, fallback para console + fusion_sendMessage (se existir)
+            try { fusion_sendMessage("E", "fusion_sendKeyValueData missing or failed"); } catch(_) {}
+        }
+        return retvalue;
+    };
+    try { fusion_sendMessage("I", "Reflection module with fusion_sendKeyValueData loaded!"); } catch(e) { fusion_sendMessage("W", "Reflection module loaded!"); }
+});

frida_fusion-0.1.16/frida_fusion/modules/reflection/reflection-stalker.py ADDED Viewed

@@ -0,0 +1,206 @@
+import errno
+import sys
+import json
+import os.path
+from pathlib import Path
+from argparse import _ArgumentGroup, Namespace
+from frida_fusion.libs.logger import Logger
+from frida_fusion.libs.database import Database
+from frida_fusion.module import ModuleBase
+from frida_fusion.libs.scriptlocation import ScriptLocation
+from frida_fusion.exceptions import SilentKillError
+class Reflection(ModuleBase):
+    _EXCLUSION_LIST = [
+        "android.view.View.onDraw",
+        "android.graphics.Picture",
+        "com.facebook.fbreact.specs.NativeAnimatedModuleSpec",
+        "com.facebook.react.uimanager.BaseViewManager.setTransform",
+        "com.facebook.react.uimanager.ReanimatedUIManager.updateView",
+        "com.facebook.fbreact.specs.NativeStatusBarManagerAndroidSpec"
+    ]
+    class StalkerDB(Database):
+        dbName = ""
+        def __init__(self, db_name: str):
+            super().__init__(
+                auto_create=True,
+                db_name=db_name
+            )
+            self.create_db()
+        def create_db(self):
+            super().create_db()
+            conn = self.connect_to_db(check=False)
+            # definindo um cursor
+            cursor = conn.cursor()
+            # criando a tabela (schema)
+            cursor.execute("""
+                CREATE TABLE IF NOT EXISTS [reflection_stalker] (
+                    id INTEGER PRIMARY KEY AUTOINCREMENT,
+                    method TEXT NOT NULL,
+                    method_b64 TEXT NULL,
+                    method_name TEXT NULL,
+                    target_class TEXT NULL,
+                    target_tostring TEXT NULL,
+                    params_count TEXT NULL,
+                    params TEXT NULL,
+                    error TEXT NULL,
+                    return_summary TEXT NULL,
+                    return_class TEXT NULL,
+                    stack_trace TEXT NULL,
+                    created_date datetime not null DEFAULT (datetime('now','localtime'))
+                );
+            """)
+            conn.commit()
+            # Must get the constraints
+            self.get_constraints(conn)
+    def __init__(self):
+        super().__init__('Reflection Stalker', 'Monitor reflection calls/invoke by Helvio Junior (M4v3r1ck)')
+        self.mod_path = str(Path(__file__).resolve().parent)
+        self._stalker_db = None
+        self._suppress_messages = False
+        self._ignore_list = []
+        self.js_file = os.path.join(self.mod_path, "reflection-stalker.js")
+    def start_module(self, **kwargs) -> bool:
+        if 'db_path' not in kwargs:
+            raise Exception("parameter db_path not found")
+        self._stalker_db = Reflection.StalkerDB(db_name=kwargs['db_path'])
+    def js_files(self) -> list:
+        return [
+            self.js_file
+        ]
+    def suppress_messages(self):
+        self._suppress_messages = True
+    def dynamic_script(self) -> str:
+        return f""
+    def add_params(self, flags: _ArgumentGroup):
+        flags.add_argument('--ignore-stalker-text',
+                         dest='reflection_stalker_ignore',
+                         metavar='text',
+                         action='append',
+                         help='Text to ignore at screen output. You can specify multiple values repeating the flag.')
+    def load_from_arguments(self, args: Namespace) -> bool:
+        self._ignore_list = []
+        if args.reflection_stalker_ignore is None or len(args.reflection_stalker_ignore) == 0:
+            return True
+        self._ignore_list = list(set([
+            txt.lower()
+            for t1 in args.reflection_stalker_ignore
+            if (txt := t1.strip()) != ''
+            ]))
+        return True
+    def key_value_event(self,
+                        script_location: ScriptLocation = None,
+                        stack_trace: str = None,
+                        module: str = None,
+                        received_data: dict = None
+                        ) -> bool:
+        if module in ["java.lang.reflect.Method!invoke!throw",
+                      "java.lang.reflect.Method!invoke!call"
+                      ]:
+            # Exclusion list
+            method = received_data.get('method', '')
+            for em in Reflection._EXCLUSION_LIST:
+                if em in method:
+                    return
+            params_preview = received_data.get('params_preview', '[]')
+            try:
+                params = json.dumps(json.loads(params_preview), default=Logger.json_serial)
+            except Exception:
+                params = params_preview
+            return_summary = received_data.get('return_summary', None)
+            try:
+                return_summary = json.dumps(json.loads(return_summary), default=Logger.json_serial)
+            except Exception:
+                pass
+            backtrace = received_data.get('backtrace_raw', None)
+            try:
+                if backtrace is None:
+                    raise Exception()
+                if isinstance(backtrace, str):
+                    backtrace = json.loads(backtrace)
+                bt = "Stack trace:\n    at "
+                bt += '\n    at '.join([
+                    ln
+                    for ln in backtrace
+                    if 'dalvik.system.VMStack.getThreadStackTrace' not in ln
+                    and 'java.lang.Thread.getStackTrace' not in ln
+                    ])
+                backtrace = bt
+            except Exception:
+                backtrace = received_data.get('backtrace', stack_trace)
+            self._stalker_db.insert_one(
+                table_name='reflection_stalker',
+                stack_trace=backtrace,
+                error=received_data.get('error', ''),
+                method=received_data.get('method', ''),
+                method_b64=received_data.get('method_b64', ''),
+                method_name=received_data.get('method_name', ''),
+                target_class=received_data.get('target_class', ''),
+                target_tostring=received_data.get('target_tostring', ''),
+                params_count=received_data.get('params_count', ''),
+                params=params,
+                return_summary=return_summary,
+                return_class=received_data.get('return_class', '')
+            )
+            if not self._suppress_messages:
+                txt = json.dumps(received_data, indent=4)
+                for em in self._ignore_list:
+                    if em in txt.lower():
+                        return
+                Logger.print_message(
+                        level="I",
+                        message=f"Reflection: {received_data.get('method', '')}",
+                        script_location=script_location
+                    )
+                Logger.print_message(
+                        level="D",
+                        message=f"Reflection: {module}\n{txt}",
+                        script_location=script_location
+                    )
+        return True
+    def data_event(self,
+                   script_location: ScriptLocation = None,
+                   stack_trace: str = None,
+                   received_data: str = None
+                   ) -> bool:
+        return True

{frida_fusion-0.1.14 → frida_fusion-0.1.16}/frida_fusion.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: frida-fusion
-Version: 0.1.14
+Version: 0.1.16
 Summary: Hook your mobile tests with Frida
 Author-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>
 Maintainer-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>
@@ -101,11 +101,14 @@ void    fusion_printStackTrace();
 # Print all methods of class 'name'
 void    fusion_printMethods(String name);
+# Get value of a field inside an class instance
+Object fusion_getFieldValue(Object obj, String fieldName);
 # Wait until the class 'name' exists in memory to execute the callback function
 void    fusion_waitForClass(String name, CallbackFunction onReady)
 # Conversions
-byte[]  fusion_stringToBase64(String message);
+String  fusion_stringToBase64(String message);
 String  fusion_bytesToBase64(byte[] byteArray);
 String  fusion_encodeHex(byte[] byteArray);
 ```

{frida_fusion-0.1.14 → frida_fusion-0.1.16}/frida_fusion.egg-info/SOURCES.txt RENAMED Viewed

@@ -29,5 +29,7 @@ frida_fusion/modules/android_setings/settings.py
 frida_fusion/modules/crypto/__init__.py
 frida_fusion/modules/crypto/crypto.js
 frida_fusion/modules/crypto/crypto.py
+frida_fusion/modules/reflection/reflection-stalker.js
+frida_fusion/modules/reflection/reflection-stalker.py
 frida_fusion/modules/tls_unpinning/__init__.py
 frida_fusion/modules/tls_unpinning/frida_multiple_unpinning.py