frida-fusion 0.1.8__tar.gz → 0.1.10__tar.gz

{frida_fusion-0.1.8 → frida_fusion-0.1.10}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: frida-fusion
-Version: 0.1.8
+Version: 0.1.10
 Summary: Hook your mobile tests with Frida
 Author-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>
 Maintainer-email: "Helvio Junior (M4v3r1ck)" <helvio_junior@hotmail.com>
@@ -73,6 +73,43 @@ Modules:
 pip3 install frida-fusion
 ```
 
+## Custom Frida script
+
+You must provide a custom Frida script as usual. To do this you must provide `-s/--script-path` parameter.
+
+```bash
+# Just one file
+frida-fusion -f [app_id] -U --script-path mytest.js
+
+# A entire directory
+frida-fusion -f [app_id] -U --script-path /tmp/scripts
+```
+
+### Exposed JavaScript (frida) functions
+
+The Frida Fusion define/expose several functions to be used at frida scripts. Follows the typedef of these functions.
+
+```java
+# Send message/data to Frida-Fusion
+void    fusion_sendMessage(String level, String message);
+void    fusion_sendMessageWithTrace(String level, String message);
+void    fusion_sendKeyValueData(String module, Object items);
+
+# Print StackTrace
+void    fusion_printStackTrace();
+
+# Print all methods of class 'name'
+void    fusion_printMethods(String name);
+
+# Wait until the class 'name' exists in memory to execute the callback function
+void    fusion_waitForClass(String name, CallbackFunction onReady)
+
+# Conversions
+byte[]  fusion_stringToBase64(String message);
+String  fusion_bytesToBase64(byte[] byteArray);
+String  fusion_encodeHex(byte[] byteArray);
+```
+
 ## Module engine
 
 You can check available modules with `frida-fusion --list-modules` command.
@@ -104,7 +141,7 @@ export FUSION_MODULES=/tmp/modules
 frida-fusion --list-modules
 
 # Using available module
-frida-fusion -f [app_id] -U --script-path . -m [module_name]
+frida-fusion -f [app_id] -U --script-path mytest.js -m [module_name]
 ```
 
 At windows:
@@ -116,7 +153,7 @@ $env:FUSION_MODULES = "C:\extra_mods"
 frida-fusion --list-modules
 
 # Using available module
-frida-fusion -f [app_id] -U --script-path . -m [module_name]
+frida-fusion -f [app_id] -U --script-path mytest.js -m [module_name]
 ```
 
 ### Community modules
@@ -131,3 +168,4 @@ export FUSION_MODULES=/tmp/frida-fusion-community-modules
 # List all modules
 frida-fusion --list-modules
 ```
+

{frida_fusion-0.1.8 → frida_fusion-0.1.10}/README.md

@@ -38,6 +38,43 @@ Modules:
 pip3 install frida-fusion
 ```
 
+## Custom Frida script
+
+You must provide a custom Frida script as usual. To do this you must provide `-s/--script-path` parameter.
+
+```bash
+# Just one file
+frida-fusion -f [app_id] -U --script-path mytest.js
+
+# A entire directory
+frida-fusion -f [app_id] -U --script-path /tmp/scripts
+```
+
+### Exposed JavaScript (frida) functions
+
+The Frida Fusion define/expose several functions to be used at frida scripts. Follows the typedef of these functions.
+
+```java
+# Send message/data to Frida-Fusion
+void    fusion_sendMessage(String level, String message);
+void    fusion_sendMessageWithTrace(String level, String message);
+void    fusion_sendKeyValueData(String module, Object items);
+
+# Print StackTrace
+void    fusion_printStackTrace();
+
+# Print all methods of class 'name'
+void    fusion_printMethods(String name);
+
+# Wait until the class 'name' exists in memory to execute the callback function
+void    fusion_waitForClass(String name, CallbackFunction onReady)
+
+# Conversions
+byte[]  fusion_stringToBase64(String message);
+String  fusion_bytesToBase64(byte[] byteArray);
+String  fusion_encodeHex(byte[] byteArray);
+```
+
 ## Module engine
 
 You can check available modules with `frida-fusion --list-modules` command.
@@ -69,7 +106,7 @@ export FUSION_MODULES=/tmp/modules
 frida-fusion --list-modules
 
 # Using available module
-frida-fusion -f [app_id] -U --script-path . -m [module_name]
+frida-fusion -f [app_id] -U --script-path mytest.js -m [module_name]
 ```
 
 At windows:
@@ -81,7 +118,7 @@ $env:FUSION_MODULES = "C:\extra_mods"
 frida-fusion --list-modules
 
 # Using available module
-frida-fusion -f [app_id] -U --script-path . -m [module_name]
+frida-fusion -f [app_id] -U --script-path mytest.js -m [module_name]
 ```
 
 ### Community modules
@@ -96,3 +133,4 @@ export FUSION_MODULES=/tmp/frida-fusion-community-modules
 # List all modules
 frida-fusion --list-modules
 ```
+

{frida_fusion-0.1.8 → frida_fusion-0.1.10}/frida_fusion/__meta__.py

@@ -1,8 +1,8 @@
-__version__ = '0.1.8'
+__version__ = '0.1.10'
 __title__ = "Frida Fusion"
 __description__ = "📱 frida-fusion - runtime mobile exploration"
 __url__ = "https://github.com/helviojunior/frida-fusion"
-__build__ = 0x36275f5
+__build__ = 0x3c147be
 __author__ = "Helvio Junior (M4v3r1ck)"
 __author_email__ = "helvio_junior@hotmail.com"
 __license__ = "GPL-3.0"

{frida_fusion-0.1.8 → frida_fusion-0.1.10}/frida_fusion/fusion.py

@@ -167,14 +167,14 @@ class Fusion(object):
             else:
                 Logger.pl("{*} Loading script file " + file_name)
                 for r in ["*", "-", "+", "!"]:
-                    file_data = file_data.replace(f"console.log('[{r}] ", f"sendMessage('{r}', '")
-                    file_data = file_data.replace(f'console.log("[{r}] ', f'sendMessage("{r}", "')
-                    file_data = file_data.replace(f"console.log('[{r}]", f"sendMessage('{r}', '")
-                    file_data = file_data.replace(f'console.log("[{r}]', f'sendMessage("{r}", "')
+                    file_data = file_data.replace(f"console.log('[{r}] ", f"fusion_sendMessage('{r}', '")
+                    file_data = file_data.replace(f'console.log("[{r}] ', f'fusion_sendMessage("{r}", "')
+                    file_data = file_data.replace(f"console.log('[{r}]", f"fusion_sendMessage('{r}', '")
+                    file_data = file_data.replace(f'console.log("[{r}]', f'fusion_sendMessage("{r}", "')
 
-                file_data = re.sub(r'(?<!\w)send\(', 'iSend(', file_data)
+                file_data = re.sub(r'(?<!\w)send\(', 'fusion_Send(', file_data)
 
-                file_data = file_data.replace(f'console.log(', f'sendMessage("I", ')
+                file_data = file_data.replace(f'console.log(', f'fusion_sendMessage("I", ')
                 file_data += "\n\n"
 
                 line_cnt = len(file_data.split("\n")) - 1
@@ -371,7 +371,11 @@ class Fusion(object):
                         for m in matches:
                             stack = stack.replace(m[0], f"{m[1].file_name}:{m[1].line}")
 
-                        if script_location.file_name == "class-factory.js" and len(matches) == 1:
+                        if script_location.file_name == "fusion_bundle.js" and len(matches) >= 1:
+                            script_location.file_name = matches[0][1].file_name
+                            script_location.line = matches[0][1].line
+
+                        elif script_location.file_name == "class-factory.js" and len(matches) == 1:
                             script_location.file_name = matches[0][1].file_name
                             script_location.line = matches[0][1].line
 

{frida_fusion-0.1.8 → frida_fusion-0.1.10}/frida_fusion/libs/database.py

@@ -81,6 +81,17 @@ class Database(object):
         conn.execute(sql, values)
         conn.commit()
 
+    @connect
+    def insert_if_not_exists(self, conn: Connection, table_name, **kwargs):
+        table_name = self.scrub(table_name)
+
+        if self.select_count(table_name=table_name, **kwargs) == 0:
+            (columns, values) = self.parse_args(kwargs)
+            sql = "INSERT INTO {} ({}) VALUES ({})" \
+                .format(table_name, ','.join(columns), ', '.join(['?'] * len(columns)))
+            conn.execute(sql, values)
+            conn.commit()
+
     @connect
     def insert_ignore_one(self, conn: Connection, table_name, **kwargs):
         table_name = self.scrub(table_name)

{frida_fusion-0.1.8 → frida_fusion-0.1.10}/frida_fusion/libs/helpers.js

@@ -1,9 +1,16 @@
-/*  Android Scripts
-    Author: Hélvio - M4v3r1ck
+/*  Frida Fusion helper functions
+    Author: Helvio Junior - M4v3r1ck
 */
 
+function fusion_Send(payload1, payload2){
+    const info = fusion_getCallerInfo();
+    send({
+      payload: payload1,
+      location: info
+    }, payload2);
+}
 
-function waitForClass(name, onReady) {
+function fusion_waitForClass(name, onReady) {
     var intv = setInterval(function () {
       try {
         var C = Java.use(name);
@@ -13,24 +20,24 @@ function waitForClass(name, onReady) {
     }, 100);
 }
 
-function printStackTrace(){
+function fusion_printStackTrace(){
     var trace = Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new());
     trace = trace.replace("java.lang.Exception\n", "Stack trace:\n");
-    sendMessage("*", trace);
+    fusion_sendMessage("I", trace);
 }
 
-function toBytes(message){
+function fusion_toBytes(message){
     try{
         const StringClass = Java.use('java.lang.String');
         var bTxt = StringClass.$new(message).getBytes('utf-8');
 
         return bTxt;
     } catch (err) {
-        sendMessage("*", err)
+        fusion_sendMessage("W", err)
     }
 }
 
-function toBase64(message){
+function fusion_stringToBase64(message){
     try{
         const StringClass = Java.use('java.lang.String');
         const Base64Class = Java.use('android.util.Base64');
@@ -39,19 +46,19 @@ function toBase64(message){
 
         return b64Msg;
     } catch (err) {
-        sendMessage("*", err)
+        fusion_sendMessage("W", err)
     }
 }
 
-function bytesToBase64(message){
+function fusion_bytesToBase64(byteArray){
 
-    if (message === null || message === undefined) return "IA==";
+    if (byteArray === null || byteArray === undefined) return "IA==";
     try {
         // 1) Confirma tipo byte[], se não tenta converter em string
-        message = Java.array('byte', message);
+        byteArray = Java.array('byte', byteArray);
 
         // 2) Tem 'length' numérico
-        const len = message.length;
+        const len = byteArray.length;
         if (typeof len !== "number") return "IA==";
 
         // 3) (opcional) Exigir conteúdo
@@ -64,16 +71,16 @@ function bytesToBase64(message){
     try{
         
         const Base64Class = Java.use('android.util.Base64');
-        var b64Msg = Base64Class.encodeToString(message, 0x00000002); //Base64Class.NO_WRAP = 0x00000002
+        var b64Msg = Base64Class.encodeToString(byteArray, 0x00000002); //Base64Class.NO_WRAP = 0x00000002
 
         return b64Msg;
     } catch (err) {
-        sendMessage("*", err)
+        fusion_sendMessage("W", err)
         return "IA==";
     }
 }
 
-function getCallerInfo() {
+function fusion_getCallerInfo() {
   try{
     const stack = new Error().stack.split("\n");
 
@@ -89,9 +96,9 @@ function getCallerInfo() {
         const file = m[2];
         const ln   = parseInt(m[3], 10);
 
-        // Ignora funções cujo nome comece com "send" (qualquer case)
+        // Ignore helper functions (with name "send")
         if (/^send/i.test(func)) continue;
-        if (/^isend/i.test(func)) continue;
+        if (/^fusion_Send/i.test(func)) continue;
 
         return { file_name: file, function_name: func, line: ln };
       }
@@ -102,29 +109,8 @@ function getCallerInfo() {
   return null;
 }
 
-function iSend(payload1, payload2){
-    try{
-        const info = getCallerInfo();
-        send({
-          payload: payload1,
-          location: info
-        }, payload2);
-    } catch (err) {
-        //sendMessage("*", err)
-        console.log(`Error: ${err}`)
-    }
-}
-
-function sendData(mType, jData, bData){
-    //iSend('{"type" : "'+ mType +'", "jdata" : "'+ jData +'"}', bData);
-    iSend({
-      type: mType,
-      jdata: jData
-    }, bData)
-}
-
-function sendKeyValueData(module, items) {
-    var st = getB64StackTrace();
+function fusion_sendKeyValueData(module, items) {
+    var st = fusion_getB64StackTrace();
 
     var data = [];
 
@@ -133,67 +119,75 @@ function sendKeyValueData(module, items) {
         data = data.concat([{key: `${items[i].key}`, value:`${items[i].value}`}]);
     }
 
-    iSend({
+    fusion_Send({
       type: "key_value_data",
       module: module,
       data: data,
       stack_trace: st
     }, null);
 
+}
 
-    /*
-    var jData = `{"type" : "key_value_data", "module": "${module}", "data": [`;
-    for (let i = 0; i < items.length; i++) {
-        if (i > 0) {
-            jData += `, `
-        }
-        jData += `{"key": "${items[i].key}", "value": "${items[i].value}"}`
+function fusion_sendMessage(level, message){
+    try{
+        const StringClass = Java.use('java.lang.String');
+        const Base64Class = Java.use('android.util.Base64');
+        var bTxt = StringClass.$new(message).getBytes('utf-8');
+        var b64Msg = Base64Class.encodeToString(bTxt, 0x00000002); //Base64Class.NO_WRAP = 0x00000002
+
+        //send('{"type" : "message", "level" : "'+ level +'", "message" : "'+ b64Msg +'"}');
+        fusion_Send({
+          type: "message",
+          level: level,
+          message: b64Msg
+        }, null)
+    } catch (err) {
+        fusion_sendMessage("W", err)
     }
-    jData += `], "stack_trace": "${st}"}`;
-    iSend(jData, "");
-    */
 }
 
-function sendMessage(level, message){
+function fusion_sendMessageWithTrace(level, message){
     try{
         const StringClass = Java.use('java.lang.String');
         const Base64Class = Java.use('android.util.Base64');
+
+        var trace = Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new());
+        trace = trace.replace("java.lang.Exception\n", "Stack trace:\n");
+        message += "\n"
+        message += trace
+
         var bTxt = StringClass.$new(message).getBytes('utf-8');
         var b64Msg = Base64Class.encodeToString(bTxt, 0x00000002); //Base64Class.NO_WRAP = 0x00000002
 
         //send('{"type" : "message", "level" : "'+ level +'", "message" : "'+ b64Msg +'"}');
-        iSend({
+        fusion_Send({
           type: "message",
           level: level,
           message: b64Msg
         }, null)
     } catch (err) {
-        sendMessage("*", err)
-        //sendMessage('-', 'secret_key_spec.$init.overload error: ' + err + '\n' + err.stack);
+        fusion_sendMessage("W", err)
     }
 }
 
-function sendError(error) {
+function fusion_sendError(error) {
     try{
-        sendMessage("-", error + '\n' + error.stack);
+        fusion_sendMessage("E", error + '\n' + error.stack);
     } catch (err) {
-        sendMessage("*", err)
+        fusion_sendMessage("W", err)
     }
 }
 
-function encodeHex(byteArray) {
+function fusion_encodeHex(byteArray) {
     
     const HexClass = Java.use('org.apache.commons.codec.binary.Hex');
     const StringClass = Java.use('java.lang.String');
     const hexChars = HexClass.encodeHex(byteArray);
-    //sendMessage("*", StringClass.$new(hexChars).toString());
-    //Buffer.from(bufStr, 'utf8');
-    //sendMessage("*", new Uint8Array(byteArray));
     return StringClass.$new(hexChars).toString();
     
 }
 
-function getB64StackTrace(){
+function fusion_getB64StackTrace(){
 
     try{
         const StringClass = Java.use('java.lang.String');
@@ -206,35 +200,49 @@ function getB64StackTrace(){
         return b64Msg
 
     } catch (err) {
-        sendMessage("*", err);
+        fusion_sendMessage("W", err);
         return '';
     }
 }
 
-function enumMethods(targetClass)
+function fusion_printMethods(targetClass)
 {
   var hook = Java.use(targetClass);
   var ownMethods = hook.class.getDeclaredMethods();
-  hook.$dispose;
-
-  return ownMethods;
+  ownMethods.forEach(function(s) {
+    fusion_sendMessage('I', s);
+  });
 }
 
-function printMethods(hook)
+function fusion_getClassName(obj)
 {
-  var ownMethods = hook.class.getDeclaredMethods();
-  ownMethods.forEach(function(s) { 
-    //sendMessage(s);
-    sendMessage('*', s);
-  });
+  if (obj === null || obj === undefined) return "";
 
-}
+  try {
+        // Caso seja um objeto Java real
+        if (obj.$className !== undefined) {
+            // Objetos instanciados via Java.use
+            return obj.$className;
+        }
 
-function intToHex(intVal)
-{
-    return intVal.toString(16);
-}
+        // Caso seja uma instância Java (não necessariamente via Java.use)
+        if (Java.isJavaObject(obj)) {
+            return obj.getClass().getName();
+        }
+
+        // Caso seja uma classe Java carregada (Java.use)
+        if (Java.isJavaClass(obj)) {
+            return obj.class.getName();
+        }
 
+        // Se for algo não Java, apenas retorna tipo do JS
+        return typeof obj;
+    } catch (err) {
+        fusion_sendMessage("W", err);
+        return '';
+    }
+
+}
 
 Java.perform(function () {
   const Thread = Java.use('java.lang.Thread');
@@ -263,7 +271,7 @@ Java.perform(function () {
   Thread.setDefaultUncaughtExceptionHandler(UEH.$new());
 });
 
-function formatBacktrace(frames) {
+function fusion_formatBacktrace(frames) {
   return frames.map((addr, i) => {
     const sym = DebugSymbol.fromAddress(addr);
     const mod = Process.findModuleByAddress(addr);
@@ -282,7 +290,7 @@ Process.setExceptionHandler(function (details) {
     frames = Thread.backtrace(details.context, Backtracer.FUZZY);
   }
 
-  const pretty = formatBacktrace(frames);
+  const pretty = fusion_formatBacktrace(frames);
 
   send({
     type: "native-exception",
@@ -302,4 +310,4 @@ Process.setExceptionHandler(function (details) {
   return false;
 });
 
-sendMessage("W", "Helper functions have been successfully initialized.")
+fusion_sendMessage("W", "Helper functions have been successfully initialized.")

{frida_fusion-0.1.8 → frida_fusion-0.1.10}/frida_fusion/libs/logger.py

@@ -41,7 +41,7 @@ class Logger(object):
         if Logger.out_file != '':
             try:
                 with open(Logger.out_file, "a") as text_file:
-                    text_file.write(Color.sc(text) + '\n')
+                    text_file.write(Color.escape_ansi(Color.sc(text)) + '\n')
             except:
                 pass