PyPI - frooky - Versions diffs - 0.1.1__tar.gz → 0.1.3__tar.gz - Mend

frooky 0.1.1tar.gz → 0.1.3tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

frooky-0.1.3/.github/workflows/publish.yml +35 -0
frooky-0.1.3/.github/workflows/sync-labels.yml +117 -0
frooky-0.1.3/.gitignore +44 -0
{frooky-0.1.1 → frooky-0.1.3}/PKG-INFO +1 -1
frooky-0.1.3/docs/examples/example.md +189 -0
frooky-0.1.3/docs/examples/hooks.json +12 -0
frooky-0.1.3/docs/examples/hooks2.json +12 -0
frooky-0.1.3/docs/examples/output.json +7 -0
frooky-0.1.3/docs/usage.md +292 -0
frooky-0.1.3/frooky/__init__.py +8 -0
frooky-0.1.3/frooky/_version.py +34 -0
{frooky-0.1.1 → frooky-0.1.3}/frooky/cli.py +7 -0
{frooky-0.1.1 → frooky-0.1.3}/frooky/frida_runner.py +3 -2
{frooky-0.1.1 → frooky-0.1.3}/frooky.egg-info/PKG-INFO +1 -1
{frooky-0.1.1 → frooky-0.1.3}/frooky.egg-info/SOURCES.txt +9 -0
{frooky-0.1.1 → frooky-0.1.3}/pyproject.toml +5 -2
frooky-0.1.1/frooky/__init__.py +0 -4
{frooky-0.1.1 → frooky-0.1.3}/LICENSE +0 -0
{frooky-0.1.1 → frooky-0.1.3}/README.md +0 -0
{frooky-0.1.1 → frooky-0.1.3}/frooky/__main__.py +0 -0
{frooky-0.1.1 → frooky-0.1.3}/frooky/android/android_decoder.js +0 -0
{frooky-0.1.1 → frooky-0.1.3}/frooky/android/base_script.js +0 -0
{frooky-0.1.1 → frooky-0.1.3}/frooky/android/native_decoder.js +0 -0
{frooky-0.1.1 → frooky-0.1.3}/frooky/ios/base_script.js +0 -0
{frooky-0.1.1 → frooky-0.1.3}/frooky/resources.py +0 -0
{frooky-0.1.1 → frooky-0.1.3}/frooky.egg-info/dependency_links.txt +0 -0
{frooky-0.1.1 → frooky-0.1.3}/frooky.egg-info/entry_points.txt +0 -0
{frooky-0.1.1 → frooky-0.1.3}/frooky.egg-info/requires.txt +0 -0
{frooky-0.1.1 → frooky-0.1.3}/frooky.egg-info/top_level.txt +0 -0
{frooky-0.1.1 → frooky-0.1.3}/setup.cfg +0 -0

frooky-0.1.3/.github/workflows/publish.yml ADDED Viewed

@@ -0,0 +1,35 @@
+name: publish
+on:
+  push:
+    tags:
+      - "v*"
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Fetch all history and tags for setuptools-scm
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.x"
+      - run: python -m pip install --upgrade build
+      - run: python -m build
+      - uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/*
+  publish:
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist
+      - uses: pypa/gh-action-pypi-publish@release/v1

frooky-0.1.3/.github/workflows/sync-labels.yml ADDED Viewed

@@ -0,0 +1,117 @@
+name: Sync Labels from Issues to PRs
+on:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+jobs:
+  sync-labels:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      issues: read
+    steps:
+      - name: Sync labels from linked issues
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const prNumber = context.payload.pull_request.number;
+            const prBody = context.payload.pull_request.body || '';
+            const issueNumbers = new Set();
+            // Pattern 1: Simple format - fixes #123, closes#456
+            const simpleRegex = /(?:close|closes|closed|fix|fixes|fixed|resolve|resolves|resolved)\s*#(\d+)/gi;
+            const simpleMatches = [...prBody.matchAll(simpleRegex)];
+            simpleMatches.forEach(match => issueNumbers.add(parseInt(match[1])));
+            // Pattern 2: Owner/repo format - fixes owner/repo#123
+            const ownerRepoRegex = /(?:close|closes|closed|fix|fixes|fixed|resolve|resolves|resolved)\s+([a-zA-Z0-9._-]+\/[a-zA-Z0-9._-]+)#(\d+)/gi;
+            const ownerRepoMatches = [...prBody.matchAll(ownerRepoRegex)];
+            ownerRepoMatches.forEach(match => {
+              const repoPath = match[1];
+              const issueNum = parseInt(match[2]);
+              // Only add if it's the same repository
+              if (repoPath === `${context.repo.owner}/${context.repo.repo}`) {
+                issueNumbers.add(issueNum);
+              } else {
+                console.log(`Skipping cross-repository issue: ${repoPath}#${issueNum}`);
+              }
+            });
+            // Pattern 3: Full URL format - fixes https://github.com/owner/repo#123 or /issues/123
+            const urlRegex = /(?:close|closes|closed|fix|fixes|fixed|resolve|resolves|resolved)\s+https?:\/\/github\.com\/([a-zA-Z0-9._-]+)\/([a-zA-Z0-9._-]+)(?:\/issues\/|#)(\d+)/gi;
+            const urlMatches = [...prBody.matchAll(urlRegex)];
+            urlMatches.forEach(match => {
+              const owner = match[1];
+              const repo = match[2];
+              const issueNum = parseInt(match[3]);
+              // Only add if it's the same repository
+              if (owner === context.repo.owner && repo === context.repo.repo) {
+                issueNumbers.add(issueNum);
+              } else {
+                console.log(`Skipping cross-repository issue: ${owner}/${repo}#${issueNum}`);
+              }
+            });
+            const issueNumbersArray = Array.from(issueNumbers);
+            if (issueNumbersArray.length === 0) {
+              console.log('No linked issues found in PR description');
+              return;
+            }
+            console.log(`Found linked issues: ${issueNumbersArray.join(', ')}`);
+            // Collect all labels from linked issues
+            const allLabels = new Set();
+            for (const issueNumber of issueNumbersArray) {
+              try {
+                const { data: issue } = await github.rest.issues.get({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  issue_number: issueNumber
+                });
+                console.log(`Issue #${issueNumber} has labels: ${issue.labels.map(l => l.name).join(', ')}`);
+                issue.labels.forEach(label => {
+                  allLabels.add(label.name);
+                });
+              } catch (error) {
+                console.log(`Error fetching issue #${issueNumber}: ${error.message}`);
+              }
+            }
+            if (allLabels.size === 0) {
+              console.log('No labels found on linked issues');
+              return;
+            }
+            console.log(`Syncing labels to PR: ${Array.from(allLabels).join(', ')}`);
+            // Get current PR labels
+            const { data: currentPR } = await github.rest.pulls.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: prNumber
+            });
+            const currentLabels = new Set(currentPR.labels.map(l => l.name));
+            // Add new labels from issues
+            const labelsToAdd = Array.from(allLabels).filter(label => !currentLabels.has(label));
+            if (labelsToAdd.length > 0) {
+              await github.rest.issues.addLabels({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: prNumber,
+                labels: labelsToAdd
+              });
+              console.log(`Added labels: ${labelsToAdd.join(', ')}`);
+            } else {
+              console.log('All labels already present on PR');
+            }

frooky-0.1.3/.gitignore ADDED Viewed

@@ -0,0 +1,44 @@
+# Frooky local debug artifacts
+tmp/
+output.json
+*.jsonl
+# node
+node_modules/
+package.json
+package-lock.json
+# Python bytecode
+__pycache__/
+*.py[cod]
+*$py.class
+# Virtual environments
+.venv/
+venv/
+env/
+.env/
+# Packaging/build outputs
+build/
+dist/
+*.egg-info/
+.eggs/
+pip-wheel-metadata/
+# Generated version file (created by setuptools-scm during build)
+frooky/_version.py
+# Test / type-check / lint caches
+.pytest_cache/
+.mypy_cache/
+.ruff_cache/
+.coverage
+coverage.xml
+htmlcov/
+# IDE / OS
+.DS_Store
+.vscode/
+.idea/

{frooky-0.1.1 → frooky-0.1.3}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: frooky
-Version: 0.1.1
+Version: 0.1.3
 Summary: Frida-powered hook runner based on JSON hook files.
 Author-email: Carlos Holguera <holguera.cybersec@gmail.com>, Stefan Bernhardsgrütter <stefan.bernhardsgruetter@redguard.ch>
 License:                     GNU GENERAL PUBLIC LICENSE

frooky-0.1.3/docs/examples/example.md ADDED Viewed

@@ -0,0 +1,189 @@
+# Example: Hooking EncryptedSharedPreferences Methods
+In this example we download and install the OWASP MAS [MASTG-DEMO-0060](https://mas.owasp.org/MASTG/demos/android/MASVS-STORAGE/MASTG-DEMO-0060/MASTG-DEMO-0060/) app (App Writing Sensitive Data to Sandbox using EncryptedSharedPreferences), create two hook files to hook methods related to encrypted shared preferences, and run `frooky` with both hook files against the app. We then analyze the output JSON Lines file to see the captured hook events.
+## Creating Hook Files
+First, create a hook file `hooks.json` to hook the `putString` and `putStringSet` methods of `android.app.SharedPreferencesImpl$EditorImpl`:
+```json
+{
+  "category": "STORAGE",
+  "hooks": [
+    {
+      "class": "android.app.SharedPreferencesImpl$EditorImpl",
+      "methods": [
+        "putString",
+        "putStringSet"
+      ]
+    }
+  ]
+}
+```
+To demonstrate merging multiple hook files, we create a second hook file `hooks2.json` to hook the same methods in the underlying implementation class `androidx.security.crypto.EncryptedSharedPreferences$Editor`:
+```json
+{
+  "category": "STORAGE",
+  "hooks": [
+    {
+      "class": "androidx.security.crypto.EncryptedSharedPreferences$Editor",
+      "methods": [
+        "putString",
+        "putStringSet"
+      ]
+    }
+  ]
+}
+```
+## Running Frooky with Multiple Hook Files
+```bash
+frooky -U -n MASTestApp --platform android hooks.json hooks2.json
+   ___    ____                                Powered by Frida 17.6.0
+  / __\  / _  |    _     _    _  _   _   _    Target: MASTestApp
+ / _\   | (_) |  / _ \ / _ \ | / /  | | | |
+/ /     / / | | | (_) | (_) ||  <   | |_| |   Device: Android Emulator 5554 (emulator-5554)
+\/     /_/  |_|  \___/ \___/ |_|\_\  \__, |   Platform: android
+                                     |___/    Hook files: 2
+                                              Output: output.json
+  Press Ctrl+C to stop...
+  Resolved Hooks: 4
+  Events: 6             | Last: androidx.security.crypto.EncryptedSharedPreferences$Editor.p...
+  Stopping ...
+```
+Notice how `frooky` indicates the Frida version, target app, device, platform, and output file.
+It reports `Hook files: 2` and `Resolved Hooks: 4`, indicating that hooks from both files were merged and set up successfully.
+The "Events" line shows the total number of captured hook events (6 in this case) and the last hooked method called.
+## Analyzing the Output
+The output file `output.json` will contain the captured hook events:
+```json
+{
+    "type": "summary",
+    "hooks": [
+        {
+            "class": "android.app.SharedPreferencesImpl$EditorImpl",
+            "method": "putString",
+            "overloads": [
+                {
+                    "args": [
+                        "java.lang.String",
+                        "java.lang.String"
+                    ]
+                }
+            ]
+        },
+        {
+            "class": "android.app.SharedPreferencesImpl$EditorImpl",
+            "method": "putStringSet",
+            "overloads": [
+                {
+                    "args": [
+                        "java.lang.String",
+                        "java.util.Set"
+                    ]
+                }
+            ]
+        },
+        {
+            "class": "androidx.security.crypto.EncryptedSharedPreferences$Editor",
+            "method": "putString",
+            "overloads": [
+                {
+                    "args": [
+                        "java.lang.String",
+                        "java.lang.String"
+                    ]
+                }
+            ]
+        },
+        {
+            "class": "androidx.security.crypto.EncryptedSharedPreferences$Editor",
+            "method": "putStringSet",
+            "overloads": [
+                {
+                    "args": [
+                        "java.lang.String",
+                        "java.util.Set"
+                    ]
+                }
+            ]
+        }
+    ],
+    "totalHooks": 4,
+    "errors": [],
+    "totalErrors": 0
+}
+{
+    "id": "98862c65-de96-4872-95fc-c367b90c68a0",
+    "type": "hook",
+    "category": "STORAGE",
+    "time": "2026-01-19T10:45:50.454Z",
+    "class": "android.app.SharedPreferencesImpl$EditorImpl",
+    "method": "putString",
+    "instanceId": 31636504,
+    "stackTrace": [
+        "android.app.SharedPreferencesImpl$EditorImpl.putString(Native Method)",
+        "androidx.security.crypto.EncryptedSharedPreferences$Editor.putEncryptedObject(EncryptedSharedPreferences.java:389)",
+        "androidx.security.crypto.EncryptedSharedPreferences$Editor.putString(EncryptedSharedPreferences.java:262)",
+        "androidx.security.crypto.EncryptedSharedPreferences$Editor.putString(Native Method)",
+        "org.owasp.mastestapp.MastgTest.mastgTest(MastgTest.kt:33)",
+        "org.owasp.mastestapp.MainActivityKt.MainScreen$lambda$12$lambda$11(MainActivity.kt:101)",
+        "org.owasp.mastestapp.MainActivityKt.$r8$lambda$Pm6AsbKBmypP53K-UABM21E_Xxk(Unknown Source:0)",
+        "org.owasp.mastestapp.MainActivityKt$$ExternalSyntheticLambda3.run(D8$$SyntheticClass:0)"
+    ],
+    "inputParameters": [
+        {
+            "declaredType": "java.lang.String",
+            "value": "AQMRC7NJHrnwtE5suFMVSkzr7Zz0m55Yz/Gt4MQ8jXR9LQ+W"
+        },
+        {
+            "declaredType": "java.lang.String",
+            "value": "AX4R5MZvOLo+hzcBjDtSvkF+ryFEcXM66M/nzU33MpDv6fh//WWbG93gDW6f4JFXsRvq8WHJNI4zIoalUw=="
+        }
+    ],
+    "returnValue": [
+        {
+            "declaredType": "android.content.SharedPreferences$Editor",
+            "value": "<instance: android.content.SharedPreferences$Editor, $className: android.app.SharedPreferencesImpl$EditorImpl>",
+            "runtimeType": "android.app.SharedPreferencesImpl$EditorImpl",
+            "instanceId": "31636504",
+            "instanceToString": "android.app.SharedPreferencesImpl$EditorImpl@1e2bc18"
+        }
+    ]
+}
+... <TRUNCATED FOR BREVITY> ...
+```
+We can see the `summary` event at the start, followed by individual `hook` events capturing calls to the hooked methods along with their parameters, return values, and stack traces.
+The summary event indicates no errors and a total of 4 resolved hooks:
+- `android.app.SharedPreferencesImpl$EditorImpl.putString`
+- `android.app.SharedPreferencesImpl$EditorImpl.putStringSet`
+- `androidx.security.crypto.EncryptedSharedPreferences$Editor.putString`
+- `androidx.security.crypto.EncryptedSharedPreferences$Editor.putStringSet`
+The first hook event shows a call to `android.app.SharedPreferencesImpl$EditorImpl.putString`, capturing the input parameters (the key and encrypted value) and the return value (the editor instance). The stack trace provides context on where the method was called from within the app, specifically from `MastgTest.mastgTest`.
+The input parameters in this event are:
+- Key: `"AQMRC7NJHrnwtE5suFMVSkzr7Zz0m55Yz/Gt4MQ8jXR9LQ+W"`
+- Encrypted Value: `"AX4R5MZvOLo+hzcBjDtSvkF+ryFEcXM66M/nzU33MpDv6fh//WWbG93gDW6f4JFXsRvq8WHJNI4zIoalUw=="`
+Which represents the data being stored in the encrypted shared preferences. The "key" being the identifier for the stored value, and the "encrypted value" being the actual data stored in an encrypted format.
+The return value indicates that the method returned an instance of `android.content.SharedPreferences$Editor`, allowing for method chaining.

frooky-0.1.3/docs/examples/hooks.json ADDED Viewed

@@ -0,0 +1,12 @@
+{
+  "category": "STORAGE",
+  "hooks": [
+    {
+      "class": "android.app.SharedPreferencesImpl$EditorImpl",
+      "methods": [
+        "putString",
+        "putStringSet"
+      ]
+    }
+  ]
+}

frooky-0.1.3/docs/examples/hooks2.json ADDED Viewed

@@ -0,0 +1,12 @@
+{
+  "category": "STORAGE",
+  "hooks": [
+    {
+      "class": "androidx.security.crypto.EncryptedSharedPreferences$Editor",
+      "methods": [
+        "putString",
+        "putStringSet"
+      ]
+    }
+  ]
+}

frooky-0.1.3/docs/examples/output.json ADDED Viewed

@@ -0,0 +1,7 @@
+{"type": "summary", "hooks": [{"class": "android.app.SharedPreferencesImpl$EditorImpl", "method": "putString", "overloads": [{"args": ["java.lang.String", "java.lang.String"]}]}, {"class": "android.app.SharedPreferencesImpl$EditorImpl", "method": "putStringSet", "overloads": [{"args": ["java.lang.String", "java.util.Set"]}]}, {"class": "androidx.security.crypto.EncryptedSharedPreferences$Editor", "method": "putString", "overloads": [{"args": ["java.lang.String", "java.lang.String"]}]}, {"class": "androidx.security.crypto.EncryptedSharedPreferences$Editor", "method": "putStringSet", "overloads": [{"args": ["java.lang.String", "java.util.Set"]}]}], "totalHooks": 4, "errors": [], "totalErrors": 0}
+{"id": "98862c65-de96-4872-95fc-c367b90c68a0", "type": "hook", "category": "STORAGE", "time": "2026-01-19T10:45:50.454Z", "class": "android.app.SharedPreferencesImpl$EditorImpl", "method": "putString", "instanceId": 31636504, "stackTrace": ["android.app.SharedPreferencesImpl$EditorImpl.putString(Native Method)", "androidx.security.crypto.EncryptedSharedPreferences$Editor.putEncryptedObject(EncryptedSharedPreferences.java:389)", "androidx.security.crypto.EncryptedSharedPreferences$Editor.putString(EncryptedSharedPreferences.java:262)", "androidx.security.crypto.EncryptedSharedPreferences$Editor.putString(Native Method)", "org.owasp.mastestapp.MastgTest.mastgTest(MastgTest.kt:33)", "org.owasp.mastestapp.MainActivityKt.MainScreen$lambda$12$lambda$11(MainActivity.kt:101)", "org.owasp.mastestapp.MainActivityKt.$r8$lambda$Pm6AsbKBmypP53K-UABM21E_Xxk(Unknown Source:0)", "org.owasp.mastestapp.MainActivityKt$$ExternalSyntheticLambda3.run(D8$$SyntheticClass:0)"], "inputParameters": [{"declaredType": "java.lang.String", "value": "AQMRC7NJHrnwtE5suFMVSkzr7Zz0m55Yz/Gt4MQ8jXR9LQ+W"}, {"declaredType": "java.lang.String", "value": "AX4R5MZvOLo+hzcBjDtSvkF+ryFEcXM66M/nzU33MpDv6fh//WWbG93gDW6f4JFXsRvq8WHJNI4zIoalUw=="}], "returnValue": [{"declaredType": "android.content.SharedPreferences$Editor", "value": "<instance: android.content.SharedPreferences$Editor, $className: android.app.SharedPreferencesImpl$EditorImpl>", "runtimeType": "android.app.SharedPreferencesImpl$EditorImpl", "instanceId": "31636504", "instanceToString": "android.app.SharedPreferencesImpl$EditorImpl@1e2bc18"}]}
+{"id": "4f9e6e0b-e150-4957-8cdf-1f95b8002aa4", "type": "hook", "category": "STORAGE", "time": "2026-01-19T10:45:50.448Z", "class": "androidx.security.crypto.EncryptedSharedPreferences$Editor", "method": "putString", "instanceId": 183362555, "stackTrace": ["androidx.security.crypto.EncryptedSharedPreferences$Editor.putString(Native Method)", "org.owasp.mastestapp.MastgTest.mastgTest(MastgTest.kt:33)", "org.owasp.mastestapp.MainActivityKt.MainScreen$lambda$12$lambda$11(MainActivity.kt:101)", "org.owasp.mastestapp.MainActivityKt.$r8$lambda$Pm6AsbKBmypP53K-UABM21E_Xxk(Unknown Source:0)", "org.owasp.mastestapp.MainActivityKt$$ExternalSyntheticLambda3.run(D8$$SyntheticClass:0)", "java.lang.Thread.run(Thread.java:1012)"], "inputParameters": [{"declaredType": "java.lang.String", "value": "EncryptedAWSKey"}, {"declaredType": "java.lang.String", "value": "AKIAABCDEFGHIJKLMNOP"}], "returnValue": [{"declaredType": "android.content.SharedPreferences$Editor", "value": "<instance: android.content.SharedPreferences$Editor, $className: androidx.security.crypto.EncryptedSharedPreferences$Editor>", "runtimeType": "androidx.security.crypto.EncryptedSharedPreferences$Editor", "instanceId": "183362555", "instanceToString": "androidx.security.crypto.EncryptedSharedPreferences$Editor@aede3fb"}]}
+{"id": "de5037ee-e9f6-44c8-b1ad-a08c7fa123b8", "type": "hook", "category": "STORAGE", "time": "2026-01-19T10:45:50.464Z", "class": "android.app.SharedPreferencesImpl$EditorImpl", "method": "putString", "instanceId": 31636504, "stackTrace": ["android.app.SharedPreferencesImpl$EditorImpl.putString(Native Method)", "androidx.security.crypto.EncryptedSharedPreferences$Editor.putEncryptedObject(EncryptedSharedPreferences.java:389)", "androidx.security.crypto.EncryptedSharedPreferences$Editor.putString(EncryptedSharedPreferences.java:262)", "androidx.security.crypto.EncryptedSharedPreferences$Editor.putString(Native Method)", "org.owasp.mastestapp.MastgTest.mastgTest(MastgTest.kt:34)", "org.owasp.mastestapp.MainActivityKt.MainScreen$lambda$12$lambda$11(MainActivity.kt:101)", "org.owasp.mastestapp.MainActivityKt.$r8$lambda$Pm6AsbKBmypP53K-UABM21E_Xxk(Unknown Source:0)", "org.owasp.mastestapp.MainActivityKt$$ExternalSyntheticLambda3.run(D8$$SyntheticClass:0)"], "inputParameters": [{"declaredType": "java.lang.String", "value": "AQMRC7OWD6/h1iJseuzJVrClpwKE8swB8gOrGnsdaN4="}, {"declaredType": "java.lang.String", "value": "AX4R5MaQJvV8rAXOUTIQ+VZz4OzP5jiyPLkdlQK2sMOlgrXuuIp+7DRPPr//E3JtSQje/WXRy/JSx+jIwwxIOUTfyCwLOpxbhaknMFeQJGJ1"}], "returnValue": [{"declaredType": "android.content.SharedPreferences$Editor", "value": "<instance: android.content.SharedPreferences$Editor, $className: android.app.SharedPreferencesImpl$EditorImpl>", "runtimeType": "android.app.SharedPreferencesImpl$EditorImpl", "instanceId": "31636504", "instanceToString": "android.app.SharedPreferencesImpl$EditorImpl@1e2bc18"}]}
+{"id": "1987cff2-bf9b-4ba0-ab4d-5ab2b8225fdb", "type": "hook", "category": "STORAGE", "time": "2026-01-19T10:45:50.457Z", "class": "androidx.security.crypto.EncryptedSharedPreferences$Editor", "method": "putString", "instanceId": 183362555, "stackTrace": ["androidx.security.crypto.EncryptedSharedPreferences$Editor.putString(Native Method)", "org.owasp.mastestapp.MastgTest.mastgTest(MastgTest.kt:34)", "org.owasp.mastestapp.MainActivityKt.MainScreen$lambda$12$lambda$11(MainActivity.kt:101)", "org.owasp.mastestapp.MainActivityKt.$r8$lambda$Pm6AsbKBmypP53K-UABM21E_Xxk(Unknown Source:0)", "org.owasp.mastestapp.MainActivityKt$$ExternalSyntheticLambda3.run(D8$$SyntheticClass:0)", "java.lang.Thread.run(Thread.java:1012)"], "inputParameters": [{"declaredType": "java.lang.String", "value": "GitHubToken"}, {"declaredType": "java.lang.String", "value": "ghp_1234567890abcdefghijklmnopqrstuvABCD"}], "returnValue": [{"declaredType": "android.content.SharedPreferences$Editor", "value": "<instance: android.content.SharedPreferences$Editor, $className: androidx.security.crypto.EncryptedSharedPreferences$Editor>", "runtimeType": "androidx.security.crypto.EncryptedSharedPreferences$Editor", "instanceId": "183362555", "instanceToString": "androidx.security.crypto.EncryptedSharedPreferences$Editor@aede3fb"}]}
+{"id": "ab724a0a-e1fe-43ed-8d5e-0734c2636130", "type": "hook", "category": "STORAGE", "time": "2026-01-19T10:45:50.471Z", "class": "android.app.SharedPreferencesImpl$EditorImpl", "method": "putString", "instanceId": 31636504, "stackTrace": ["android.app.SharedPreferencesImpl$EditorImpl.putString(Native Method)", "androidx.security.crypto.EncryptedSharedPreferences$Editor.putEncryptedObject(EncryptedSharedPreferences.java:389)", "androidx.security.crypto.EncryptedSharedPreferences$Editor.putStringSet(EncryptedSharedPreferences.java:287)", "androidx.security.crypto.EncryptedSharedPreferences$Editor.putStringSet(Native Method)", "org.owasp.mastestapp.MastgTest.mastgTest(MastgTest.kt:35)", "org.owasp.mastestapp.MainActivityKt.MainScreen$lambda$12$lambda$11(MainActivity.kt:101)", "org.owasp.mastestapp.MainActivityKt.$r8$lambda$Pm6AsbKBmypP53K-UABM21E_Xxk(Unknown Source:0)", "org.owasp.mastestapp.MainActivityKt$$ExternalSyntheticLambda3.run(D8$$SyntheticClass:0)"], "inputParameters": [{"declaredType": "java.lang.String", "value": "AQMRC7PmmtQeo27DnFbH7Ruc9Gwm36B+0IwxJVaN2xsfZw=="}, {"declaredType": "java.lang.String", "value": "AX4R5MY+JRTS3rMmjIKCV/0sk2z1cS8Bj1McZ75Zzfk1MIh/h+SZjK5L/KMmcnkeFOxpHhVZJp2knj7u8xQH5pSb6xHJOYN+T7ZJf/uvS2VWPEMnUl/op+BxSRq+FjrmH1WhuROAtEdlU8QJFwCNgLD0CdzZlw7l7z4s7MWiiYWN90HWhczjWYBIRRbmoOpIuNF9JkWSKZ2hkixS1ckJShXWnylG+rtvmVs6wMCazCIsl3yr+ABQ2WIx+CxsEZMEXMdK1413B25rO2m2um7b0xOjmGagXj9moesXgIDACXPzjXzOgsGHv93yOmsDuXBqIVHFqjsNDrXkI+VYEwmi44rtkPW9vNw4G3eOMr7DVN3IhVs="}], "returnValue": [{"declaredType": "android.content.SharedPreferences$Editor", "value": "<instance: android.content.SharedPreferences$Editor, $className: android.app.SharedPreferencesImpl$EditorImpl>", "runtimeType": "android.app.SharedPreferencesImpl$EditorImpl", "instanceId": "31636504", "instanceToString": "android.app.SharedPreferencesImpl$EditorImpl@1e2bc18"}]}
+{"id": "27ef8302-d842-4db0-90a8-355d35e163b2", "type": "hook", "category": "STORAGE", "time": "2026-01-19T10:45:50.466Z", "class": "androidx.security.crypto.EncryptedSharedPreferences$Editor", "method": "putStringSet", "instanceId": 183362555, "stackTrace": ["androidx.security.crypto.EncryptedSharedPreferences$Editor.putStringSet(Native Method)", "org.owasp.mastestapp.MastgTest.mastgTest(MastgTest.kt:35)", "org.owasp.mastestapp.MainActivityKt.MainScreen$lambda$12$lambda$11(MainActivity.kt:101)", "org.owasp.mastestapp.MainActivityKt.$r8$lambda$Pm6AsbKBmypP53K-UABM21E_Xxk(Unknown Source:0)", "org.owasp.mastestapp.MainActivityKt$$ExternalSyntheticLambda3.run(D8$$SyntheticClass:0)", "java.lang.Thread.run(Thread.java:1012)"], "inputParameters": [{"declaredType": "java.lang.String", "value": "preSharedKeys"}, {"declaredType": "java.util.Set", "value": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALfX7kbfFv3pc3JjOHQ=\n-----END PRIVATE KEY-----,-----BEGIN PRIVATE KEY-----\ngJXS9EwpuzK8U1TOgfplwfKEVngCE2D5FNBQWvNmuHHbigmTCabsA=\n-----END PRIVATE KEY-----", "runtimeType": "java.util.HashSet", "instanceId": "110008543", "instanceToString": "[-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALfX7kbfFv3pc3JjOHQ=\n-----END PRIVATE KEY-----, -----BEGIN PRIVATE KEY-----\ngJXS9EwpuzK8U1TOgfplwfKEVngCE2D5FNBQWvNmuHHbigmTCabsA=\n-----END PRIVATE KEY-----]"}], "returnValue": [{"declaredType": "android.content.SharedPreferences$Editor", "value": "<instance: android.content.SharedPreferences$Editor, $className: androidx.security.crypto.EncryptedSharedPreferences$Editor>", "runtimeType": "androidx.security.crypto.EncryptedSharedPreferences$Editor", "instanceId": "183362555", "instanceToString": "androidx.security.crypto.EncryptedSharedPreferences$Editor@aede3fb"}]}

frooky-0.1.3/docs/usage.md ADDED Viewed

@@ -0,0 +1,292 @@
+# Usage
+## Hook Files
+Hook files use JSON format. When multiple hook files are provided, their `hooks` arrays are merged together.
+### Basic Structure
+```json
+{
+  "category": "STORAGE",
+  "hooks": [
+    {
+      "class": "com.example.MyClass",
+      "methods": ["method1", "method2"]
+    }
+  ]
+}
+```
+### Java/Kotlin Hooks
+#### Simple Method Hook
+```json
+{
+  "class": "java.io.File",
+  "method": "exists"
+}
+```
+#### Multiple Methods
+```json
+{
+  "class": "java.io.FileOutputStream",
+  "methods": ["write", "close", "flush"]
+}
+```
+#### Method Overloads
+Specify exact method signatures using `overloads`:
+```json
+{
+  "class": "java.io.FileOutputStream",
+  "method": "write",
+  "overloads": [
+    { "args": ["[B"] },
+    { "args": ["[B", "int", "int"] },
+    { "args": ["int"] }
+  ]
+}
+```
+#### Stack Traces
+Control stack trace depth with `maxFrames`:
+```json
+{
+  "class": "javax.crypto.Cipher",
+  "method": "doFinal",
+  "maxFrames": 10
+}
+```
+### Native Hooks
+Native hooks intercept C/C++ functions. Set `native: true` and specify the symbol.
+#### Basic Native Hook
+```json
+{
+  "native": true,
+  "symbol": "open",
+  "module": "libc.so"
+}
+```
+#### Argument Descriptors
+Define how arguments should be captured:
+```json
+{
+  "native": true,
+  "symbol": "write",
+  "module": "libc.so",
+  "args": [
+    { "name": "fd", "type": "int32" },
+    { "name": "buf", "type": "bytes", "length": 256 },
+    { "name": "count", "type": "int32" }
+  ]
+}
+```
+#### Dynamic Length from Another Argument
+Use `lengthInArg` to read length from another argument:
+```json
+{
+  "native": true,
+  "symbol": "send",
+  "module": "libc.so",
+  "args": [
+    { "name": "sockfd", "type": "int32" },
+    { "name": "buf", "type": "bytes", "lengthInArg": 2 },
+    { "name": "len", "type": "int32" },
+    { "name": "flags", "type": "int32" }
+  ]
+}
+```
+#### Capture Return Values
+Set `returnValue: true` on the last argument:
+```json
+{
+  "native": true,
+  "symbol": "read",
+  "module": "libc.so",
+  "args": [
+    { "name": "fd", "type": "int32" },
+    { "name": "buf", "type": "bytes", "lengthInArg": 2 },
+    { "name": "count", "type": "int32" },
+    { "name": "result", "type": "int32", "returnValue": true }
+  ]
+}
+```
+#### Outbound Parameters
+Use `direction: "out"` for output parameters that should be read after the function returns:
+```json
+{
+  "native": true,
+  "symbol": "CCCrypt",
+  "module": "libcommonCrypto.dylib",
+  "args": [
+    { "name": "op", "type": "int32" },
+    { "name": "alg", "type": "int32" },
+    { "name": "dataOut", "type": "bytes", "length": 256, "direction": "out" },
+    { "name": "dataOutMoved", "type": "pointer", "direction": "out" }
+  ]
+}
+```
+#### Filter by Value
+Only capture events when arguments match specific values:
+```json
+{
+  "native": true,
+  "symbol": "open",
+  "module": "libc.so",
+  "args": [
+    { "name": "pathname", "type": "string", "filter": ["/data/", "/sdcard/"] }
+  ]
+}
+```
+#### Filter by Stack Trace
+Only capture events when the call stack contains specific patterns:
+```json
+{
+  "native": true,
+  "symbol": "SSL_write",
+  "module": "libssl.so",
+  "filterEventsByStacktrace": ["com.example.network", "okhttp3"]
+}
+```
+#### Debug Mode
+Enable verbose logging for troubleshooting:
+```json
+{
+  "native": true,
+  "symbol": "problematic_function",
+  "module": "libfoo.so",
+  "debug": true
+}
+```
+### Argument Types
+| Type | Description |
+|------|-------------|
+| `string` | Null-terminated C string |
+| `int32` | 32-bit signed integer |
+| `uint32` | 32-bit unsigned integer |
+| `int64` | 64-bit signed integer |
+| `pointer` | Memory address |
+| `bytes` | Raw bytes (requires `length` or `lengthInArg`) |
+| `bool` | Boolean value |
+| `double` | 64-bit floating point |
+| `CFData` | iOS CFData object |
+| `CFDictionary` | iOS CFDictionary object |
+### iOS Objective-C Hooks
+Hook Objective-C methods using `objClass` and `symbol`:
+```json
+{
+  "native": true,
+  "objClass": "NSURLSession",
+  "symbol": "dataTaskWithRequest:completionHandler:"
+}
+```
+## Output Format
+Events are written to the output file in JSON Lines format (one JSON object per line, known as NDJSON). You can easily pretty-print it e.g. using `jq . output.json`.
+First of all, a summary event is written when hooking is initialized, listing all resolved hooks. It includes:
+- `type`: Indicates this is a summary event
+- `hooks`: An array of all hooked methods with their classes and overloads
+- `totalHooks`: Total number of hooks that were set up
+- `errors`: Any errors encountered while setting up hooks
+- `totalErrors`: Total number of errors encountered
+After that, individual hook events are written each time a hooked method/function is called.
+Example hook event (pretty-printed for clarity):
+```json
+{
+    "id": "0117229c-b034-4676-ba33-075fc27922ba",
+    "type": "hook",
+    "category": "STORAGE",
+    "time": "2026-01-18T16:17:25.470Z",
+    "class": "android.app.SharedPreferencesImpl$EditorImpl",
+    "method": "putString",
+    "instanceId": 268282727,
+    "stackTrace": [
+        "android.app.SharedPreferencesImpl$EditorImpl.putString(Native Method)",
+        "androidx.security.crypto.EncryptedSharedPreferences$Editor.putEncryptedObject(EncryptedSharedPreferences.java:389)",
+        ...
+    ],
+    "inputParameters": [
+        {
+            "declaredType": "java.lang.String",
+            "value": "AQMRC7OWD6/h1iJseuzJVrClpwKE8swB8gOrGnsdaN4="
+        },
+        {
+            "declaredType": "java.lang.String",
+            "value": "AX4R5MZu+J1p0U3hvKyuEnJDQopI+wupiSi8CAG8dzq0PU76NbbebjhqMtqCD7fFUy2SmmQuQVDlDrrj30d3GQes+PlD8HmRFszVTge039GQ"
+        }
+    ],
+    "returnValue": [
+        {
+            "declaredType": "android.content.SharedPreferences$Editor",
+            "value": "<instance: android.content.SharedPreferences$Editor, $className: android.app.SharedPreferencesImpl$EditorImpl>",
+            "runtimeType": "android.app.SharedPreferencesImpl$EditorImpl",
+            "instanceId": "268282727",
+            "instanceToString": "android.app.SharedPreferencesImpl$EditorImpl@ffdab67"
+        }
+    ]
+}
+```
+Explanation of fields:
+- `id`: Unique identifier for the event (UUID)
+- `type`: Type of event (e.g., "hook", "summary")
+- `category`: Category specified in the hook file (e.g., "STORAGE", "CRYPTO")
+- `time`: Timestamp of the event in ISO 8601 format
+- `class`: Hooked class name
+- `method`: Hooked method name
+- `instanceId`: Unique identifier for the instance on which the method was called
+- `stackTrace`: Captured stack trace leading to the method call
+- `inputParameters`: Array of input parameters with their declared types and values
+  - `declaredType`: The declared type of the parameter
+  - `value`: The captured value of the parameter
+- `returnValue`: Array of return values with their declared types and values
+  - `declaredType`: The declared type of the return value
+  - `value`: The captured value of the return value
+  - `runtimeType`: The actual runtime type of the return value
+  - `instanceId`: Unique identifier for the return value instance
+  - `instanceToString`: String representation of the return value instance

frooky-0.1.3/frooky/__init__.py ADDED Viewed

@@ -0,0 +1,8 @@
+"""Frooky package."""
+try:
+    from ._version import version as __version__
+except ImportError:
+    __version__ = "0+unknown" # Using a PEP 440 compliant local version to make it obvious this is not a real release.
+__all__ = ["__version__"]

frooky-0.1.3/frooky/_version.py ADDED Viewed

@@ -0,0 +1,34 @@
+# file generated by setuptools-scm
+# don't change, don't track in version control
+__all__ = [
+    "__version__",
+    "__version_tuple__",
+    "version",
+    "version_tuple",
+    "__commit_id__",
+    "commit_id",
+]
+TYPE_CHECKING = False
+if TYPE_CHECKING:
+    from typing import Tuple
+    from typing import Union
+    VERSION_TUPLE = Tuple[Union[int, str], ...]
+    COMMIT_ID = Union[str, None]
+else:
+    VERSION_TUPLE = object
+    COMMIT_ID = object
+version: str
+__version__: str
+__version_tuple__: VERSION_TUPLE
+version_tuple: VERSION_TUPLE
+commit_id: COMMIT_ID
+__commit_id__: COMMIT_ID
+__version__ = version = '0.1.3'
+__version_tuple__ = version_tuple = (0, 1, 3)
+__commit_id__ = commit_id = 'gf9dc6e318'

{frooky-0.1.1 → frooky-0.1.3}/frooky/cli.py RENAMED Viewed

@@ -3,6 +3,7 @@ from __future__ import annotations
 import argparse
 from pathlib import Path
+from . import __version__
 from .frida_runner import FrookyRunner, RunnerOptions
@@ -12,6 +13,12 @@ def build_parser() -> argparse.ArgumentParser:
         description="Run Frooky hooks using Frida's Python bindings.",
     )
+    parser.add_argument(
+        "--version",
+        action="version",
+        version=f"frooky {__version__}",
+    )
     # Device selection group
     device_group = parser.add_argument_group("device selection")
     device_group.add_argument("-D", "--device", metavar="ID", help="Connect to device with the given ID")

{frooky-0.1.1 → frooky-0.1.3}/frooky/frida_runner.py RENAMED Viewed

@@ -46,6 +46,7 @@ class FrookyRunner:
         self.session: Optional[frida.core.Session] = None
         self.script: Optional[frida.core.Script] = None
         self.device: Optional[frida.core.Device] = None
+        self.spawned_pid: Optional[int] = None
         self.event_count: int = 0
         self.last_event: str = "Waiting for events..."
         self.total_hooks: Optional[int] = None
@@ -325,6 +326,7 @@ class FrookyRunner:
         elif opts.spawn:
             pid = self.device.spawn(opts.spawn)
             session = self.device.attach(pid)
+            self.spawned_pid = pid
             return session
         else:
@@ -387,8 +389,7 @@ class FrookyRunner:
             # Resume if spawned
             if self.options.spawn:
-                pid = self.session.pid
-                self.device.resume(pid)
+                self.device.resume(self.spawned_pid)
             # Main loop
             while True:

{frooky-0.1.1 → frooky-0.1.3}/frooky.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: frooky
-Version: 0.1.1
+Version: 0.1.3
 Summary: Frida-powered hook runner based on JSON hook files.
 Author-email: Carlos Holguera <holguera.cybersec@gmail.com>, Stefan Bernhardsgrütter <stefan.bernhardsgruetter@redguard.ch>
 License:                     GNU GENERAL PUBLIC LICENSE

{frooky-0.1.1 → frooky-0.1.3}/frooky.egg-info/SOURCES.txt RENAMED Viewed

@@ -1,8 +1,17 @@
+.gitignore
 LICENSE
 README.md
 pyproject.toml
+.github/workflows/publish.yml
+.github/workflows/sync-labels.yml
+docs/usage.md
+docs/examples/example.md
+docs/examples/hooks.json
+docs/examples/hooks2.json
+docs/examples/output.json
 frooky/__init__.py
 frooky/__main__.py
+frooky/_version.py
 frooky/cli.py
 frooky/frida_runner.py
 frooky/resources.py

{frooky-0.1.1 → frooky-0.1.3}/pyproject.toml RENAMED Viewed

@@ -1,10 +1,10 @@
 [build-system]
-requires = ["setuptools>=70"]
+requires = ["setuptools>=70", "setuptools-scm>=8"]
 build-backend = "setuptools.build_meta"
 [project]
 name = "frooky"
-version = "0.1.1"
+dynamic = ["version"]
 description = "Frida-powered hook runner based on JSON hook files."
 readme = "README.md"
 requires-python = ">=3.10"
@@ -50,3 +50,6 @@ frooky = [
   "android/*.js",
   "ios/*.js",
 ]
+[tool.setuptools_scm]
+version_file = "frooky/_version.py"