Bug bounty tip: jiandikishe kwa Intigriti, jukwaa la bug bounty la premium lililotengenezwa na hackers, kwa hackers! Jiunge nasi kwenye https://go.intigriti.com/hacktricks leo, na uanze kupata zawadi hadi $100,000!

Hii ni muhtasari wa chapisho: https://medium.com/infosec-adventures/introduction-to-frida-5a3f51595ca1 APK: https://github.com/t0thkr1s/frida-demo/releases Msimbo wa Chanzo: https://github.com/t0thkr1s/frida-demo

Python

Frida inakuwezesha kuingiza msimbo wa JavaScript ndani ya kazi za programu inayotembea. Lakini unaweza kutumia python kuita viunganishi na hata kuingiliana na viunganishi.

Hii ni skripti rahisi ya python ambayo unaweza kutumia na mifano yote iliyopendekezwa katika tutorial hii:

#hooking.py
import frida, sys

with open(sys.argv[1], 'r') as f:
jscode = f.read()
process = frida.get_usb_device().attach('infosecadventures.fridademo')
script = process.create_script(jscode)
print('[ * ] Running Frida Demo application')
script.load()
sys.stdin.read()

Call the script:

python hooking.py <hookN.js>

Ni muhimu kujua jinsi ya kutumia python na frida, lakini kwa mifano hii unaweza pia kuita moja kwa moja Frida ukitumia zana za amri za frida:

frida -U --no-pause -l hookN.js -f infosecadventures.fridademo

Hook 1 - Boolean Bypass

Hapa unaweza kuona jinsi ya hook njia ya boolean (checkPin) kutoka darasa: infosecadventures.fridademo.utils.PinUtil

//hook1.js
Java.perform(function() {
console.log("[ * ] Starting implementation override...")
var MainActivity = Java.use("infosecadventures.fridademo.utils.PinUtil");
MainActivity.checkPin.implementation = function(pin){
console.log("[ + ] PIN check successfully bypassed!")
return true;
}
});

python hooking.py hook1.js

Mirar: Kazi inapata kama parameter String, si lazima overload?

Hook 2 - Function Bruteforce

Non-Static Function

Ikiwa unataka kuita kazi isiyo ya static ya darasa, unahitaji kwanza kuwa na mfano wa darasa hilo. Kisha, unaweza kutumia mfano huo kuita kazi hiyo. Ili kufanya hivyo, unaweza kupata mfano uliopo na kuutumia:

Java.perform(function() {
console.log("[ * ] Starting PIN Brute-force, please wait...");
Java.choose("infosecadventures.fridademo.utils.PinUtil", {
onMatch: function(instance) {
console.log("[ * ] Instance found in memory: " + instance);
for(var i = 1000; i < 9999; i++){
if(instance.checkPin(i + "") == true){
console.log("[ + ] Found correct PIN: " + i);
break;
}
}
},
onComplete: function() { }
});
});

Katika kesi hii hii haifanyi kazi kwani hakuna mfano wowote na kazi ni ya Kihandisi

Static Function

Ikiwa kazi ni ya Kihandisi, unaweza kuikalia tu:

//hook2.js
Java.perform(function () {
console.log("[ * ] Starting PIN Brute-force, please wait...")
var PinUtil = Java.use("infosecadventures.fridademo.utils.PinUtil");

for(var i=1000; i < 9999; i++)
{
if(PinUtil.checkPin(i+"") == true){
console.log("[ + ] Found correct PIN: " + i);
}
}
});

Hook 3 - Retrieving arguments and return value

Unaweza kuunganisha kazi na kufanya iwe chapishe thamani ya hoja zilizopitishwa na thamani ya thamani ya kurudi:

//hook3.js
Java.perform(function() {
console.log("[ * ] Starting implementation override...")

var EncryptionUtil = Java.use("infosecadventures.fridademo.utils.EncryptionUtil");
EncryptionUtil.encrypt.implementation = function(key, value){
console.log("Key: " + key);
console.log("Value: " + value);
var encrypted_ret = this.encrypt(key, value); //Call the original function
console.log("Encrypted value: " + encrypted_ret);
return encrypted_ret;
}
});

Muhimu

Katika tutorial hii umeshikilia mbinu ukitumia jina la mbinu na .implementation. Lakini kama kuna mbinu zaidi ya moja zenye jina sawa, utahitaji kueleza mbinu unayotaka kushikilia ukionyesha aina ya hoja.

Unaweza kuona hiyo katika tutorial inayofuata.

Usanidi wa bug bounty: jiandikishe kwa Intigriti, jukwaa la bug bounty la kiwango cha juu lililotengenezwa na hackers, kwa hackers! Jiunge nasi katika https://go.intigriti.com/hacktricks leo, na uanze kupata zawadi hadi $100,000!