get stack trace for native invokes

TODO add peek gif & docs
2018-04-23 19:06:53 +03:00 · 2018-04-23 19:06:53 +03:00 · 8786e54478
commit 8786e54478
parent 1f9ec7bf0b
1 changed files with 83 additions and 0 deletions
--- a/check_for_native_calls.py
+++ b/check_for_native_calls.py
@ -0,0 +1,83 @@
+# Check for native library calls and return a stacktrace
+import sys
+import frida
+from pprint import pprint
+
+
+def on_message(m, _data):
+    if m['type'] == 'send':
+        print(m['payload'])
+    else:
+        if m['type'] == 'error':
+            pprint(m)
+            exit(2)
+
+
+jscode = """
+Java.perform(function() {
+
+    var SystemDef = Java.use('java.lang.System');
+
+    var RuntimeDef = Java.use('java.lang.Runtime');
+
+    var exceptionClass = Java.use('java.lang.Exception');
+
+    var SystemLoad_1 = SystemDef.load.overload('java.lang.String');
+
+    var SystemLoad_2 = SystemDef.loadLibrary.overload('java.lang.String');
+
+    var RuntimeLoad_1 = RuntimeDef.load.overload('java.lang.String');
+
+    var RuntimeLoad_2 = RuntimeDef.loadLibrary.overload('java.lang.String');
+
+    var ThreadDef = Java.use('java.lang.Thread');
+
+    var ThreadObj = ThreadDef.$new();
+
+    SystemLoad_1.implementation = function(library) {
+        send("[1] Loading dynamic library => " + library);
+        stackTrace();
+        return SystemLoad_1.call(this, library);
+    }
+
+    SystemLoad_2.implementation = function(library) {
+        send("[2] Loading dynamic library => " + library);
+        stackTrace();
+        SystemLoad_2.call(this, library);
+        return;
+    }
+
+    RuntimeLoad_1.implementation = function(library) {
+        send("[3] Loading dynamic library => " + library);
+        stackTrace();
+        RuntimeLoad_1.call(this, library);
+        return;
+    }
+
+    RuntimeLoad_2.implementation = function(library) {
+        send("[4] Loading dynamic library => " + library);
+        stackTrace();
+        RuntimeLoad_2.call(this, library);
+        return;
+    }
+
+    function stackTrace() {
+        var stack = ThreadObj.currentThread().getStackTrace();
+        for (var i = 0; i < stack.length; i++) {
+            send(i + " => " + stack[i].toString());
+        }
+        send("--------------------------------------------------------------------------");
+    }
+
+});
+"""
+APP = 'com.app'
+device = frida.get_usb_device()
+pid = device.spawn([APP])
+session = device.attach(pid)
+script = session.create_script(jscode)
+print("[*] Intercepting [{}]".format(pid))
+script.on('message', on_message)
+script.load()
+device.resume(APP)
+sys.stdin.read()