Skip to content

Commit

Permalink
Improvement of hook editor UI
Browse files Browse the repository at this point in the history
  • Loading branch information
@FrenchYeti
FrenchYeti committed Nov 5, 2019
1 parent 72f2938 commit 9578f23
Show file tree
Hide file tree
Showing 3 changed files with 175 additions and 36 deletions.
96 changes: 72 additions & 24 deletions inspectors/DynamicLoader/inspector.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ DynLoaderInspector.useGUI();
var DynDB = DynLoaderInspector.useMemoryDB()
DynDB.newIndex('dex');



DynLoaderInspector.registerTagCategory(
"dynamic_loading",
["invoked","loaded"]
Expand Down Expand Up @@ -314,26 +316,60 @@ DynLoaderInspector.hookSet.addIntercept({
onMatch: function(ctx,event){
DynLoaderInspector.emits("hook.dex.load",event);
},
variables: {
names: new HOOK.VariableArray([])
},
interceptBefore: `
// DEXC_MODULE.common.copy(arguments[0], "dexfile.dex");
var doCondition = true;
send({
id:"@@__HOOK_ID__@@",
match: true,
data: {
arg0: arguments[0],
arg1: arguments[1],
arg2: arguments[2]
},
after: true,
msg: "DexFile.loadDex()",
tags: [{
style:"purple",
text: "dynamic"
}],
action:"Log"
});
if(@@__VAR__@@.names.indexOf(arguments[0])>-1)
doCondition = false;
if(doCondition){
send({
id:"@@__HOOK_ID__@@",
match: true,
data: {
dex: arguments[0],
odex: arguments[1],
arg2: arguments[2],
isNew: true,
__hidden__data: DEXC_MODULE.common.readFile(arguments[0])
},
after: false,
msg: "DexFile.loadDex()",
tags: [{
style:"purple",
text: "dynamic"
}],
action:"Log"
});
}else{
send({
id:"@@__HOOK_ID__@@",
match: true,
data: {
dex: arguments[0],
odex: arguments[1],
arg2: arguments[2],
isNew: false,
__hidden__data: null
},
after: false,
msg: "DexFile.loadDex()",
tags: [{
style:"purple",
text: "dynamic"
}],
action:"Log"
});
}
`
});

Expand All @@ -353,7 +389,6 @@ DynLoaderInspector.hookSet.addIntercept({
else
path = arg0;
// DEXC_MODULE.common.copy(path, "dexfile.dex");
send({
Expand Down Expand Up @@ -412,12 +447,19 @@ DynLoaderInspector.hookSet.addProbe({

DynLoaderInspector.on("hook.dex.load", {
task: function(ctx, event){
Logger.info("[INSPECTOR][TASK] DynLoaderInspector new Dex file loaded ",event.data.path);
if(event.data.data.isNew == false) return null;

let hook = ctx.hook.getHookByID(ut.b64_decode(event.data.hook));

Logger.info("[INSPECTOR][TASK] DynLoaderInspector new Dex file loaded :\n\tDex: ",event.data.data.dex);

// update variable for next time
hook.getVariable('names').getData().push(event.data.data.dex);
}
});
DynLoaderInspector.on("hook.dex.new", {
task: function(ctx, event){
Logger.info("[INSPECTOR][TASK] DynLoaderInspector new Dex file", event.data.path);
Logger.info("[INSPECTOR][TASK] DynLoaderInspector new Dex file", event.data.data.path);

}
});
Expand All @@ -428,7 +470,7 @@ DynLoaderInspector.on("hook.reflect.class.get", {

// search if the method exists

Logger.info("[INSPECTOR][TASK] DynLoaderInspector search Class ",event.data.signature);
Logger.info("[INSPECTOR][TASK] DynLoaderInspector search Class ",event.data.data.signature);
}
});
/*
Expand All @@ -452,7 +494,10 @@ DynLoaderInspector.on("hook.reflect.method.get", {

// if no result, do nothing
// try to resolve reference (it may be an inherited method)
if(callers.count() == 0) return false;
if(callers.count() == 0){
Logger.debug("Callers of '",data.__hidden__trace[1].cls+"."+data.__hidden__trace[1].meth,"' not found!");
return false;
}

// if more than one result, try to filter with filename/line number
if(callers.count()>1){
Expand All @@ -462,13 +507,16 @@ DynLoaderInspector.on("hook.reflect.method.get", {
}
}else{
// no trace ==> try another heuristic
if(callers.count() == 0) return false;
Logger.debug("No hidden trace");
return false;

}

// not able to correlate (TODO : keep a track)
if(caller == null || meth == null)
if(caller == null || meth == null) {
Logger.debug("Caller not found")
return false;
}

// tag the method as "invoked dynamically"
if(!meth.hasTag(AnalysisHelper.TAG.Invoked.Dynamically))
Expand Down
1 change: 1 addition & 0 deletions src/webserver/public/dist/css/v2.css
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,7 @@ h5.card-header {
}
}


.secondary-text {
color: gray;
}
Expand Down
114 changes: 102 additions & 12 deletions src/webserver/public/pages/probe.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,8 @@ <h3 class="modal-title" id="methodModalLabel">Method details</h3>
}

body += '</td></tr>';
body += '<tr><td>Fullname</td><td>'+htmlEncode(row.enclosingClass+'.'+row.name)+'</td></tr>';
body += '<tr><td>Class</td><td><a href="/pages/finder.html?class='+btoa(encodeURIComponent(row.enclosingClass))+'"><span class="fa fa-eye"></span>&nbsp;'+htmlEncode(row.enclosingClass)+'</a></td></tr>';
body += '<tr><td>Fullname</td><td><a href="/pages/finder.html?method='+btoa(encodeURIComponent(row.__signature__))+'"><span class="fa fa-eye"></span>&nbsp;'+htmlEncode(row.__signature__)+'</a></td></tr>';

for(let i=0; i<row.args.length; i++){
sgt = row.args[i].name;
Expand Down Expand Up @@ -227,7 +228,7 @@ <h3 class="modal-title" id="methodModalLabel">Method details</h3>

// body += '<table class="table"><thead><tr><th scope="col">Action</th><th scope="col">Type</th></thead><tbody>';
body += '<div class="row dxc-hook-ppt"><div class="col-lg-2">Hook UUID</div><div class="col-lg-8">'+htmlEncode(row.id)+'</div></div>';
body += '<div class="row dxc-hook-ppt"><div class="col-lg-2">Hooked method</div><div class="col-lg-8"><a methid="'+btoa(encodeURIComponent(row.name))+'" class="showMethod">'+htmlEncode(row.name)+'</a></div></div>';
body += '<div class="row dxc-hook-ppt"><div class="col-lg-2">Hooked method</div><div class="col-lg-8"><a href="#" methid="'+btoa(encodeURIComponent(row.name))+'" class="showMethod"><span class="fa fa-eye"></span>&nbsp;'+htmlEncode(row.name)+'</a></div></div>';
body += '<div class="row dxc-hook-ppt"><div class="col-lg-2">Description</div><div class="col-lg-8">'+((row.description!=null)?htmlEncode(row.description):'<i>empty</i>')+'</div></div>';
body += "</div>";

Expand All @@ -243,23 +244,49 @@ <h3 class="modal-title" id="methodModalLabel">Method details</h3>
<div class="card">
<div class="card-header">
<div class="row">
<div class="col-lg-10" style="font-size:1.8em">
<div class="col-lg-10" style="font-size:1.2em">
Hook code
</div>
<div class="col-lg-2" style="text-align:right">
<button code="`+codeID+`" hookid="`+row.id+`" class="btn btn-danger savechange" hookreplay="auto" data-toggle="tooltip" data-placement="bottom" title="Save & replay"><span class="fa fa-refresh bold"></span>&nbsp;<span class="fa fa-save"></span></button>
<button code="`+codeID+`" hookid="`+row.id+`" class="btn btn-danger savechange" hookreplay="none"data-toggle="tooltip" data-placement="bottom" title="Save change"><span class="fa fa-save"></span>&nbsp;</button>
<div code="`+codeID+`" hookid="`+row.id+`" class="btn btn-danger savechange" hookreplay="auto" data-toggle="tooltip" data-placement="bottom" title="Save & replay" style="font-size:0.8em"><span class="fa fa-refresh bold"></span>&nbsp;<span class="fa fa-save"></span></div>
<div code="`+codeID+`" hookid="`+row.id+`" class="btn btn-danger savechange" hookreplay="none" data-toggle="tooltip" data-placement="bottom" title="Save change" style="font-size:0.8em"><span class="fa fa-save"></span>&nbsp;</div>
</div>
</div>
</div>
<div class="card-body" style="padding:0px;">
<ul class="nav">
<li class="nav-item">
<a class="nav-link active" href="#">StackTrace</a>
<span class="nav-link">Helpers:</span>
</li>
<li class="nav-item">
<a class="nav-link" href="#">Breakpoint</a>
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="nhookDropdownMenuLink" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Java hook
</a>
<div class="dropdown-menu" aria-labelledby="nhookDropdownMenuLink">
<a class="dropdown-item insertHookSnippet" code="`+codeID+`" hooksnippet="printstacktrace">Print StackTrace</a>
<a class="dropdown-item insertHookSnippet" code="`+codeID+`" hooksnippet="javab2s">String from bytearray</a>
<a class="dropdown-item insertHookSnippet" code="`+codeID+`" hooksnippet="newinstanceof">New instance of</a>
<a class="dropdown-item insertHookSnippet" code="`+codeID+`" hooksnippet="methsignature">Get signature from Method object</a>
</div>
</li>
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="nhookDropdownMenuLink" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Native hook
</a>
<div class="dropdown-menu" aria-labelledby="nhookDropdownMenuLink">
<!-- <a class="dropdown-item insertHookSnippet" code="`+codeID+`" hooksnippet="nhook_fopen">File open</a> -->
<a class="dropdown-item insertHookSnippet" code="`+codeID+`" hooksnippet="nhook_offset">Hook from offset</a>
<!-- <a class="dropdown-item insertHookSnippet" code="`+codeID+`" hooksnippet="nhook_hexdump">Memory hexdump</a> -->
</div>
</li>
<!-- <li class="nav-item">
<a class="nav-link badge badge-pill badge-primar badge-action insertHookSnippet" code="`+codeID+`" hooksnippet="fread" href="#">File read</span>
</li>
<li class="nav-item">
<a class="nav-link badge badge-pill badge-primar badge-action insertHookSnippet" code="`+codeID+`" hooksnippet="breakpoint" href="#">Breakpoint</span>
</li> -->
</ul>
<pre id="`+codeID+`">`+htmlEncode(decodeURIComponent(atob(row.script)))+`</pre>
</div>
Expand All @@ -270,11 +297,11 @@ <h3 class="modal-title" id="methodModalLabel">Method details</h3>
<div class="card-header">
<div class="row">
<div class="col-lg-6 col-md-6" style="font-size:1.5em;" >
<div class="col-lg-6 col-md-6" style="font-size:1.2em;" >
Hook messages
</div>
<div class="col-lg-6 col-md-6" style="text-align:right">
<button class="btn btn-danger replay-hook" code="`+codeID+`" hookid="`+row.id+`"><span class="fa fa-refresh">&nbsp;</span>Replay hook</button>
<button class="btn btn-danger replay-hook" code="`+codeID+`" hookid="`+row.id+`" style="font-size:0.8em"><span class="fa fa-refresh">&nbsp;</span>Replay hook</button>
</div>
</div>
</div>
Expand All @@ -285,7 +312,7 @@ <h3 class="modal-title" id="methodModalLabel">Method details</h3>
</div>
</div>
</div>
</div>'`
</div>`
//body += '<div class="row"><div class="col-md-offset-10"><button code="'+codeID+'" hookid="'+row.id+'" class="btn btn-primary savechange">Save changes</button></div></div>';

setTimeout(function(){
Expand Down Expand Up @@ -376,7 +403,7 @@ <h3 class="modal-title" id="methodModalLabel">Method details</h3>
}
},{
render: function(data, type, row, meta ){
return '<a style="margin-left:1em;gont-size:1.2em;" class="probe-del" href="#remove:hook:'+row.id+'" hookid="'+row.id+'" data-toggle="tooltip" data-placement="bottom" title="remove"><span class="fa fa-trash"></span>&nbsp;</a>';
return '<span style="margin-left:1em;font-size:1.2em;" class="badge badge-pîll badge-action badge-danger probe-del" hookid="'+row.id+'" data-toggle="tooltip" data-placement="bottom" title="remove"><span class="fa fa-trash"></span></a>';

//return '<button style="height:1.5em;padding-top:0px;padding-bottom:0px;" class="btn btn-primary probe-duplicate" hookid="'+row.id+'" data-toggle="tooltip" data-placement="bottom" title="duplicate"><span class="fa fa-copy"></span></button>&nbsp;'
// +'<button style="height:1.5em;padding-top:0px;padding-bottom:0px;" class="btn btn-danger probe-del" hookid="'+row.id+'" data-toggle="tooltip" data-placement="bottom" title="remove"><span class="fa fa-trash"></span></button>';
Expand Down Expand Up @@ -668,6 +695,12 @@ <h3 class="modal-title" id="methodModalLabel">Method details</h3>

$(document).on("click",".probe-del",function(e){
let id = getAttr(e.target,"hookid");

console.log("del",id,e.target);
if(id==null)
id = getAttr(e.target.parentElement,"hookid")




$.ajax("../api/hook/"+id.value,{
Expand All @@ -681,8 +714,65 @@ <h3 class="modal-title" id="methodModalLabel">Method details</h3>
}
}
});
});

// insertHookSnippet
$(document).on("click",".insertHookSnippet",function(e){
let id = getAttr(e.target,"hooksnippet").value;
let code = "";
let editor = EditorRegister[getAttr(e.target,"code").value];

console.log("Esditor>",id,editor,editor.getCursorPosition() );
switch(id){
case "printstacktrace":
code = `
DEXC_MODULE.common.printStackTrace()
`;
break;
// ajouter is blacklisted

case "newinstanceof":
code = `
Java.use('<CLASS_FQCN>').$new(<ARGS>);
`;
break;
case "methsignature":
code = `
// 'METHOD_OBJ' should be an instance of Method
// 'METHOD_ARGS_TYPE' should be an array of parameter's classes
var signature = DEXC_MODULE.reflect.getMethodSignature(
Java.cast( METHOD_OBJ.getDeclaringClass(), DEXC_MODULE.common.class.java.lang.Class),
METHOD_ARGS_TYPE
);
`;
break;
case "javab2s":
code = `
Java.use('java.lang.String').$new(Java.array('byte', BYTE_ARRAY_HERE ));
`;
break;
case "nhook_symbol":
code = `
Interceptor.attach(
Module.findBaseAddress( NAME ).add( OFFSET ), {
onEnter: function(args){
send("entering");
},
onLeave: function(ret){
send("exiting");
}
});
`;
break;
default:
alert("Hook code snippet not supported : "+id);
return;
}

editor.session.insert(
editor.getCursorPosition(),
code
);
});

$("#start-hook").click(()=>{
Expand Down

0 comments on commit 9578f23

Please sign in to comment.