add strong frida

linktools-toolkit · Oct 16, 2023 · 38c6301 · 38c6301
1 parent e315c7d
commit 38c6301
Show file tree

Hide file tree

Showing 10 changed files with 76 additions and 46 deletions.
diff --git a/agent/frida/index.ts b/agent/frida/index.ts
@@ -128,7 +128,36 @@ class Log {
 // script loader
 ////////////////////////////////////////////////////////////////////////
 
-import { ScriptLoader } from "./loader";
+interface Parameters {
+    [name: string]: any;
+}
+
+interface Script {
+    filename: string;
+    source: string;
+}
+
+export class ScriptLoader {
+
+    load(scripts: Script[], parameters: Parameters) {
+        for (const script of scripts) {
+            try {
+                let name = script.filename;
+                name = name.replace(/[\/\\]/g, '$');
+                name = name.replace(/[^A-Za-z0-9_$]+/g, "_");
+                name = `fn_${name}`.substring(0, 255);
+                const func = (0, eval)(
+                    `(function ${name}(parameters) {${script.source}\n})\n` +
+                    `//# sourceURL=${script.filename}`
+                )
+                func(parameters);
+            } catch (e) {
+                let message = e.hasOwnProperty("stack") ? e.stack : e;
+                throw new Error(`Unable to load ${script.filename}: ${message}`);
+            }
+        }
+    }
+}
 
 const scriptLoader = new ScriptLoader();
 

diff --git a/agent/frida/lib/android.ts b/agent/frida/lib/android.ts
@@ -203,7 +203,7 @@ export class AndroidHelper {
             } catch (e) {
                 if (helperThis.$useClassCallbackMap == null) {
                     helperThis.$useClassCallbackMap = new Map<string, UseClassCallBackSet>();
-                    helperThis.$regiesterUseClassCallback(helperThis.$useClassCallbackMap);
+                    helperThis.$registerUseClassCallback(helperThis.$useClassCallbackMap);
                 }
                 if (helperThis.$useClassCallbackMap.has(className)) {
                     let callbackSet = helperThis.$useClassCallbackMap.get(className);
@@ -223,7 +223,7 @@ export class AndroidHelper {
 
     $useClassCallbackMap: Map<string, UseClassCallBackSet> = null;
 
-    $regiesterUseClassCallback(map: Map<string, UseClassCallBackSet>) {
+    $registerUseClassCallback(map: Map<string, UseClassCallBackSet>) {
 
         const classLoaders = Java.use("java.util.HashSet").$new();
 

diff --git a/agent/frida/lib/java.ts b/agent/frida/lib/java.ts
@@ -146,11 +146,32 @@ export class JavaHelper {
         return void 0;
     }
 
+    private $prettyClassName(className: string) {
+        if (className.startsWith("[L") && className.endsWith(";")) {
+            return `${className.substring(2, className.length - 1)}[]`;
+        } else if (className.startsWith("[")) {
+            switch(className.substring(1, 2)) {
+                case "B": return "byte[]";
+                case "C": return "char[]";
+                case "D": return "double[]";
+                case "F": return "float[]";
+                case "I": return "int[]";
+                case "S": return "short[]";
+                case "J": return "long[]";
+                case "Z": return "boolean[]";
+                case "V": return "void[]";
+            }
+        }
+        return className;
+    }
+
     /**
      * 为method添加properties
      * @param method 方法对象
      */
     private $defineMethodProperties<T extends Java.Members<T> = {}>(method: Java.Method<T>): void {
+        const javaHelperThis = this;
+
         Object.defineProperties(method, {
             className: {
                 configurable: true,
@@ -162,13 +183,13 @@ export class JavaHelper {
                 configurable: true,
                 enumerable: true,
                 get() {
-                    const ret = this.returnType.className;
-                    const name = this.className + "." + this.methodName;
+                    const ret = javaHelperThis.$prettyClassName(this.returnType.className);
+                    const name = javaHelperThis.$prettyClassName(this.className) + "." + this.methodName;
                     let args = "";
                     if (this.argumentTypes.length > 0) {
-                        args = this.argumentTypes[0].className;
+                        args = javaHelperThis.$prettyClassName(this.argumentTypes[0].className);
                         for (let i = 1; i < this.argumentTypes.length; i++) {
-                            args = args + ", " + this.argumentTypes[i].className;
+                            args = args + ", " + javaHelperThis.$prettyClassName(this.argumentTypes[i].className);
                         }
                     }
                     return ret + " " + name + "(" + args + ")";

diff --git a/agent/frida/loader.ts b/agent/frida/loader.ts
diff --git a/src/linktools/assets/android-tools.json b/src/linktools/assets/android-tools.json
@@ -9,7 +9,8 @@
     "ANDROID_TOOL_FRIDA_SERVER": [
         {
             "name": "strong-frida-server-{version}-android-{abi}",
-            "url": "https://github.com/hzzheyang/strongR-frida-android/releases/download/{version}/hluda-server-{version}-android-{abi}.xz"
+            "url": "https://github.com/hzzheyang/strongR-frida-android/releases/download/{version}/hluda-server-{version}-android-{abi}.xz",
+            "min_version": "15.1.8"
         },
         {
             "name": "frida-server-{version}-android-{abi}",

diff --git a/src/linktools/cli/commands/android/frida.py b/src/linktools/cli/commands/android/frida.py
@@ -106,7 +106,7 @@ def on_session_detached(self, session, reason, crash) -> None:
                 if target_app is None:
                     raise CommandError("Unknown frontmost application")
                 package = target_app.identifier
-            environ.logger.info(f"Target application: {package}")
+            environ.logger.info(f"Frida inject target application: {package}")
 
             app = Application(
                 server,

diff --git a/src/linktools/cli/commands/android/objection.py b/src/linktools/cli/commands/android/objection.py
@@ -83,7 +83,7 @@ def run(self, args: [str]) -> Optional[int]:
                 if target_app is None:
                     raise CommandError("Unknown frontmost application")
                 package = target_app.identifier
-            environ.logger.info(f"Target application: {package}")
+            environ.logger.info(f"Frida inject target application: {package}")
 
             objection_args += ["-g", package]
             objection_args += ["explore"]

diff --git a/src/linktools/cli/commands/ios/frida.py b/src/linktools/cli/commands/ios/frida.py
@@ -99,7 +99,7 @@ def on_session_detached(self, session, reason, crash) -> None:
                 if target_app is None:
                     raise CommandError("Unknown frontmost application")
                 bundle_id = target_app.identifier
-            environ.logger.info(f"Target application: {bundle_id}")
+            environ.logger.info(f"Frida inject target application: {bundle_id}")
 
             app = Application(
                 server,

diff --git a/src/linktools/cli/commands/ios/objection.py b/src/linktools/cli/commands/ios/objection.py
@@ -75,7 +75,7 @@ def run(self, args: [str]) -> Optional[int]:
                 if target_app is None:
                     raise CommandError("Unknown frontmost application")
                 bundle_id = target_app.identifier
-            environ.logger.info(f"Target application: {bundle_id}")
+            environ.logger.info(f"Frida inject target application: {bundle_id}")
 
             objection_args += ["-g", bundle_id]
             objection_args += ["explore"]

diff --git a/src/linktools/frida/android.py b/src/linktools/frida/android.py
@@ -66,7 +66,12 @@ def _start(self):
             server_path = self._prepare_executable()
 
             # 转发端口
-            self._forward = self._device.forward(f"tcp:{self._local_port}", f"tcp:{self._remote_port}")
+            if self._forward is not None:
+                self._forward.stop()
+            self._forward = self._device.forward(
+                f"tcp:{self._local_port}",
+                f"tcp:{self._remote_port}"
+            )
 
             # 创建软链
             self._device.sudo("mkdir", "-p", self._server_dir)
@@ -95,16 +100,20 @@ def _stop(self):
                     self._device.sudo("kill", "-9", process.pid, ignore_errors=True)
         finally:
             # 把转发端口给移除了，不然会一直占用这个端口
-            utils.ignore_error(self._forward.stop)
-            self._forward = None
+            if self._forward is not None:
+                self._forward.stop()
+                self._forward = None
 
     @classmethod
     def _get_executables(cls, abi: str, version: str):
         result = []
         configs = environ.get_config("ANDROID_TOOL_FRIDA_SERVER", type=list)
         for config in configs:
             config.update(version=version, abi=abi)
-            result.append(cls.Executable(config))
+            min_version = config.get("min_version", "0.0.0")
+            max_version = config.get("max_version", "99999.0.0")
+            if utils.parse_version(min_version) <= utils.parse_version(version) <= utils.parse_version(max_version):
+                result.append(cls.Executable(config))
         return result
 
     def _prepare_executable(self):