Skip to content

Commit

Permalink
Bump to v1.4 (#50)
Browse files Browse the repository at this point in the history
* update for option bypass-ssl

* refactor code

* update new script for intercept crypto

* update .gitignore

* add new script for crypto

* add new option --proxy and fix bug

* update README & CHANGELOG

* update to version 1.4

* update requirements

* update requirements

---------

Co-authored-by: Lê Thành Phúc <>
  • Loading branch information
noobpk authored Sep 5, 2024
1 parent 2e05378 commit 37d0121
Show file tree
Hide file tree
Showing 13 changed files with 1,829 additions and 75 deletions.
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -127,3 +127,6 @@ dmypy.json

# Pyre type checker
.pyre/
py-env/
frida_server_tmp/
tmp/
12 changes: 12 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,17 @@
# Frida Android Hook ChangeLog

## [Release 1.4] - 2024-09-05

### Added
- Add new frida scripts
- Add option --proxy
### Changed
- Update readme, changelog
- Update frida-script
- Update hook.py
### Fixed
- Fix bug

## [Release 1.3] - 2022-06-21

### Added
Expand Down
17 changes: 9 additions & 8 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
| ------------- | ---------| ----------------- |
| 8.0 - Api 26 | 14.2.13 | :white_check_mark:|
| 8.0 - Api 26 | 15.0.18 | :white_check_mark:|
| 13.0 - Api 33 | 16.4.9 | :white_check_mark:|

## Feature

Expand Down Expand Up @@ -52,26 +53,26 @@ Support both spawn & attach script to process.
--list-scripts List All Scripts
--logcat Show system log of device
--shell Get the shell of connect device
--proxy Config global proxy ::3128 and reverse tcp 3128:8080
[*] Quick method:
-m(--method) Support commonly used methods
app-static(-n)
bypass-jb(-p)
bypass-root(-p)
bypass-ssl(-p)
i-url-req(-p)
i-crypto(-n)
i-nw-req(-p)
i-crypto(-p)
```

## ChangeLog

Version: 1.3
Version: 1.4
```
[+] Add:
[-] Add setup.py for build executable
[-] Add new frida scrips
[-] Add suggestion script for option `-s (--script)`
[-] Add option `--proxy` for config global proxy on device
[+] Change:
Expand All @@ -84,7 +85,7 @@ Version: 1.3
[+] Fix
[-] Fix syntax in hook.json
[-] Fix bug
```
[See Full ChangeLog](https://github.com/noobpk/frida-android-hook/blob/master/CHANGELOG.md)
Expand Down
4 changes: 2 additions & 2 deletions frida-android-hook/androidhook
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ from shutil import which

try:
if(which('python3') is not None):
command = shlex.split("python3 " +"core/hook.py")
command = shlex.split("python3 " + "core/hook.py")
else:
command = shlex.split("python " +"core/hook.py")
command = shlex.split("python " + "core/hook.py")

command.extend(sys.argv[1:])
subprocess.call(command, cwd=os.path.dirname(__file__))
Expand Down
2 changes: 1 addition & 1 deletion frida-android-hook/core/hook.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "frida-android-hook",
"version": "1.3",
"version": "1.4",
"cliVersion": "1.0",
"author": "noobpk",
"license": "LICENSE",
Expand Down
79 changes: 58 additions & 21 deletions frida-android-hook/core/hook.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
import re
import fnmatch
import shlex
import subprocess

from utils.listapp import *
from utils.checkversion import *
Expand Down Expand Up @@ -46,15 +45,32 @@ def start_frida_server(param_1):

def stop_frida_server(param):
fs = "/data/local/tmp/frida-server*"
isProc = os.popen('adb shell ps |' + param).read()
if (isProc):
logger.info("[*] Found Process Frida Server:" + isProc)

# Check if the Frida server process is running
isProc = subprocess.getoutput(f'adb shell ps | {param}')

if isProc:
logger.info("[*] Found Process Frida Server: " + isProc)
logger.info("[*] Stop Frida Server...")
os.system('adb shell ' + 'su -c ' + 'pkill -f ' + fs)

# Try to stop the Frida server with su privilege
result = subprocess.run(f'adb shell su -c "pkill -f {fs}"', shell=True)

# Check if the su command was successful
if result.returncode != 0:
logger.error("[!] Failed to stop Frida Server with su -c")
# Retry without su
logger.info("[*] Try to stop Frida Server withou su...")
result = subprocess.run(f'adb shell pkill -f {fs}', shell=True)

if result.returncode != 0:
logger.error("[!] Failed to stop Frida Server")
return

time.sleep(2)
logger.info("[*] Stop Frida Server Success!!")
else:
logger.warning("[!] Frida Server Not Start")
logger.warning("[!] Frida Server Not Started")

def check_frida_server_run(param):
isProc = os.popen('adb shell ps |' + param).read()
Expand Down Expand Up @@ -127,6 +143,7 @@ def main():
action="store_true", help="List All Scripts", dest="listscripts")
info.add_option("--logcat", action="store_true", help="Show system log of device", dest="logcat")
info.add_option("--shell", action="store_true", help="Get the shell of connect device", dest="shell")
info.add_option("--proxy", action="store_true", help="Config global proxy ::3128 and reverse tcp 3128:8080", dest="proxy")

parser.add_option_group(info)
parser.add_option_group(quick)
Expand Down Expand Up @@ -158,9 +175,9 @@ def main():
if re.search(description_pattern, line):
description = re.sub(r'\n', '', line[16:])
if re.search(mode_pattern, line):
mode = re.sub('\s+', '', line[9:])
mode = re.sub(r'\s+', '', line[9:])
if re.search(version_pattern, line):
version = re.sub('\s+', '', line[12:])
version = re.sub(r'\s+', '', line[12:])
print('|%d|%s|%s|%s|%s|' % (i, mode, file_name, description, version))
else:
logger.error('[?] Path frida-script not exists!')
Expand Down Expand Up @@ -203,7 +220,7 @@ def main():
if (findingScript == False):
logger.error('[x_x] No matching suggestions!')
sys.exit(0)
logger.info('[*] iOSHook suggestion use '+findingScript)
logger.info('[*] androidhook suggestion use '+findingScript)
answer = input('[?] Do you want continue? (y/n): ') or "y"
if answer == "y":
options.script = APP_FRIDA_SCRIPTS + findingScript
Expand Down Expand Up @@ -232,7 +249,7 @@ def main():
if (findingScript == False):
logger.error('[x_x] No matching suggestions!')
sys.exit(0)
logger.info('[*] iOSHook suggestion use '+findingScript)
logger.info('[*] androidhook suggestion use '+findingScript)
answer = input('[?] Do you want continue? (y/n): ') or "y"
if answer == "y":
options.script = APP_FRIDA_SCRIPTS + findingScript
Expand Down Expand Up @@ -281,10 +298,12 @@ def main():
logger.info('[*] Spawning: ' + options.package)
logger.info('[*] Script: ' + method)
time.sleep(2)
process = frida.get_usb_device().attach(options.package)
method = open(method, 'r')
script = process.create_script(method.read())
pid = frida.get_usb_device().spawn(options.package)
session = frida.get_usb_device().attach(pid)
hook = open(method, 'r')
script = session.create_script(hook.read())
script.load()
frida.get_usb_device().resume(pid)
sys.stdin.read()
else:
logger.error('[x_x] Script for method not found!')
Expand All @@ -296,7 +315,6 @@ def main():
logger.info('[*] Intercept NetWork Request: ')
logger.info('[*] Attaching: ' + options.name)
logger.info('[*] Script: ' + method)
time.sleep(2)
process = frida.get_usb_device().attach(options.name)
method = open(method, 'r')
script = process.create_script(method.read())
Expand All @@ -308,13 +326,18 @@ def main():
#Intercept Crypto Operations
elif options.package and options.method == "i-crypto":
method = APP_METHODS['Intercept Crypto Operations']
check_frida_server_run()
if os.path.isfile(method):
logger.info('[*] Intercept Crypto Operations: ')
logger.info('[*] Spawning: ' + options.package)
logger.info('[*] Script: ' + method)
os.system('frida -U -f '+ options.package + ' -l ' + method + ' --no-pause')
#sys.stdin.read()
time.sleep(2)
pid = frida.get_usb_device().spawn(options.package)
session = frida.get_usb_device().attach(pid)
hook = open(method, 'r')
script = session.create_script(hook.read())
script.load()
frida.get_usb_device().resume(pid)
sys.stdin.read()
else:
logger.error('[x_x] Script for method not found!')

Expand All @@ -323,7 +346,7 @@ def main():
logger.info('[*] Checking for updates...')
is_newest = check_version(speak=True)
# if not is_newest:
# logger.info('[*] There is an update available for iOS hook')
# logger.info('[*] There is an update available for androidhook')

#update newversion
elif options.update:
Expand All @@ -336,23 +359,37 @@ def main():
elif options.package and options.dumpmemory:
dump_memory(options.dumpmemory, options.package)

#ios system log
#android system log
elif options.logcat:
cmd = shlex.split('adb logcat')
subprocess.call(cmd)
sys.exit(0)

#ios get the shell
#android get the shell
elif options.shell:
cmd = shlex.split('adb shell')
subprocess.call(cmd)
sys.exit(0)

#ioshook cli
#androidhook cli
elif options.cli:
logger.info("Welcome to AndroidHook CLI! Type ? to list commands")
AndroidHook_CLI().cmdloop()

#androidhook proxy
elif options.proxy:
cmd1 = shlex.split('adb shell settings put global http_proxy 127.0.0.1:3128')
cmd2 = shlex.split('adb reverse tcp:3128 tcp:8080')

logger.info("[*] Config device global proxy to ::3128")
subprocess.call(cmd1)

logger.info("[*] Config reverse tcp from device to machine 3128:8080")
subprocess.call(cmd2)

logger.info("[*] Config success - Using proxy 127.0.0.1:8080")
sys.exit(0)

else:
logger.warning("[!] Specify the options. use (-h) for more help!")
# sys.exit(0)
Expand Down
Loading

0 comments on commit 37d0121

Please sign in to comment.