Skip to content

Instantly share code, notes, and snippets.

@AkshayJainG
Forked from FrankSpierings/openssl-frida.js
Created March 24, 2020 12:00
Show Gist options
  • Save AkshayJainG/2f7af565481a663c6d278c222e6b630a to your computer and use it in GitHub Desktop.
Save AkshayJainG/2f7af565481a663c6d278c222e6b630a to your computer and use it in GitHub Desktop.
Some OpenSSL hooks in Frida - Work in progress....
function hooks() {
(function() {
var name = 'RSA_public_decrypt';
console.log('[!] Hooking: ' + name);
Interceptor.attach(Module.findExportByName(null, name), {
onEnter: function(args) {
this.length = args[0];
this.data = args[2];
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log('Length: ' + this.length);
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
})();
(function() {
var name = 'EVP_EncryptUpdate';
console.log('[!] Hooking: ' + name);
Interceptor.attach(Module.findExportByName(null, name), {
onEnter: function(args) {
this.length = args[4];
this.data = args[3];
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
})();
(function() {
var name = 'RSA_private_decrypt';
console.log('[!] Hooking: ' + name);
Interceptor.attach(Module.findExportByName(null, name), {
onEnter: function(args) {
this.length = args[0];
this.data = args[2];
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log('Length: ' + this.length);
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
})();
(function() {
var name = 'RSA_public_encrypt';
console.log('[!] Hooking: ' + name);
Interceptor.attach(Module.findExportByName(null, name), {
onEnter: function(args) {
this.length = args[0];
this.data = args[1];
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log('Length: ' + this.length);
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
})();
(function() {
var name = 'EVP_PKEY_encrypt';
console.log('[!] Hooking: ' + name);
Interceptor.attach(Module.findExportByName(null, name), {
onEnter: function(args) {
this.length = args[4];
this.data = args[3];
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log('Length: ' + this.length);
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
})();
(function() {
var name = 'EVP_PKEY_decrypt';
console.log('[!] Hooking: ' + name);
Interceptor.attach(Module.findExportByName(null, name), {
onEnter: function(args) {
this.length = args[2];
this.data = args[1];
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log('Length: ' + this.length);
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
})();
(function() {
var name = 'AES_cbc_encrypt';
console.log('[!] Hooking: ' + name);
Interceptor.attach(Module.findExportByName(null, name), {
onEnter: function(args) {
this.length = args[2];
this.enc = args[5];
if (this.enc == 0) {
//decrypt
this.data = args[1];
} else {
this.data = args[0];
}
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log('Length: ' + this.length);
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
})();
(function() {
// https://github.com/openssl/openssl/blob/master/crypto/aes/asm/aesni-x86_64.pl - 610
var name = 'aesni_ecb_encrypt';
console.log('[!] Hooking: ' + name);
Interceptor.attach(Module.findExportByName(null, name), {
onEnter: function(args) {
this.length = args[2];
this.enc = args[4];
if (this.enc == 0) {
//decrypt
this.data = args[1];
} else {
this.data = args[0];
}
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log('Length: ' + this.length);
console.log('Enc: ' + this.enc);
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
})();
}
hooks();
console.log('[+] Loaded');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment