brandon15811/dump.py

## dump.py
"""
Setup (requires root on Android device):
pip install frida #(may require root on host machine)

curl -O https://build.frida.re/frida/android/arm/bin/frida-server
adb push frida-server /data/local/tmp/
adb shell "chmod 755 /data/local/tmp/frida-server"
adb shell "/data/local/tmp/frida-server &"

Usage:
python dump.py | text2pcap -n -D -u 45656,19132 -4 192.168.1.2,192.168.1.3 - output.pcap

Uses hardcoded IPs and ports in the PCAP
"""
import frida
import signal

session = frida.get_usb_device().attach("com.mojang.minecraftpe")
with open('dump_hook.js') as f:
	packetScript = session.create_script(f.read())

packetScript.load()

signal.pause()

## dump_hook.js
'use strict';

//_ZNK11BatchPacket5writeEPN6RakNet9BitStreamE
//_ZN11BatchPacket4readEPN6RakNet9BitStreamE

function packetOnEnter(args) {
        this.b = args[1];
}

function packetOnLeave (retval) {
    var rlen = Memory.readShort(this.b)/8;
    var uint8arr = new Uint8Array(Memory.readByteArray(this.b.add(0x11), rlen));
    var hexStr = '';
    for (var i = 0; i < uint8arr.length; i++) {
        var hex = (uint8arr[i] & 0xff).toString(16);
        hex = (hex.length === 1) ? '0' + hex : hex;
        hexStr += hex;
        hexStr += ' ';
    }
    hexStr = '00000000 ' + hexStr;
    return hexStr;
}

var sendPacket = Module.findExportByName(null, "_ZNK11BatchPacket5writeEPN6RakNet9BitStreamE");
Interceptor.attach(ptr(sendPacket), {
    onEnter:packetOnEnter,
    onLeave: function (retval) {
		console.log("O " + packetOnLeave.call(this, retval));
    }
});

var readPacket = Module.findExportByName(null, "_ZN11BatchPacket4readEPN6RakNet9BitStreamE");
Interceptor.attach(ptr(readPacket), {
    onEnter:packetOnEnter,
    onLeave: function (retval) {
		console.log("I " + packetOnLeave.call(this, retval));
    }
});
	"""
	Setup (requires root on Android device):
	pip install frida #(may require root on host machine)

	curl -O https://build.frida.re/frida/android/arm/bin/frida-server
	adb push frida-server /data/local/tmp/
	adb shell "chmod 755 /data/local/tmp/frida-server"
	adb shell "/data/local/tmp/frida-server &"

	Usage:
	python dump.py \| text2pcap -n -D -u 45656,19132 -4 192.168.1.2,192.168.1.3 - output.pcap

	Uses hardcoded IPs and ports in the PCAP
	"""
	import frida
	import signal

	session = frida.get_usb_device().attach("com.mojang.minecraftpe")
	with open('dump_hook.js') as f:
	packetScript = session.create_script(f.read())

	packetScript.load()

	signal.pause()
	'use strict';

	//_ZNK11BatchPacket5writeEPN6RakNet9BitStreamE
	//_ZN11BatchPacket4readEPN6RakNet9BitStreamE

	function packetOnEnter(args) {
	this.b = args[1];
	}

	function packetOnLeave (retval) {
	var rlen = Memory.readShort(this.b)/8;
	var uint8arr = new Uint8Array(Memory.readByteArray(this.b.add(0x11), rlen));
	var hexStr = '';
	for (var i = 0; i < uint8arr.length; i++) {
	var hex = (uint8arr[i] & 0xff).toString(16);
	hex = (hex.length === 1) ? '0' + hex : hex;
	hexStr += hex;
	hexStr += ' ';
	}
	hexStr = '00000000 ' + hexStr;
	return hexStr;
	}

	var sendPacket = Module.findExportByName(null, "_ZNK11BatchPacket5writeEPN6RakNet9BitStreamE");
	Interceptor.attach(ptr(sendPacket), {
	onEnter:packetOnEnter,
	onLeave: function (retval) {
	console.log("O " + packetOnLeave.call(this, retval));
	}
	});

	var readPacket = Module.findExportByName(null, "_ZN11BatchPacket4readEPN6RakNet9BitStreamE");
	Interceptor.attach(ptr(readPacket), {
	onEnter:packetOnEnter,
	onLeave: function (retval) {
	console.log("I " + packetOnLeave.call(this, retval));
	}
	});