Last active
July 22, 2021 12:23
-
-
Save dktapps/d861998eaf9a5ed83851bc8629f61405 to your computer and use it in GitHub Desktop.
BDS Frida.re packet tracer, based on https://gist.github.com/Frago9876543210/2e5de55f1bb7e42594b73f5665391bf4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # -*- coding: utf-8 -*- | |
| import frida | |
| import sys | |
| import json | |
| import argparse | |
| import subprocess | |
| import base64 | |
| import time | |
| def validateMode(mode): | |
| if mode not in 'rw': | |
| raise argparse.ArgumentTypeError('Unknown mode') | |
| return mode | |
| parser = argparse.ArgumentParser(description='bedrock_server packet tracer') | |
| parser.add_argument('mode', help='"r" - read, "w" - write', type=validateMode) | |
| args = parser.parse_args() | |
| try: | |
| session = frida.attach('bedrock_server_symbols.debug') | |
| except frida.ProcessNotFoundError: | |
| sys.exit('Could not find bedrock_server_symbols.debug process') | |
| except frida.PermissionDeniedError as e: | |
| sys.exit(e) | |
| logpath = './packets_' + str(time.time()) + '.txt' | |
| logfile = open(logpath, 'wb') | |
| def onMessage(message, data): | |
| if message['type'] == 'error': | |
| print(message['stack']) | |
| return | |
| logfile.write(str.encode(message['payload']) + b':' + base64.b64encode(data) + b'\n') | |
| try: | |
| script = session.create_script("""var stringLength = new NativeFunction(Module.findExportByName(null, '_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6lengthEv'), 'long', ['pointer']); | |
| recv('input', function(message) { | |
| var mode = message.mode; | |
| var doRead = mode.includes('r'); | |
| var doWrite = mode.includes('w'); | |
| var count = 0; | |
| Module.enumerateSymbols('bedrock_server_symbols.debug').forEach(function(exportedFunc) { | |
| if (exportedFunc.type !== 'function') { | |
| return; | |
| } | |
| if (!exportedFunc.name.includes('Packet')) { | |
| return; | |
| } | |
| if (doRead && (exportedFunc.name.endsWith('Packet4readER20ReadOnlyBinaryStream') || exportedFunc.name.endsWith('Packet5_readER20ReadOnlyBinaryStream'))) { | |
| console.log("Hooking function " + exportedFunc.name); | |
| Interceptor.attach(exportedFunc.address, { | |
| onEnter: function(args) { | |
| this.pointer = args[1]; | |
| }, | |
| onLeave: function(retval) { | |
| var realAddr = Memory.readPointer(this.pointer.add(56)); | |
| var rlen = stringLength(realAddr); | |
| send('read', Memory.readByteArray(Memory.readPointer(realAddr), rlen)); | |
| } | |
| }); | |
| count++; | |
| } | |
| if (doWrite && exportedFunc.name.endsWith('Packet5writeER12BinaryStream')) { | |
| console.log("Hooking function " + exportedFunc.name); | |
| try{ | |
| Interceptor.attach(exportedFunc.address, { | |
| onEnter: function(args) { | |
| this.pointer = args[1]; | |
| }, | |
| onLeave: function(retval) { | |
| var realAddr = Memory.readPointer(this.pointer.add(56)); | |
| var rlen = stringLength(realAddr); | |
| send('write', Memory.readByteArray(Memory.readPointer(realAddr), rlen)); | |
| } | |
| }); | |
| count++; | |
| } catch (e) { | |
| console.log("Error intercepting function " + exportedFunc.name + ": " + e.toString()); | |
| } | |
| } | |
| }); | |
| console.log("Hooked " + count + " functions. Ready."); | |
| }); | |
| """) | |
| script.on('message', onMessage) | |
| script.load() | |
| script.post({ | |
| 'type': 'input', | |
| 'mode': args.mode | |
| }) | |
| print('Logging packets to ' + logpath) | |
| sys.stdin.read() | |
| except KeyboardInterrupt: | |
| logfile.close() | |
| sys.exit(0) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment