Skip to content

Instantly share code, notes, and snippets.

Ole André Vadla Ravnås oleavr

Block or report user

Report or block oleavr

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@oleavr
oleavr / hello.js
Created Feb 18, 2020
Frida Hello World
View hello.js
/*
* Try it on a running process like this:
*
* $ frida gimp-2.10 -l hello.js
*
* This uses the Frida REPL, which supports live-reload.
*/
Interceptor.attach(Module.getExportByName(null, 'open'), {
onEnter: function (args) {
@oleavr
oleavr / dump-stack.js
Last active May 24, 2019
ArtStackVisitor example
View dump-stack.js
const Java = require('frida-java');
const { getApi, withRunnableArtThread, ArtStackVisitor } = require('frida-java/lib/android');
class DebugStackVisitor extends ArtStackVisitor {
constructor(thread) {
super(thread, getApi()['art::Thread::GetLongJumpContext'](thread), 'include-inlined-frames');
}
visitFrame() {
const location = this.describeLocation();
@oleavr
oleavr / jit-example.js
Created Jan 27, 2019
Frida JIT example
View jit-example.js
'use strict';
const slowCallback = new NativeCallback(value => {
console.log('slowCallback hit');
return 43;
}, 'int', ['int']);
const fastCallback = Memory.alloc(Process.pageSize);
Memory.patchCode(fastCallback, 128, code => {
const cw = new X86Writer(code, { pc: fastCallback });
@oleavr
oleavr / frida-logging.md
Last active Mar 2, 2020
Frida logging hacks
View frida-logging.md

Frida logging helper

For adding temporary logging to help understand behavior. For when it is impractical to use Frida to instrument Frida.

Choose one of these and copy-paste it into e.g. lib/interfaces/session.vala, then use log_event ("name='%s'", name); to log.

When something appears to be hanging, try applying: x-async-debug.patch.

@oleavr
oleavr / QuakeRESTAPIDemo.md
Last active Oct 16, 2019
Quake REST API demo
View QuakeRESTAPIDemo.md

Build

npm install

Run

$ frida QuakeSpasm --enable-jit -l _agent.js
$ curl -s http://localhost:1337/stats | jq
$ curl -s -X POST http://localhost:1337/attack | jq
@oleavr
oleavr / explore.js
Created Jan 13, 2018
Block recv() example
View explore.js
'use strict';
Interceptor.attach(ptr('0x103cdbf40'), {
onEnter: function (args) {
send({ type: 'need-input' });
var operation = recv(function (res) {
args[0] = ptr(res);
});
operation.wait();
@oleavr
oleavr / trust-manager.js
Created Jun 8, 2017
How to implement an X509TrustManager using Frida
View trust-manager.js
'use strict';
var TrustManager;
var manager;
Java.perform(function () {
var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
TrustManager = Java.registerClass({
name: 'com.example.TrustManager',
@oleavr
oleavr / load-cycript.js
Last active Feb 18, 2019
Frida script to load Cycript into an arbitrary process (workaround for sandboxing issues)
View load-cycript.js
'use strict';
/*
* Usage:
* $ frida -U -n Twitter -l load-cycript.js
*/
var PORT = 27060;
dlopen('/usr/lib/libcycript.dylib');
@oleavr
oleavr / _gvariant-leak-tracker.md
Last active Aug 6, 2016
GVariant leak tracker in 78 lines of code
View _gvariant-leak-tracker.md

GVariant leak tracker in 78 lines of code

To use it on a running process, first pip install frida to grab Frida's python bindings and CLI tools, then:

$ frida FooApp -l gvariant-leak-tracker.js

Then in the REPL you can call count() and list() to inspect the values currently alive:

@oleavr
oleavr / _gobject-leak-tracker.md
Last active Nov 18, 2019
GObject leak tracker in 46 lines of code
View _gobject-leak-tracker.md

GObject leak tracker

To use it on a running process, first pip install frida to grab Frida's python bindings and CLI tools, then:

$ frida FooApp -l gobject-leak-tracker.js

Then in the REPL you can call count() and list() to inspect the instances currently alive:

You can’t perform that action at this time.