All config.mk features enabled on linux-armhf
3.8M frida-inject
2.6M frida-portal
3.2M frida-server
15M frida-agent.so
15M frida-gadget.so
Ole André Vadla Ravnås oleavr
View 00-frida-footprint.md
View vice.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const vice = Process.getModuleByName('/usr/lib/c64emu.rgl'); | |
| const mainloopOuterLoop = vice.getExportByName('maincpu_mainloop').add(0xf4); | |
| const memStore = new NativeFunction(vice.getExportByName('mem_store'), 'void', ['uint16', 'uint8'], { exceptions: 'propagate' }); | |
| const ioPending = Memory.alloc(4); | |
| const ioCallbacks = []; | |
| function poke(address, value) { | |
| schedule(() => { memStore(address, value); }); | |
| } |
View scapy.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| setImmediate(function () { | |
| var NSAutoreleasePool = ObjC.classes.NSAutoreleasePool; | |
| var NSSpeechSynthesizer = ObjC.classes.NSSpeechSynthesizer; | |
| var pool = NSAutoreleasePool.alloc().init(); | |
| try { | |
| var synth = NSSpeechSynthesizer.alloc().init(); | |
| var voices = NSSpeechSynthesizer.availableVoices(); |
oleavr
/ simpleceptor-arm.ts
Created
May 19, 2020 02:22
Simplified Interceptor reimplemented in TypeScript
View simpleceptor-arm.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const THUMB_HOOK_REDIRECT_SIZE = 8; | |
| const THUMB_BIT_REMOVAL_MASK = ptr(1).not(); | |
| const trampolines: NativePointer[] = []; | |
| const replacements: NativePointer[] = []; | |
| export function makeTrampoline(target: NativePointer): NativePointer { | |
| const targetAddress = target.and(THUMB_BIT_REMOVAL_MASK); | |
| const trampoline = Memory.alloc(Process.pageSize); |
View hello.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Try it on a running process like this: | |
| * | |
| * $ frida gimp-2.10 -l hello.js | |
| * | |
| * This uses the Frida REPL, which supports live-reload. | |
| */ | |
| Interceptor.attach(Module.getExportByName(null, 'open'), { | |
| onEnter: function (args) { |
View dump-stack.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const Java = require('frida-java-bridge'); | |
| const { getApi, withRunnableArtThread, ArtStackVisitor, translateMethod } = require('frida-java-bridge/lib/android'); | |
| Java.perform(() => { | |
| const AccountManager = Java.use('android.accounts.AccountManager'); | |
| const m = AccountManager.getAccounts; | |
| m.implementation = function (...args) { | |
| console.log('getAccounts() called from: ' + JSON.stringify(captureBacktrace(), null, 2)); | |
| return m.apply(this, args); |
View jit-example.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| const slowCallback = new NativeCallback(value => { | |
| console.log('slowCallback hit'); | |
| return 43; | |
| }, 'int', ['int']); | |
| const fastCallback = Memory.alloc(Process.pageSize); | |
| Memory.patchCode(fastCallback, 128, code => { | |
| const cw = new X86Writer(code, { pc: fastCallback }); |
View frida-logging.md
Frida logging helper
For adding temporary logging to help understand behavior. For when it is impractical to use Frida to instrument Frida.
Choose one of these and copy-paste it into e.g. lib/interfaces/session.vala,
then use log_event ("name='%s'", name); to log.
When something appears to be hanging, try applying: x-async-debug.patch.
View QuakeRESTAPIDemo.md
Build
npm install
Run
$ frida QuakeSpasm --enable-jit -l _agent.js
$ curl -s http://localhost:1337/stats | jq
$ curl -s -X POST http://localhost:1337/attack | jq
View explore.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| Interceptor.attach(ptr('0x103cdbf40'), { | |
| onEnter: function (args) { | |
| send({ type: 'need-input' }); | |
| var operation = recv(function (res) { | |
| args[0] = ptr(res); | |
| }); | |
| operation.wait(); |
NewerOlder