Initial commit - able to produce a working Linux POC

2023-05-23 17:21:14 +03:00
commit 11ec2f401b
8 changed files with 1561 additions and 0 deletions
--- a/src/injector.rs
+++ b/src/injector.rs
@ -0,0 +1,55 @@
+use frida::{DeviceManager, Frida, ScriptHandler, ScriptOption, ScriptRuntime};
+use lazy_static::lazy_static;
+
+lazy_static! {
+	static ref FRIDA: Frida = unsafe { Frida::obtain() };
+}
+
+const FRIDA_CODE: &str = env!("FRIDA_CODE", "Please set FRIDA_CODE environment variable");
+
+#[no_mangle]
+pub fn inject(pid: u32) {
+	let device_manager = DeviceManager::obtain(&FRIDA);
+
+	if let Some(device) = device_manager.enumerate_all_devices().first() {
+		println!("[*] First device: {}", device.get_name());
+
+		let session = device.attach(pid).unwrap();
+
+		if !session.is_detached() {
+			println!("[*] Attached");
+
+			let mut script_option = ScriptOption::new()
+				// .set_name("frida-deepfreeze-rs")
+				.set_runtime(ScriptRuntime::QJS);
+			let script = session
+				.create_script(FRIDA_CODE, &mut script_option)
+				.unwrap();
+
+			script.handle_message(&mut Handler).unwrap();
+
+			script.load().unwrap();
+			println!("[*] Script loaded");
+
+			script.unload().unwrap();
+			println!("[*] Script unloaded");
+
+			session.detach().unwrap();
+			println!("[*] Session detached");
+		}
+	};
+}
+
+#[no_mangle]
+pub fn inject_self() {
+	println!("[*] Attaching to self self");
+	inject(0);
+}
+
+struct Handler;
+
+impl ScriptHandler for Handler {
+	fn on_message(&mut self, message: &str) {
+		println!("[<] {message}");
+	}
+}
--- a/src/lib.rs
+++ b/src/lib.rs
@ -0,0 +1,40 @@
+pub mod injector;
+
+pub use injector::{inject, inject_self};
+
+// #[cfg(unix)]
+use ctor::ctor;
+
+// #[cfg(unix)]
+#[ctor]
+fn _start() {
+	println!("[+] frida-deepfreeze-rs SO injected");
+	inject_self();
+}
+
+/*
+#[cfg(windows)]
+use std::ptr;
+#[cfg(windows)]
+use std::ffi::c_void;
+#[cfg(windows)]
+use winapi::um::libloaderapi::{DllMain, DLL_PROCESS_ATTACH, DLL_PROCESS_DETACH, DLL_THREAD_ATTACH, DLL_THREAD_DETACH};
+
+#[allow(non_snake_case)]
+#[cfg(windows)]
+#[no_mangle]
+pub extern "system" fn DllMain(hinstDLL: *mut c_void, fdwReason: u32, _: *mut c_void) -> i32 {
+	match fdwReason {
+		DLL_PROCESS_ATTACH => {
+			println!("[+] frida-deepfreeze-rs DLL injected");
+			inject_self();
+		}
+		// DLL_PROCESS_DETACH => {}
+		// DLL_THREAD_ATTACH => {}
+		// DLL_THREAD_DETACH => {}
+		_ => {}
+	}
+
+	1
+}
+*/
--- a/src/main.rs
+++ b/src/main.rs
@ -0,0 +1,14 @@
+pub mod injector;
+pub use injector::inject;
+
+fn main() {
+	let args: Vec<String> = std::env::args().collect();
+
+	if args.len() < 2 {
+		println!("Usage: {} <PID>", args[0]);
+		return;
+	}
+
+	let pid: u32 = args[1].parse().unwrap();
+	inject(pid);
+}