From 792c3feed2c8e77afcd71410f3bf05d478e8c5c1 Mon Sep 17 00:00:00 2001 From: Dimitris Zervas Date: Sun, 28 Jul 2024 21:26:28 +0300 Subject: [PATCH] Add custom undetected frida patches Signed-off-by: Dimitris Zervas --- .github/undetected-frida-patches.patch | 224 ++++++++++++++++++ Cargo.lock | 314 ++++++++++++++++--------- Cargo.toml | 9 +- Dockerfile.android | 20 +- Dockerfile.android-undetect | 21 ++ 5 files changed, 462 insertions(+), 126 deletions(-) create mode 100644 .github/undetected-frida-patches.patch create mode 100644 Dockerfile.android-undetect diff --git a/.github/undetected-frida-patches.patch b/.github/undetected-frida-patches.patch new file mode 100644 index 0000000..e332525 --- /dev/null +++ b/.github/undetected-frida-patches.patch @@ -0,0 +1,224 @@ +diff --git a/lib/base/rpc.vala b/lib/base/rpc.vala +index 3695ba8c..02602abf 100644 +--- a/lib/base/rpc.vala ++++ b/lib/base/rpc.vala +@@ -17,7 +17,7 @@ namespace Frida { + var request = new Json.Builder (); + request + .begin_array () +- .add_string_value ("frida:rpc") ++ .add_string_value ((string) GLib.Base64.decode("ZnJpZGE6cnBj=")) + .add_string_value (request_id) + .add_string_value ("call") + .add_string_value (method) +@@ -70,7 +70,7 @@ namespace Frida { + } + + public bool try_handle_message (string json) { +- if (json.index_of ("\"frida:rpc\"") == -1) ++ if (json.index_of ((string) GLib.Base64.decode("ImZyaWRhOnJwYyI=")) == -1) + return false; + + var parser = new Json.Parser (); +@@ -99,7 +99,7 @@ namespace Frida { + return false; + + string? type = rpc_message.get_element (0).get_string (); +- if (type == null || type != "frida:rpc") ++ if (type == null || type != (string) GLib.Base64.decode("ZnJpZGE6cnBj=")) + return false; + + var request_id_value = rpc_message.get_element (1); +diff --git a/server/server.vala b/server/server.vala +index 525c145e..f7547819 100644 +--- a/server/server.vala ++++ b/server/server.vala +@@ -1,7 +1,7 @@ + namespace Frida.Server { + private static Application application; + +- private const string DEFAULT_DIRECTORY = "re.frida.server"; ++ private static string DEFAULT_DIRECTORY = null; + private static bool output_version = false; + private static string? listen_address = null; + private static string? certpath = null; +@@ -50,6 +50,7 @@ namespace Frida.Server { + }; + + private static int main (string[] args) { ++ DEFAULT_DIRECTORY = GLib.Uuid.string_random(); + Environment.init (); + + #if DARWIN +diff --git a/src/agent-container.vala b/src/agent-container.vala +index 73e0c017..a3db1112 100644 +--- a/src/agent-container.vala ++++ b/src/agent-container.vala +@@ -28,7 +28,7 @@ namespace Frida { + } + + void * main_func_symbol; +- var main_func_found = container.module.symbol ("frida_agent_main", out main_func_symbol); ++ var main_func_found = container.module.symbol ("main", out main_func_symbol); + assert (main_func_found); + container.main_impl = (AgentMainFunc) main_func_symbol; + +diff --git a/src/anti-anti-frida.py b/src/anti-anti-frida.py +new file mode 100644 +index 00000000..6e5d7a92 +--- /dev/null ++++ b/src/anti-anti-frida.py +@@ -0,0 +1,32 @@ ++import lief ++import sys ++import random ++import os ++if __name__ == "__main__": ++ input_file = sys.argv[1] ++ print(f"[*] Patch frida-agent: {input_file}") ++ random_name = "".join(random.sample("ABCDEFGHIJKLMNO", 5)) ++ print(f"[*] Patch `frida` to `{random_name}``") ++ binary = lief.parse(input_file) ++ if not binary: ++ exit() ++ for symbol in binary.symbols: ++ if symbol.name == "frida_agent_main": ++ symbol.name = "main" ++ ++ if "frida" in symbol.name: ++ symbol.name = symbol.name.replace("frida", random_name) ++ if "FRIDA" in symbol.name: ++ symbol.name = symbol.name.replace("FRIDA", random_name) ++ ++ binary.write(input_file) ++ ++ # gum-js-loop thread ++ random_name = "".join(random.sample("abcdefghijklmn", 11)) ++ print(f"[*] Patch `gum-js-loop` to `{random_name}`") ++ os.system(f"sed -b -i s/gum-js-loop/{random_name}/g {input_file}") ++ ++ # gmain thread ++ random_name = "".join(random.sample("abcdefghijklmn", 5)) ++ print(f"[*] Patch `gmain` to `{random_name}`") ++ os.system(f"sed -b -i s/gmain/{random_name}/g {input_file}") +diff --git a/src/darwin/darwin-host-session.vala b/src/darwin/darwin-host-session.vala +index ab9b2900..4369922d 100644 +--- a/src/darwin/darwin-host-session.vala ++++ b/src/darwin/darwin-host-session.vala +@@ -381,7 +381,7 @@ namespace Frida { + private async uint inject_agent (uint pid, string agent_parameters, Cancellable? cancellable) throws Error, IOError { + uint id; + +- unowned string entrypoint = "frida_agent_main"; ++ unowned string entrypoint = "main"; + #if HAVE_EMBEDDED_ASSETS + id = yield fruitjector.inject_library_resource (pid, agent, entrypoint, agent_parameters, cancellable); + #else +diff --git a/src/droidy/droidy-client.vala b/src/droidy/droidy-client.vala +index ddc56ccc..0c99611d 100644 +--- a/src/droidy/droidy-client.vala ++++ b/src/droidy/droidy-client.vala +@@ -1015,7 +1015,7 @@ namespace Frida.Droidy { + case "OPEN": + case "CLSE": + case "WRTE": +- throw new Error.PROTOCOL ("Unexpected command"); ++ break; //throw new Error.PROTOCOL ("Unexpected command"); + + default: + var length = parse_length (command_or_length); +diff --git a/src/freebsd/freebsd-host-session.vala b/src/freebsd/freebsd-host-session.vala +index a2204a4e..eac16116 100644 +--- a/src/freebsd/freebsd-host-session.vala ++++ b/src/freebsd/freebsd-host-session.vala +@@ -197,7 +197,7 @@ namespace Frida { + + var stream_request = Pipe.open (t.local_address, cancellable); + +- var id = yield binjector.inject_library_resource (pid, agent_desc, "frida_agent_main", ++ var id = yield binjector.inject_library_resource (pid, agent_desc, "main", + make_agent_parameters (pid, t.remote_address, options), cancellable); + injectee_by_pid[pid] = id; + +diff --git a/src/linux/linux-host-session.vala b/src/linux/linux-host-session.vala +index 50470ac8..086d0b96 100644 +--- a/src/linux/linux-host-session.vala ++++ b/src/linux/linux-host-session.vala +@@ -128,12 +128,13 @@ namespace Frida { + var blob64 = Frida.Data.Agent.get_frida_agent_64_so_blob (); + var emulated_arm = Frida.Data.Agent.get_frida_agent_arm_so_blob (); + var emulated_arm64 = Frida.Data.Agent.get_frida_agent_arm64_so_blob (); +- agent = new AgentDescriptor (PathTemplate ("frida-agent-.so"), ++ var random_prefix = GLib.Uuid.string_random(); ++ agent = new AgentDescriptor (PathTemplate (random_prefix + "-.so"), + new Bytes.static (blob32.data), + new Bytes.static (blob64.data), + new AgentResource[] { +- new AgentResource ("frida-agent-arm.so", new Bytes.static (emulated_arm.data), tempdir), +- new AgentResource ("frida-agent-arm64.so", new Bytes.static (emulated_arm64.data), tempdir), ++ new AgentResource (random_prefix + "-arm.so", new Bytes.static (emulated_arm.data), tempdir), ++ new AgentResource (random_prefix + "-arm64.so", new Bytes.static (emulated_arm64.data), tempdir), + }, + AgentMode.INSTANCED, + tempdir); +@@ -426,7 +427,7 @@ namespace Frida { + protected override async Future perform_attach_to (uint pid, HashTable options, + Cancellable? cancellable, out Object? transport) throws Error, IOError { + uint id; +- string entrypoint = "frida_agent_main"; ++ string entrypoint = "main"; + string parameters = make_agent_parameters (pid, "", options); + AgentFeatures features = CONTROL_CHANNEL; + var linjector = (Linjector) injector; +diff --git a/src/qnx/qnx-host-session.vala b/src/qnx/qnx-host-session.vala +index 69f2995f..a4e59ab2 100644 +--- a/src/qnx/qnx-host-session.vala ++++ b/src/qnx/qnx-host-session.vala +@@ -182,7 +182,7 @@ namespace Frida { + + var stream_request = Pipe.open (t.local_address, cancellable); + +- var id = yield qinjector.inject_library_resource (pid, agent_desc, "frida_agent_main", ++ var id = yield qinjector.inject_library_resource (pid, agent_desc, "main", + make_agent_parameters (pid, t.remote_address, options), cancellable); + injectee_by_pid[pid] = id; + +diff --git a/src/windows/windows-host-session.vala b/src/windows/windows-host-session.vala +index 67f1f3ef..518cd256 100644 +--- a/src/windows/windows-host-session.vala ++++ b/src/windows/windows-host-session.vala +@@ -274,7 +274,7 @@ namespace Frida { + var stream_request = Pipe.open (t.local_address, cancellable); + + var winjector = injector as Winjector; +- var id = yield winjector.inject_library_resource (pid, agent, "frida_agent_main", ++ var id = yield winjector.inject_library_resource (pid, agent, "main", + make_agent_parameters (pid, t.remote_address, options), cancellable); + injectee_by_pid[pid] = id; + +diff --git a/tests/test-agent.vala b/tests/test-agent.vala +index d28e67fd..bbdc29b3 100644 +--- a/tests/test-agent.vala ++++ b/tests/test-agent.vala +@@ -452,7 +452,7 @@ Interceptor.attach(Module.getExportByName('libsystem_kernel.dylib', 'open'), () + } + + void * main_func_symbol; +- var main_func_found = module.symbol ("frida_agent_main", out main_func_symbol); ++ var main_func_found = module.symbol ("main", out main_func_symbol); + assert_true (main_func_found); + main_impl = (AgentMainFunc) main_func_symbol; + +diff --git a/tests/test-injector.vala b/tests/test-injector.vala +index 03c219e6..a7720c3d 100644 +--- a/tests/test-injector.vala ++++ b/tests/test-injector.vala +@@ -258,7 +258,7 @@ namespace Frida.InjectorTest { + var path = Frida.Test.Labrats.path_to_library (name, arch); + assert_true (FileUtils.test (path, FileTest.EXISTS)); + +- yield injector.inject_library_file (process.id, path, "frida_agent_main", data); ++ yield injector.inject_library_file (process.id, path, "main", data); + } catch (GLib.Error e) { + printerr ("\nFAIL: %s\n\n", e.message); + assert_not_reached (); diff --git a/Cargo.lock b/Cargo.lock index ba2a8ae..d898d53 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4,9 +4,9 @@ version = 3 [[package]] name = "addr2line" -version = "0.21.0" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb" +checksum = "6e4503c46a5c0c7844e948c9a4d6acd9f50cccb4de1c48eb9e291ea17470c678" dependencies = [ "gimli", ] @@ -28,15 +28,15 @@ dependencies = [ [[package]] name = "autocfg" -version = "1.1.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "backtrace" -version = "0.3.69" +version = "0.3.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837" +checksum = "5cc23269a4f8976d0a4d2e7109211a419fe30e8d88d677cd60b6bc79c5732e0a" dependencies = [ "addr2line", "cc", @@ -49,9 +49,9 @@ dependencies = [ [[package]] name = "base64" -version = "0.21.7" +version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" [[package]] name = "bindgen" @@ -96,21 +96,21 @@ checksum = "832133bbabbbaa9fbdba793456a2827627a7d2b8fb96032fa1e7666d7895832b" [[package]] name = "bumpalo" -version = "3.15.3" +version = "3.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ea184aa71bb362a1157c896979544cc23974e08fd265f29ea96b59f0b4a555b" +checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" [[package]] name = "bytes" -version = "1.5.0" +version = "1.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" +checksum = "a12916984aab3fa6e39d655a33e09c0071eb36d6ab3aea5c2d78551f1df6d952" [[package]] name = "cc" -version = "1.0.88" +version = "1.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02f341c093d19155a6e41631ce5971aac4e9a868262212153124c15fa22d1cdc" +checksum = "2aba8f4e9906c7ce3c73463f62a7f0c65183ada1a2d47e397cc8810827f9694f" [[package]] name = "cexpr" @@ -205,9 +205,8 @@ dependencies = [ [[package]] name = "frida" -version = "0.13.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd47778d80e309a5ccba0aee86129c942f1daa91c6d2aae7c678e62fef00feb3" +version = "0.13.7" +source = "git+https://github.com/dzervas/frida-rust?branch=armhf-patches#278de57a52d3bd0b1cf3499160f519b9e254bf24" dependencies = [ "frida-sys", "thiserror", @@ -215,9 +214,8 @@ dependencies = [ [[package]] name = "frida-build" -version = "0.13.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c30ea8305152e97a11228532ece476b8174ff8454e63919fc7c7c60263ad5342" +version = "0.13.7" +source = "git+https://github.com/dzervas/frida-rust?branch=armhf-patches#278de57a52d3bd0b1cf3499160f519b9e254bf24" dependencies = [ "reqwest", "tar", @@ -226,9 +224,8 @@ dependencies = [ [[package]] name = "frida-sys" -version = "0.13.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3eec812fe38961ed007d713557989ee4c7058d9363c7e66a3ae5485ee30fc303" +version = "0.13.7" +source = "git+https://github.com/dzervas/frida-rust?branch=armhf-patches#278de57a52d3bd0b1cf3499160f519b9e254bf24" dependencies = [ "bindgen", "frida-build", @@ -286,9 +283,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.12" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5" +checksum = "94b22e06ecb0110981051723910cbf0b5f5e09a2062dd7663334ee79a9d1286c" dependencies = [ "cfg-if", "libc", @@ -297,9 +294,9 @@ dependencies = [ [[package]] name = "gimli" -version = "0.28.1" +version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253" +checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd" [[package]] name = "glob" @@ -326,9 +323,9 @@ checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" [[package]] name = "hermit-abi" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "379dada1584ad501b383485dd706b8afb7a70fcbc7f4da7d780638a5a6124a60" +checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" [[package]] name = "home" @@ -352,9 +349,9 @@ dependencies = [ [[package]] name = "http-body" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1cac85db508abc24a2e48553ba12a996e87244a0395ce011e62b37158745d643" +checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" dependencies = [ "bytes", "http", @@ -362,12 +359,12 @@ dependencies = [ [[package]] name = "http-body-util" -version = "0.1.1" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0475f8b2ac86659c21b64320d5d653f9efe42acd2a4e560073ec61a155a34f1d" +checksum = "793429d76616a256bcb62c2a2ec2bed781c8307e797e2598c50010f2bee2544f" dependencies = [ "bytes", - "futures-core", + "futures-util", "http", "http-body", "pin-project-lite", @@ -375,15 +372,15 @@ dependencies = [ [[package]] name = "httparse" -version = "1.8.0" +version = "1.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904" +checksum = "0fcc0b4a115bf80b728eb8ea024ad5bd707b615bfed49e0665b6e0f86fd082d9" [[package]] name = "hyper" -version = "1.2.0" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "186548d73ac615b32a73aafe38fb4f56c0d340e110e5a200bcadbaf2e199263a" +checksum = "50dfd22e0e76d0f662d429a5f80fcaf3855009297eab6a0a9f8543834744ba05" dependencies = [ "bytes", "futures-channel", @@ -400,9 +397,9 @@ dependencies = [ [[package]] name = "hyper-rustls" -version = "0.26.0" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0bea761b46ae2b24eb4aef630d8d1c398157b6fc29e6350ecf090a0b70c952c" +checksum = "5ee4be2c948921a1a5320b629c4193916ed787a7f7f293fd3f7f5a6c9de74155" dependencies = [ "futures-util", "http", @@ -413,13 +410,14 @@ dependencies = [ "tokio", "tokio-rustls", "tower-service", + "webpki-roots", ] [[package]] name = "hyper-util" -version = "0.1.3" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca38ef113da30126bbff9cd1705f9273e15d45498615d138b0c20279ac7a76aa" +checksum = "3ab92f4f49ee4fb4f997c784b7a2e0fa70050211e0b6a287f898c3c9785ca956" dependencies = [ "bytes", "futures-channel", @@ -496,9 +494,9 @@ checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" [[package]] name = "js-sys" -version = "0.3.68" +version = "0.3.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "406cda4b368d531c842222cf9d2600a9a4acce8d29423695379c6868a143a9ee" +checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" dependencies = [ "wasm-bindgen", ] @@ -574,22 +572,23 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" -version = "0.7.2" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d811f3e15f28568be3407c8e7fdb6514c1cda3cb30683f15b6a1a1dc4ea14a7" +checksum = "b8a240ddb74feaf34a79a7add65a741f3167852fba007066dcac1ca548d89c08" dependencies = [ "adler", ] [[package]] name = "mio" -version = "0.8.11" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c" +checksum = "4569e456d394deccd22ce1c1913e6ea0e54519f577285001215d33557431afe4" dependencies = [ + "hermit-abi", "libc", "wasi", - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -606,21 +605,11 @@ dependencies = [ "minimal-lexical", ] -[[package]] -name = "num_cpus" -version = "1.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" -dependencies = [ - "hermit-abi", - "libc", -] - [[package]] name = "object" -version = "0.32.2" +version = "0.36.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441" +checksum = "3f203fa8daa7bb185f760ae12bd8e097f63d17041dcdcaf675ac54cdf863170e" dependencies = [ "memchr", ] @@ -659,9 +648,9 @@ dependencies = [ [[package]] name = "pin-project-lite" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" +checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02" [[package]] name = "pin-utils" @@ -681,6 +670,12 @@ version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6" +[[package]] +name = "ppv-lite86" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" + [[package]] name = "pretty_assertions" version = "1.4.0" @@ -710,6 +705,52 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "quinn" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e4ceeeeabace7857413798eb1ffa1e9c905a9946a57d81fb69b4b71c4d8eb3ad" +dependencies = [ + "bytes", + "pin-project-lite", + "quinn-proto", + "quinn-udp", + "rustc-hash", + "rustls", + "thiserror", + "tokio", + "tracing", +] + +[[package]] +name = "quinn-proto" +version = "0.11.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddf517c03a109db8100448a4be38d498df8a210a99fe0e1b9eaf39e78c640efe" +dependencies = [ + "bytes", + "rand", + "ring", + "rustc-hash", + "rustls", + "slab", + "thiserror", + "tinyvec", + "tracing", +] + +[[package]] +name = "quinn-udp" +version = "0.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8bffec3605b73c6f1754535084a85229fa8a30f86014e6c81aeec4abb68b0285" +dependencies = [ + "libc", + "once_cell", + "socket2", + "windows-sys 0.52.0", +] + [[package]] name = "quote" version = "1.0.35" @@ -719,6 +760,36 @@ dependencies = [ "proc-macro2", ] +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "libc", + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] + [[package]] name = "redox_syscall" version = "0.4.1" @@ -759,9 +830,9 @@ checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "reqwest" -version = "0.12.2" +version = "0.12.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d66674f2b6fb864665eea7a3c1ac4e3dfacd2fda83cf6f935a612e01b0e3338" +checksum = "c7d6d2a27d57148378eb5e111173f4276ad26340ecc5c49a4a2152167a2d6a37" dependencies = [ "base64", "bytes", @@ -781,6 +852,7 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", + "quinn", "rustls", "rustls-pemfile", "rustls-pki-types", @@ -816,9 +888,9 @@ dependencies = [ [[package]] name = "rustc-demangle" -version = "0.1.23" +version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" +checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" [[package]] name = "rustc-hash" @@ -841,11 +913,11 @@ dependencies = [ [[package]] name = "rustls" -version = "0.22.4" +version = "0.23.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf4ef73721ac7bcd79b2b315da7779d8fc09718c6b3d2d1b2d94850eb8c18432" +checksum = "c58f8c84392efc0a126acce10fa59ff7b3d2ac06ab451a33f2741989b806b044" dependencies = [ - "log", + "once_cell", "ring", "rustls-pki-types", "rustls-webpki", @@ -855,24 +927,25 @@ dependencies = [ [[package]] name = "rustls-pemfile" -version = "1.0.4" +version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" +checksum = "29993a25686778eb88d4189742cd713c9bce943bc54251a33509dc63cbacf73d" dependencies = [ "base64", + "rustls-pki-types", ] [[package]] name = "rustls-pki-types" -version = "1.4.1" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ecd36cc4259e3e4514335c4a138c6b43171a8d61d8f5c9348f9fc7529416f247" +checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" [[package]] name = "rustls-webpki" -version = "0.102.2" +version = "0.102.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" +checksum = "8e6b52d4fda176fd835fdc55a835d4a89b8499cad995885a21149d5ad62f852e" dependencies = [ "ring", "rustls-pki-types", @@ -980,9 +1053,9 @@ checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "socket2" -version = "0.5.6" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05ffd9c0a93b7543e062e759284fcf5f5e3b098501104bfbdde4d404db792871" +checksum = "ce305eb0b4296696835b71df73eb912e0f1ffd2556a501fcede6e0c50349191c" dependencies = [ "libc", "windows-sys 0.52.0", @@ -996,9 +1069,9 @@ checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" [[package]] name = "subtle" -version = "2.5.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" @@ -1013,15 +1086,15 @@ dependencies = [ [[package]] name = "sync_wrapper" -version = "0.1.2" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" +checksum = "a7065abeca94b6a8a577f9bd45aa0867a2238b74e8eb67cf10d492bc39351394" [[package]] name = "tar" -version = "0.4.40" +version = "0.4.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b16afcea1f22891c49a00c751c7b63b2233284064f11a200fc624137c51e2ddb" +checksum = "cb797dad5fb5b76fcf519e702f4a589483b5ef06567f160c392832c1f5e44909" dependencies = [ "filetime", "libc", @@ -1050,9 +1123,9 @@ dependencies = [ [[package]] name = "tinyvec" -version = "1.6.0" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" +checksum = "445e881f4f6d382d5f27c034e25eb92edd7c784ceab92a0937db7f2e9471b938" dependencies = [ "tinyvec_macros", ] @@ -1065,25 +1138,24 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.36.0" +version = "1.39.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931" +checksum = "daa4fb1bc778bd6f04cbfc4bb2d06a7396a8f299dc33ea1900cedaa316f467b1" dependencies = [ "backtrace", "bytes", "libc", "mio", - "num_cpus", "pin-project-lite", "socket2", - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] name = "tokio-rustls" -version = "0.25.0" +version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f" +checksum = "0c7bc40d0e5a97695bb96e27995cd3a08538541b0a846f65bba7a359f36700d4" dependencies = [ "rustls", "rustls-pki-types", @@ -1137,7 +1209,6 @@ dependencies = [ "tokio", "tower-layer", "tower-service", - "tracing", ] [[package]] @@ -1158,11 +1229,22 @@ version = "0.1.40" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" dependencies = [ - "log", "pin-project-lite", + "tracing-attributes", "tracing-core", ] +[[package]] +name = "tracing-attributes" +version = "0.1.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "tracing-core" version = "0.1.32" @@ -1207,9 +1289,9 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "url" -version = "2.5.0" +version = "2.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633" +checksum = "22784dbdf76fdde8af1aeda5622b546b422b6fc585325248a2bf9f5e41e94d6c" dependencies = [ "form_urlencoded", "idna", @@ -1233,9 +1315,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.91" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1e124130aee3fb58c5bdd6b639a0509486b0338acaaae0c84a5124b0f588b7f" +checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -1243,9 +1325,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.91" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9e7e1900c352b609c8488ad12639a311045f40a35491fb69ba8c12f758af70b" +checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" dependencies = [ "bumpalo", "log", @@ -1258,9 +1340,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.41" +version = "0.4.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "877b9c3f61ceea0e56331985743b13f3d25c406a7098d45180fb5f09bc19ed97" +checksum = "76bc14366121efc8dbb487ab05bcc9d346b3b5ec0eaa76e46594cabbe51762c0" dependencies = [ "cfg-if", "js-sys", @@ -1270,9 +1352,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.91" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b30af9e2d358182b5c7449424f017eba305ed32a7010509ede96cdc4696c46ed" +checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -1280,9 +1362,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.91" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "642f325be6301eb8107a83d12a8ac6c1e1c54345a7ef1a9261962dfefda09e66" +checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", @@ -1293,15 +1375,15 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.91" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f186bd2dcf04330886ce82d6f33dd75a7bfcf69ecf5763b89fcde53b6ac9838" +checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" [[package]] name = "web-sys" -version = "0.3.68" +version = "0.3.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96565907687f7aceb35bc5fc03770a8a0471d82e479f25832f54a0e3f4b28446" +checksum = "77afa9a11836342370f4817622a2f0f418b134426d91a82dfb48f532d2ec13ef" dependencies = [ "js-sys", "wasm-bindgen", @@ -1309,9 +1391,9 @@ dependencies = [ [[package]] name = "webpki-roots" -version = "0.26.1" +version = "0.26.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3de34ae270483955a94f4b21bdaaeb83d508bb84a01435f393818edb0012009" +checksum = "bd7c23921eeb1713a4e851530e9b9756e4fb0e89978582942612524cf09f01cd" dependencies = [ "rustls-pki-types", ] @@ -1493,9 +1575,9 @@ dependencies = [ [[package]] name = "winreg" -version = "0.50.0" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1" +checksum = "a277a57398d4bfa075df44f501a17cfdf8542d224f0d36095a2adc7aee4ef0a5" dependencies = [ "cfg-if", "windows-sys 0.48.0", @@ -1538,6 +1620,6 @@ checksum = "09041cd90cf85f7f8b2df60c646f853b7f535ce68f85244eb6731cf89fa498ec" [[package]] name = "zeroize" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" diff --git a/Cargo.toml b/Cargo.toml index 2787e0d..f23240c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,18 +11,21 @@ name = "standalone" path = "src/main.rs" [features] -default = ["frida"] +default = ["frida", "frida-auto-download"] frida = ["dep:frida", "dep:lazy_static", "dep:serde", "dep:serde_json"] +frida-auto-download = ["frida/auto-download"] [dependencies] -frida = { version = "0.13.6", features = ["auto-download"], optional = true } +frida = { git = "https://github.com/dzervas/frida-rust", branch = "armhf-patches", optional = true } lazy_static = { version = "1.4.0", optional = true } serde = { version = "1.0", features = ["derive"], optional = true } serde_json = { version = "1.0", optional = true } [target.'cfg(windows)'.dependencies] winapi = { version = "0.3.9", features = ["winnt", "libloaderapi"] } -windows-sys = { version = "0.52.0", features = ["Win32_System_ClrHosting"], optional = true } +windows-sys = { version = "0.52.0", features = [ + "Win32_System_ClrHosting", +], optional = true } [target.'cfg(unix)'.dependencies] ctor = "0.2.8" diff --git a/Dockerfile.android b/Dockerfile.android index be9d4c6..ce6f65b 100644 --- a/Dockerfile.android +++ b/Dockerfile.android @@ -1,19 +1,25 @@ FROM ubuntu -ARG NDK_VERSION=27.0.12077973 +# Rust & sdkmanager ARG TOOLS_VERSION=13.0 -ARG ARCH_TRIPLET=armv7-linux-androideabi -ARG NDK_ARCH=armeabi-v7a +RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y clang gcc git rustup google-android-cmdline-tools-${TOOLS_VERSION}-installer -RUN apt-get update && apt-get install -y clang gcc git rustup google-android-cmdline-tools-${TOOLS_VERSION}-installer +# Set up cargo-ndk +ARG ARCH_TRIPLET=armv7-linux-androideabi RUN rustup default stable && cargo install cargo-ndk && rustup target add ${ARCH_TRIPLET} + +# Install the NDK +ARG NDK_VERSION=25.2.9519653 RUN yes | sdkmanager --licenses && sdkmanager --install "ndk;${NDK_VERSION}" +# Required environment variables ENV ANDROID_HOME="/usr/lib/android-sdk" ENV ANDROID_NDK_HOME="/usr/lib/android-sdk/ndk/${NDK_VERSION}/" -ENV FRIDA_CODE="console.log(\"Hello world from Android InjectionForge!\")" +ENV ANDROID_NDK_ROOT="${ANDROID_NDK_HOME}" -COPY . /injectionforge +ARG NDK_ARCH=armeabi-v7a +WORKDIR /injectionforge + +# Run with: docker run -it --name iforge -v $(pwd):/injectionforge injectionforge:latest CMD ["cargo", "ndk", "-t", ${NDK_ARCH}, "--bindgen", "build"] - diff --git a/Dockerfile.android-undetect b/Dockerfile.android-undetect new file mode 100644 index 0000000..9cc1a58 --- /dev/null +++ b/Dockerfile.android-undetect @@ -0,0 +1,21 @@ +# Before building this image: +# docker build -t injectionforge-android -f Dockerfile.android +FROM injectionforge-android + +# Frida dependencies to optionally compile frida +RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y build-essential git lib32stdc++-9-dev libc6-dev-i386 nodejs npm + +# Compile frida-core devkit +ARG FRIDA_HOST=android-arm +# Updated https://github.com/ultrafunkamsterdam/undetected-frida-patches +COPY .github/undetected-frida-patches.patch /undetected-frida-patches.patch +RUN git clone https://github.com/frida/frida-core /frida-core && \ + cd /frida-core && \ + git apply /undetected-frida-patches.patch && \ + ./configure --host=${FRIDA_HOST} --with-devkits=core --disable-connectivity --disable-portal --disable-server --disable-tests --disable-gadget --disable-inject && \ + make -j8 + +ENV FRIDA_CORE_DEVKIT_PATH="/frida-core/build/src/devkit" + +# Run with: docker run -it --name iforge -v $(pwd):/injectionforge injectionforge:latest +CMD ["cargo", "ndk", "-t", ${NDK_ARCH}, "--bindgen", "build", "--no-default-features", "--features", "frida"]