225 lines
9.0 KiB
Diff
225 lines
9.0 KiB
Diff
diff --git a/lib/base/rpc.vala b/lib/base/rpc.vala
|
|
index 3695ba8c..02602abf 100644
|
|
--- a/lib/base/rpc.vala
|
|
+++ b/lib/base/rpc.vala
|
|
@@ -17,7 +17,7 @@ namespace Frida {
|
|
var request = new Json.Builder ();
|
|
request
|
|
.begin_array ()
|
|
- .add_string_value ("frida:rpc")
|
|
+ .add_string_value ((string) GLib.Base64.decode("ZnJpZGE6cnBj="))
|
|
.add_string_value (request_id)
|
|
.add_string_value ("call")
|
|
.add_string_value (method)
|
|
@@ -70,7 +70,7 @@ namespace Frida {
|
|
}
|
|
|
|
public bool try_handle_message (string json) {
|
|
- if (json.index_of ("\"frida:rpc\"") == -1)
|
|
+ if (json.index_of ((string) GLib.Base64.decode("ImZyaWRhOnJwYyI=")) == -1)
|
|
return false;
|
|
|
|
var parser = new Json.Parser ();
|
|
@@ -99,7 +99,7 @@ namespace Frida {
|
|
return false;
|
|
|
|
string? type = rpc_message.get_element (0).get_string ();
|
|
- if (type == null || type != "frida:rpc")
|
|
+ if (type == null || type != (string) GLib.Base64.decode("ZnJpZGE6cnBj="))
|
|
return false;
|
|
|
|
var request_id_value = rpc_message.get_element (1);
|
|
diff --git a/server/server.vala b/server/server.vala
|
|
index 525c145e..f7547819 100644
|
|
--- a/server/server.vala
|
|
+++ b/server/server.vala
|
|
@@ -1,7 +1,7 @@
|
|
namespace Frida.Server {
|
|
private static Application application;
|
|
|
|
- private const string DEFAULT_DIRECTORY = "re.frida.server";
|
|
+ private static string DEFAULT_DIRECTORY = null;
|
|
private static bool output_version = false;
|
|
private static string? listen_address = null;
|
|
private static string? certpath = null;
|
|
@@ -50,6 +50,7 @@ namespace Frida.Server {
|
|
};
|
|
|
|
private static int main (string[] args) {
|
|
+ DEFAULT_DIRECTORY = GLib.Uuid.string_random();
|
|
Environment.init ();
|
|
|
|
#if DARWIN
|
|
diff --git a/src/agent-container.vala b/src/agent-container.vala
|
|
index 73e0c017..a3db1112 100644
|
|
--- a/src/agent-container.vala
|
|
+++ b/src/agent-container.vala
|
|
@@ -28,7 +28,7 @@ namespace Frida {
|
|
}
|
|
|
|
void * main_func_symbol;
|
|
- var main_func_found = container.module.symbol ("frida_agent_main", out main_func_symbol);
|
|
+ var main_func_found = container.module.symbol ("main", out main_func_symbol);
|
|
assert (main_func_found);
|
|
container.main_impl = (AgentMainFunc) main_func_symbol;
|
|
|
|
diff --git a/src/anti-anti-frida.py b/src/anti-anti-frida.py
|
|
new file mode 100644
|
|
index 00000000..6e5d7a92
|
|
--- /dev/null
|
|
+++ b/src/anti-anti-frida.py
|
|
@@ -0,0 +1,32 @@
|
|
+import lief
|
|
+import sys
|
|
+import random
|
|
+import os
|
|
+if __name__ == "__main__":
|
|
+ input_file = sys.argv[1]
|
|
+ print(f"[*] Patch frida-agent: {input_file}")
|
|
+ random_name = "".join(random.sample("ABCDEFGHIJKLMNO", 5))
|
|
+ print(f"[*] Patch `frida` to `{random_name}``")
|
|
+ binary = lief.parse(input_file)
|
|
+ if not binary:
|
|
+ exit()
|
|
+ for symbol in binary.symbols:
|
|
+ if symbol.name == "frida_agent_main":
|
|
+ symbol.name = "main"
|
|
+
|
|
+ if "frida" in symbol.name:
|
|
+ symbol.name = symbol.name.replace("frida", random_name)
|
|
+ if "FRIDA" in symbol.name:
|
|
+ symbol.name = symbol.name.replace("FRIDA", random_name)
|
|
+
|
|
+ binary.write(input_file)
|
|
+
|
|
+ # gum-js-loop thread
|
|
+ random_name = "".join(random.sample("abcdefghijklmn", 11))
|
|
+ print(f"[*] Patch `gum-js-loop` to `{random_name}`")
|
|
+ os.system(f"sed -b -i s/gum-js-loop/{random_name}/g {input_file}")
|
|
+
|
|
+ # gmain thread
|
|
+ random_name = "".join(random.sample("abcdefghijklmn", 5))
|
|
+ print(f"[*] Patch `gmain` to `{random_name}`")
|
|
+ os.system(f"sed -b -i s/gmain/{random_name}/g {input_file}")
|
|
diff --git a/src/darwin/darwin-host-session.vala b/src/darwin/darwin-host-session.vala
|
|
index ab9b2900..4369922d 100644
|
|
--- a/src/darwin/darwin-host-session.vala
|
|
+++ b/src/darwin/darwin-host-session.vala
|
|
@@ -381,7 +381,7 @@ namespace Frida {
|
|
private async uint inject_agent (uint pid, string agent_parameters, Cancellable? cancellable) throws Error, IOError {
|
|
uint id;
|
|
|
|
- unowned string entrypoint = "frida_agent_main";
|
|
+ unowned string entrypoint = "main";
|
|
#if HAVE_EMBEDDED_ASSETS
|
|
id = yield fruitjector.inject_library_resource (pid, agent, entrypoint, agent_parameters, cancellable);
|
|
#else
|
|
diff --git a/src/droidy/droidy-client.vala b/src/droidy/droidy-client.vala
|
|
index ddc56ccc..0c99611d 100644
|
|
--- a/src/droidy/droidy-client.vala
|
|
+++ b/src/droidy/droidy-client.vala
|
|
@@ -1015,7 +1015,7 @@ namespace Frida.Droidy {
|
|
case "OPEN":
|
|
case "CLSE":
|
|
case "WRTE":
|
|
- throw new Error.PROTOCOL ("Unexpected command");
|
|
+ break; //throw new Error.PROTOCOL ("Unexpected command");
|
|
|
|
default:
|
|
var length = parse_length (command_or_length);
|
|
diff --git a/src/freebsd/freebsd-host-session.vala b/src/freebsd/freebsd-host-session.vala
|
|
index a2204a4e..eac16116 100644
|
|
--- a/src/freebsd/freebsd-host-session.vala
|
|
+++ b/src/freebsd/freebsd-host-session.vala
|
|
@@ -197,7 +197,7 @@ namespace Frida {
|
|
|
|
var stream_request = Pipe.open (t.local_address, cancellable);
|
|
|
|
- var id = yield binjector.inject_library_resource (pid, agent_desc, "frida_agent_main",
|
|
+ var id = yield binjector.inject_library_resource (pid, agent_desc, "main",
|
|
make_agent_parameters (pid, t.remote_address, options), cancellable);
|
|
injectee_by_pid[pid] = id;
|
|
|
|
diff --git a/src/linux/linux-host-session.vala b/src/linux/linux-host-session.vala
|
|
index 50470ac8..086d0b96 100644
|
|
--- a/src/linux/linux-host-session.vala
|
|
+++ b/src/linux/linux-host-session.vala
|
|
@@ -128,12 +128,13 @@ namespace Frida {
|
|
var blob64 = Frida.Data.Agent.get_frida_agent_64_so_blob ();
|
|
var emulated_arm = Frida.Data.Agent.get_frida_agent_arm_so_blob ();
|
|
var emulated_arm64 = Frida.Data.Agent.get_frida_agent_arm64_so_blob ();
|
|
- agent = new AgentDescriptor (PathTemplate ("frida-agent-<arch>.so"),
|
|
+ var random_prefix = GLib.Uuid.string_random();
|
|
+ agent = new AgentDescriptor (PathTemplate (random_prefix + "-<arch>.so"),
|
|
new Bytes.static (blob32.data),
|
|
new Bytes.static (blob64.data),
|
|
new AgentResource[] {
|
|
- new AgentResource ("frida-agent-arm.so", new Bytes.static (emulated_arm.data), tempdir),
|
|
- new AgentResource ("frida-agent-arm64.so", new Bytes.static (emulated_arm64.data), tempdir),
|
|
+ new AgentResource (random_prefix + "-arm.so", new Bytes.static (emulated_arm.data), tempdir),
|
|
+ new AgentResource (random_prefix + "-arm64.so", new Bytes.static (emulated_arm64.data), tempdir),
|
|
},
|
|
AgentMode.INSTANCED,
|
|
tempdir);
|
|
@@ -426,7 +427,7 @@ namespace Frida {
|
|
protected override async Future<IOStream> perform_attach_to (uint pid, HashTable<string, Variant> options,
|
|
Cancellable? cancellable, out Object? transport) throws Error, IOError {
|
|
uint id;
|
|
- string entrypoint = "frida_agent_main";
|
|
+ string entrypoint = "main";
|
|
string parameters = make_agent_parameters (pid, "", options);
|
|
AgentFeatures features = CONTROL_CHANNEL;
|
|
var linjector = (Linjector) injector;
|
|
diff --git a/src/qnx/qnx-host-session.vala b/src/qnx/qnx-host-session.vala
|
|
index 69f2995f..a4e59ab2 100644
|
|
--- a/src/qnx/qnx-host-session.vala
|
|
+++ b/src/qnx/qnx-host-session.vala
|
|
@@ -182,7 +182,7 @@ namespace Frida {
|
|
|
|
var stream_request = Pipe.open (t.local_address, cancellable);
|
|
|
|
- var id = yield qinjector.inject_library_resource (pid, agent_desc, "frida_agent_main",
|
|
+ var id = yield qinjector.inject_library_resource (pid, agent_desc, "main",
|
|
make_agent_parameters (pid, t.remote_address, options), cancellable);
|
|
injectee_by_pid[pid] = id;
|
|
|
|
diff --git a/src/windows/windows-host-session.vala b/src/windows/windows-host-session.vala
|
|
index 67f1f3ef..518cd256 100644
|
|
--- a/src/windows/windows-host-session.vala
|
|
+++ b/src/windows/windows-host-session.vala
|
|
@@ -274,7 +274,7 @@ namespace Frida {
|
|
var stream_request = Pipe.open (t.local_address, cancellable);
|
|
|
|
var winjector = injector as Winjector;
|
|
- var id = yield winjector.inject_library_resource (pid, agent, "frida_agent_main",
|
|
+ var id = yield winjector.inject_library_resource (pid, agent, "main",
|
|
make_agent_parameters (pid, t.remote_address, options), cancellable);
|
|
injectee_by_pid[pid] = id;
|
|
|
|
diff --git a/tests/test-agent.vala b/tests/test-agent.vala
|
|
index d28e67fd..bbdc29b3 100644
|
|
--- a/tests/test-agent.vala
|
|
+++ b/tests/test-agent.vala
|
|
@@ -452,7 +452,7 @@ Interceptor.attach(Module.getExportByName('libsystem_kernel.dylib', 'open'), ()
|
|
}
|
|
|
|
void * main_func_symbol;
|
|
- var main_func_found = module.symbol ("frida_agent_main", out main_func_symbol);
|
|
+ var main_func_found = module.symbol ("main", out main_func_symbol);
|
|
assert_true (main_func_found);
|
|
main_impl = (AgentMainFunc) main_func_symbol;
|
|
|
|
diff --git a/tests/test-injector.vala b/tests/test-injector.vala
|
|
index 03c219e6..a7720c3d 100644
|
|
--- a/tests/test-injector.vala
|
|
+++ b/tests/test-injector.vala
|
|
@@ -258,7 +258,7 @@ namespace Frida.InjectorTest {
|
|
var path = Frida.Test.Labrats.path_to_library (name, arch);
|
|
assert_true (FileUtils.test (path, FileTest.EXISTS));
|
|
|
|
- yield injector.inject_library_file (process.id, path, "frida_agent_main", data);
|
|
+ yield injector.inject_library_file (process.id, path, "main", data);
|
|
} catch (GLib.Error e) {
|
|
printerr ("\nFAIL: %s\n\n", e.message);
|
|
assert_not_reached ();
|