Can't attach frida function to android native lib function - javascript

I'm building a frida js script that reads a json object containing directives to where to attach frida functions inside a native lib in an android APK. If I hardcode the libname and function name I can successfully attach to the function when it runs inside the app but for some reason I don't know why when I read the names from the json object the attachment doesn't occur. Assuming that I want to attach to a function named Java_sg_vantagepoint_uncrackable3_CodeCheck_bar inside libfoo.so.
The code that runs successfully:
Interceptor.attach(Module.findExportByName("libfoo.so", "Java_sg_vantagepoint_uncrackable3_CodeCheck_bar"), {
onEnter: function(args){
console.log('libfoo.so::Java_sg_vantagepoint_uncrackable3_CodeCheck_bar')
// this is logged when the function runs in the APP
if(args){
for(var arg in args){
console.log('args[' + arg + ']:')
console.log('Java_sg_vantagepoint_uncrackable3_CodeCheck_bar::args[arg] ' + args[arg])}
}
},
onLeave: function(args){
console.log('Leaving Java_sg_vantagepoint_uncrackable3_CodeCheck_bar...')
}
}
)
The code that doesn't work:
var params = {
"libs": ["libfoo.so"]
}
for(var lib in params.libs)
{
const currentLib = params.libs[lib]
Module.ensureInitialized(currentLib)
console.log('current lib: ' + currentLib)
var libExports = Module.load(currentLib).enumerateExports()
for(var i in libExports)
{
var currentLibExport = libExports[i]
if(currentLibExport.name.toLowerCase().includes('java'))
{
console.log('attaching to export: ' + currentLib + '::' + currentLibExport.name + ' at address: ' + currentLibExport.address)
Interceptor.attach(currentLibExport.address, {
onEnter: function(args){
console.log('onEnter ' + currentLib + '::' + currentLibExport.name)
if(args){
for(var arg in args){
console.log(currentLib + '::' + currentLibExport.name + '::args[arg] ' + args[arg])
}
} else
{
console.log('no args for ' + currentLib + '::' + currentLibExport.name)
}
},
onLeave: function(args){
console.log('onLeave ' + currentLib + '::' + currentLibExport.name )
}
}
)
}
}
}
Not only this doesn't attach to the function named Java_sg_vantagepoint_uncrackable3_CodeCheck_bar but even stranger during runtime it is logged the following:
onEnter libfoo.so::main
onLeave libfoo.so::main
which for me makes no sense because I didn't attach to the main function
Reference: https://www.frida.re/docs/javascript-api/#module

Related

Passing arguments to Array.forEach callback function

someOperation.then(function(x) {
things.forEach(function(thing) {
//doing something with 'thing' that depends on variable 'x'
});
});
In the code above, how can I make the variable 'x' available inside the callback function? Or do I have to go back to using a for loop in this case?
It is available.
let x = {
name: 'Mike'
};
['Hello', 'Goodbye'].forEach(function(greeting) {
document.querySelector('pre').innerHTML += greeting + ', ' + x.name + '\n';
});
<pre></pre>
What you're using here is known as a closure and is a commonly used feature of Javascript. Basically, any function has access to any other variable in it's parent scope.
function log(msg) {
document.querySelector('pre').innerHTML += msg + '\n';
}
var global = 'global';
function firstLevel(third) {
var first = 'first';
// `global` is in the parent scope so we can access it
log(global + ' -> ' + first);
function secondLevel() {
var second = 'second';
// Same thing with `first` here
log(global + ' -> ' + first + ' -> ' + second);
// This even works with passed in arguments
log(global + ' -> ' + first + ' -> ' + second + ' -> ' + third);
// We can even change closed over variables
first = 'fourth?';
}
secondLevel();
log(first); // Notice that `first` changed.
}
log(global);
firstLevel('third'); // Notice how `third` is used in `secondLevel`
<pre></pre>
You can pass a "thisArg" as the second parameter to forEach so for instance:
let x = { a: 123 };
things = ['foo', 'bar']
things.forEach(function(thing) {
alert( this.a + thing );
}, x);
Might be helpful depending on what you are trying to do.

Node module.exports pattern - Is this correct?

I'm new to JS and I am currently working on an IRC bot. I have produced the following module which I want to use for creating bot commands.
/***
* Module contains available bot commands including
* access levels to view/utilise command and help text.
*
* Usage example: commands.tg.play(payload);
*
***/
module.exports = commands = {
tg: {
reg: '^[. - !]tg',
help: 'some help text for tg',
play: function(payload){tg(payload);}
},
help: {
reg: '^[. - !]help',
description: 'some help text for intel',
play: function(payload){help(payload);}
}
};
function tg(payload){
//Example: msg_route: pm msg_from: munkee msg_data: .tg munkee testing message via tg command msg_match: .tg msg_method: .
console.log("msg_route:" + payload.msg_route + ' msg_from: ' + payload.msg_from + ' msg_data: ' + payload.msg_data + ' msg_match: ' + payload.msg_match + ' msg_method: ' + payload.msg_method);
return;
}
function help(payload){
var output='Available commands: ';
for (var i in commands){
output=output+ ' ' + i.toString();
}
return console.log(output);
}
As you can see I am currently defining some methods within my commands object. In order to try and keep things a bit cleaner I define the functions to actually be run below the commands object. I can access these easily via commands.help.play(payload). However I wanted to know whether there is a better way to do this or is the direction I am going correct? At the moment the commands are very skeleton and will be carrying out quite a bit more work but I just wanted to post something to give the general idea.
I don't like the extra fn call you're making: play:function(payload){tg(payload);} should be just play:tg since functions are first-order citizens in js. I do also prefer to assign to module.exports at the end of the file.
/***
* Module contains available bot commands including
* access levels to view/utilise command and help text.
*
* Usage example: commands.tg.play(payload);
*
***/
var commands = {};
function tg(payload){
//Example: msg_route: pm msg_from: munkee msg_data: .tg munkee testing message via tg command msg_match: .tg msg_method: .
console.log("msg_route:" + payload.msg_route + ' msg_from: ' + payload.msg_from + ' msg_data: ' + payload.msg_data + ' msg_match: ' + payload.msg_match + ' msg_method: ' + payload.msg_method);
return;
}
function help(payload){
var output='Available commands: ';
for (var i in commands){
output=output+ ' ' + i.toString();
}
return console.log(output);
}
// export
module.exports = commands = {
tg: {
reg: '^[. - !]tg',
help: 'some help text for tg',
play: tg;
},
help: {
reg: '^[. - !]help',
description: 'some help text for intel',
play: help}
}
};
It is about my personal prefrence but i will go for this one. Singleton pattern with Constructor
function Commands(){
this.commands = {};
this.tg = function (payload){
//Example: msg_route: pm msg_from: munkee msg_data: .tg munkee testing message via tg command msg_match: .tg msg_method: .
console.log("msg_route:" + payload.msg_route + ' msg_from: ' + payload.msg_from + ' msg_data: ' + payload.msg_data + ' msg_match: ' + payload.msg_match + ' msg_method: ' + payload.msg_method);
return;
};
this.help = function (payload){
var output='Available commands: ';
for (var i in commands){
output=output+ ' ' + i.toString();
}
}
this.commands.tg= {
reg: '^[. - !]tg',
help: 'some help text for tg',
play: this.tg
};
this.commands.help= {
reg: '^[. - !]help',
description: 'some help text for intel',
play: this.help
};
}
if(!!obj)
obj = new Commands();
module.exports = obj;

$.post and $.get only letting title be changed, not logging?

In the following snippet of my code, I post to a link, from which it allows me to change the title, but will not call the function info() with the argument supplied, nor will it log in the console, please help with this code, thanks. Also, please note all the variables are defined and this code works 100% besides this, and it won't work with $.get rather than $.post either.
function info(text, state) {
$("<h4>"+text+"</h4>").appendTo("body");
if (state != "run") {
$("h2").text(text).fadeIn("slow").delay(30000).fadeOut();
}
$.post(buy, function(r) {
diff = event.timeStamp - last;
$(document).prop('title', 'Purchased '+info['itemName']+'!');
info('Purchased '+info['itemName']+' for '+info['expectedPrice']+' in '+diff+' milliseconds!');
console.log('Purchased '+info['itemName']+' for '+info['expectedPrice']+' in '+diff+' milliseconds!');
})
--EDIT--
If I put console.log above info, the code works excluding the info() function, so the problem is possibly there
Try (this pattern)
// var last = $.now();
function info(text, state) {
$("<h4>" + text + "</h4>").appendTo("body");
if (state != "run") {
$("h2").text(text).fadeIn("slow").delay(30000).fadeOut();
}
// missing closing `{` at OP
};
$.post(buy, function (_info) {
// `_info` : return json object
// `info` : function declaration name
// diff = $.now() - last;
$(document).prop('title', 'Purchased ' + _info['itemName'] + '!');
info('Purchased '
+ _info['itemName'] + ' for '
+ _info['expectedPrice'] + ' in '
+ diff + ' milliseconds!'
, "run");
console.log('Purchased '
+ _info['itemName'] + ' for '
+ _info['expectedPrice'] + ' in '
+ diff + ' milliseconds!');
});
jsfiddle http://jsfiddle.net/guest271314/7vxb7336/

Sharepoint 2013 Access denied. You do not have permission to perform this action or access this resource. - get_siteGroups()

Here is my Javascript code to get all the users from a sharepoint 2013 (office 365). But I get a error what I don't have permissions. Am I missing a trick?
It is used in a sharepoint hosted APP.
function retrieveAllUsersAllGroups() {
var clientContext = Context;
this.collGroup = clientContext.get_web().get_siteGroups();
clientContext.load(collGroup);
clientContext.load(collGroup, 'Include(Users)');
clientContext.executeQueryAsync(Function.createDelegate(this, this.onQuerySucceeded), Function.createDelegate(this, this.onQueryFailed));
}
function onQuerySucceeded() {
var userInfo = '';
var groupEnumerator = collGroup.getEnumerator();
while (groupEnumerator.moveNext()) {
var oGroup = groupEnumerator.get_current();
var collUser = oGroup.get_users();
var userEnumerator = collUser.getEnumerator();
while (userEnumerator.moveNext()) {
var oUser = userEnumerator.get_current();
this.userInfo += '\nGroup ID: ' + oGroup.get_id() +
'\nGroup Title: ' + oGroup.get_title() +
'\nUser: ' + oUser.get_title() +
'\nLogin Name: ' + oUser.get_loginName();
}
}
alert(userInfo);
}
function onQueryFailed(sender, args) {
alert('Request failed. ' + args.get_message() + '\n' + args.get_stackTrace());
}
Use PersonProperties object to get info about SharePoint users, such as display name, email, title, and other business and personal information.

relational database and oop javascript

i am trying to create a relational database while using oop in java script , yet i am encountered with some difficulties , this is the code ,
IT WAS WORKING BEFORE I CHANGED IT TO OOP
function DB() {
this.size;
this.row;
this.getsize = function() {
return this.size;
}
this.db = window.openDatabase('coupons', "1.0", 'database for coupons', 100000);
this.al = function() {
alert('al works');
}
this.add = function(table, id, name, email, fav) {
// alert("works");
// alert("INSERT INTO " + table + " VALUES(" + id + "," + name + ")");
this.db.transaction(function(ob)
{
ob.executeSql("SELECT * FROM " + table + " WHERE pid= " + id + "", [], this.dataHandler, this.errorHandler);
});
this.db.transaction(function(ob)
{
//alert(getsize());
if (this.size > 0) {
alert("user already exists")
} else {
ob.executeSql("CREATE TABLE IF NOT EXISTS " + table + " (pid INTEGER, pname TEXT, pemail TEXT,pfav)");
ob.executeSql("INSERT INTO " + table + " VALUES(" + id + "," + "'" + name + "'" + "," + "'" + email + "'" + "," + "'" + fav + "'" + ")");
alert("user addd successfuly");
}
}
);
}
this.errorHandler = function(error)
{
document.write("handling error " + error);
}
this.dataHandler = function(transaction, data)
{
// document.write("<table>");
//document.write("<tr><th>id</th><th>name</th></tr>")
// size = data.rows.length;
//for(i=0;i<size;i++)
// {
//Variables.call(this,data.rows.length,data.rows.item(0));
//Variables.call(7,6);
this.size = data.rows.length;
this.row = data.rows.item(0);
//return row;
// document.write(
// "<tr><td>"+row['pid']+"</td><td>"+row['pname']+"</td></tr>");
// }
//document.write("</table>");
}
this.getrows = function(n)
{
switch (n)
{
case 'pid':
return this.row['pid'];
break;
case 'pname':
return this.row['pname'];
break;
case 'pemail':
return this.row['pemail'];
break;
case 'pfav':
return this.row['pfav'];
break;
default:
}
}
}
the problem are as follows , hope you can help me out !!
1.after calling the function add , it does not go to dataHandler function .
2. in the add function i am unable to use local variables , how can i use the variable 'size' to check if the user exists in the database or not ?!! ,
hope you can help i have been in this code for 2 days !!! :(
Yes. You obviously can't access this.size in your function because you are using a anonymous function, so this is not related to your DB -oject but points to that anonymous function.
The same for your calls to this.dataHandler or this.errorHandler.
So you could just
this.db.transaction = function(ob)
to make it a method of your object which then will give you full access to the this - pointer of your DB - Object.
EDIT: Sorry, this would then point to the db object, of course, so this is not a solution.
But you can pass it your data - and errorHandler like this:
this.db.transaction(function() { ... }, this.errorHandler, this.dataHandler);
and avoid the call to this.size within the second transaction - statement by simply wrapping your call like:
if(this.size > 0) { alert('..'); } else { db.transaction(...) }
But: Your errorHandler and dataHandler must actually correspond to the right interface - definitions, take a look at:
http://www.w3.org/TR/2009/WD-html5-20090212/structured-client-side-storage.html

Categories

Resources