cross platform reversing with frida
play

Cross-platform reversing with Frida Ole Andr Vadla Ravns - PowerPoint PPT Presentation

Nov 29, 2023 •774 likes •1.17k views

Cross-platform reversing with Frida Ole Andr Vadla Ravns Cross-platform reversing with Frida Motivation Existing tools often not a good fit for the task at hand Creating a new tool usually takes too much effort Short feedback

  1. Cross-platform reversing with Frida Ole André Vadla Ravnås

  2. Cross-platform reversing with Frida Motivation Existing tools often not a good fit for the task at hand • Creating a new tool usually takes too much effort • Short feedback loop: reversing is an iterative process • Use one toolkit for multi-platform instrumentation • Future remake of oSpy •

  3. Cross-platform reversing with Frida oSpy

  4. Cross-platform reversing with Frida oSpy

  5. Cross-platform reversing with Frida oSpy

  6. Cross-platform reversing with Frida What is Frida? Dynamic instrumentation toolkit • Debug live processes • Scriptable • Execute your own debug scripts • inside another process Multi-platform • Windows, Mac, Linux, iOS, Android, QNX • Open Source •

  7. Cross-platform reversing with Frida Let's explore the basics 1) Build and run the test app that we will instrument: #include <stdio.h> $ clang hello.c -o hello #include <unistd.h> $ ./hello f() is at 0x106a81ec0 Void Number: 0 f (int n) Number: 1 { Number: 2 printf ("Number: %d\n", n); … } Int main () { int i = 0; 2) Make note of the printf ("f() is at %p\n", f); address of f(), which is while (1) { 0x106a81ec0 here. f (i++); sleep (1); } }

  8. Cross-platform reversing with Frida Basics 1/7: Hooking f() from Node.js 'use strict’; $ # install Node.js 5.1 $ npm install co frida frida-load const co = require('co'); $ node app.js const frida = require('frida'); { type: 'send', payload: 531 } const load = require('frida-load'); { type: 'send', payload: 532 } … let session, script; co(function *() { session = yield frida.attach('hello'); const source = yield load(require.resolve('./agent.js')); script = yield session.createScript(source); script.events.listen('message', message => { console.log(message); }); yield script.load(); }); 'use strict’; Address of f() goes here Interceptor.attach(ptr('0x106a81ec0'), { onEnter(args) { send(args[0].toInt32()); } });

  9. Cross-platform reversing with Frida Basics 1/7: Hooking f() from Python import frida import sys session = frida.attach(“hello”) script = session.create_script(””” Address of f() goes here Interceptor.attach(ptr("0x106a81ec0"), { onEnter(args) { send(args[0].toInt32()); } }); ”””) def on_message(message, data): $ pip install frida print(message) $ python app.py script.on('message', on_message) {'type': 'send', 'payload': 531} script.load() {'type': 'send', 'payload': 532} sys.stdin.read() …

  10. Cross-platform reversing with Frida Basics 2/7: Modifying function arguments 'use strict’; $ node app.js const co = require('co'); Number: 1281 const frida = require('frida'); Number: 1282 const load = require('frida-load'); Number: 1337 Number: 1337 let session, script; Number: 1337 Once we stop it co(function *() { Number: 1337 session = yield frida.attach('hello’); the target is back to Number: 1296 const source = yield load(require.resolve('./agent.js')); Number: 1297 normal script = yield session.createScript(source); Number: 1298 yield script.load(); … }); 'use strict’; Address of f() goes here Interceptor.attach(ptr('0x106a81ec0'), { onEnter(args) { args[0] = ptr("1337"); } });

  11. Cross-platform reversing with Frida Basics 3/7: Calling functions 'use strict’; $ node app.js const co = require('co'); Number: 1281 const frida = require('frida'); Number: 1282 const load = require('frida-load'); Number: 1911 Number: 1911 let session, script; Number: 1911 co(function *() { Number: 1283 session = yield frida.attach('hello’); Number: 1284 const source = yield load(require.resolve('./agent.js')); Number: 1285 script = yield session.createScript(source); … yield script.load(); yield session.detach(); }); 'use strict’; Address of f() goes here const f = new NativeFunction( ptr(’0x10131fec0’), ‘void’, ['int']); f(1911); f(1911); f(1911);

  12. Cross-platform reversing with Frida Basics 4/7: Sending messages 'use strict’; $ node app.js const co = require('co'); { type: 'send’, const frida = require('frida'); payload: { user: { name: 'john.doe' }, key: '1234' } } const load = require('frida-load'); { type: 'error’, description: 'ReferenceError: oops is not defined’, let session, script; stack: 'ReferenceError: oops is not defined\n at Object.1 co(function *() { (agent.js:10:1)\n at s (../../node_modules/browser- session = yield frida.attach('hello'); pack/_prelude.js:1:1)\n at e (../../node_modules/browser- const source = yield load(require.resolve('./agent.js')); pack/_prelude.js:1:1)\n at ../../node_modules/browser- script = yield session.createScript(source); pack/_prelude.js:1:1’, script.events.listen('message', message => { fileName: 'agent.js’, console.log(message); lineNumber: 10, }); columnNumber: 1 yield script.load(); } }); 'use strict’; send({ user: { name: 'john.doe’ }, key: '1234’ }); oops;

  13. Cross-platform reversing with Frida Basics 5/7: Receiving messages 'use strict’; $ node app.js const co = require('co'); { type: 'send', payload: 42 } const frida = require('frida'); { type: 'send', payload: 36 } const load = require('frida-load'); let session, script; co(function *() { session = yield frida.attach('hello'); const source = yield load(require.resolve('./agent.js')); script = yield session.createScript(source); script.events.listen('message', message => { console.log(message); }); yield script.load(); yield script.postMessage({ magic: 21 }); 'use strict’; yield script.postMessage({ magic: 12 }); }); let i = 2; function handleMessage(message) { send(message.magic * i); i++; recv(handleMessage); } recv(handleMessage);

  14. Cross-platform reversing with Frida Basics 6/7: Blocking receives $ node app.js 'use strict’; const co = require('co'); Number: 2183 const frida = require('frida'); Number: 2184 const load = require('frida-load'); Number: 4370 Number: 4372 let session, script; Number: 4374 co(function *() { session = yield frida.attach('hello'); Number: 4376 Once we stop it const source = yield load(require.resolve('./agent.js')); Number: 4378 the target is back to script = yield session.createScript(source); Number: 2190 script.events.listen('message', message => { Number: 2191 normal const number = message.payload.number; Number: 2192 script.postMessage({ number: number * 2 }); … }); yield script.load(); }); 'use strict’; Address of f() goes here Interceptor.attach(ptr('0x106a81ec0'), { onEnter(args) { send({ number: args[0].toInt32() }); const op = recv(reply => { args[0] = ptr(reply.number); }); op.wait(); } });

  15. Cross-platform reversing with Frida Basics 7/7: RPC 'use strict’; $ node app.js push rbp const co = require('co'); $ const frida = require('frida'); const load = require('frida-load'); let session, script; co(function *() { session = yield frida.attach('hello'); const source = yield load(require.resolve('./agent.js')); script = yield session.createScript(source); yield script.load(); const api = yield script.getExports(); Address of f() goes here const result = yield api.disassemble('0x106a81ec0'); console.log(result); yield session.detach(); }); 'use strict’; rpc.exports = { disassemble(address) { return Instruction.parse(ptr(address)).toString(); } };

  16. Cross-platform reversing with Frida Launch and spy on iOS app 'use strict’; $ node app.js { type: 'send', payload: { event: 'call', name: 'CC_MD5' } } const co = require('co'); const frida = require('frida'); { type: 'send', payload: { event: 'call', name: 'CCDigest' } } const load = require('frida-load'); { type: 'send', payload: { event: 'call', name: 'CNEncode' } } let session, script; … co(function *() { const device = yield frida.getUsbDevice(); const pid = yield device.spawn(['com.apple.AppStore']); session = yield device.attach(pid); const source = yield load( require.resolve('./agent.js')); script = yield session.createScript(source); script.events.listen('message', message => { if (message.type === 'send' && message.payload.event === 'ready’) device.resume(pid); else console.log(message); }); yield script.load(); }) .catch(console.error); 'use strict'; Module.enumerateExports('libcommonCrypto.dylib', { onMatch(e) { if (e.type === 'function') { try { Interceptor.attach(e.address, { onEnter(args) { send({ event: 'call', name: e.name }); } }); } catch (error) { console.log('Ignoring ' + e.name + ': ' + error.message); } } }, onComplete() { send({ event: 'ready' }); } });

  17. Cross-platform reversing with Frida But there’s an app for that $ sudo easy_install frida $ frida-trace -U -f com.apple.AppStore -I libcommonCrypto.dylib

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cross-platform reversing with at NoConName December 2015 by oleavr Who am I? My name is Ole

Cross-platform reversing with at NoConName December 2015 by oleavr Who am I? My name is Ole

Cross-platform reversing with at NoConName December 2015 by oleavr Who am I? My name is Ole Andr Vadla Ravns Author of Frida, CryptoShark, oSpy, libmimic... Developer, Hacker and Reverse Engineer Currently working at

1.26k views • 43 slides
Corey Clark PhD Daniel Montgomery Web Dev Platform Cross Cross Platform Browser HTML5 Web

Corey Clark PhD Daniel Montgomery Web Dev Platform Cross Cross Platform Browser HTML5 Web

Corey Clark PhD Daniel Montgomery Web Dev Platform Cross Cross Platform Browser HTML5 Web Web WebGL Socket Worker Optimized Parallel Hardware Communication Acceleration Processing Channel Web Workers JaHOVA OS Internal APIs

957 views • 38 slides
Frida Kahlo Queen of Self-Portraits Frida Kahlo was a Mexican artist known for her self-

Frida Kahlo Queen of Self-Portraits Frida Kahlo was a Mexican artist known for her self-

Frida Kahlo Queen of Self-Portraits Frida Kahlo was a Mexican artist known for her self- portraits. Her paintings were influenced by the Mexican folk culture and the bright and vibrant colors that surrounded her. As a young child she loved

734 views • 20 slides
Building Consistent Cross-Platform Interfaces Building Consistent Cross-Platform Interfaces

Building Consistent Cross-Platform Interfaces Building Consistent Cross-Platform Interfaces

Building Consistent Cross-Platform Interfaces Building Consistent Cross-Platform Interfaces https:/ /bit.ly/ato2018-cross-platform https:/ /bit.ly/ato2018-cross-platform-pdf @dbanksdesign #AllThingsOpen Consistent experiences help users

1k views • 46 slides
Forbruger Europa Christel Hst clp@forbrugereuropa.dk ODR platform About the ODR-platform

Forbruger Europa Christel Hst clp@forbrugereuropa.dk ODR platform About the ODR-platform

Forbruger Europa Christel Hst clp@forbrugereuropa.dk ODR platform About the ODR-platform Aim: to solve cross border complaints fast and cost efficiently Challenges: language barriers ODR platform Using the platform 1. A

713 views • 7 slides
Native-quality, cross-platform HTML5 apps Peter Helm 11.9.2012 Enyo is A framework for

Native-quality, cross-platform HTML5 apps Peter Helm 11.9.2012 Enyo is A framework for

Native-quality, cross-platform HTML5 apps Peter Helm 11.9.2012 Enyo is A framework for building native-quality , cross- platform HTML5 apps Sponsored by Enyo is... Truly cross-platform Optimized for mobile Built to manage

537 views • 36 slides
Making a Language Cross Platform Libraries and Tooling Gwen Mittertreiner Facebook Gwen

Making a Language Cross Platform Libraries and Tooling Gwen Mittertreiner Facebook Gwen

Making a Language Cross Platform Libraries and Tooling Gwen Mittertreiner Facebook Gwen Mittertreiner LLVM Developers Meetup 2019 Goals Make you think about cross platform support High level, but still have practical advice. Gwen

686 views • 32 slides
Cross-Platform Development CS 4720 Mobile Application Development CS 4720 Which Platform?

Cross-Platform Development CS 4720 Mobile Application Development CS 4720 Which Platform?

Cross-Platform Development CS 4720 Mobile Application Development CS 4720 Which Platform? Weve discussed this! Where are the users you want to target? How much do you plan to charge? How much do you want to invest?

300 views • 17 slides
development is challenging Let tools help! Marc Goodner What are challenges with Cross Platform

development is challenging Let tools help! Marc Goodner What are challenges with Cross Platform

Cross-platform C++ development is challenging Let tools help! Marc Goodner What are challenges with Cross Platform C++? Libraries Compilers Build Testing Debugging Editing Host Libraries and Compilers System

278 views • 12 slides
Ultimate Guide to Successful Cross-Platform Deployments with Apache Ignite Pavel Petroshenko

Ultimate Guide to Successful Cross-Platform Deployments with Apache Ignite Pavel Petroshenko

Ultimate Guide to Successful Cross-Platform Deployments with Apache Ignite Pavel Petroshenko Electric Imp Agenda Apache Ignite Clients Data interoperability in Ignite Binary Client Protocol Cross-platform deployment demo 2

501 views • 13 slides
Going cross-platform how htop was made portable Hisham Muhammad @hisham_hm http://hisham.hm

Going cross-platform how htop was made portable Hisham Muhammad @hisham_hm http://hisham.hm

Slide: [ ] Talk: Going cross-platform Presenter: @hisham_hm PID USER PRI NI VIRT RES SHR S CPU% MEM% TIME+ Command Going cross-platform how htop was made portable Hisham Muhammad @hisham_hm http://hisham.hm

330 views • 22 slides
Reversing a firmware uploader &amp; Others NFC stories 1

Reversing a firmware uploader &amp; Others NFC stories 1

7/1/2019 Reversing a Firmware uploader &amp; others NFC stories Reversing a firmware uploader &amp; Others NFC stories 1 file:///D:/projects/pts2019/dist/index.html 1/41 7/1/2019 Reversing a Firmware uploader &amp; others NFC stories

920 views • 41 slides
A massive challenge: The cross-platform approach of the mobile MMO TibiaME Benjamin Zuckerer

A massive challenge: The cross-platform approach of the mobile MMO TibiaME Benjamin Zuckerer

A massive challenge: The cross-platform approach of the mobile MMO TibiaME Benjamin Zuckerer Product Manager, CipSoft GmbH 1 / 31 What is this session about? Introduction to CipSoft and TibiaME TibiaME's cross platform approach Architecture

576 views • 31 slides
Tracy: A Debugger and System Analyzer for Cross-Platform Graphics Development Sami Ky stil

Tracy: A Debugger and System Analyzer for Cross-Platform Graphics Development Sami Ky stil

Tracy: A Debugger and System Analyzer for Cross-Platform Graphics Development Sami Ky stil (Nokia) Kari J. Kangas (Nokia) Kari Pulli (Nokia Research Center) Motivation Mobile graphics development environment Cross-platform

471 views • 19 slides
Cothority 1 Introduction Collective Certificate Management (CCM) SUMMARY Cross Platform Mobile

Cothority 1 Introduction Collective Certificate Management (CCM) SUMMARY Cross Platform Mobile

INTEGRATE COLLECTIVE CERTIFICATE MANAGEMENT ON SKIPCHAINS AND ON CROSS PLATFORM MOBILE APPLICATION CLAUDIO LOUREIRO RESPONSIBLE SUPERVISOR PROF. BRYAN FORD MASTER SEMESTER PROJECT LINUS GASSER DEDIS/EPFL DECENTRALIZED AND DISTRIBUTED

541 views • 20 slides
NativeScript On Fire Cross-Platform Development Cross-Plattform Entwicklung MobiDev. Angular

NativeScript On Fire Cross-Platform Development Cross-Plattform Entwicklung MobiDev. Angular

NativeScript On Fire Cross-Platform Development Cross-Plattform Entwicklung MobiDev. Angular Native. https://mobidev.biz/blog/angular-native-nativescript-with-angular-2 NativeScript N JavaScript Engine App code Hooks Dispatcher System

231 views • 19 slides
(SBB) Briefing for Parents 4 March 2017 1 OUR APPROACH Academic Programme Focused

(SBB) Briefing for Parents 4 March 2017 1 OUR APPROACH Academic Programme Focused

Subject-Based Banding (SBB) Briefing for Parents 4 March 2017 1 OUR APPROACH Academic Programme Focused Remediation Small-Group teaching Mass Lecture Writing/Oral Practices Revision Exercises Well-being and Motivation

529 views • 41 slides
aKademy 2006 Martijn Klingens Claire Lotion Organization of KDE Events aKademy 2006 / September

aKademy 2006 Martijn Klingens Claire Lotion Organization of KDE Events aKademy 2006 / September

Sebastian Kgler &lt;sebas@kde.org&gt;, FrOSCon 2006 Organization of KDE Events aKademy 2006 Martijn Klingens Claire Lotion Organization of KDE Events aKademy 2006 / September 23 th 2006 Introduction | 6 Steps to Success | Examples | Q&amp;A

591 views • 36 slides
ASCILITE Live! Webinar A multidisciplinary approach to embedding digital literacy across the

ASCILITE Live! Webinar A multidisciplinary approach to embedding digital literacy across the

ASCILITE Live! Webinar A multidisciplinary approach to embedding digital literacy across the curricula. Leanne Ngo, Director, Teaching and Learning Innovations, BL Learning Innovations, @Leannengo Photo by MetsikGarden on Simone Tyrell,

2.06k views • 17 slides
COVID-19 school health-related closure preparedness plan NJDOH guidance identifies school closure

COVID-19 school health-related closure preparedness plan NJDOH guidance identifies school closure

COVID-19 school health-related closure preparedness plan NJDOH guidance identifies school closure as a potential strategy to limit transmission within a community In the event a BOE is provided a written directive by the NJDOH to institute a

448 views • 10 slides
Beyond x86_64 : Docker images for Multi-Platform Phil Estes IBM Cloud Open Technologies

Beyond x86_64 : Docker images for Multi-Platform Phil Estes IBM Cloud Open Technologies

Beyond x86_64 : Docker images for Multi-Platform Phil Estes IBM Cloud Open Technologies Twitter: @estesp 1 About Me Phil Estes Senior Technical Staff Member IBM Cloud, Open Technologies Container Strategy/Open Source Leader Docker

629 views • 10 slides
multi-platform, multi-os client/server Suppose we send data between clients and servers

multi-platform, multi-os client/server Suppose we send data between clients and servers

multi-platform, multi-os client/server Suppose we send data between clients and servers Architectural issues impact client/server code Little-endian/Big-endian issues 0xabcd is a 32-bit value, which is MSB? How is this stored?

342 views • 11 slides
Integrating Advanced GLSL Shading and XML Agents into a Learning-Oriented 3D Engine Edgar

Integrating Advanced GLSL Shading and XML Agents into a Learning-Oriented 3D Engine Edgar

Integrating Advanced GLSL Shading and XML Agents into a Learning-Oriented 3D Engine Edgar Velzquez-Armendriz, Erik Milln ITESM-CEM February 28th 2006. Introduction A lot of Computer Science students chose their major because of

231 views • 21 slides
Overview Topics Definition of the Small World Problem Results from a social experiment

Overview Topics Definition of the Small World Problem Results from a social experiment

Knowledge Management Institute 707.000 Web Science and Web Technology The Small World Problem Markus Strohmaier Univ. Ass. / Assistant Professor Knowledge Management Institute Graz University of Technology, Austria e-mail:

593 views • 22 slides

More recommend