From 4a923e59fd35e4ea76ffee92ccaf4fb609e5d9a6 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Wed, 28 May 2025 21:52:27 +0100 Subject: [PATCH] Update FRIDA (#2458) --- frida_mode/GNUmakefile | 150 +++++---------------------------- frida_mode/src/asan/asan.c | 27 ------ frida_mode/src/js/api.js | 2 +- frida_mode/src/lib/lib.c | 19 ----- frida_mode/src/lib/lib_apple.c | 20 ----- frida_mode/src/module.c | 9 +- frida_mode/src/prefetch.c | 5 -- frida_mode/src/ranges.c | 23 ----- 8 files changed, 28 insertions(+), 227 deletions(-) diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 4ee2b40a..d5e3bf10 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -15,6 +15,7 @@ JS_OBJ:=$(BUILD_DIR)api.o SOURCES:=$(wildcard $(SRC_DIR)**/*.c) $(wildcard $(SRC_DIR)*.c) OBJS:=$(foreach src,$(SOURCES),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src)))) +XTOOLS_HOST?=x86_64-linux-gnu TARGET_CC?=$(CC) TARGET_CXX?=$(CXX) HOST_CC?=$(CC) @@ -186,39 +187,13 @@ ifndef OS $(error "Operating system unsupported") endif -GUM_DEVKIT_VERSION=16.1.11 +GUM_DEVKIT_VERSION=17.0.5 GUM_DEVKIT_FILENAME=frida-gumjs-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(GUM_DEVKIT_VERSION)/$(GUM_DEVKIT_FILENAME)" -ifeq ($(OS),macos) - # Extract the major version - GUM_VERSION_MAJOR := $(shell echo "$(GUM_DEVKIT_VERSION)" | sed -E 's/\..*//') - # Extract the minor version (assumes format "MAJOR.MINOR[.PATCH...]") - GUM_VERSION_MINOR := $(shell echo "$(GUM_DEVKIT_VERSION)" | sed -E 's/^[^.]*\.//; s/\..*//') - - # Evaluate the version condition in a separate shell call - IS_GUM_16_6_PLUS := $(shell \ - if (( $(GUM_VERSION_MAJOR) > 16 || ( $(GUM_VERSION_MAJOR) == 16 && $(GUM_VERSION_MINOR) >= 6 ) )); then \ - echo 1; \ - fi) -else - IS_GUM_16_6_PLUS := $(shell VERSION="$(GUM_DEVKIT_VERSION)"; \ - MAJOR=$${VERSION%%.*}; \ - MINOR=$${VERSION#*.}; MINOR=$${MINOR%%.*}; \ - if [ $$MAJOR -gt 16 ] || { [ $$MAJOR -eq 16 ] && [ $$MINOR -ge 6 ]; }; then \ - echo 1; \ - fi) -endif - -CFLAGS += $(if $(IS_GUM_16_6_PLUS),-DGUM_16_6_PLUS) - GUM_DEVKIT_TARBALL:=$(FRIDA_BUILD_DIR)$(GUM_DEVKIT_FILENAME) -ifdef FRIDA_SOURCE -GUM_DEVIT_LIBRARY=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gumjs-1.0.a -else -GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gumjs.a -endif GUM_DEVIT_HEADER=$(FRIDA_BUILD_DIR)frida-gumjs.h +GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gumjs.a FRIDA_DIR:=$(PWD)build/frida-source/ FRIDA_MAKEFILE:=$(FRIDA_DIR)Makefile @@ -252,13 +227,13 @@ BIN2C_SRC:=$(PWD)util/bin2c.c all: $(FRIDA_TRACE) $(FRIDA_TRACE_LIB) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_QEMU_DRIVER_HOOK_OBJ) $(ADDR_BIN) 32: - CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + XTOOLS_HOST=i686-linux-gnu CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all arm: - CFLAGS="-marm" LDFLAGS="-marm" ARCH="armhf" TARGET_CC=arm-linux-gnueabihf-gcc TARGET_CXX=arm-linux-gnueabihf-g++ make all + XTOOLS_HOST=arm-linux-gnueabihf CFLAGS="-marm" LDFLAGS="-marm" ARCH="armhf" TARGET_CC=arm-linux-gnueabihf-gcc TARGET_CXX=arm-linux-gnueabihf-g++ make all arm64: - ARCH="arm64" TARGET_CC=aarch64-linux-gnu-gcc TARGET_CXX=aarch64-linux-gnu-g++ make all + XTOOLS_HOST=aarch64-linux-gnu ARCH="arm64" TARGET_CC=aarch64-linux-gnu-gcc TARGET_CXX=aarch64-linux-gnu-g++ make all $(BUILD_DIR): mkdir -p $(BUILD_DIR) @@ -271,114 +246,29 @@ $(OBJ_DIR): | $(BUILD_DIR) $(FRIDA_BUILD_DIR): | $(BUILD_DIR) mkdir -p $@ +#TODO Set architecture ifdef FRIDA_SOURCE $(FRIDA_MAKEFILE): | $(BUILD_DIR) - git clone --recursive https://github.com/frida/frida.git $(FRIDA_DIR) + git clone https://github.com/frida/frida-gum.git $(FRIDA_DIR) + cd $(FRIDA_DIR) && \ + ./configure \ + --host=$(XTOOLS_HOST) \ + --enable-tests \ + --enable-gumpp \ + --enable-gumjs \ + --with-devkits=gum,gumjs .PHONY: $(GUM_DEVIT_LIBRARY) -$(GUM_DEVIT_LIBRARY): $(FRIDA_MAKEFILE) - cd $(FRIDA_DIR) && make gum-$(OS)$(GUM_ARCH) FRIDA_V8=disabled - -$(GUM_DEVIT_HEADER): $(FRIDA_MAKEFILE) | $(FRIDA_BUILD_DIR) - echo "#include " > $@ - echo "#include " >> $@ - echo "#include " >> $@ - echo "#include " >> $@ - echo "#include " >> $@ - echo "#include " >> $@ - echo "#include " >> $@ - echo "#include " >> $@ - -ifeq "$(OS)" "macos" - -CFLAGS+=-I $(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/include/frida-1.0 \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/glib-2.0/ \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/capstone/ \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \ - -TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsoup-2.4.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsqlite3.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libtcc.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libjson-glib-1.0.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libquickjs.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libcapstone.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libffi.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libgio-2.0.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libgobject-2.0.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libglib-2.0.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/liblzma.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libz.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libiconv.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libv8-8.0.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libgmodule-2.0.a \ - -else ifeq "$(ARCH)" "arm64" - -CFLAGS+=-I $(FRIDA_DIR)build/$(OS)-$(ARCH)/include/frida-1.0 \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/glib-2.0/ \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/capstone/ \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \ +$(GUM_DEVIT_LIBRARY): $(FRIDA_MAKEFILE) | $(FRIDA_BUILD_DIR) + echo $(GUM_DEVIT_LIBRARY) $(FRIDA_MAKEFILE) $(FRIDA_BUILD_DIR) + cd $(FRIDA_DIR) && make FRIDA_V8=disabled + cp $(FRIDA_DIR)build/bindings/gumjs/devkit/frida-gumjs.h $(GUM_DEVIT_HEADER) + cp $(FRIDA_DIR)build/bindings/gumjs/devkit/libfrida-gumjs.a $(GUM_DEVIT_LIBRARY) ifeq "$(OS)" "android" CFLAGS += -static-libstdc++ endif -else -CFLAGS+=-I $(FRIDA_DIR)build/$(OS)-$(ARCH)/include/frida-1.0 \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/glib-2.0/ \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/capstone/ \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \ - -endif - -TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsoup-2.4.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsqlite3.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libtcc.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libjson-glib-1.0.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libquickjs.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libcapstone.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libunwind.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libffi.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libdwarf.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libelf.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libgio-2.0.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libgobject-2.0.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libglib-2.0.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/liblzma.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libz.a \ - -CFLAGS+=-I $(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/include/frida-1.0 \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/glib-2.0/ \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/capstone/ \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ - -ifeq "$(OS)" "android" - CFLAGS += -static-libstdc++ -endif - -TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsoup-2.4.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsqlite3.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libtcc.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libjson-glib-1.0.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libquickjs.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libcapstone.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libunwind.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libffi.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libdwarf.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libelf.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libgio-2.0.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libgobject-2.0.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libglib-2.0.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/liblzma.a \ - $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libz.a \ - else $(GUM_DEVKIT_TARBALL): | $(FRIDA_BUILD_DIR) diff --git a/frida_mode/src/asan/asan.c b/frida_mode/src/asan/asan.c index e89c0d62..18c7cbeb 100644 --- a/frida_mode/src/asan/asan.c +++ b/frida_mode/src/asan/asan.c @@ -27,7 +27,6 @@ void asan_init(void) { } -#ifdef GUM_16_6_PLUS static gboolean asan_exclude_module(GumModule *module, gpointer user_data) { gchar *symbol_name = (gchar *)user_data; @@ -47,32 +46,6 @@ static gboolean asan_exclude_module(GumModule *module, gpointer user_data) { } -#else -static gboolean asan_exclude_module(const GumModuleDetails *details, - gpointer user_data) { - - gchar *symbol_name = (gchar *)user_data; - GumAddress address; - - address = gum_module_find_export_by_name(details->name, symbol_name); - if (address == 0) { return TRUE; } - - /* If the reported address of the symbol is outside of the range of the module - * then ignore it */ - if (address < details->range->base_address) { return TRUE; } - if (address > (details->range->base_address + details->range->size)) { - - return TRUE; - - } - - ranges_add_exclude((GumMemoryRange *)details->range); - return FALSE; - -} - -#endif - void asan_exclude_module_by_symbol(gchar *symbol_name) { gum_process_enumerate_modules(asan_exclude_module, symbol_name); diff --git a/frida_mode/src/js/api.js b/frida_mode/src/js/api.js index 9bd0afa5..a2bee33b 100644 --- a/frida_mode/src/js/api.js +++ b/frida_mode/src/js/api.js @@ -382,5 +382,5 @@ Afl.jsApiSetTraceable = Afl.jsApiGetFunction("js_api_set_traceable", "void", []) Afl.jsApiSetVerbose = Afl.jsApiGetFunction("js_api_set_verbose", "void", []); Afl.jsApiWrite = new NativeFunction( /* tslint:disable-next-line:no-null-keyword */ -Module.getExportByName(null, "write"), "int", ["int", "pointer", "int"]); +Module.getGlobalExportByName("write"), "int", ["int", "pointer", "int"]); Afl.jsApiIjonSet = Afl.jsApiGetFunction("js_api_ijon_set", "void", ["uint32"]); diff --git a/frida_mode/src/lib/lib.c b/frida_mode/src/lib/lib.c index c5a1e16e..d23a2c40 100644 --- a/frida_mode/src/lib/lib.c +++ b/frida_mode/src/lib/lib.c @@ -39,7 +39,6 @@ typedef struct { static guint64 text_base = 0; static guint64 text_limit = 0; - #ifdef GUM_16_6_PLUS static gboolean lib_find_exe(GumModule *module, gpointer user_data) { lib_details_t *lib_details = (lib_details_t *)user_data; @@ -57,24 +56,6 @@ static gboolean lib_find_exe(GumModule *module, gpointer user_data) { } - #else -static gboolean lib_find_exe(const GumModuleDetails *details, - gpointer user_data) { - - lib_details_t *lib_details = (lib_details_t *)user_data; - - strncpy(lib_details->name, details->name, PATH_MAX); - strncpy(lib_details->path, details->path, PATH_MAX); - lib_details->name[PATH_MAX] = '\0'; - lib_details->path[PATH_MAX] = '\0'; - lib_details->base_address = details->range->base_address; - lib_details->size = details->range->size; - return FALSE; - -} - - #endif - static void lib_validate_hdr(Elf_Ehdr *hdr) { if (hdr->e_ident[0] != ELFMAG0) FFATAL("Invalid e_ident[0]"); diff --git a/frida_mode/src/lib/lib_apple.c b/frida_mode/src/lib/lib_apple.c index 6498f674..6fec9a8b 100644 --- a/frida_mode/src/lib/lib_apple.c +++ b/frida_mode/src/lib/lib_apple.c @@ -12,7 +12,6 @@ extern void gum_darwin_enumerate_modules(mach_port_t task, static guint64 text_base = 0; static guint64 text_limit = 0; - #ifdef GUM_16_6_PLUS static gboolean lib_get_main_module(GumModule *module, gpointer user_data) { GumDarwinModule **ret = (GumDarwinModule **)user_data; @@ -30,25 +29,6 @@ static gboolean lib_get_main_module(GumModule *module, gpointer user_data) { } - #else -static gboolean lib_get_main_module(const GumModuleDetails *details, - gpointer user_data) { - - GumDarwinModule **ret = (GumDarwinModule **)user_data; - GumDarwinModule *module = gum_darwin_module_new_from_memory( - details->path, mach_task_self(), details->range->base_address, - GUM_DARWIN_MODULE_FLAGS_NONE, NULL); - - FVERBOSE("Found main module: %s", module->name); - - *ret = module; - - return FALSE; - -} - - #endif - gboolean lib_get_text_section(const GumDarwinSectionDetails *details, gpointer user_data) { diff --git a/frida_mode/src/module.c b/frida_mode/src/module.c index 2e4a4175..513ce2cf 100644 --- a/frida_mode/src/module.c +++ b/frida_mode/src/module.c @@ -46,6 +46,7 @@ gboolean found_range(const GumRangeDetails *details, gpointer user_data) { static int on_dlclose(void *handle) { GArray *ranges = NULL; + GumModule *module = NULL; struct link_map *lm = NULL; gum_range_t *range = NULL; GumAddress base; @@ -61,8 +62,12 @@ static int on_dlclose(void *handle) { FVERBOSE("on_dlclose: %s", lm->l_name); ranges = g_array_new(FALSE, TRUE, sizeof(gum_range_t)); - gum_module_enumerate_ranges(lm->l_name, GUM_PAGE_EXECUTE, found_range, - ranges); + + module = gum_process_find_module_by_name(lm->l_name); + + if (module == NULL) { FATAL("Failed to find module: %s", lm->l_name); } + + gum_module_enumerate_ranges(module, GUM_PAGE_EXECUTE, found_range, ranges); int ret = dlclose(handle); if (ret != 0) { diff --git a/frida_mode/src/prefetch.c b/frida_mode/src/prefetch.c index 9d14fb6e..97835e6a 100644 --- a/frida_mode/src/prefetch.c +++ b/frida_mode/src/prefetch.c @@ -263,13 +263,8 @@ static int prefetch_on_fork(void) { static void prefetch_hook_fork(void) { -#ifdef GUM_16_6_PLUS void *fork_addr = GSIZE_TO_POINTER(gum_module_find_global_export_by_name("fork")); -#else - void *fork_addr = - GSIZE_TO_POINTER(gum_module_find_export_by_name(NULL, "fork")); -#endif intercept_hook(fork_addr, prefetch_on_fork, NULL); } diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index d238eb10..e7450db7 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -116,7 +116,6 @@ static void convert_address_token(gchar *token, GumMemoryRange *range) { } -#ifdef GUM_16_6_PLUS static gboolean convert_name_token_for_module(GumModule *module, gpointer user_data) { @@ -138,28 +137,6 @@ static gboolean convert_name_token_for_module(GumModule *module, } -#else -static gboolean convert_name_token_for_module(const GumModuleDetails *details, - gpointer user_data) { - - convert_name_ctx_t *ctx = (convert_name_ctx_t *)user_data; - if (details->path == NULL) { return true; }; - - if (!g_str_has_suffix(details->path, ctx->suffix)) { return true; }; - - FVERBOSE("Found module - prefix: %s, 0x%016" G_GINT64_MODIFIER - "x-0x%016" G_GINT64_MODIFIER "x %s", - ctx->suffix, details->range->base_address, - details->range->base_address + details->range->size, details->path); - - *ctx->range = *details->range; - ctx->done = true; - return false; - -} - -#endif - static void convert_name_token(gchar *token, GumMemoryRange *range) { gchar *suffix = g_strconcat("/", token, NULL);