Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

jeb2frida

Generate Frida hooks automatically using JEB. This is done using a naïve signature based algorithm:

  1. Search for a unique magic string such as "Certificate pinning failure!" in OkHttp's case;
  2. Get the class where the string resides and extract the class path;
  3. Loop through each method of the above class, and check if the parameters matches our signature;
  4. Optionally check the return value.

For more information, see: Automated Frida hook generation with JEB

Usage

  1. Put the GenerateFridaHooks.py script in the JEB scripts folder;
  2. Edit the script accordingly;
  3. Run it from JEB GUI or use the following command:
./jeb_macos.sh -c --srv2 --script=GenerateFridaHooks.py -- "/path/to/apk/file.apk"

Sample output

➜  jeb-pro ./jeb_macos.sh -c --srv2 --script=GenerateFridaHooks.py -- "/path/to/apk/file.apk"
<JEB startup header omitted>

🔥 JEB scripting
{JebFridaHookArtifact > JebFridaHookArtifact}: 4956 resource files were adjusted
Attempting to merge the multiple DEX files into a single DEX file...
<JEB processing omitted>
{JebFridaHookArtifact > JebFridaHookArtifact}: DEX merger was successful and produced a virtual DEX unit

🔥 Fresh Frida Hooks
----------------------------------------------------------------------------------------------------
'use strict';
    // Usage: frida -U -f com.example.app -l generated_hook.js --no-pause
    Java.perform(function() {

        var okhttp3_CertificatePinner0 = Java.use('<omitted>');
        var findMatchingPins0 = okhttp3_CertificatePinner0.a.overload('java.lang.String');
        findMatchingPins0.implementation = function(hostname) {
            console.log('[+] okhttp3.CertificatePinner.findMatchingPins(' + hostname + ') # <omitted>()');
            return findMatchingPins0.call(this, ''); // replace hostname with empty string
        };

        var okhttp3_CertificatePinner1 = Java.use('com.squareup.okhttp.CertificatePinner');
        var findMatchingPins1 = okhttp3_CertificatePinner1.findMatchingPins.overload('java.lang.String');
        findMatchingPins1.implementation = function(hostname) {
            console.log('[+] okhttp3.CertificatePinner.findMatchingPins(' + hostname + ') # com.squareup.okhttp.CertificatePinner.findMatchingPins()');
            return findMatchingPins1.call(this, ''); // replace hostname with empty string
        };

    });

----------------------------------------------------------------------------------------------------
Done.

About

Automated Frida hook generation with JEB

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages