All Projects â†’ chame1eon â†’ Jnitrace Engine

chame1eon / Jnitrace Engine

Licence: mit
Engine used by jnitrace to intercept JNI API calls.

Programming Languages

typescript
32286 projects

Projects that are alternatives of or similar to Jnitrace Engine

Jnitrace
A Frida based tool that traces usage of the JNI API in Android apps.
Stars: ✭ 534 (+468.09%)
Mutual labels:  frida, sre, jni, reverse-engineering
Luject
🍹A static injector of dynamic library for application (android, iphoneos, macOS, windows, linux)
Stars: ✭ 203 (+115.96%)
Mutual labels:  frida, reverse-engineering
Magisk Frida
🔐 Run frida-server on boot with Magisk, always up-to-date
Stars: ✭ 144 (+53.19%)
Mutual labels:  frida, reverse-engineering
Dexcalibur
[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
Stars: ✭ 512 (+444.68%)
Mutual labels:  frida, reverse-engineering
Corellium Android Unpacking
Android Unpacking Automation using Corellium Devices
Stars: ✭ 107 (+13.83%)
Mutual labels:  frida, reverse-engineering
Iostrace
alternative strace for iOS device(64bit) on frida
Stars: ✭ 84 (-10.64%)
Mutual labels:  frida, reverse-engineering
Frick
frick - aka the first debugger built on top of frida
Stars: ✭ 267 (+184.04%)
Mutual labels:  frida, reverse-engineering
Frida Android Scripts
Some frida scripts
Stars: ✭ 124 (+31.91%)
Mutual labels:  frida, reverse-engineering
Frida Scripts
A collection of my Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps.
Stars: ✭ 665 (+607.45%)
Mutual labels:  frida, reverse-engineering
Qbdi
A Dynamic Binary Instrumentation framework based on LLVM.
Stars: ✭ 801 (+752.13%)
Mutual labels:  frida, reverse-engineering
Dwarf
Full featured multi arch/os debugger built on top of PyQt5 and frida
Stars: ✭ 916 (+874.47%)
Mutual labels:  frida, reverse-engineering
Awesome Reverse Engineering
Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts&videos)
Stars: ✭ 2,954 (+3042.55%)
Mutual labels:  frida, reverse-engineering
Appmon
Documentation:
Stars: ✭ 1,157 (+1130.85%)
Mutual labels:  frida, reverse-engineering
Frida Snippets
Hand-crafted Frida examples
Stars: ✭ 1,081 (+1050%)
Mutual labels:  frida, reverse-engineering
Rms Runtime Mobile Security
Runtime Mobile Security (RMS) 📱đŸ”Ĩ - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
Stars: ✭ 1,194 (+1170.21%)
Mutual labels:  frida, reverse-engineering
Pentesting toolkit
🏴‍☠ī¸ Tools for pentesting, CTFs & wargames. 🏴‍☠ī¸
Stars: ✭ 1,268 (+1248.94%)
Mutual labels:  reverse-engineering
Slo Generator
Easy setup a service level objective using prometheus
Stars: ✭ 91 (-3.19%)
Mutual labels:  sre
Samsung Trustzone Research
Reverse-engineering tools and exploits for Samsung's implementation of TrustZone
Stars: ✭ 85 (-9.57%)
Mutual labels:  reverse-engineering
Fundamentos Engenharia Reversa
Livro: Fundamentos de Engenharia Reversa
Stars: ✭ 93 (-1.06%)
Mutual labels:  reverse-engineering
Stackparam
JVM agent to add method parameters to Java stack traces
Stars: ✭ 90 (-4.26%)
Mutual labels:  jni

jnitrace-engine

Engine used by jnitrace to intercept JNI API calls.

jnitrace-engine is the project used by jnitrace to intercept and trace JNI API calls. It has been exposed as a separate project to allow Frida module developers to use the same engine to intercept and modify JNI API calls made by Android applications.

Installation:

The easiest way to get running with jnitrace-engine is using npm:

npm install jnitrace-engine

Simple Usage:

jnitrace-engine tries to mirror as much of the Frida API as possible. JNIInterceptor provides an API to attach to JNI API calls in a very similar way to the Frida Interceptor. The idea is to make using the library simple to use for those already familiar with Frida. The examples below are JavaScript but the module also supports TypeScript.

import { JNIInterceptor } from "jnitrace-engine";

// Attach to the JNI FindClass method
JNIInterceptor.attach("FindClass", {
    onEnter(args) {
        // called whenever the FindClass is about to be called
        console.log("FindClass method called");
        this.className = Memory.readCString(args[1]);
    },
    onLeave(retval) {
        // called whenever the FindClass method has finished executing
        console.log("\tLoading Class:", this.className);
        console.log("\tClass ID:", retval.get());
    }
});

Advanced Usage:

import { JNIInterceptor } from "jnitrace-engine";
import { JNILibraryWatcher } from "jnitrace-engine";
import { JNINativeReturnValue } from "jnitrace-engine";
import { ConfigBuilder } from "jnitrace-engine";

// configure the jnitrace-engine to limit what libraries to traces
const builder : ConfigBuilder = new ConfigBuilder();

builder.libraries = [ "libnative-lib.so" ]; // set a list of libraries to track
builder.backtrace = "fuzzy"; // choose the backtracer type to use [accurate/fuzzy/none]
builder.includeExports = [ "Java_com_nativetest_MainActivity_stringFromJNI" ]; // provide a list of library exports to track
builder.excludeExports = []; // provide a list of library exports to ignore
builder.env = true; // set whether to trace the JNIEnv struct or ignore all of it
builder.vm = false; // set whether to trace the JavaVM struct or ignore all of it

const config = builder.build(); //initialise the config - this makes it available to the engine

// An additional callback that can be used for listening to new libraries being loaded by an application
// Note this callback will be called for all libraries, not just the ones in the config
// libraries list
JNILibraryWatcher.setCallback({
    onLoaded(path : string) {
        console.log("Library Loaded " + path);
        console.log("Currently Traced Libraries", JSON.stringify(config.libraries));
    }
});

const findClassIntercept = JNIInterceptor.attach("FindClass", {
    onEnter(args: NativeArgumentValue[]) {
        console.log("Find Class called");
        args[1] = NULL; // Change the arguments to the FindClass function
        console.log("ThreadId", this.threadId);
        console.log("Address of FindClass method", this.jniAddress);
        this.backtrace.forEach((element: NativePointer) => {
            console.log("backtrace", element);
        });
    },
    onLeave(retval: JNINativeReturnValue) {
        // Change the retval to be returned to the caller of FindClass
        retval.replace(NULL);
        // Detach all JNI intercepts
        JNIInterceptor.detatchAll();
    }
});

JNIInterceptor.attach("CallDoubleMethodV", {
    onLeave(retval : JNINativeReturnValue) {
        // Log the method params of the Java method the JNI API is calling.
        // this.javaMethod will only exist if a Java method has been called.
        console.log("Java Method Args", JSON.stringify(this.javaMethod.params));
        // Detach from the FindClass intercept
        findClassIntercept.detach();
    }
});
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].