search

FrenchYeti / dexcalibur

[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
Apache License 2.0
1.06k stars 126 forks source link

Add Cipher.doFinal hook by default (Feature request) #57

Open cryptax opened 3 years ago

cryptax commented 3 years ago

This is a feature request, not a bug. Fortunately, probably easy to add :)

I recommend you add by default hooks for Cipher.doFinal, and that in the hook, you show the input byte array argument and in the output, the returned byte array.

This is very helpful to view encrypted/decrypted data :)

cryptax commented 3 years ago

For example this is my updated hook to show the byte array containing a key:

 var cls_e993875f544b941d768726a3a29599b5 = Java.use('javax.crypto.spec.SecretKeySpec');

 var meth_24275db9d75101d1dc0a116d9893fea2 = cls_e993875f544b941d768726a3a29599b5.$init.overload('[B','java.lang.String');

 meth_24275db9d75101d1dc0a116d9893fea2.implementation = function(arg0,arg1) {

 send({ id:"ZWRkMzg1ODU0OGJkM2EwOWI0ZTBjMzBjNjE3YmZkYmY=", msg:"javax.crypto.spec.SecretKeySpec.<init>(<byte>[]<java.lang.String>)<void>", data:{arg0:arg0, arg1:arg1,}, action:"None before", after:false  });
 var ret = meth_24275db9d75101d1dc0a116d9893fea2.call(this , arg0,arg1);
 send({ id:"ZWRkMzg1ODU0OGJkM2EwOWI0ZTBjMzBjNjE3YmZkYmY=", msg:"javax.crypto.spec.SecretKeySpec.<init>(<byte>[]<java.lang.String>)<void>", data:{}, action:"None before", after:true  });

 return ret;

dexcalibur-secretkey