Closed Yogehi closed 6 years ago
In the current version, an issue exists where if the class name has a period (.) in it, the script will error out and fail.
Verbose Needle log below using the app "LINE" as an example:
root@YayComputerYay:~/Programs/needle/needle# python ./needle.py __ _ _______ _______ ______ _______ | \ | |______ |______ | \ | |______ | \_| |______ |______ |_____/ |_____ |______ Needle v1.3.2 [mwr.to/needle] [MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)] [needle] > set debug true DEBUG => true [needle] > use binary/reversing/class_dump_frida_enum-all-methods [needle][class_dump_frida_enum-all-methods] > set spawn true SPAWN => true [needle][class_dump_frida_enum-all-methods] > run [D] Setup local output folder: /root/.needle/output [D] Creating local output folder: /root/.needle/output [D] Setting up issues database... [D] [DB] QUERY: CREATE TABLE IF NOT EXISTS issues (app TEXT, module TEXT, name TEXT, content TEXT, confidence TEXT, outfile TEXT) [*] Checking connection with device... [+] Already connected to: 127.0.0.1 [D] Creating temp folder: /var/root/needle/ [D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi [D] [AGENT] Executing command: os_version [*] Target app not selected. Launching wizard... [D] [AGENT] Executing command: list_apps [+] Apps found: ....snipped.... 100 - jp.naver.line [>][QUESTION] Please select a number: 100 [+] Target app: jp.naver.line [*] Retrieving app's metadata... [D] Copying the plist to temp: /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/Info.plist -> /root/.needle/tmp/plist [*] Pulling: /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/Info.plist -> /root/.needle/tmp/plist [D] Downloading: "/private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/Info.plist" -> /root/.needle/tmp/plist [D] [LOCAL CMD] Local Command: sshpass -p "<password>" scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P 2222 root@127.0.0.1:"/private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/Info.plist" /root/.needle/tmp/plist [D] [REMOTE CMD] Remote Command: lipo -info /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/LINE [D] [REMOTE CMD] Remote Command: if [ -d /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns ]; then echo "yes"; else echo "no" ; fi [D] [REMOTE CMD] Remote Command: if [ -d /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns ]; then echo "yes"; else echo "no" ; fi [D] [REMOTE CMD] Remote Command: ls /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns [D] Copying the plist to temp: /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineActionKeepExtension.appex/Info.plist -> /root/.needle/tmp/plist [*] Pulling: /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineActionKeepExtension.appex/Info.plist -> /root/.needle/tmp/plist [D] Downloading: "/private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineActionKeepExtension.appex/Info.plist" -> /root/.needle/tmp/plist [D] [LOCAL CMD] Local Command: sshpass -p "<password>" scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P 2222 root@127.0.0.1:"/private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineActionKeepExtension.appex/Info.plist" /root/.needle/tmp/plist [D] Copying the plist to temp: /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineNotificationContentExtension.appex/Info.plist -> /root/.needle/tmp/plist [*] Pulling: /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineNotificationContentExtension.appex/Info.plist -> /root/.needle/tmp/plist [D] Downloading: "/private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineNotificationContentExtension.appex/Info.plist" -> /root/.needle/tmp/plist [D] [LOCAL CMD] Local Command: sshpass -p "<password>" scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P 2222 root@127.0.0.1:"/private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineNotificationContentExtension.appex/Info.plist" /root/.needle/tmp/plist [D] Copying the plist to temp: /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineNotificationServiceExtension.appex/Info.plist -> /root/.needle/tmp/plist [*] Pulling: /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineNotificationServiceExtension.appex/Info.plist -> /root/.needle/tmp/plist [D] Downloading: "/private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineNotificationServiceExtension.appex/Info.plist" -> /root/.needle/tmp/plist [D] [LOCAL CMD] Local Command: sshpass -p "<password>" scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P 2222 root@127.0.0.1:"/private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineNotificationServiceExtension.appex/Info.plist" /root/.needle/tmp/plist [D] Copying the plist to temp: /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LinePayTodayExtension.appex/Info.plist -> /root/.needle/tmp/plist [*] Pulling: /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LinePayTodayExtension.appex/Info.plist -> /root/.needle/tmp/plist [D] Downloading: "/private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LinePayTodayExtension.appex/Info.plist" -> /root/.needle/tmp/plist [D] [LOCAL CMD] Local Command: sshpass -p "<password>" scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P 2222 root@127.0.0.1:"/private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LinePayTodayExtension.appex/Info.plist" /root/.needle/tmp/plist [D] Copying the plist to temp: /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineShareExtension.appex/Info.plist -> /root/.needle/tmp/plist [*] Pulling: /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineShareExtension.appex/Info.plist -> /root/.needle/tmp/plist [D] Downloading: "/private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineShareExtension.appex/Info.plist" -> /root/.needle/tmp/plist [D] [LOCAL CMD] Local Command: sshpass -p "<password>" scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P 2222 root@127.0.0.1:"/private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineShareExtension.appex/Info.plist" /root/.needle/tmp/plist [D] Copying the plist to temp: /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineTodayExtension.appex/Info.plist -> /root/.needle/tmp/plist [*] Pulling: /private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineTodayExtension.appex/Info.plist -> /root/.needle/tmp/plist [D] Downloading: "/private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineTodayExtension.appex/Info.plist" -> /root/.needle/tmp/plist [D] [LOCAL CMD] Local Command: sshpass -p "<password>" scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P 2222 root@127.0.0.1:"/private/var/containers/Bundle/Application/974AF217-CCA1-4921-8DB4-BC87B1AF6A11/LINE.app/PlugIns/LineTodayExtension.appex/Info.plist" /root/.needle/tmp/plist [*] Setting up local port forwarding to enable communications with the Frida server... [D] [FRIDA] Setting up port forwarding on port 27042 [D] Connected over USB [*] Spawning the app... [*] Attaching to process: 9191 [V] Resuming the app's process... [*] Parsing payload {u'columnNumber': 1, u'description': u"TypeError: cannot read property 'SquareNotifiedUpdateSquareMember...' of undefined", u'fileName': u'input', u'lineNumber': 1, u'type': u'error', u'stack': u"TypeError: cannot read property 'SquareNotifiedUpdateSquareMember...' of undefined\n at [anon] (duk_hobject_props.c:2385)\n at eval (input:1)\n at eval (native)\n at script1.js:5"} local variable 'pld' referenced before assignment [+] "Class: __NSGenericDeallocHandler" [+] { "class": "__NSGenericDeallocHandler", "method": "+ initialize" } ....snipped.... [+] "Class: LINE.SquareNotifiedUpdateSquareMemberSyncOperation" [*] Saving output to file: /root/.needle/output/frida_enum_all_methods.txt
When you run the Frida script alone without Needle, you will get the following error:
root@YayComputerYay:~# frida -U -l yay.js -f jp.naver.line --no-pause ____ / _ | Frida 10.6.52 - A world-class dynamic instrumentation toolkit | (_| | > _ | Commands: /_/ |_| help -> Displays the help system . . . . object? -> Display information about 'object' . . . . exit/quit -> Exit . . . . . . . . More info at http://www.frida.re/docs/home/ Spawning `jp.naver.line`... ....snipped.... [+] Class: LINE.SquareNotifiedUpdateSquareMemberSyncOperation Spawned `jp.naver.line`. Resuming main thread! TypeError: cannot read property 'SquareNotifiedUpdateSquareMember...' of undefined at [anon] (duk_hobject_props.c:2385) at eval (input:1) at eval (native) at repl1.js:20
In the current version, an issue exists where if the class name has a period (.) in it, the script will error out and fail.
Verbose Needle log below using the app "LINE" as an example:
When you run the Frida script alone without Needle, you will get the following error: