Ignore methods (Insert a Filter)

[4val0v]

Problem Hook all classes that start with: f0.

127.0.0.1 - - [16/May/2020 00:31:29] "GET /dump?filter=f0.&choice=1 HTTP/1.1" 200 -
[2020-05-16 00:31:31,069] ERROR in app: Exception on /dump [GET]
Traceback (most recent call last):
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 2447, in wsgi_app
    response = self.full_dispatch_request()
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 1952, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 1821, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 1950, in full_dispatch_request
    rv = self.dispatch_request()
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 1936, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "mobilesecurity.py", line 288, in home
    return printwebpage()
  File "mobilesecurity.py", line 619, in printwebpage
    loaded_classes_str=printClassesMethods(),
  File "mobilesecurity.py", line 634, in printClassesMethods
    for index, method_name in enumerate(loaded_methods[class_name]):
KeyError: 'f0.p0.k.d$b'

Solution you'd like Ability to specify the methods to ignore eg: f0.,okhttp3.,--f0.p0.k.

[4val0v]

@m0bilesecurity Hi, I just noticed: project has no class p0., there is p.

Other tools also see this class: But they show an error (when working with him) !

It would be great to see detailed errors on the web page (Instead of error 50x) !

Possible solution: frida-python/examples/crash_reporting.py

[m0bilesecurity]

Hey @4val0v, thanks for sharing all the info ;) They really help! Can you also share the APK that you are testing? Best

[m0bilesecurity]

mmm it's a very weird bug.

The issue is for sure here: default.js --> loadmethods: function (loaded_classes)

Specifically in these 2 lines:

        var jClass = Java.use(className);
        var classMethods_dirty = jClass.class.getDeclaredMethods();

Some classes completely break the loop after that 2 lines of code and I'm not able to prevent the error. Any idea?

For the moment I improved the render_template function. But as soon as RMS tries to load methods of a "problematic" class, the method extraction of all the other classes in the queue will fail.

[4val0v]

I don't know the correction options (

But I will look for fixes !

[m0bilesecurity]

Fixed 😉 check the last commit 🚀

The only issue remaining is with classes like "com.scottyab.rootbeer.sample.TextViewFont"

APP: com.scottyab.rootbeer.sample

But in this specific case the issue seems Frida related.

Code to reproduce:

Java.performNow(function () {
    console.log("start ___________________________")
    try {
        var className = "com.scottyab.rootbeer.sample.TextViewFont"
        var JClass = Java.use(className);
        var classMethods = JClass.class.getDeclaredMethods();
        console.log(classMethods)

    } catch (err) {
        console.log("catch");
        console.log(err);
    }
    console.log("end ___________________________")
});

It seems that Java.use is not able to raise an exception. Same behaviour (bug) with FRIDA cli.