search

nowsecure / r2frida

Radare2 and Frida better together.
MIT License
1.18k stars 121 forks source link

\ic doesn't list methods of Java classes #188

Closed enovella closed 4 years ago

enovella commented 5 years ago

Sample APK

https://github.com/nowsecure/cybertruckchallenge19/tree/master/apk

Missed methods

generateDynamicKey and generateKey Wondering if they cannot be seen as they're declared as protected

Decompiled code via JADX

package org.nowsecure.cybertruck.keygenerators;

import android.util.Log;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;

public class Challenge1 {
    private static final String TAG = "CyberTruckChallenge";

    public Challenge1() {
        generateKey();
    }

    /* access modifiers changed from: protected */
    public byte[] generateDynamicKey(byte[] bArr) {
        SecretKey generateSecret = SecretKeyFactory.getInstance("DES").generateSecret(new DESKeySpec("s3cr3t$_n3veR_mUst_bE_h4rdc0d3d_m4t3!".getBytes()));
        Cipher instance = Cipher.getInstance("DES");
        instance.init(1, generateSecret);
        return instance.doFinal(bArr);
    }

    /* access modifiers changed from: protected */
    public void generateKey() {
        Log.d("CyberTruckChallenge", "KEYLESS CRYPTO [1] - Unlocking carID = 1");
        try {
            generateDynamicKey("CyB3r_tRucK_Ch4113ng3".getBytes());
        } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            e.printStackTrace();
        }
    }
}

r2frida

[0x00000000]> \ic~+nowsecure
org.nowsecure.cybertruck.MainActivity
org.nowsecure.cybertruck.keygenerators.a
org.nowsecure.cybertruck.a.a
org.nowsecure.cybertruck.keygenerators.Challenge1
org.nowsecure.cybertruck.MainActivity$1
org.nowsecure.cybertruck.MainActivity$2
org.nowsecure.cybertruck.MainActivity$3
[0x00000000]> \ic org.nowsecure.cybertruck.keygenerators.Challenge1
public boolean java.lang.Object.equals(java.lang.Object)
public final java.lang.Class java.lang.Object.getClass()
public int java.lang.Object.hashCode()
public final native void java.lang.Object.notify()
public final native void java.lang.Object.notifyAll()
public java.lang.String java.lang.Object.toString()
public final native void java.lang.Object.wait() throws java.lang.InterruptedException
public final void java.lang.Object.wait(long) throws java.lang.InterruptedException
public final native void java.lang.Object.wait(long,int) throws java.lang.InterruptedException
radare commented 5 years ago

Weird. But i think i reproduced this during the last training once on android only. Shouldnt be hard to fix unless its a bug in frida which i doubt

On 30 Aug 2019, at 02:40, Eduardo Novella notifications@github.com wrote:

Sample APK

https://github.com/nowsecure/cybertruckchallenge19/tree/master/apk

Missed methods

generateDynamicKey and generateKey Wondering if they cannot be seen as they're declared as protected

Decompiled code via JADX

package org.nowsecure.cybertruck.keygenerators;

import android.util.Log; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.DESKeySpec;

public class Challenge1 { private static final String TAG = "CyberTruckChallenge";

public Challenge1() {
    generateKey();
}

/* access modifiers changed from: protected */
public byte[] generateDynamicKey(byte[] bArr) {
    SecretKey generateSecret = SecretKeyFactory.getInstance("DES").generateSecret(new DESKeySpec("s3cr3t$_n3veR_mUst_bE_h4rdc0d3d_m4t3!".getBytes()));
    Cipher instance = Cipher.getInstance("DES");
    instance.init(1, generateSecret);
    return instance.doFinal(bArr);
}

/* access modifiers changed from: protected */
public void generateKey() {
    Log.d("CyberTruckChallenge", "KEYLESS CRYPTO [1] - Unlocking carID = 1");
    try {
        generateDynamicKey("CyB3r_tRucK_Ch4113ng3".getBytes());
    } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
        e.printStackTrace();
    }
}

} r2frida

[0x00000000]> \ic~+nowsecure org.nowsecure.cybertruck.MainActivity org.nowsecure.cybertruck.keygenerators.a org.nowsecure.cybertruck.a.a org.nowsecure.cybertruck.keygenerators.Challenge1 org.nowsecure.cybertruck.MainActivity$1 org.nowsecure.cybertruck.MainActivity$2 org.nowsecure.cybertruck.MainActivity$3 [0x00000000]> \ic org.nowsecure.cybertruck.keygenerators.Challenge1 public boolean java.lang.Object.equals(java.lang.Object) public final java.lang.Class java.lang.Object.getClass() public int java.lang.Object.hashCode() public final native void java.lang.Object.notify() public final native void java.lang.Object.notifyAll() public java.lang.String java.lang.Object.toString() public final native void java.lang.Object.wait() throws java.lang.InterruptedException public final void java.lang.Object.wait(long) throws java.lang.InterruptedException public final native void java.lang.Object.wait(long,int) throws java.lang.InterruptedException — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

trufae commented 4 years ago

Fixed with \icm (info-class-methods)