Bump to v1.4 (#50)

* update for option bypass-ssl

* refactor code

* update new script for intercept crypto

* update .gitignore

* add new script for crypto

* add new option --proxy and fix bug

* update README & CHANGELOG

* update to version 1.4

* update requirements

* update requirements

---------

Co-authored-by: Lê Thành Phúc <>

Author: noobpk

.gitignore

@@ -127,3 +127,6 @@ dmypy.json
 
 # Pyre type checker
 .pyre/
+py-env/
+frida_server_tmp/
+tmp/

CHANGELOG.md

@@ -1,5 +1,17 @@
 # Frida Android Hook ChangeLog
 
+## [Release 1.4] - 2024-09-05
+
+### Added
+- Add new frida scripts
+- Add option --proxy
+### Changed
+- Update readme, changelog
+- Update frida-script
+- Update hook.py
+### Fixed
+- Fix bug
+
 ## [Release 1.3] - 2022-06-21
 
 ### Added

README.md

@@ -22,6 +22,7 @@
 | ------------- | ---------| ----------------- |
 |  8.0 - Api 26 | 14.2.13  | :white_check_mark:|
 |  8.0 - Api 26 | 15.0.18  | :white_check_mark:|
+|  13.0 - Api 33 | 16.4.9  | :white_check_mark:|
 
 ## Feature
 
@@ -52,26 +53,26 @@ Support both spawn & attach script to process.
 	--list-scripts      List All Scripts
 	--logcat            Show system log of device
 	--shell             Get the shell of connect device
+	--proxy             Config global proxy ::3128 and reverse tcp 3128:8080
 
 	[*] Quick method:
 
 	-m(--method)    Support commonly used methods
-				app-static(-n)
-				bypass-jb(-p)
+				bypass-root(-p)
 				bypass-ssl(-p)
-				i-url-req(-p)
-				i-crypto(-n)
+				i-nw-req(-p)
+				i-crypto(-p)
 ```
 
 ## ChangeLog
 
-Version: 1.3
+Version: 1.4
 ```
 	[+] Add:
 	
-		[-] Add setup.py for build executable
+		[-] Add new frida scrips
 				
-		[-] Add suggestion script for option `-s (--script)`
+		[-] Add option `--proxy` for config global proxy on device
 		
 		
 	[+] Change:
@@ -84,7 +85,7 @@ Version: 1.3
 	
 	[+] Fix
 		
-		[-] Fix syntax in hook.json
+		[-] Fix bug
 
 ```
 [See Full ChangeLog](https://github.com/noobpk/frida-android-hook/blob/master/CHANGELOG.md)

frida-android-hook/androidhook

@@ -8,9 +8,9 @@ from shutil import which
 
 try:
     if(which('python3') is not None):
-        command = shlex.split("python3 " +"core/hook.py")
+        command = shlex.split("python3 " + "core/hook.py")
     else:
-        command = shlex.split("python " +"core/hook.py")
+        command = shlex.split("python " + "core/hook.py")
 
     command.extend(sys.argv[1:])
     subprocess.call(command, cwd=os.path.dirname(__file__))

frida-android-hook/core/hook.json

@@ -1,6 +1,6 @@
 {
     "name": "frida-android-hook",
-    "version": "1.3",
+    "version": "1.4",
     "cliVersion": "1.0",
     "author": "noobpk",
     "license": "LICENSE",

frida-android-hook/core/hook.py

@@ -7,7 +7,6 @@
 import re
 import fnmatch
 import shlex
-import subprocess
 
 from utils.listapp import *
 from utils.checkversion import *
@@ -46,15 +45,32 @@ def start_frida_server(param_1):
 
 def stop_frida_server(param):
     fs = "/data/local/tmp/frida-server*"
-    isProc = os.popen('adb shell ps |' + param).read()
-    if (isProc):
-        logger.info("[*] Found Process Frida Server:" + isProc)
+    
+    # Check if the Frida server process is running
+    isProc = subprocess.getoutput(f'adb shell ps | {param}')
+    
+    if isProc:
+        logger.info("[*] Found Process Frida Server: " + isProc)
         logger.info("[*] Stop Frida Server...")
-        os.system('adb shell ' + 'su -c ' + 'pkill -f ' + fs)
+
+        # Try to stop the Frida server with su privilege
+        result = subprocess.run(f'adb shell su -c "pkill -f {fs}"', shell=True)
+        
+        # Check if the su command was successful
+        if result.returncode != 0:
+            logger.error("[!] Failed to stop Frida Server with su -c")
+            # Retry without su
+            logger.info("[*] Try to stop Frida Server withou su...")
+            result = subprocess.run(f'adb shell pkill -f {fs}', shell=True)
+            
+            if result.returncode != 0:
+                logger.error("[!] Failed to stop Frida Server")
+                return
+        
         time.sleep(2)
         logger.info("[*] Stop Frida Server Success!!")
     else:
-        logger.warning("[!] Frida Server Not Start")
+        logger.warning("[!] Frida Server Not Started")
 
 def check_frida_server_run(param):
     isProc = os.popen('adb shell ps |' + param).read()
@@ -127,6 +143,7 @@ def main():
                         action="store_true", help="List All Scripts", dest="listscripts")
         info.add_option("--logcat", action="store_true", help="Show system log of device", dest="logcat")
         info.add_option("--shell", action="store_true", help="Get the shell of connect device", dest="shell")
+        info.add_option("--proxy", action="store_true", help="Config global proxy ::3128 and reverse tcp 3128:8080", dest="proxy")
 
         parser.add_option_group(info)
         parser.add_option_group(quick)
@@ -158,9 +175,9 @@ def main():
                             if re.search(description_pattern, line):
                                 description = re.sub(r'\n', '', line[16:])
                             if re.search(mode_pattern, line):
-                                mode = re.sub('\s+', '', line[9:])
+                                mode = re.sub(r'\s+', '', line[9:])
                             if re.search(version_pattern, line):
-                                version = re.sub('\s+', '', line[12:])  
+                                version = re.sub(r'\s+', '', line[12:])  
                         print('|%d|%s|%s|%s|%s|' % (i, mode, file_name, description, version))
             else:
                 logger.error('[?] Path frida-script not exists!')
@@ -203,7 +220,7 @@ def main():
                 if (findingScript == False):
                     logger.error('[x_x] No matching suggestions!')
                     sys.exit(0)
-                logger.info('[*] iOSHook suggestion use '+findingScript)
+                logger.info('[*] androidhook suggestion use '+findingScript)
                 answer = input('[?] Do you want continue? (y/n): ') or "y"
                 if answer == "y": 
                     options.script =  APP_FRIDA_SCRIPTS + findingScript
@@ -232,7 +249,7 @@ def main():
                 if (findingScript == False):
                     logger.error('[x_x] No matching suggestions!')
                     sys.exit(0)
-                logger.info('[*] iOSHook suggestion use '+findingScript)
+                logger.info('[*] androidhook suggestion use '+findingScript)
                 answer = input('[?] Do you want continue? (y/n): ') or "y"
                 if answer == "y": 
                     options.script =  APP_FRIDA_SCRIPTS + findingScript
@@ -281,10 +298,12 @@ def main():
                 logger.info('[*] Spawning: ' + options.package)
                 logger.info('[*] Script: ' + method)
                 time.sleep(2)
-                process = frida.get_usb_device().attach(options.package)
-                method = open(method, 'r')
-                script = process.create_script(method.read())
+                pid = frida.get_usb_device().spawn(options.package)
+                session = frida.get_usb_device().attach(pid)
+                hook = open(method, 'r')
+                script = session.create_script(hook.read())
                 script.load()
+                frida.get_usb_device().resume(pid)
                 sys.stdin.read()
             else:
                 logger.error('[x_x] Script for method not found!')
@@ -296,7 +315,6 @@ def main():
                 logger.info('[*] Intercept NetWork Request: ')
                 logger.info('[*] Attaching: ' + options.name)
                 logger.info('[*] Script: ' + method)
-                time.sleep(2)
                 process = frida.get_usb_device().attach(options.name)
                 method = open(method, 'r')
                 script = process.create_script(method.read())
@@ -308,13 +326,18 @@ def main():
         #Intercept Crypto Operations
         elif options.package and options.method == "i-crypto":
             method = APP_METHODS['Intercept Crypto Operations']
-            check_frida_server_run()
             if os.path.isfile(method):
                 logger.info('[*] Intercept Crypto Operations: ')
                 logger.info('[*] Spawning: ' + options.package)
                 logger.info('[*] Script: ' + method)
-                os.system('frida -U -f '+ options.package + ' -l ' + method + ' --no-pause')
-                #sys.stdin.read()
+                time.sleep(2)
+                pid = frida.get_usb_device().spawn(options.package)
+                session = frida.get_usb_device().attach(pid)
+                hook = open(method, 'r')
+                script = session.create_script(hook.read())
+                script.load()
+                frida.get_usb_device().resume(pid)
+                sys.stdin.read()
             else:
                 logger.error('[x_x] Script for method not found!')
 
@@ -323,7 +346,7 @@ def main():
             logger.info('[*] Checking for updates...')
             is_newest = check_version(speak=True)
             # if not is_newest:
-            #     logger.info('[*] There is an update available for iOS hook')
+            #     logger.info('[*] There is an update available for androidhook')
 
         #update newversion
         elif options.update:
@@ -336,23 +359,37 @@ def main():
         elif options.package and options.dumpmemory:
             dump_memory(options.dumpmemory, options.package)
 
-        #ios system log
+        #android system log
         elif options.logcat:
             cmd = shlex.split('adb logcat')
             subprocess.call(cmd)
             sys.exit(0)
 
-        #ios get the shell
+        #android get the shell
         elif options.shell:
             cmd = shlex.split('adb shell')
             subprocess.call(cmd)
             sys.exit(0)
 
-        #ioshook cli
+        #androidhook cli
         elif options.cli:
             logger.info("Welcome to AndroidHook CLI! Type ? to list commands")
             AndroidHook_CLI().cmdloop()
 
+        #androidhook proxy
+        elif options.proxy:
+            cmd1 = shlex.split('adb shell settings put global http_proxy 127.0.0.1:3128')
+            cmd2 = shlex.split('adb reverse tcp:3128 tcp:8080')
+
+            logger.info("[*] Config device global proxy to ::3128")
+            subprocess.call(cmd1)
+
+            logger.info("[*] Config reverse tcp from device to machine 3128:8080")
+            subprocess.call(cmd2)
+
+            logger.info("[*] Config success - Using proxy 127.0.0.1:8080")
+            sys.exit(0)
+
         else:
             logger.warning("[!] Specify the options. use (-h) for more help!")
             # sys.exit(0)