add list pid checkbox, so it can attach to the process. update requirements.txt

Author: hackcatml

.gitignore

@@ -5,5 +5,6 @@ __pycache__
 .idea
 test
 ui_test.py
+ui_test.ui
 ui_win-test.py
 ui_win-test.ui

code.py

@@ -16,13 +16,15 @@
 class Instrument(QObject):
     messagesig = QtCore.pyqtSignal(str)
 
-    def __init__(self, script_text, isremote, remoteaddr, spawntargetid):
+    def __init__(self, script_text, isremote, remoteaddr, target, isspawn):
         super().__init__()
         self.name = None
         self.sessions = []
         self.script = None
         self.script_text = script_text
         self.device = None
+        self.isspawn = isspawn
+        self.attachtarget = None
         self.spawntarget = None
         self.remoteaddr = ''
         if isremote is True and remoteaddr != '':
@@ -33,8 +35,12 @@ def __init__(self, script_text, isremote, remoteaddr, spawntargetid):
         else:
             self.device = frida.get_usb_device(1)
 
-        if spawntargetid is not None:
-            self.spawntarget = spawntargetid
+        # spawn mode
+        if target is not None and isspawn:
+            self.spawntarget = target
+        # list pid mode
+        else:
+            self.attachtarget = target
 
     def __del__(self):
         for session in self.sessions:
@@ -44,14 +50,14 @@ def __del__(self):
     def on_message(self, message, data):
         # print(message)
         global MESSAGE
-        if 'payload' in message:
-            if message['payload'] is not None and 'scancompletedratio' in message['payload']:
+        if 'payload' in message and message['payload'] is not None:
+            if 'scancompletedratio' in message['payload']:
                 globvar.scanProgressRatio = floor(message['payload']['scancompletedratio'])
                 # print(globvar.scanProgressRatio)
-            if message['payload'] is not None and 'watchArgs' in message['payload']:
+            if 'watchArgs' in message['payload']:
                 self.messagesig.emit(message['payload']['watchArgs'])
                 return
-            if message['payload'] is not None and 'watchRegs' in message['payload']:
+            if 'watchRegs' in message['payload']:
                 self.messagesig.emit(message['payload']['watchRegs'])
                 return
             MESSAGE = message['payload']
@@ -67,20 +73,24 @@ def read_frida_js_source(self):
             return f.read()
 
     def instrument(self):
-        if self.spawntarget is None and self.device.get_frontmost_application() is None:
-            msg = "Launch the target app first"
-            return msg
+        if not any([self.spawntarget, self.attachtarget, self.device.get_frontmost_application()]):
+            return "Launch the target app first"
 
-        if self.spawntarget is not None:
-            pid = self.device.spawn([self.spawntarget])
+        if self.attachtarget:  # list pid mode
+            session = self.device.attach(self.attachtarget)
+            self.name = self.attachtarget
         else:
-            pid = self.device.get_frontmost_application().pid
-        session = self.device.attach(pid)
-        self.sessions.append(session)
-        # print("[hackcatml] fridaInstrument sessions: ", self.sessions)
-        if self.spawntarget is not None:
+            if self.spawntarget:  # spawn mode
+                pid = self.device.spawn([self.spawntarget])
+            else:  # attach frontmost application
+                pid = self.device.get_frontmost_application().pid
+
+            session = self.device.attach(pid)
             self.device.resume(pid)
-        self.name = self.device.get_frontmost_application().name
+            if self.device.get_frontmost_application():
+                self.name = self.device.get_frontmost_application().name
+
+        self.sessions.append(session)
         self.script = session.create_script(self.read_frida_js_source())
         self.script.on('message', self.on_message)
         self.script.load()

hexviewer.py

@@ -26,12 +26,13 @@ def setScrollBarPos(self, value):
 
     # wheelevent https://spec.tistory.com/449
     def wheelEvent(self, e: QtGui.QWheelEvent) -> None:
+        delta = e.angleDelta().y()
         # wheel down
-        if e.angleDelta().y() < 0:
-            globvar.currentFrameBlockNumber += -1 * e.angleDelta().y() / 120 * 4
+        if delta < 0:
+            globvar.currentFrameBlockNumber += -1 * delta / 120 * 4
         # wheel up
-        elif e.angleDelta().y() > 0 and globvar.currentFrameBlockNumber > 0:
-            globvar.currentFrameBlockNumber -= e.angleDelta().y() / 120 * 4
+        elif delta > 0 and globvar.currentFrameBlockNumber > 0:
+            globvar.currentFrameBlockNumber -= delta / 120 * 4
 
         tc = self.textCursor()
         tc.movePosition(QTextCursor.MoveOperation.Start, QTextCursor.MoveMode.MoveAnchor, 1)
@@ -40,7 +41,7 @@ def wheelEvent(self, e: QtGui.QWheelEvent) -> None:
 
         if tc.blockNumber() == 0 and re.search(r"\d+\. 0x[0-9a-f]+, module:", tc.block().text()) is None:
             self.hitcount += 1
-            if self.hitcount > 0:
+            if self.hitcount > 0 and delta > 0:
                 self.wheelupsig.emit(globvar.currentFrameStartAddress)
                 self.hitcount = 0
 
@@ -390,47 +391,21 @@ def contextMenuEvent(self, e: QtGui.QContextMenuEvent) -> None:
                 check_action.setDefaultWidget(on_leave_check)
                 menu.insertAction(select_all_action, check_action)
 
-            read_pointer_action = QAction("readPointer", self)
-            if match is not None:
-                read_pointer_action.setEnabled(True)
-                read_pointer_action.triggered.connect(self.read_pointer)
-                menu.insertAction(select_all_action, read_pointer_action)
-
-            read_utf8_action = QAction("readUtf8String", self)
-            if match is not None:
-                read_utf8_action.setEnabled(True)
-                read_utf8_action.triggered.connect(self.read_utf8_string)
-                menu.insertAction(select_all_action, read_utf8_action)
-
-            read_utf16_action = QAction("readUtf16String", self)
-            if match is not None:
-                read_utf16_action.setEnabled(True)
-                read_utf16_action.triggered.connect(self.read_utf16_string)
-                menu.insertAction(select_all_action, read_utf16_action)
-
-            read_float_action = QAction("readFloat", self)
-            if match is not None:
-                read_float_action.setEnabled(True)
-                read_float_action.triggered.connect(self.read_float)
-                menu.insertAction(select_all_action, read_float_action)
-
-            read_double_action = QAction("readDouble", self)
-            if match is not None:
-                read_double_action.setEnabled(True)
-                read_double_action.triggered.connect(self.read_double)
-                menu.insertAction(select_all_action, read_double_action)
-
-            read_bytearray_action = QAction("readByteArray", self)
-            if match is not None:
-                read_bytearray_action.setEnabled(True)
-                read_bytearray_action.triggered.connect(self.read_bytearray)
-                menu.insertAction(select_all_action, read_bytearray_action)
-
-            read_reset_action = QAction("reset", self)
-            if match is not None:
-                read_reset_action.setEnabled(True)
-                read_reset_action.triggered.connect(self.reset)
-                menu.insertAction(select_all_action, read_reset_action)
+                actions = [
+                    ("readPointer", self.read_pointer),
+                    ("readUtf8String", self.read_utf8_string),
+                    ("readUtf16String", self.read_utf16_string),
+                    ("readFloat", self.read_float),
+                    ("readDouble", self.read_double),
+                    ("readByteArray", self.read_bytearray),
+                    ("reset", self.reset)
+                ]
+
+                for text, method in actions:
+                    action = QAction(text, self)
+                    action.setEnabled(True)
+                    action.triggered.connect(method)
+                    menu.insertAction(select_all_action, action)
 
             # Show the context menu.
             menu.exec(e.globalPos())

main.py

@@ -190,7 +190,10 @@ def __init__(self):
         self.arrangedresult = None
         self.arrangedresult2 = None
         self.platform = None
-        self.spawntargetid = None
+        self.islistpidchecked = False
+        self.attachtargetname = None    # name to attach. need to provide on the AppList widget
+        self.attachedname = None    # main module name after frida attached successfully
+        self.spawntargetid = None   # target identifier to do frida spawn. need to provide on the AppList widget
         self.remoteaddr = ''
 
         self.attachBtn.clicked.connect(self.attach_frida)
@@ -210,6 +213,7 @@ def __init__(self):
         self.memReplaceBtn.clicked.connect(self.mem_search_replace_func)
         self.memSearchTargetImgCheckBox.stateChanged.connect(self.mem_search_with_img_checkbox)
         self.memScanPatternTypeCheckBox.stateChanged.connect(self.mem_scan_pattern_checkbox)
+        self.listPIDCheckBox.stateChanged.connect(self.list_pid)
         self.attachTypeCheckBox.stateChanged.connect(self.remote_attach)
         self.spawnModeCheckBox.stateChanged.connect(self.spawn_mode)
         self.memSearchReplaceCheckBox.stateChanged.connect(self.mem_search_replace_checkbox)
@@ -256,17 +260,22 @@ def searchresultaddrsig_func(self, searchresultaddrsig: str):
         self.addr_btn_func()
 
     @pyqtSlot(str)
-    def spawntargetsig_func(self, spawntargetidsig: str):
-        self.spawntargetid = spawntargetidsig
+    def targetsig_func(self, targetsig: str):
+        if self.isspawnchecked:
+            self.spawntargetid = targetsig
+        else:
+            self.attachtargetname = targetsig
         if self.isremoteattachchecked is True:
             if re.search(r"^\d+\.\d+\.\d+\.\d+:\d+$", self.spawndialog.spawnui.remoteAddrInput.text()) is None:
                 QMessageBox.information(self, "info", "Enter IP:PORT")
                 self.spawntargetid = None
+                self.attachtargetname = None
                 return
             self.remoteaddr = self.spawndialog.spawnui.remoteAddrInput.text()
         self.attach_frida()
         self.spawndialog = None
         self.spawntargetid = None
+        self.attachtargetname = None
         self.remoteaddr = ''
 
     @pyqtSlot(str)
@@ -290,17 +299,14 @@ def adjust_label_pos(self):
         else:
             self.label_3.setIndent(28 - (77 - text_length) * 7)
 
+    def list_pid(self, state):
+        self.islistpidchecked = state == Qt.CheckState.Checked.value
+
     def remote_attach(self, state):
-        if state == Qt.CheckState.Checked.value:
-            self.isremoteattachchecked = True
-        else:
-            self.isremoteattachchecked = False
+        self.isremoteattachchecked = state == Qt.CheckState.Checked.value
 
     def spawn_mode(self, state):
-        if state == Qt.CheckState.Checked.value:
-            self.isspawnchecked = True
-        else:
-            self.isspawnchecked = False
+        self.isspawnchecked = state == Qt.CheckState.Checked.value
 
     def attach_frida(self):
         if globvar.isFridaAttached is True:
@@ -314,10 +320,18 @@ def attach_frida(self):
             return
 
         try:
-            if self.isspawnchecked and self.spawntargetid is None:
+            if (self.islistpidchecked and not self.isspawnchecked and self.attachtargetname is None) or \
+                    (self.isspawnchecked and self.spawntargetid is None):
                 self.spawndialog = spawn.SpawnDialogClass() if (
                         platform.system() == 'Darwin') else spawn_win.SpawnDialogClass()
-                self.spawndialog.spawntargetidsig.connect(self.spawntargetsig_func)
+                if self.islistpidchecked and not self.isspawnchecked:
+                    self.spawndialog.ispidlistchecked = True
+                    self.spawndialog.spawnui.spawnTargetIdInput.setPlaceholderText("AppStore")
+                    self.spawndialog.spawnui.appListLabel.setText("PID           Name")
+                    self.spawndialog.spawnui.spawnBtn.setText("Attach")
+                    self.spawndialog.attachtargetnamesig.connect(self.targetsig_func)
+
+                self.spawndialog.spawntargetidsig.connect(self.targetsig_func)
 
                 if self.isremoteattachchecked is False:
                     self.spawndialog.spawnui.remoteAddrInput.setEnabled(False)
@@ -332,7 +346,8 @@ def attach_frida(self):
                     return
 
             globvar.fridaInstrument = code.Instrument("scripts/default.js", self.isremoteattachchecked, self.remoteaddr,
-                                                      self.spawntargetid)
+                                                      self.attachtargetname if (self.islistpidchecked and not self.isspawnchecked) else self.spawntargetid,
+                                                      self.isspawnchecked)
             msg = globvar.fridaInstrument.instrument()
             self.remoteaddr = ''
         except Exception as e:
@@ -348,6 +363,7 @@ def attach_frida(self):
 
         self.platform = globvar.fridaInstrument.platform()
         name = globvar.fridaInstrument.list_modules()[0]['name']
+        self.attachedname = name
         self.set_status(name)
 
     def detach_frida(self):
@@ -889,36 +905,23 @@ def search_mem_search_result(self):
             self.memSearchFoundCount.setText(str(len(searchresult)) + ' found')
 
     def mem_search_with_img_checkbox(self, state):
-        if state == Qt.CheckState.Checked.value:
-            self.ismemsearchwithimgchecked = True
-            self.memSearchTargetImgInput.setEnabled(True)
-        else:
-            self.ismemsearchwithimgchecked = False
-            self.memSearchTargetImgInput.setEnabled(False)
+        isChecked = state == Qt.CheckState.Checked.value
+        self.ismemsearchwithimgchecked = isChecked
+        self.memSearchTargetImgInput.setEnabled(isChecked)
 
     def mem_scan_pattern_checkbox(self, state):
-        if state == Qt.CheckState.Checked.value:
-            self.ismemscanstrchecked = True
-        else:
-            self.ismemscanstrchecked = False
+        self.ismemscanstrchecked = state == Qt.CheckState.Checked.value
 
     def mem_search_replace_checkbox(self, state):
-        if state == Qt.CheckState.Checked.value:
-            self.memReplaceBtn.setEnabled(True)
-            self.memReplacePattern.setEnabled(True)
-            self.ismemsearchreplacechecked = True
-        else:
-            self.memReplaceBtn.setEnabled(False)
-            self.memReplacePattern.setEnabled(False)
-            self.ismemsearchreplacechecked = False
+        isChecked = state == Qt.CheckState.Checked.value
+        self.memReplaceBtn.setEnabled(isChecked)
+        self.memReplacePattern.setEnabled(isChecked)
+        self.ismemsearchreplacechecked = isChecked
 
     def il2cpp_checkbox(self, state):
-        if state == Qt.CheckState.Checked.value:
-            self.isil2cppchecked = True
-            self.memDumpModuleName.setEnabled(False)
-        else:
-            self.isil2cppchecked = False
-            self.memDumpModuleName.setEnabled(True)
+        isChecked = state == Qt.CheckState.Checked.value
+        self.isil2cppchecked = isChecked
+        self.memDumpModuleName.setEnabled(not isChecked)
 
     def dump_module(self):
         # il2cpp dump
@@ -938,7 +941,7 @@ def dump_module(self):
             # print("[hackcatml] il2cppFridaInstrument: ", self.il2cppFridaInstrument)
             if self.il2cppFridaInstrument is None or len(self.il2cppFridaInstrument.sessions) == 0:
                 self.il2cppFridaInstrument = code.Instrument("scripts/il2cppdump.js", self.isremoteattachchecked,
-                                                             globvar.fridaInstrument.remoteaddr, None)
+                                                             globvar.fridaInstrument.remoteaddr, self.attachedname, False)
                 msg = self.il2cppFridaInstrument.instrument()
                 if msg is not None:
                     QMessageBox.information(self, "info", msg)

requirements.txt

@@ -1,7 +1,7 @@
 attrs==22.2.0
 certifi==2023.5.7
 charset-normalizer==2.1.1
-frida==16.0.8
+frida==16.1.1
 frozenlist==1.3.3
 idna==3.4
 multidict==6.0.4