Skip to content

Instantly share code, notes, and snippets.

@owen800q

owen800q/openssl-frida.js

Forked from FrankSpierings/openssl-frida.js
Created September 22, 2022 14:23
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save owen800q/850b51c2bda8bceefcd644b669359b3b to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save owen800q/850b51c2bda8bceefcd644b669359b3b to your computer and use it in GitHub Desktop.
Download ZIP
Some OpenSSL hooks in Frida - Work in progress....
Raw
openssl-frida.js
function hooks() {
// (function() {
// var name = 'open';
// var address = Module.findExportByName('libc.so.6', name);
// if (address != null) {
// console.log('[!] Hooking: ' + name + ' @ 0x' + address.toString(16));
// Interceptor.attach(address, {
// onEnter: function(args) {
// this.path = args[0];
// this.path = Memory.readUtf8String(this.path);
// this.mode = args[1];
// console.log(name + '("' + this.path +'"' +", " + this.mode + ')');
// },
// });
// }
// })();
// (function() {
// var name = 'openat';
// var address = Module.findExportByName('libc.so.6', name);
// if (address != null) {
// console.log('[!] Hooking: ' + name + ' @ 0x' + address.toString(16));
// Interceptor.attach(address, {
// onEnter: function(args) {
// this.path = args[0];
// this.path = Memory.readUtf8String(this.path);
// this.mode = args[1];
// console.log(name + '("' + this.path +'"' +", " + this.mode + ')');
// },
// });
// }
// })();
// (function() {
// var name = 'read';
// var address = Module.findExportByName('libc.so.6', name);
// if (address != null) {
// console.log('[!] Hooking: ' + name + ' @ 0x' + address.toString(16));
// Interceptor.attach(address, {
// onEnter: function(args) {
// this.fd = args[0];
// this.data = args[1];
// this.count = args[2];
// },
// onLeave: function(result) {
// this.data = ptr(this.data);
// this.length = result.toInt32();
// console.log(name + '()');
// console.log('Length: ' + this.length);
// console.log(hexdump(this.data, {
// length: this.length,
// }));
// }
// });
// }
// })();
(function() {
var name = 'RSA_public_decrypt';
var address = Module.findExportByName(null, name);
if (address != null) {
console.log('[!] Hooking: ' + name + ' @ 0x' + address.toString(16));
Interceptor.attach(address, {
onEnter: function(args) {
this.length = args[0];
this.data = args[2];
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log('Length: ' + this.length);
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
}
})();
(function() {
var name = 'EVP_EncryptUpdate';
var address = Module.findExportByName(null, name);
if (address != null) {
console.log('[!] Hooking: ' + name + ' @ 0x' + address.toString(16));
Interceptor.attach(address, {
onEnter: function(args) {
this.length = args[4];
this.data = args[3];
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
}
})();
(function() {
var name = 'RSA_private_decrypt';
var address = Module.findExportByName(null, name);
if (address != null) {
console.log('[!] Hooking: ' + name + ' @ 0x' + address.toString(16));
Interceptor.attach(address, {
onEnter: function(args) {
this.length = args[0];
this.data = args[2];
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log('Length: ' + this.length);
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
}
})();
(function() {
var name = 'RSA_public_encrypt';
var address = Module.findExportByName(null, name);
if (address != null) {
console.log('[!] Hooking: ' + name + ' @ 0x' + address.toString(16));
Interceptor.attach(address, {
onEnter: function(args) {
this.length = args[0];
this.data = args[1];
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log('Length: ' + this.length);
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
}
})();
(function() {
var name = 'EVP_PKEY_encrypt';
var address = Module.findExportByName(null, name);
if (address != null) {
console.log('[!] Hooking: ' + name + ' @ 0x' + address.toString(16));
Interceptor.attach(address, {
onEnter: function(args) {
this.length = args[4];
this.data = args[3];
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log('Length: ' + this.length);
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
}
})();
(function() {
var name = 'EVP_PKEY_decrypt';
var address = Module.findExportByName(null, name);
if (address != null) {
console.log('[!] Hooking: ' + name + ' @ 0x' + address.toString(16));
Interceptor.attach(address, {
onEnter: function(args) {
this.length = args[2];
this.data = args[1];
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log('Length: ' + this.length);
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
}
})();
(function() {
var name = 'AES_cbc_encrypt';
var address = Module.findExportByName(null, name);
if (address != null) {
console.log('[!] Hooking: ' + name + ' @ 0x' + address.toString(16));
Interceptor.attach(address, {
onEnter: function(args) {
this.length = args[2];
this.enc = args[5];
if (this.enc == 0) {
//decrypt
this.data = args[1];
} else {
this.data = args[0];
}
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log('Length: ' + this.length);
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
}
})();
(function() {
var name = 'SSL_read';
var address = Module.findExportByName(null, name);
if (address != null) {
console.log('[!] Hooking: ' + name + ' @ 0x' + address.toString(16));
Interceptor.attach(address, {
onEnter: function(args) {
this.length = args[2];
this.data = args[1];
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log('Length: ' + this.length);
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
}
})();
(function() {
var name = 'SSL_write';
var address = Module.findExportByName(null, name);
if (address != null) {
console.log('[!] Hooking: ' + name + ' @ 0x' + address.toString(16));
Interceptor.attach(address, {
onEnter: function(args) {
this.length = args[2];
this.data = args[1];
},
onLeave: function(result) {
this.length = this.length.toInt32();
this.data = ptr(this.data);
console.log(name + '()');
console.log('Length: ' + this.length);
console.log(hexdump(this.data, {
length: this.length,
}));
}
});
}
})();
// (function() {
// // https://github.com/openssl/openssl/blob/master/crypto/aes/asm/aesni-x86_64.pl - 610
// var name = 'aesni_ecb_encrypt';
// var address = Module.findExportByName(null, name);
// if (address != null) {
// console.log('[!] Hooking: ' + name + ' @ 0x' + address.toString(16));
// Interceptor.attach(address, {
// onEnter: function(args) {
// this.length = args[2];
// this.enc = args[4];
// if (this.enc == 0) {
// //decrypt
// this.data = args[1];
// } else {
// this.data = args[0];
// }
// },
// onLeave: function(result) {
// this.length = this.length.toInt32();
// this.data = ptr(this.data);
// console.log(name + '()');
// console.log('Length: ' + this.length);
// console.log('Enc: ' + this.enc);
// console.log(hexdump(this.data, {
// length: this.length,
// }));
// }
// });
// }
// })();
}
hooks();
console.log('[+] Loaded');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment