strwrt
4 views
be843406...
Description
A script that writes strings generated at runtime to the terminal, along with the class from which they are called. It can help identify cryptographic keys and analyze meaningful data within obfusticated code.
How to Use
Download the script and run it with Frida CLI:
Download ScriptThen run with Frida:
frida -U -f YOUR_PACKAGE_NAME -l strwrt.js
Replace YOUR_PACKAGE_NAME with the target app's package name.
Source Code
JavaScript
Java.perform(function() {
var seenClasses = new Set();
console.log("Waiting for classes to load...");
setTimeout(function() {
try {
var classes = Java.enumerateLoadedClassesSync();
classes.forEach(function(className) {
if (className === 'java.lang.String') {
try {
var StringClass = Java.use(className);
StringClass.$init.overload('java.lang.String').implementation = function(value) {
var stackTrace = Java.use('java.lang.Thread').currentThread().getStackTrace();
for (var i = stackTrace.length - 1; i >= 0; i--) {
var callingClass = stackTrace[i].getClassName();
if (!seenClasses.has(callingClass)) {
seenClasses.add(callingClass);
console.log("[String] Created: " + value + " from class: " + callingClass);
break;
}
}
return this.$init(value);
};
StringClass.toString.implementation = function() {
var result = this.toString();
if (result !== "") {
var stackTrace = Java.use('java.lang.Thread').currentThread().getStackTrace();
for (var i = stackTrace.length - 1; i >= 0; i--) {
var callingClass = stackTrace[i].getClassName();
if (!seenClasses.has(callingClass)) {
seenClasses.add(callingClass);
if (result !== "$" && result.trim() !== "")
console.log("[String] VALUE: " + result + " from class: " + callingClass);
break;
}
}
}
return result;
};
} catch (e) {
console.log("Error with StringClass: " + e.message);
}
}
});
} catch (e) {
console.log("Error in enumerating classes: " + e.message);
}
}, 2000);
});
Comments