Upload source

README.md

@@ -0,0 +1,39 @@
+# Magisk frida inject
+
+Magisk module installing frida-inject with optional functionality to auto inject scripts at app startup
+
+
+## Building
+
+### Requirements
+
+- android-ndk
+- wget
+- xz-utils
+
+### Build
+
+- Run action or ./build.sh script.
+
+## Installation
+
+### Requirements
+
+- [magisk-frida](https://github.com/ViRb3/magisk-frida) - Optional, but required if you don't want to push and run frida-server from adb every time.
+
+### From GITHUB
+
+- Download latest release: https://github.com/nitanmarcel/magisk-frida-inject/releases
+
+### Usage
+
+- `frida-inject ...` - see `frida-inject --help` for all available options.
+
+- To automatically inject scripts at app startup, place the js file in `/data/misc/user/0/frida-inject/`  as `package.name.js` (replace the package.name with the package name of the target application)
+
+
+## Credits
+
+- Frida - for frida inject
+- HuskyDG - for this module's template
+- https://gist.github.com/vvb2060/a3d40084cd9273b65a15f8a351b4eb0e#file-am_proc_start-cpp

build.sh

@@ -2,6 +2,16 @@
 
 set -euo pipefail
 
+declare -a commands=("wget" "xz")
+
+for command in "${commands[@]}"; do
+    if ! command -v $command &> /dev/null
+    then
+        echo "$command could not be found. Please install it."
+        exit
+    fi
+done
+
 build_mode="${1:-release}"
 
 cd "$(dirname "$0")"
@@ -19,4 +29,17 @@ rm -rf out
 mkdir -p out
 cp -af magisk-module out
 mv -fT native/libs out/magisk-module/libs
-zip -r9 out/magisk-module-release.zip out/magisk-module
+
+FRIDA_VERSION="16.1.2"
+TEMP_DIR=$(mktemp -d)
+OUT_DIR="out/magisk-module/libs"
+
+declare -A arch_dirs=(["arm"]="armeabi-v7a" ["arm64"]="arm64-v8a" ["x86"]="x86" ["x86_64"]="x86_64")
+
+for arch in "${!arch_dirs[@]}"; do
+    wget -P "${TEMP_DIR}" "https://github.com/frida/frida/releases/download/$FRIDA_VERSION/frida-inject-$FRIDA_VERSION-android-$arch.xz"
+    xz -d "${TEMP_DIR}/frida-inject-$FRIDA_VERSION-android-$arch.xz"
+    mv "${TEMP_DIR}/frida-inject-$FRIDA_VERSION-android-$arch" "${OUT_DIR}/${arch_dirs[$arch]}/frida-inject"
+done
+
+# zip -r9 out/magisk-module-release.zip out/magisk-module

magisk-module/module.prop

@@ -1,6 +1,6 @@
-id=example_module
-name=Example module
-author=HuskyDG
+id=magisk-frida-inject
+name=Magisk Frida Inject
+author=nitanmarcel
 version=1.0
 versionCode=1
-description=module that add some stuff
+description=Magisk module installing frida-inject with optional functionality to auto inject scripts at app startup

magisk-module/service.sh

@@ -0,0 +1,3 @@
+MODDIR="${0%/*}"
+
+unshare "$MODDIR/system/bin/frida-inject-service"

native/jni/Android.mk

@@ -1,8 +1,8 @@
 LOCAL_PATH := $(call my-dir)
 
 include $(CLEAR_VARS)
-LOCAL_MODULE := example
-LOCAL_SRC_FILES := example.cpp
+LOCAL_MODULE := frida-inject-service
+LOCAL_SRC_FILES := main.cpp
 LOCAL_STATIC_LIBRARIES := libcxx
 LOCAL_LDLIBS := -llog
 include $(BUILD_EXECUTABLE)

native/jni/main.cpp

@@ -0,0 +1,137 @@
+#include <unistd.h>
+#include <fstream>
+#include <string>
+#include <cinttypes>
+#include <android/log.h>
+#include <sys/system_properties.h>
+
+#include <android/log.h>
+
+using namespace std;
+
+#define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, "MagiskFridaInject", __VA_ARGS__)
+
+
+
+
+extern "C" {
+
+struct logger_entry {
+    uint16_t len;      /* length of the payload */
+    uint16_t hdr_size; /* sizeof(struct logger_entry) */
+    int32_t pid;       /* generating process's pid */
+    uint32_t tid;      /* generating process's tid */
+    uint32_t sec;      /* seconds since Epoch */
+    uint32_t nsec;     /* nanoseconds */
+    uint32_t lid;      /* log id of the payload, bottom 4 bits currently */
+    uint32_t uid;      /* generating process's uid */
+};
+
+#define LOGGER_ENTRY_MAX_LEN (5 * 1024)
+struct log_msg {
+    union [[gnu::aligned(4)]] {
+        unsigned char buf[LOGGER_ENTRY_MAX_LEN + 1];
+        struct logger_entry entry;
+    };
+};
+
+[[gnu::weak]] struct logger_list *android_logger_list_alloc(int mode, unsigned int tail, pid_t pid);
+[[gnu::weak]] void android_logger_list_free(struct logger_list *list);
+[[gnu::weak]] int android_logger_list_read(struct logger_list *list, struct log_msg *log_msg);
+[[gnu::weak]] struct logger *android_logger_open(struct logger_list *list, log_id_t id);
+
+typedef struct [[gnu::packed]] {
+    int32_t tag;  // Little Endian Order
+} android_event_header_t;
+
+typedef struct [[gnu::packed]] {
+    int8_t type;   // EVENT_TYPE_INT
+    int32_t data;  // Little Endian Order
+} android_event_int_t;
+
+typedef struct [[gnu::packed]] {
+    int8_t type;     // EVENT_TYPE_STRING;
+    int32_t length;  // Little Endian Order
+    char data[];
+} android_event_string_t;
+
+typedef struct [[gnu::packed]] {
+    int8_t type;  // EVENT_TYPE_LIST
+    int8_t element_count;
+} android_event_list_t;
+
+// 30014 am_proc_start (User|1|5),(PID|1|5),(UID|1|5),(Process Name|3),(Type|3),(Component|3)
+typedef struct [[gnu::packed]] {
+    android_event_header_t tag;
+    android_event_list_t list;
+    android_event_int_t user;
+    android_event_int_t pid;
+    android_event_int_t uid;
+    android_event_string_t process_name;
+//  android_event_string_t type;
+//  android_event_string_t component;
+} android_event_am_proc_start;
+
+}
+
+void ProcessBuffer(struct logger_entry *buf) {
+    auto *eventData = reinterpret_cast<const unsigned char *>(buf) + buf->hdr_size;
+    auto *event_header = reinterpret_cast<const android_event_header_t *>(eventData);
+    if (event_header->tag != 30014) return;
+    auto *am_proc_start = reinterpret_cast<const android_event_am_proc_start *>(eventData);
+
+    char process_name[4098];
+    snprintf(process_name, sizeof(process_name), "%.*s", am_proc_start->process_name.length, am_proc_start->process_name.data);
+
+    std::string jsfile_path = "/data/misc/user/0/frida-inject/" + std::string(process_name) + ".js";
+
+    std::ifstream jsfile(jsfile_path.c_str());
+
+    if (jsfile.is_open())
+    {
+        jsfile.close();
+
+        pid_t pid = am_proc_start->pid.data;
+        std::string pid_str = std::to_string(pid);
+
+        std::string command = "/system/bin/frida-inject -p " + pid_str + " -s " + jsfile_path + " -R v8 -e";
+        system(command.c_str());
+    }
+
+		LOGD("Loaded %s", jsfile_path.c_str());
+}
+
+[[noreturn]] void Run() {
+    while (true) {
+        bool first;
+        __system_property_set("persist.log.tag", "");
+
+        unique_ptr<logger_list, decltype(&android_logger_list_free)> logger_list{
+            android_logger_list_alloc(0, 1, 0), &android_logger_list_free};
+        auto *logger = android_logger_open(logger_list.get(), LOG_ID_EVENTS);
+        if (logger != nullptr) [[likely]] {
+            first = true;
+        } else {
+            continue;
+        }
+
+        struct log_msg msg{};
+        while (true) {
+            if (android_logger_list_read(logger_list.get(), &msg) <= 0) [[unlikely]] {
+                break;
+            }
+            if (first) [[unlikely]] {
+                first = false;
+                continue;
+            }
+
+            ProcessBuffer(&msg.entry);
+        }
+
+        sleep(1);
+    }
+}
+
+int main(int argc, char *argv[]) {
+    Run();
+}