+Fermion-v15

Author: FuzzySecurity

CHANGELOG.txt

@@ -74,4 +74,12 @@
 * Build updated/tested for Electron v11
 * Updated language bindings
 * Compatibility changes for upcoming electron contextIsolation default behavior in v12
-* Compiled package support for OSX dropped, I need to boot an old laptop every time I make a release and it's PITA.
+* Compiled package support for OSX dropped, I need to boot an old laptop every time I make a release and it's PITA.
+
+-= Fermion v1.5 =-
+
+* Added device selection context menu, including remote socket support.
+* Added JS trap for ctrl/command-t to refresh the Frida script in the target. It is now practical to collapse side-bar and work on your code.
+* Added "GC" on the textarea. It was always a problem that high volume hooks could tank Fermion if the textarea grew too large. Fermion now limits the line count to 5000 and will delete old entries as new ones come in.
+* Changed color for the text area. I think eventually a full UI re-design will probably be in order (v2 maybe).
+* Added example: malloc

Examples/malloc.js

@@ -0,0 +1,22 @@
+//--------//
+// Malloc //
+//--------//
+
+var pMalloc = Module.findExportByName(null, "malloc");
+
+Interceptor.attach(pMalloc, {
+    onEnter: function (args) {
+        send("\n[+] Called malloc");
+        send("    |_ Len     : " + args[0]);
+        this.mallocLen = args[0];
+    },
+
+    onLeave: function (retval) {
+        if (retval.toInt32() != 0) {
+            send("    |_ Success : true");
+            send("    |_ Dump    : \n" + hexdump(retval, {length:parseInt(this.mallocLen)}));
+        } else {
+            send("    |_ Success : false");
+        }
+    }
+});

Fermion/assets/css/frida.css

@@ -438,7 +438,7 @@ textarea#FridaOut {
     font-family: monospace;
     font-size: 0.9em;
     line-height: 1.7em;
-    background-color: #2f3542;
+    background-color: #422f2f;
 }
 
 .btn-level {

Fermion/assets/img/device.png

@@ -56,5 +56,6 @@ app.on('activate', () => {
   }
 })
 
-// In this file you can include the rest of your app's specific main process
-// code. You can also put them in separate files and require them here.
+// Add listener for device selector
+const ipc = require('electron').ipcMain;
+ipc.on('device-selector', (event, message) => bWin.webContents.send('device-selector', message));

Fermion/assets/img/version.png

@@ -1,6 +1,6 @@
 {
   "name": "fermion",
-  "version": "1.4.0",
+  "version": "1.5.0",
   "description": "Fermion is a stand-alone Frida electron tool.",
   "main": "core.js",
   "scripts": {

Fermion/core.js

@@ -0,0 +1,115 @@
+<html>
+
+<head>
+	<style>
+		body {
+			background-color: #ff4757 !important;
+			-webkit-app-region:drag;
+		}
+	</style>
+	<link rel="stylesheet" href="../assets/css/bootstrap.css">
+	<link rel="stylesheet" href="../assets/css/frida.css">
+	<script defer src="../assets/js/solid.js"></script>
+	<script defer src="../assets/js/fontawesome.js"></script>
+</head>
+
+<body>
+	<div class="container-fluid">
+		<div class="row"
+			style="text-align:right;display:block;padding-right:5px;padding-top:5px">
+			<a id="CloseDevice" href="#">
+				<img src="../assets/img/x.png" height="10%" width="7%" style="-webkit-app-region: no-drag;">
+			</a>
+			<img src="../assets/img/device.png" height="18%" width="35%" style="-webkit-app-region:drag;float: left;display:block;padding-left:5px;">
+		</div>
+		<div class="form-check">
+			<br /><br />
+			<input class="form-check-input" type="radio" name="selectRadios" id="selectRadios1" value="option1" style="-webkit-app-region: no-drag;" checked>
+			<label class="form-check-label" for="flexCheckChecked">Auto-Detect (Local / USB / Mobile)</label>
+			<select type="deviceName" class="form-control" id="deviceName" style="-webkit-app-region: no-drag;">
+				<option>local</option>
+			</select><br />
+		  </div>
+		  <div class="form-check">
+			<input class="form-check-input" type="radio" name="selectRadios" id="selectRadios2" value="option2" style="-webkit-app-region: no-drag;">
+			<label class="form-check-label">Remote Socket</label>
+			<div class="input-group mb-3" style="-webkit-app-region: no-drag;">
+				<input type="text" class="form-control" placeholder="IP" aria-label="IP" style="width: 45%;" id="inputIP">
+				<span class="input-group-text" style="-webkit-app-region: drag;">:</span>
+				<input type="text" class="form-control" placeholder="Port" aria-label="Port" id="inputPort">
+			  </div>
+		  </div>
+
+		  <button type="button" id="FridaUpdateDevice" class="btn btn-goon btn-sm btn-block btn-space" style="-webkit-app-region: no-drag; margin-top:30px;">Ok</button>
+	</div>
+
+	<script type="text/javascript">
+		const frida = require('frida');
+		// Overwrite default node.js prop to get Jquery working
+		window.$ = window.jQuery = require('jquery');
+
+		// Update dropdown
+		async function updateDeviceList() {
+			// Get dropdown array
+			var dn = document.getElementById("deviceName");
+			var currentDevice = dn.options[deviceName.selectedIndex].value;
+			var dnArr = Array.from(dn.options).map(elem => elem.text);
+
+			// Get device array
+			var dm = frida.getDeviceManager();
+			var dev = await dm.enumerateDevices();
+			var devArr = dev.map(elem => elem.id);
+
+			// Does the current device still exist?
+			if (!devArr.includes(currentDevice)) {
+				// Local is always a valid target
+				dn.selectedIndex = 0;
+				deviceId = 'local';
+			}
+
+			// Remove stale entries from the dropdown
+			dnArr.forEach(function(elem) {
+				if (!devArr.includes(elem)) {
+					$(`#deviceName option:contains("${elem}")`).remove()
+				}
+			})
+
+			// Add new entries to the dropdown
+			devArr.forEach(function(elem) {
+				if (!dnArr.includes(elem) && elem != "tcp" && elem != "socket") {
+					$("#deviceName").append(new Option(elem))
+				}
+			})
+		}
+
+		updateDeviceList();
+		setInterval(function(){
+			updateDeviceList();
+		}, 5000);
+
+		// Update device and close dialog
+		document.getElementById("FridaUpdateDevice").onclick = function () {
+			// New device string
+			var newDevice = null;
+
+			// Do action based on radio selector
+			if (document.getElementById("selectRadios1").checked) {
+				newDevice = document.getElementById("deviceName").value;
+			} else {
+				newDevice = "socket@" + document.getElementById("inputIP").value + ":" + document.getElementById("inputPort").value;
+			}
+
+			const ipc = require('electron').ipcRenderer;
+			ipc.send('device-selector', newDevice);
+
+			window.close();
+		}
+
+		// Close dialog, make no changes to the device
+		document.getElementById("CloseDevice").onclick = function () {
+			window.close();
+		}
+	</script>
+</body>
+
+</html>

Fermion/package.json

@@ -29,10 +29,13 @@
 			<ul class="list-unstyled components">
 					<div class="form-group mx-sm-3 mb-2">
 						<label for="deviceName">Device</label>
-						<select type="deviceName" class="form-control" id="deviceName">
-							<option>local</option>
-						</select>
-					</div><br><br>
+						<input type="deviceName" class="form-control" id="deviceName" value="local" style="background-color:lightgray; color:black;" disabled>
+					</div>
+					<ul class="list-unstyled CTAs">
+						<li>
+						<button type="button" id="setDevice" class="btn btn-goon btn-sm btn-block btn-space">Configure</button>
+						</li>
+					</ul><br>
 					<div class="form-group mx-sm-3 mb-2">
 						<label for="procID">Process ID</label>
 						<input type="procID" class="form-control" id="procID" placeholder="ID">
@@ -211,7 +214,7 @@
 			var editor = monaco.editor.create(document.getElementById('container'), {
 				value: [
 					'//-------------------------------------------//',
-					'//              Fermion v1.4                 //',
+					'//              Fermion v1.5                 //',
 					'//                                    ~b33f  //',
 					'//-------------------------------------------//',
 					'',
@@ -224,9 +227,9 @@
 					'// + I am trapping Ctrl-s / Ctrl-o in JS so you can save',
 					'//   and open files without clicking on the menu',
 					'//',
-					'// + The full Frida API is integrated in the editor',
-					'//   |-> monaco.languages.typescript.typescriptDefaults.addExtraLib(....)',
-					'//   |-> https://www.npmjs.com/package/@types/frida-gum',
+					'// + I am trapping Ctrl-t in JS so you can reload the',
+					'//   current script in the attached target without',
+					'//   (un-collapsing &) clicking the sidebar',
 					'',
 					'// ~~ Frida ~~ //',
 					'',
@@ -248,21 +251,17 @@
 
 			// Store the editor reff as a global var
 			MonacoCodeEditor = editor;
-
-			// Update device list
-			updateDeviceList();
-
-			// Configure interval to update device list
-			setInterval(function(){
-				updateDeviceList();
-			}, 5000);
 		});
 	})();
 
 
 </script>
 
 <script type="text/javascript">
+
+	// Print release firda version to textarea
+	appendFridaLog("[+] Fermion v1.5 -> Frida v14.2.13");
+
 	$(document).ready(function () {
 		$('#sidebarCollapse').on('click', function () {
 			$('#sidebar').toggleClass('active');

Fermion/src/device.html

@@ -87,8 +87,14 @@
 		deviceId = new URL(url).searchParams.get('deviceId');
 
 		// Retrieve device list
-		async function getDeviceList() {
+		async function getDeviceList(devInst) {
 			var dm = await frida.getDeviceManager();
+			// If the device is a remote socket we need to add it
+			// manually
+			if (devInst.startsWith("socket@")) {
+				var sRemoteSocket = devInst.split('@')[1];
+				dm.addRemoteDevice(sRemoteSocket);
+			}
 			var dev = await dm.enumerateDevices();
 			return dev;
 		}
@@ -106,7 +112,7 @@
 			// Make sure the device list has updated
 			if (atob(deviceId) != "local") {
 				for (i = 0; i < 3; i++) {
-					var dev = await getDeviceList();
+					var dev = await getDeviceList(atob(deviceId));
 					if (dev.length > 2) {
 						break;
 					}