(feat) add the 'android deoptimize' command

this is a useful command if you are having trouble with hooks firing as a result of optimizations.
sensepost · Feb 17, 2021 · a343591 · a343591
1 parent 91d1311
commit a343591
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 0 deletions.
diff --git a/agent/src/android/general.ts b/agent/src/android/general.ts
@@ -0,0 +1,11 @@
+import { wrapJavaPerform } from "./lib/libjava"
+
+export namespace general {
+
+  export const deoptimize = (): Promise<void> => {
+    return wrapJavaPerform(() => {
+      Java.deoptimizeEverything();
+    });
+  }
+
+}
diff --git a/agent/src/rpc/android.ts b/agent/src/rpc/android.ts
@@ -11,11 +11,15 @@ import { root } from "../android/root";
 import { androidshell } from "../android/shell";
 import { userinterface } from "../android/userinterface";
 import { proxy } from "../android/proxy";
+import { general } from "../android/general";
 
 export const android = {
   // android clipboard
   androidMonitorClipboard: () => clipboard.monitor(),
 
+  // android general
+  androidDeoptimize: () => general.deoptimize(),
+
   // android command execution
   androidShellExec: (cmd: string): Promise<IExecutedCommand> => androidshell.execute(cmd),
 

diff --git a/objection/commands/android/general.py b/objection/commands/android/general.py
@@ -0,0 +1,16 @@
+from objection.state.connection import state_connection
+
+
+def deoptimise(args: list) -> None:
+    """
+        Forces the VM to execute everything with its interpreter.
+        Necessary to prevent optimizations from bypassing method hooks in some cases.
+
+        Ref: https://frida.re/docs/javascript-api/
+
+        :param args:
+        :return:
+    """
+
+    api = state_connection.get_api()
+    api.android_deoptimize()
diff --git a/objection/console/commands.py b/objection/console/commands.py
@@ -11,6 +11,7 @@
 from ..commands import ui
 from ..commands.android import clipboard
 from ..commands.android import command
+from ..commands.android import general
 from ..commands.android import generate as android_generate
 from ..commands.android import heap as android_heap
 from ..commands.android import hooking as android_hooking
@@ -275,6 +276,10 @@
     'android': {
         'meta': 'Commands specific to Android',
         'commands': {
+            'deoptimize': {
+                'meta': 'Force the VM to execute everything in the interpreter',
+                'exec': general.deoptimise
+            },
             'shell_exec': {
                 'meta': 'Execute a shell command',
                 'exec': command.execute