Fixed #1. Find mono library dynamically if it is not 'mono.dll'.

Author: tijme

examples/read_class_static_bool_variable.js

@@ -16,7 +16,7 @@ import ClassHelper from '../libraries/class_helper'
 */
 
 // Get a reference to ObfuscatedString password
-let settingsClass = ClassHelper.getClassByName("CompanyName.ProjectName")
+let settingsClass = ClassHelper.getClassByName("CompanyName.ProjectName.Settings")
 let secretField = MonoApiHelper.ClassGetFieldFromName(settingsClass, "secret")
 let secretValue = MonoApiHelper.FieldGetValueObject(secretField, settingsClass)
 

examples/read_class_static_int_variable.js

@@ -16,7 +16,7 @@ import ClassHelper from '../libraries/class_helper'
 */
 
 // Get a reference to ObfuscatedString password
-let settingsClass = ClassHelper.getClassByName("CompanyName.ProjectName")
+let settingsClass = ClassHelper.getClassByName("CompanyName.ProjectName.Settings")
 let secretField = MonoApiHelper.ClassGetFieldFromName(settingsClass, "secret")
 let secretValue = MonoApiHelper.FieldGetValueObject(secretField, settingsClass)
 

examples/read_class_static_object_variable.js

@@ -16,7 +16,7 @@ import ClassHelper from '../libraries/class_helper'
 */
 
 // Get a reference to ObfuscatedString secret
-let settingsClass = ClassHelper.getClassByName("CompanyName.ProjectName")
+let settingsClass = ClassHelper.getClassByName("CompanyName.ProjectName.Settings")
 let secretField = MonoApiHelper.ClassGetFieldFromName(settingsClass, "secret")
 let secretValue = MonoApiHelper.FieldGetValueObject(secretField, settingsClass)
 

examples/read_class_static_string_variable.js

@@ -16,7 +16,7 @@ import ClassHelper from '../libraries/class_helper'
 */
 
 // Get a reference to the secret string
-let settingsClass = ClassHelper.getClassByName("CompanyName.ProjectName")
+let settingsClass = ClassHelper.getClassByName("CompanyName.ProjectName.Settings")
 let secretField = MonoApiHelper.ClassGetFieldFromName(settingsClass, "secretString")
 let secretValue = MonoApiHelper.FieldGetValueObject(secretField, settingsClass)
 

fridax.js

@@ -42,14 +42,7 @@ async function main(options) {
         device = await deviceManager.addRemoteDevice(argv[`device`]);
     } else {
         console.log(`[*] Awaiting USB device.`)
-        let devices = await deviceManager.enumerateDevices()
-
-        devices.forEach(enumDevice => {
-            if (enumDevice.type == `usb`) {
-                device = enumDevice
-                return
-            }
-        })
+        device = await frida.getUsbDevice()
     }
 
     if (device == null) {
@@ -59,9 +52,10 @@ async function main(options) {
     console.log(`[*] Up and running on ${device.name}.`)
 
     let application = await selectApplicationOnDevice(device)
-    let inject = await injectApplicationOnDevice(device, application)
-
+    
     console.log(`[*] Happy hacking.`)
+
+    let inject = await injectApplicationOnDevice(device, application)
 }
 
 // Give the user the option to choose an application

libraries/class_helper.js

@@ -1,4 +1,4 @@
-import { MonoApiHelper, MonoApi } from 'frida-mono-api'
+import { MonoApiHelper, MonoApi } from '../vendors/frida-mono-api'
 
 /**
  * Class containing helper functions for Mono classes

package-lock.json

@@ -9,8 +9,8 @@
   "main": "hack.js",
   "dependencies": {
     "console-stamp": "^0.2.9",
+    "frida-ex-nativefunction": "^0.1.2",
     "frida-inject": "^0.3.0",
-    "frida-mono-api": "git+https://github.com/freehuntx/frida-mono-api.git",
     "inquirer": "^7.1.0",
     "node-persist": "^3.0.5",
     "yargs": "^15.3.1"

package.json

@@ -0,0 +1,23 @@
+MIT License
+===========
+
+Copyright (c) 2018 freehuntx (https://github.com/freehuntx/frida-mono-api/)
+Copyright (c) 2020 Northwave B.V. (www.northwave-security.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

vendors/frida-mono-api/LICENSE.md

@@ -0,0 +1,2 @@
+export { default as MonoApi } from './mono-api'
+export { default as MonoApiHelper } from './mono-api-helper'

vendors/frida-mono-api/index.js

@@ -0,0 +1,106 @@
+import MonoApi from './mono-api'
+
+const rootDomain = MonoApi.mono_get_root_domain()
+
+const MonoApiHelper = {
+    AssemblyForeach: cb => {
+        return MonoApi.mono_assembly_foreach(MonoApi.mono_assembly_foreach.nativeCallback(cb), NULL)
+    },
+    AssemblyLoadFromFull: (mono_image, filename, openStatusPtr, refonly) => {
+        return MonoApi.mono_assembly_load_from_full(mono_image, Memory.allocUtf8String(filename), openStatusPtr, refonly)
+    },
+    ClassEnumBasetype: MonoApi.mono_class_enum_basetype,
+    ClassFromMonoType: MonoApi.mono_class_from_mono_type,
+    ClassFromName: (mono_image, name) => {
+        const resolved = resolveClassName(name)
+        return MonoApi.mono_class_from_name(mono_image, Memory.allocUtf8String(resolved.namespace), Memory.allocUtf8String(resolved.className))
+    },
+    ClassGetFieldFromName: (mono_class, name) => {
+        return MonoApi.mono_class_get_field_from_name(mono_class, Memory.allocUtf8String(name))
+    },
+    ClassGetFields: mono_class => {
+        const fields = []
+        const iter = Memory.alloc(Process.pointerSize)
+        let field
+
+        while(!(field = MonoApi.mono_class_get_fields(mono_class, iter)).isNull()) {
+            fields.push(field)
+        }
+        return fields
+    },
+    ClassGetMethodFromName: (mono_class, name, argCnt = -1) => {
+        return MonoApi.mono_class_get_method_from_name(mono_class, Memory.allocUtf8String(name), argCnt)
+    },
+    ClassGetMethods: mono_class => {
+        const methods = []
+        const iter = Memory.alloc(Process.pointerSize)
+        let method
+
+        while(!(method = MonoApi.mono_class_get_methods(mono_class, iter)).isNull()) {
+            methods.push(method)
+        }
+        return methods
+    },
+    ClassGetName: mono_class => {
+        return Memory.readUtf8String(MonoApi.mono_class_get_name(mono_class))
+    },
+    ClassGetType: MonoApi.mono_class_get_type,
+    ClassIsEnum: mono_class => MonoApi.mono_class_is_enum(mono_class) === 1,
+    CompileMethod: MonoApi.mono_compile_method,
+    DomainGet: MonoApi.mono_domain_get,
+    FieldGetFlags: MonoApi.mono_field_get_flags,
+    FieldGetName: mono_field => Memory.readUtf8String(MonoApi.mono_field_get_name(mono_field)),
+    FieldGetValueObject: (mono_field, mono_object, domain = rootDomain) => {
+        return MonoApi.mono_field_get_value_object(domain, mono_field, mono_object)
+    },
+    GetBooleanClass: MonoApi.mono_get_boolean_class,
+    GetInt32Class: MonoApi.mono_get_int32_class,
+    GetSingleClass: MonoApi.mono_get_single_class,
+    GetStringClass: MonoApi.mono_get_string_class,
+    GetUInt32Class: MonoApi.mono_get_uint32_class,
+    ImageLoaded: name => MonoApi.mono_image_loaded(Memory.allocUtf8String(name)),
+    MethodGetFlags: (mono_method, iflags = 0) => MonoApi.mono_method_get_flags(mono_method, iflags),
+    MethodGetName: mono_method => Memory.readUtf8String(MonoApi.mono_method_get_name(mono_method)),
+    MethodSignature: MonoApi.mono_method_signature,
+    ObjectGetClass: MonoApi.mono_object_get_class,
+    ObjectGetVirtualMethod: MonoApi.mono_object_get_virtual_method,
+    ObjectNew: (mono_class, domain = rootDomain) => MonoApi.mono_object_new(domain, mono_class),
+    ObjectUnbox: mono_object => MonoApi.mono_object_unbox(mono_object),
+    RuntimeInvoke: (mono_method, instance = NULL, args = NULL) => {
+        const exception = NULL
+        const result = MonoApi.mono_runtime_invoke(mono_method, instance, args, exception)
+
+        if (!exception.isNull()) {
+            throw new Error('Unknown exception happened')
+        }
+
+        return result
+    },
+    SignatureGetParamCount: MonoApi.mono_signature_get_param_count, SignatureGetParams: signature => {
+        let params = []
+        let iter = Memory.alloc(Process.pointerSize)
+        let type
+
+        while(!(type = MonoApi.mono_signature_get_params(signature, iter)).isNull()) {
+            params.push(type)
+        }
+
+        return params
+    },
+    StringNew: (str, domain = rootDomain) => MonoApi.mono_string_new(domain, Memory.allocUtf8String(str)),
+    StringToUtf8: mono_string => Memory.readUtf8String(MonoApi.mono_string_to_utf8(mono_string)),
+    TypeGetClass: MonoApi.mono_type_get_class,
+    TypeGetName: mono_type => Memory.readUtf8String(MonoApi.mono_type_get_name(mono_type)),
+    TypeGetType: MonoApi.mono_type_get_type,
+    TypeGetUnderlyingType: MonoApi.mono_type_get_underlying_type,
+    ValueBox: (mono_class, valuePtr, domain = rootDomain) => MonoApi.mono_value_box(domain, mono_class, valuePtr)
+}
+
+function resolveClassName(className) {
+    return {
+        className: className.substring(className.lastIndexOf('.')+1),
+        namespace: className.substring(0, className.lastIndexOf('.'))
+    }
+}
+
+export default MonoApiHelper