Debugging Firefox Based Applications ;)

Discussion in 'Source Code & Tutorial Database' started by B0NNiE, Jan 18, 2013 with 0 replies and 437 views.

  1. B0NNiE

    B0NNiE Enthusiast

    Messages:
    141
    Ratings:
    37
    Well guys, ive been playing around with a custom debugger~! It allows me to monitor the datastream of this specific application before the data is encrypted in the processor. My target program is of course still IMVU as it has been for many years now. I have my debugger in a working state, it simply logs all the data the cmd outputs to a file.

    [​IMG]

    [​IMG]
    So far i can search for anything in the datastream, hoping to add more functionality to it over time.
    Logfile output:

    DEBUG:root:tongue:re-Encrypted: aster/ForcePingUI:AudioMaster/ShowQueueMessageUI:AudioMaster/InitUI:AudioMaster/ResizeUI:AudioMaster/SquelchUI:AudioMaster/DisconnectUI:AudioMaster/ConnectToStreamUI:AudioMaster/GotStreamUI:AudioMaster/QueueChangedUI:AudioMaster/GotStreamLength!UI:AudioMaster/StreamStatusChange!UI:AudioMaster/AddPlayListToQueue&UI:AudioMaster/RemovePlayListFromQueueUI:AudioMaster/Refresh&UI:AudioMaster/UI:AutoRefreshInventoryUI:AudioMaster/GetUserLibraryUI:AudioMaster/GotUserLibraryUI:AudioMaster/UpdateRemoteUI:AudioMaster/Synchronize&UI.Buttons:AudioStopPlay/AudioStopPlay UI.Buttons:AudioStopPlay/OnClick*UI.Buttons:AudioStopPlay/UI.Buttons:frame1*UI.Buttons:EditMixesButton/EditMixesButton"UI.Buttons:EditMixesButton/OnClick(UI.Buttons:LibraryRefresh/LibraryRefresh!UI.Buttons:LibraryRefresh/OnClickUI:HeaderBar/HeaderBarUI:HeaderBar/ResizeContentsUI:HeaderBar/BuyTrackUI:HeaderBar/GoToUserUI:HeaderBar/ClearUI:HeaderBar/ShowUI:HeaderBar/HideSpinnerUI:HeaderBar/ShowSpinnerUI:HeaderBar/ShowExplicitUI:HeaderBar/ShowGeoUI:HeaderBar/UdateDisplayUI:HeaderBar/UI:frame1UI:MessageWindow/MessageWindowUI:MessageWindow/ShowMessageUI:MessageWindow/LinkUI:MessageWindow/ResizeUI:MessageWindow/Hide"UI:MessageWindow/private:UserCloseUI:tongue:laylist/PlaylistUI:tongue:laylist/OnOverUI:tongue:laylist/OnOutUI:tongue:laylist/DeleteUI:tongue:laylist/RezizeContentUI:tongue:laylist/OnClickUI:tongue:laylist/GetDataUI.AbstractClassesPlaylistContainerUI:tongue:laylist/PopulateUI:tongue:laylist/GoToAuthorUI:tongue:laylist/ExpandUI:tongue:laylist/CollapseUI:tongue:laylist/AddToQueueTrackUI:tongue:laylist/AddTrackUI:tongue:laylist/UpdateCurrentUI:tongue:laylist/UI:frame1UI:Toggle/ToggleUI:Toggle/OnOverUI:Toggle/OnDownUI:Toggle/OnOffUI:Toggle/UI:frame1UI:Track/TrackUI:Track/OnOverUI:Track/OnOutUI:Track/OnClickUI:Track/ResizeContentUI:Track/GetDataUI:Track/PopulateUI:Track/ShowDataUI:Track/ShowExplicitUI:Track/ShowGeoUI:Track/HideDataUI:Track/HighlightUI:Track/UnHighlightUI:Track/UI:frame1UI:VolumeSlider/VolumeSliderUI:VolumeSlider/MuteUI:VolumeSlider/OnDragUI:VolumeSlider/SetVolumeUI:VolumeSlider/GetVolumeUI:VolumeSlider/GrabSlideUI:VolumeSlider/ReleaseSlideUI:VolumeSlider/MuteOverUI:VolumeSlider/MuteOutfocusRectSkin/focusRectSkin
    fl.containers
    ScrollPaneBitmap)

    Source....

    Code:
     
    from pydbg import *
    from pydbg.defines import *
    import logging
    import struct
    import utils
    import sys
    import datetime
    import thread
    now = datetime.datetime.now()
    class _Getch:    
        def __init__(self):
            try:
                self.impl = _GetchWindows()
            except ImportError:
                self.impl = _GetchUnix()
    
        def __call__(self): return self.impl()
    class _GetchUnix:
        def __init__(self):
            import tty, sys
        def __call__(self):
            import sys, tty, termios
            fd = sys.stdin.fileno()
            old_settings = termios.tcgetattr(fd)
            try:
                tty.setraw(sys.stdin.fileno())
                ch = sys.stdin.read(1)
            finally:
                termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)
            return ch
    class _GetchWindows:
        def __init__(self):
            import msvcrt
    
        def __call__(self):
            import msvcrt
            return msvcrt.getch()
    getch = _Getch()
    #this code left intentionally undocumented
    dbg           = pydbg()
    found_imvu = False
    inkey = _Getch()
    logging.basicConfig(filename='hook.log',level=logging.DEBUG)
    def readinput():
        for i in xrange(sys.maxint):
            k=inkey()
            if k >='':break
        if k == "q":print "QUITTING! IMVU WILL PROBABLY CRASH!",sys.exit(-1)
       # if k == "r":
        #if k == "":
    print "\n\nIMVU HOOK by Exploit\n\n\n\n"
    print "press p to pause execution\npress r to search for a new string\npress q to quit\n\n^ none of these work yet..."
    pattern       = raw_input("\n\n[?] What string to search for? >   \n")
    logme = raw_input("\n[?] Would you like to log my output to a text file?  ( y/n )")
    #readinput() 
    if logme == "y":
        print "[@] OUTPUT LOGGING ENABLED!"
        print "[@] Placing search string in log..."
        logging.debug("Searched on %s for the string: %s" % (now,pattern))
    print '\n[!] Searching for pattern: %s'% (pattern)
    def ssl_sniff( dbg, args ):
        buffer  = ""
        offset  = 0
    
        while 1:
            byte = dbg.read_process_memory( args[1] + offset, 1 )
    
            if byte != "\x00":
                buffer  += byte
                offset  += 1
                continue
            else:
                break
    
        if pattern in buffer:
            if logme == "y":
                logging.debug("[>] Pre-Encrypted:  %s %s" %(now,buffer) )
                print "[>] Pre-Encrypted: %s" % buffer
            else:
                print "[>] Pre-Encrypted: %s" % buffer
    
        return DBG_CONTINUE
    for (pid, name) in dbg.enumerate_processes():
    
        if name.lower() == "imvuclient.exe":
    
            found_imvu = True
            hooks = utils.hook_container()
    
            dbg.attach(pid)
            print "[!] Attaching to IMVU with PID: %d..." % pid
    
            
            hook_address  = dbg.func_resolve_debuggee("nspr4.dll","PR_Write")
    
            if hook_address:
                hooks.add( dbg, hook_address, 2, ssl_sniff, None)
                print "[*] nspr4.PR_Write hooked at: 0x%08x" % hook_address
                break
            else:
                print "[!] Error: Couldn't resolve hook address."
                sys.exit(-1)
    
    
    if found_imvu:   
        print "[*] Hook set, continuing process.\n\n"
        dbg.run()
    else:    
        print "[!] Error: Couldn't find the  process. Please fire up IMVU first."
        sys.exit(-1)
    
     

Share This Page