From d9eb5f54e04044aedca5849775087f603a21350a Mon Sep 17 00:00:00 2001 From: Alban D Date: Mon, 29 Apr 2013 22:33:55 +0200 Subject: [PATCH] Refactor CommonDigest Hooks Updates #2. --- testapp/CryptoTester.m | 9 -- tracer/CallStackInspector.h | 1 + tracer/CallStackInspector.m | 11 +- tracer/Makefile | 2 +- tracer/Tweak.xmi | 6 +- tracer/hooks/CC_MD5Hooks.h | 9 -- tracer/hooks/CC_MD5Hooks.m | 220 -------------------------- tracer/hooks/CC_SHAHooks.h | 9 -- tracer/hooks/CC_SHAHooks.m | 220 -------------------------- tracer/hooks/CommonDigestHooks.h | 9 ++ tracer/hooks/CommonDigestHooks.m | 254 +++++++++++++++++++++++++++++++ 11 files changed, 275 insertions(+), 475 deletions(-) delete mode 100644 tracer/hooks/CC_MD5Hooks.h delete mode 100644 tracer/hooks/CC_MD5Hooks.m delete mode 100644 tracer/hooks/CC_SHAHooks.h delete mode 100644 tracer/hooks/CC_SHAHooks.m create mode 100644 tracer/hooks/CommonDigestHooks.h create mode 100644 tracer/hooks/CommonDigestHooks.m diff --git a/testapp/CryptoTester.m b/testapp/CryptoTester.m index ac543cf..572736e 100644 --- a/testapp/CryptoTester.m +++ b/testapp/CryptoTester.m @@ -43,15 +43,6 @@ + (void) testCommonDigest { CC_MD5_Final(dataOut, &ctx); CC_MD5(testData, 16, dataOut); - - CC_SHA512_CTX ctx2; - unsigned char dataOut2[CC_SHA512_DIGEST_LENGTH]; - - CC_SHA512_Init(&ctx2); - CC_SHA512_Update(&ctx2, testData, 16); - CC_SHA512_Final(dataOut2, &ctx2); - - CC_SHA512(testData, 16, dataOut2); } diff --git a/tracer/CallStackInspector.h b/tracer/CallStackInspector.h index ab162a4..b6dcc68 100644 --- a/tracer/CallStackInspector.h +++ b/tracer/CallStackInspector.h @@ -8,6 +8,7 @@ // We don't want to hook internal calls, only what the App is directly calling. // So we use this to figure out who called the function we're hooking. + (BOOL) wasDirectlyCalledByApp; ++ (BOOL) wasCalledByAppAtIndex:(NSUInteger)index; @end diff --git a/tracer/CallStackInspector.m b/tracer/CallStackInspector.m index 9ae08a5..7bc20e8 100644 --- a/tracer/CallStackInspector.m +++ b/tracer/CallStackInspector.m @@ -4,19 +4,24 @@ @implementation CallStackInspector -+ (BOOL) wasDirectlyCalledByApp { + ++ (BOOL) wasCalledByAppAtIndex:(NSUInteger)index { //NSLog(@"%@",[NSThread callStackSymbols]); NSString *appProcessName = [[NSProcessInfo processInfo] processName]; NSArray *callStack = [NSThread callStackSymbols]; // Not ideal: Check if the app's process name is close enough in the call stack - NSRange caller2 = [[callStack objectAtIndex:2] rangeOfString: appProcessName]; + NSRange callerAtIndex = [[callStack objectAtIndex:index] rangeOfString: appProcessName]; - if ((caller2.location == NSNotFound)) { + if ((callerAtIndex.location == NSNotFound)) { return false; } return true; } ++ (BOOL) wasDirectlyCalledByApp { + return [self wasCalledByAppAtIndex:2]; +} + @end diff --git a/tracer/Makefile b/tracer/Makefile index 70eceb4..fbdf02d 100644 --- a/tracer/Makefile +++ b/tracer/Makefile @@ -3,7 +3,7 @@ include theos/makefiles/common.mk TWEAK_NAME = introspy -introspy_FILES = Tweak.xmi CallTracer.m hooks/CC_MD5Hooks.m hooks/CC_SHAHooks.m hooks/KeychainHooks.m hooks/DelegateProxies.m PlistObjectConverter.m hooks/CCKeyDerivationPBKDFHooks.m CallStackInspector.m SQLiteStorage.m hooks/SecurityHooks.m hooks/CCCryptorHooks.m hooks/CCHmacHooks.m +introspy_FILES = Tweak.xmi CallTracer.m hooks/CommonDigestHooks.m hooks/KeychainHooks.m hooks/DelegateProxies.m PlistObjectConverter.m hooks/CCKeyDerivationPBKDFHooks.m CallStackInspector.m SQLiteStorage.m hooks/SecurityHooks.m hooks/CCCryptorHooks.m hooks/CCHmacHooks.m introspy_LIBRARIES = sqlite3 introspy_FRAMEWORKS = UIKit, Foundation, Security diff --git a/tracer/Tweak.xmi b/tracer/Tweak.xmi index 270415a..0af3415 100644 --- a/tracer/Tweak.xmi +++ b/tracer/Tweak.xmi @@ -15,8 +15,7 @@ static NSString *preferenceFilePath = @"/private/var/mobile/Library/Preferences/ #import "hooks/CCCryptorHooks.h" #import "hooks/CCHmacHooks.h" #import "hooks/CCKeyDerivationPBKDFHooks.h" -#import "hooks/CC_MD5Hooks.h" -#import "hooks/CC_SHAHooks.h" +#import "hooks/CommonDigestHooks.h" @@ -127,8 +126,7 @@ static void traceURISchemes() { [CCCryptorHooks enableHooks]; [CCHmacHooks enableHooks]; [CCKeyDerivationPBKDFHooks enableHooks]; - [CC_MD5Hooks enableHooks]; - [CC_SHAHooks enableHooks]; + [CommonDigestHooks enableHooks]; } if (getBoolFromPreferences(preferences, @"SecurityHooks")) { [SecurityHooks enableHooks]; diff --git a/tracer/hooks/CC_MD5Hooks.h b/tracer/hooks/CC_MD5Hooks.h deleted file mode 100644 index 2323d3e..0000000 --- a/tracer/hooks/CC_MD5Hooks.h +++ /dev/null @@ -1,9 +0,0 @@ - -@interface CC_MD5Hooks : NSObject { - -} - -+ (void)enableHooks; - -@end - diff --git a/tracer/hooks/CC_MD5Hooks.m b/tracer/hooks/CC_MD5Hooks.m deleted file mode 100644 index f0e3e6b..0000000 --- a/tracer/hooks/CC_MD5Hooks.m +++ /dev/null @@ -1,220 +0,0 @@ - -#include -#include - -#import "CC_MD5Hooks.h" -#import "../SQLiteStorage.h" -#import "../PlistObjectConverter.h" -#import "../CallStackInspector.h" - -// Nice global -extern SQLiteStorage *traceStorage; - - -// No need to hook the CC_MDX_Init() functions as they don't do anything interesting - -// Hook CC_MD2_Update() -static int (*original_CC_MD2_Update)(CC_MD2_CTX *c, const void *data, CC_LONG len); - -static int replaced_CC_MD2_Update(CC_MD2_CTX *c, const void *data, CC_LONG len) { - - int origResult = original_CC_MD2_Update(c, data, len); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_MD2_Update"]; - [tracer addArgFromPlistObject:[NSNumber numberWithUnsignedInt: (unsigned int) c] withKey:@"c"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: data withLength: len] withKey:@"data"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt:origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - -// Hook CC_MD4_Update() -static int (*original_CC_MD4_Update)(CC_MD4_CTX *c, const void *data, CC_LONG len); - -static int replaced_CC_MD4_Update(CC_MD4_CTX *c, const void *data, CC_LONG len) { - - int origResult = original_CC_MD4_Update(c, data, len); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_MD4_Update"]; - [tracer addArgFromPlistObject:[NSNumber numberWithUnsignedInt: (unsigned int) c] withKey:@"c"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: data withLength: len] withKey:@"data"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt:origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - -// Hook CC_MD5_Update() -static int (*original_CC_MD5_Update)(CC_MD5_CTX *c, const void *data, CC_LONG len); - -static int replaced_CC_MD5_Update(CC_MD5_CTX *c, const void *data, CC_LONG len) { - - int origResult = original_CC_MD5_Update(c, data, len); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_MD5_Update"]; - [tracer addArgFromPlistObject:[NSNumber numberWithUnsignedInt: (unsigned int) c] withKey:@"c"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: data withLength: len] withKey:@"data"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt:origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - - -// Hook CC_MD2_Final() -static int (*original_CC_MD2_Final)(unsigned char *md, CC_MD2_CTX *c); - -static int replaced_CC_MD2_Final(unsigned char *md, CC_MD2_CTX *c) { - - int origResult = original_CC_MD2_Final(md, c); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_MD2_Final"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: md withLength: CC_MD2_DIGEST_LENGTH] withKey:@"md"]; - [tracer addArgFromPlistObject:[NSNumber numberWithUnsignedInt: (unsigned int) c] withKey:@"c"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt:origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - -// Hook CC_MD4_Final() -static int (*original_CC_MD4_Final)(unsigned char *md, CC_MD4_CTX *c); - -static int replaced_CC_MD4_Final(unsigned char *md, CC_MD4_CTX *c) { - - int origResult = original_CC_MD4_Final(md, c); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_MD4_Final"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: md withLength: CC_MD4_DIGEST_LENGTH] withKey:@"md"]; - [tracer addArgFromPlistObject:[NSNumber numberWithUnsignedInt: (unsigned int) c] withKey:@"c"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt:origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - -// Hook CC_MD5_Final() -static int (*original_CC_MD5_Final)(unsigned char *md, CC_MD5_CTX *c); - -static int replaced_CC_MD5_Final(unsigned char *md, CC_MD5_CTX *c) { - - int origResult = original_CC_MD5_Final(md, c); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_MD5_Final"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: md withLength: CC_MD5_DIGEST_LENGTH] withKey:@"md"]; - [tracer addArgFromPlistObject:[NSNumber numberWithUnsignedInt: (unsigned int) c] withKey:@"c"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt:origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - -// Hook CC_MD2() -static unsigned char * (*original_CC_MD2)(const void *data, CC_LONG len, unsigned char *md); - -static unsigned char * replaced_CC_MD2(const void *data, CC_LONG len, unsigned char *md) { - - unsigned char *origResult = original_CC_MD2(data, len, md); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_MD2"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: data withLength: len] withKey:@"data"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: md withLength: CC_MD2_DIGEST_LENGTH] withKey:@"md"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt: (int)origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - -// Hook CC_MD4() -static unsigned char * (*original_CC_MD4)(const void *data, CC_LONG len, unsigned char *md); - -static unsigned char * replaced_CC_MD4(const void *data, CC_LONG len, unsigned char *md) { - - unsigned char *origResult = original_CC_MD4(data, len, md); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_MD4"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: data withLength: len] withKey:@"data"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: md withLength: CC_MD4_DIGEST_LENGTH] withKey:@"md"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt: (int)origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - -// Hook CC_MD5() -static unsigned char * (*original_CC_MD5)(const void *data, CC_LONG len, unsigned char *md); - -static unsigned char * replaced_CC_MD5(const void *data, CC_LONG len, unsigned char *md) { - - unsigned char *origResult = original_CC_MD5(data, len, md); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_MD5"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: data withLength: len] withKey:@"data"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: md withLength: CC_MD5_DIGEST_LENGTH] withKey:@"md"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt: (int)origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - -@implementation CC_MD5Hooks - -+ (void)enableHooks { - MSHookFunction(CC_MD2_Update, replaced_CC_MD2_Update, (void **) &original_CC_MD2_Update); - MSHookFunction(CC_MD4_Update, replaced_CC_MD4_Update, (void **) &original_CC_MD4_Update); - MSHookFunction(CC_MD5_Update, replaced_CC_MD5_Update, (void **) &original_CC_MD5_Update); - MSHookFunction(CC_MD2_Final, replaced_CC_MD2_Final, (void **) &original_CC_MD2_Final); - MSHookFunction(CC_MD4_Final, replaced_CC_MD4_Final, (void **) &original_CC_MD4_Final); - MSHookFunction(CC_MD5_Final, replaced_CC_MD5_Final, (void **) &original_CC_MD5_Final); - MSHookFunction(CC_MD2, replaced_CC_MD2, (void **) &original_CC_MD2); - MSHookFunction(CC_MD4, replaced_CC_MD4, (void **) &original_CC_MD4); - MSHookFunction(CC_MD5, replaced_CC_MD5, (void **) &original_CC_MD5); -} - -@end diff --git a/tracer/hooks/CC_SHAHooks.h b/tracer/hooks/CC_SHAHooks.h deleted file mode 100644 index 502a0a6..0000000 --- a/tracer/hooks/CC_SHAHooks.h +++ /dev/null @@ -1,9 +0,0 @@ - -@interface CC_SHAHooks : NSObject { - -} - -+ (void)enableHooks; - -@end - diff --git a/tracer/hooks/CC_SHAHooks.m b/tracer/hooks/CC_SHAHooks.m deleted file mode 100644 index 6f4d06d..0000000 --- a/tracer/hooks/CC_SHAHooks.m +++ /dev/null @@ -1,220 +0,0 @@ - -#include -#include - -#import "CC_SHAHooks.h" -#import "../SQLiteStorage.h" -#import "../PlistObjectConverter.h" -#import "../CallStackInspector.h" - -// Nice global -extern SQLiteStorage *traceStorage; - - -// No need to hook the CC_MDX_Init() functions as they don't do anything interesting - -// Hook CC_SHA1_Update() -static int (*original_CC_SHA1_Update)(CC_SHA1_CTX *c, const void *data, CC_LONG len); - -static int replaced_CC_SHA1_Update(CC_SHA1_CTX *c, const void *data, CC_LONG len) { - - int origResult = original_CC_SHA1_Update(c, data, len); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_SHA1_Update"]; - [tracer addArgFromPlistObject:[NSNumber numberWithUnsignedInt: (unsigned int) c] withKey:@"c"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: data withLength: len] withKey:@"data"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt:origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - -// Hook CC_SHA512_Update() -static int (*original_CC_SHA512_Update)(CC_SHA512_CTX *c, const void *data, CC_LONG len); - -static int replaced_CC_SHA512_Update(CC_SHA512_CTX *c, const void *data, CC_LONG len) { - - int origResult = original_CC_SHA512_Update(c, data, len); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_SHA512_Update"]; - [tracer addArgFromPlistObject:[NSNumber numberWithUnsignedInt: (unsigned int) c] withKey:@"c"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: data withLength: len] withKey:@"data"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt:origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - -// Hook CC_SHA256_Update() -static int (*original_CC_SHA256_Update)(CC_SHA256_CTX *c, const void *data, CC_LONG len); - -static int replaced_CC_SHA256_Update(CC_SHA256_CTX *c, const void *data, CC_LONG len) { - - int origResult = original_CC_SHA256_Update(c, data, len); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_SHA256_Update"]; - [tracer addArgFromPlistObject:[NSNumber numberWithUnsignedInt: (unsigned int) c] withKey:@"c"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: data withLength: len] withKey:@"data"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt:origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - - -// Hook CC_SHA1_Final() -static int (*original_CC_SHA1_Final)(unsigned char *md, CC_SHA1_CTX *c); - -static int replaced_CC_SHA1_Final(unsigned char *md, CC_SHA1_CTX *c) { - - int origResult = original_CC_SHA1_Final(md, c); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_SHA1_Final"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: md withLength: CC_SHA1_DIGEST_LENGTH] withKey:@"md"]; - [tracer addArgFromPlistObject:[NSNumber numberWithUnsignedInt: (unsigned int) c] withKey:@"c"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt:origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - -// Hook CC_SHA512_Final() -static int (*original_CC_SHA512_Final)(unsigned char *md, CC_SHA512_CTX *c); - -static int replaced_CC_SHA512_Final(unsigned char *md, CC_SHA512_CTX *c) { - - int origResult = original_CC_SHA512_Final(md, c); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_SHA512_Final"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: md withLength: CC_SHA512_DIGEST_LENGTH] withKey:@"md"]; - [tracer addArgFromPlistObject:[NSNumber numberWithUnsignedInt: (unsigned int) c] withKey:@"c"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt:origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - -// Hook CC_SHA256_Final() -static int (*original_CC_SHA256_Final)(unsigned char *md, CC_SHA256_CTX *c); - -static int replaced_CC_SHA256_Final(unsigned char *md, CC_SHA256_CTX *c) { - - int origResult = original_CC_SHA256_Final(md, c); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_SHA256_Final"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: md withLength: CC_SHA256_DIGEST_LENGTH] withKey:@"md"]; - [tracer addArgFromPlistObject:[NSNumber numberWithUnsignedInt: (unsigned int) c] withKey:@"c"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt:origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - -// Hook CC_SHA1() -static unsigned char * (*original_CC_SHA1)(const void *data, CC_LONG len, unsigned char *md); - -static unsigned char * replaced_CC_SHA1(const void *data, CC_LONG len, unsigned char *md) { - - unsigned char *origResult = original_CC_SHA1(data, len, md); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_SHA1"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: data withLength: len] withKey:@"data"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: md withLength: CC_SHA1_DIGEST_LENGTH] withKey:@"md"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt: (int)origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - -// Hook CC_SHA512() -static unsigned char * (*original_CC_SHA512)(const void *data, CC_LONG len, unsigned char *md); - -static unsigned char * replaced_CC_SHA512(const void *data, CC_LONG len, unsigned char *md) { - - unsigned char *origResult = original_CC_SHA512(data, len, md); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_SHA512"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: data withLength: len] withKey:@"data"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: md withLength: CC_SHA512_DIGEST_LENGTH] withKey:@"md"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt: (int)origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - -// Hook CC_SHA256() -static unsigned char * (*original_CC_SHA256)(const void *data, CC_LONG len, unsigned char *md); - -static unsigned char * replaced_CC_SHA256(const void *data, CC_LONG len, unsigned char *md) { - - unsigned char *origResult = original_CC_SHA256(data, len, md); - - // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls - if ([CallStackInspector wasDirectlyCalledByApp]) { - - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"CC_SHA256"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: data withLength: len] withKey:@"data"]; - [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: md withLength: CC_SHA256_DIGEST_LENGTH] withKey:@"md"]; - [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt: (int)origResult]]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - } - return origResult; -} - - -@implementation CC_SHAHooks - -+ (void)enableHooks { - MSHookFunction(CC_SHA1_Update, replaced_CC_SHA1_Update, (void **) &original_CC_SHA1_Update); - MSHookFunction(CC_SHA512_Update, replaced_CC_SHA512_Update, (void **) &original_CC_SHA512_Update); - MSHookFunction(CC_SHA256_Update, replaced_CC_SHA256_Update, (void **) &original_CC_SHA256_Update); - MSHookFunction(CC_SHA1_Final, replaced_CC_SHA1_Final, (void **) &original_CC_SHA1_Final); - MSHookFunction(CC_SHA512_Final, replaced_CC_SHA512_Final, (void **) &original_CC_SHA512_Final); - MSHookFunction(CC_SHA256_Final, replaced_CC_SHA256_Final, (void **) &original_CC_SHA256_Final); - MSHookFunction(CC_SHA1, replaced_CC_SHA1, (void **) &original_CC_SHA1); - MSHookFunction(CC_SHA512, replaced_CC_SHA512, (void **) &original_CC_SHA512); - MSHookFunction(CC_SHA256, replaced_CC_SHA256, (void **) &original_CC_SHA256); -} - -@end diff --git a/tracer/hooks/CommonDigestHooks.h b/tracer/hooks/CommonDigestHooks.h new file mode 100644 index 0000000..557ee22 --- /dev/null +++ b/tracer/hooks/CommonDigestHooks.h @@ -0,0 +1,9 @@ + +@interface CommonDigestHooks : NSObject { + +} + ++ (void)enableHooks; + +@end + diff --git a/tracer/hooks/CommonDigestHooks.m b/tracer/hooks/CommonDigestHooks.m new file mode 100644 index 0000000..08c1aa9 --- /dev/null +++ b/tracer/hooks/CommonDigestHooks.m @@ -0,0 +1,254 @@ + +#include +#include + +#import "CommonDigestHooks.h" +#import "../SQLiteStorage.h" +#import "../PlistObjectConverter.h" +#import "../CallStackInspector.h" + +// Nice global +extern SQLiteStorage *traceStorage; + + +// No need to hook the CC_MDX_Init() functions as they don't do anything interesting + + +// Generic function to log CC_XXX_Update() calls +static int log_CC_XXX_Update(void *c, const void *data, CC_LONG len, NSString *functionName, int (*functionPointer)(void *, const void *, CC_LONG) ) { + + int origResult = functionPointer(c, data, len); + + // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls + // Index = 3 because this function is called by Introspy first. TODO: Check that + if ([CallStackInspector wasCalledByAppAtIndex:3]) { + + CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:functionName]; + [tracer addArgFromPlistObject:[NSNumber numberWithUnsignedInt: (unsigned int) c] withKey:@"c"]; + [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: data withLength: len] withKey:@"data"]; + [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt:origResult]]; + [traceStorage saveTracedCall: tracer]; + [tracer release]; + } + return origResult; +} + + +// Hook CC_MD2_Update() +static int (*original_CC_MD2_Update)(CC_MD2_CTX *c, const void *data, CC_LONG len); +static int replaced_CC_MD2_Update(CC_MD2_CTX *c, const void *data, CC_LONG len) { + // We're casting original_CC_MD2_Update() from (int)(CC_MD2_CTX *, const void *, CC_LONG) + // to (int)(void *, const void *, CC_LONG). Specifically, the first argument needs to be + // (void *) instead of (CC_MD2_CTX *) because we want log_CC_XXX_Update() to be generic. + // It compiles but will it work !?? + return log_CC_XXX_Update(c, data, len, @"CC_MD2_Update", (int (*)(void *, const void *, CC_LONG)) original_CC_MD2_Update); +} + + +// Hook CC_MD4_Update() +static int (*original_CC_MD4_Update)(CC_MD4_CTX *c, const void *data, CC_LONG len); +static int replaced_CC_MD4_Update(CC_MD4_CTX *c, const void *data, CC_LONG len) { + return log_CC_XXX_Update(c, data, len, @"CC_MD4_Update", (int (*)(void *, const void *, CC_LONG)) original_CC_MD4_Update); +} + + +// Hook CC_MD5_Update() +static int (*original_CC_MD5_Update)(CC_MD5_CTX *c, const void *data, CC_LONG len); +static int replaced_CC_MD5_Update(CC_MD5_CTX *c, const void *data, CC_LONG len) { + return log_CC_XXX_Update(c, data, len, @"CC_MD5_Update", (int (*)(void *, const void *, CC_LONG)) original_CC_MD5_Update); +} + + + +// Hook CC_SHA1_Update() +static int (*original_CC_SHA1_Update)(CC_SHA1_CTX *c, const void *data, CC_LONG len); + +static int replaced_CC_SHA1_Update(CC_SHA1_CTX *c, const void *data, CC_LONG len) { + return log_CC_XXX_Update(c, data, len, @"CC_SHA1_Update", (int (*)(void *, const void *, CC_LONG)) original_CC_SHA1_Update); +} + + +// Hook CC_SHA512_Update() +static int (*original_CC_SHA512_Update)(CC_SHA512_CTX *c, const void *data, CC_LONG len); + +static int replaced_CC_SHA512_Update(CC_SHA512_CTX *c, const void *data, CC_LONG len) { + return log_CC_XXX_Update(c, data, len, @"CC_SHA512_Update", (int (*)(void *, const void *, CC_LONG)) original_CC_SHA512_Update); +} + + + +// Hook CC_SHA256_Update() +static int (*original_CC_SHA256_Update)(CC_SHA256_CTX *c, const void *data, CC_LONG len); + +static int replaced_CC_SHA256_Update(CC_SHA256_CTX *c, const void *data, CC_LONG len) { + return log_CC_XXX_Update(c, data, len, @"CC_SHA256_Update", (int (*)(void *, const void *, CC_LONG)) original_CC_SHA256_Update); +} + + + + +// Generic function to log CC_XXX_Final() calls +static int log_CC_XXX_Final(unsigned char *md, void *c, NSString *functionName, int (*functionPointer)(unsigned char *, void *), int digestLen) { + + int origResult = functionPointer(md, c); + + // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls + if ([CallStackInspector wasCalledByAppAtIndex:3]) { + + CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:functionName]; + [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: md withLength: digestLen] withKey:@"md"]; + [tracer addArgFromPlistObject:[NSNumber numberWithUnsignedInt: (unsigned int) c] withKey:@"c"]; + [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt:origResult]]; + [traceStorage saveTracedCall: tracer]; + [tracer release]; + } + return origResult; +} + + +// Hook CC_MD2_Final() +static int (*original_CC_MD2_Final)(unsigned char *md, CC_MD2_CTX *c); + +static int replaced_CC_MD2_Final(unsigned char *md, CC_MD2_CTX *c) { + return log_CC_XXX_Final(md, c, @"CC_MD2_Final", (int (*)(unsigned char *, void *)) original_CC_MD2_Final, CC_MD2_DIGEST_LENGTH); +} + + +// Hook CC_MD4_Final() +static int (*original_CC_MD4_Final)(unsigned char *md, CC_MD4_CTX *c); + +static int replaced_CC_MD4_Final(unsigned char *md, CC_MD4_CTX *c) { + return log_CC_XXX_Final(md, c, @"CC_MD2_Final", (int (*)(unsigned char *, void *)) original_CC_MD4_Final, CC_MD4_DIGEST_LENGTH); +} + + +// Hook CC_MD5_Final() +static int (*original_CC_MD5_Final)(unsigned char *md, CC_MD5_CTX *c); + +static int replaced_CC_MD5_Final(unsigned char *md, CC_MD5_CTX *c) { + return log_CC_XXX_Final(md, c, @"CC_MD5_Final", (int (*)(unsigned char *, void *)) original_CC_MD5_Final, CC_MD5_DIGEST_LENGTH); +} + + + +// Hook CC_SHA1_Final() +static int (*original_CC_SHA1_Final)(unsigned char *md, CC_SHA1_CTX *c); + +static int replaced_CC_SHA1_Final(unsigned char *md, CC_SHA1_CTX *c) { + return log_CC_XXX_Final(md, c, @"CC_SHA1_Final", (int (*)(unsigned char *, void *)) original_CC_SHA1_Final, CC_SHA1_DIGEST_LENGTH); +} + + +// Hook CC_SHA512_Final() +static int (*original_CC_SHA512_Final)(unsigned char *md, CC_SHA512_CTX *c); + +static int replaced_CC_SHA512_Final(unsigned char *md, CC_SHA512_CTX *c) { + return log_CC_XXX_Final(md, c, @"CC_SHA512_Final", (int (*)(unsigned char *, void *)) original_CC_SHA512_Final, CC_SHA512_DIGEST_LENGTH); +} + + +// Hook CC_SHA256_Final() +static int (*original_CC_SHA256_Final)(unsigned char *md, CC_SHA256_CTX *c); + +static int replaced_CC_SHA256_Final(unsigned char *md, CC_SHA256_CTX *c) { + return log_CC_XXX_Final(md, c, @"CC_SHA256_Final", (int (*)(unsigned char *, void *)) original_CC_SHA256_Final, CC_SHA256_DIGEST_LENGTH); +} + + + +// Generic function to log CC_XXX() calls +static unsigned char * log_CC_XXX(const void *data, CC_LONG len, unsigned char *md, NSString *functionName, unsigned char * (*functionPointer)(const void *, CC_LONG, unsigned char *), int digestLen) { + + unsigned char *origResult = functionPointer(data, len, md); + + // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls + if ([CallStackInspector wasDirectlyCalledByApp]) { + + CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:functionName]; + [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: data withLength: len] withKey:@"data"]; + [tracer addArgFromPlistObject:[PlistObjectConverter convertCBuffer: md withLength: digestLen] withKey:@"md"]; + [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt: (int)origResult]]; + [traceStorage saveTracedCall: tracer]; + [tracer release]; + } + return origResult; +} + + +// Hook CC_MD2() +static unsigned char * (*original_CC_MD2)(const void *data, CC_LONG len, unsigned char *md); + +static unsigned char * replaced_CC_MD2(const void *data, CC_LONG len, unsigned char *md) { + return log_CC_XXX(data, len, md, @"CC_MD2", original_CC_MD2, CC_MD2_DIGEST_LENGTH); +} + + +// Hook CC_MD4() +static unsigned char * (*original_CC_MD4)(const void *data, CC_LONG len, unsigned char *md); + +static unsigned char * replaced_CC_MD4(const void *data, CC_LONG len, unsigned char *md) { + return log_CC_XXX(data, len, md, @"CC_MD4", original_CC_MD4, CC_MD4_DIGEST_LENGTH); +} + + +// Hook CC_MD5() +static unsigned char * (*original_CC_MD5)(const void *data, CC_LONG len, unsigned char *md); + +static unsigned char * replaced_CC_MD5(const void *data, CC_LONG len, unsigned char *md) { + return log_CC_XXX(data, len, md, @"CC_MD5", original_CC_MD5, CC_MD5_DIGEST_LENGTH); +} + + + +// Hook CC_SHA1() +static unsigned char * (*original_CC_SHA1)(const void *data, CC_LONG len, unsigned char *md); + +static unsigned char * replaced_CC_SHA1(const void *data, CC_LONG len, unsigned char *md) { + return log_CC_XXX(data, len, md, @"CC_SHA1", original_CC_SHA1, CC_SHA1_DIGEST_LENGTH); +} + + +// Hook CC_SHA512() +static unsigned char * (*original_CC_SHA512)(const void *data, CC_LONG len, unsigned char *md); + +static unsigned char * replaced_CC_SHA512(const void *data, CC_LONG len, unsigned char *md) { + return log_CC_XXX(data, len, md, @"CC_SHA512", original_CC_SHA512, CC_SHA512_DIGEST_LENGTH); +} + + +// Hook CC_SHA256() +static unsigned char * (*original_CC_SHA256)(const void *data, CC_LONG len, unsigned char *md); + +static unsigned char * replaced_CC_SHA256(const void *data, CC_LONG len, unsigned char *md) { + return log_CC_XXX(data, len, md, @"CC_SHA256", original_CC_SHA256, CC_SHA256_DIGEST_LENGTH); +} + + + + +@implementation CommonDigestHooks + ++ (void)enableHooks { + MSHookFunction(CC_MD2_Update, replaced_CC_MD2_Update, (void **) &original_CC_MD2_Update); + MSHookFunction(CC_MD4_Update, replaced_CC_MD4_Update, (void **) &original_CC_MD4_Update); + MSHookFunction(CC_MD5_Update, replaced_CC_MD5_Update, (void **) &original_CC_MD5_Update); + MSHookFunction(CC_SHA1_Update, replaced_CC_SHA1_Update, (void **) &original_CC_SHA1_Update); + MSHookFunction(CC_SHA512_Update, replaced_CC_SHA512_Update, (void **) &original_CC_SHA512_Update); + MSHookFunction(CC_SHA256_Update, replaced_CC_SHA256_Update, (void **) &original_CC_SHA256_Update); + + MSHookFunction(CC_MD2_Final, replaced_CC_MD2_Final, (void **) &original_CC_MD2_Final); + MSHookFunction(CC_MD4_Final, replaced_CC_MD4_Final, (void **) &original_CC_MD4_Final); + MSHookFunction(CC_MD5_Final, replaced_CC_MD5_Final, (void **) &original_CC_MD5_Final); + MSHookFunction(CC_SHA1_Final, replaced_CC_SHA1_Final, (void **) &original_CC_SHA1_Final); + MSHookFunction(CC_SHA512_Final, replaced_CC_SHA512_Final, (void **) &original_CC_SHA512_Final); + MSHookFunction(CC_SHA256_Final, replaced_CC_SHA256_Final, (void **) &original_CC_SHA256_Final); + + MSHookFunction(CC_MD2, replaced_CC_MD2, (void **) &original_CC_MD2); + MSHookFunction(CC_MD4, replaced_CC_MD4, (void **) &original_CC_MD4); + MSHookFunction(CC_MD5, replaced_CC_MD5, (void **) &original_CC_MD5); + MSHookFunction(CC_SHA1, replaced_CC_SHA1, (void **) &original_CC_SHA1); + MSHookFunction(CC_SHA512, replaced_CC_SHA512, (void **) &original_CC_SHA512); + MSHookFunction(CC_SHA256, replaced_CC_SHA256, (void **) &original_CC_SHA256); +} + +@end