forked from WithSecureLabs/android-keystore-audit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtracer-keygenparameterspec.js
127 lines (110 loc) · 5.57 KB
/
tracer-keygenparameterspec.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
/*
Hooks KeyGenParameterSpec.Builder and gives visibility into how keystore keys are protected
*/
Java.perform(function () {
hookSetInvalidatedByBiometricEnrollment();
try {hookSetUnlockedDeviceRequired();} catch (error){console.log("hookSetUnlockedDeviceRequired not supported on this android version")}
try {hookSetUserConfirmationRequired();} catch (error){console.log("hookSetUserConfirmationRequired not supported on this android version")}
try {hookSetUserAuthenticationValidityDurationSeconds();} catch (error){console.log("hookSetUserAuthenticationValidityDurationSeconds not supported on this android version")}
hookSetUserAuthenticationRequired();
try {hookSetUserPresenceRequired();} catch (error){console.log("hookSetUserPresenceRequired not supported on this android version")}
hookSetRandomizedEncryptionRequired();
hookSetInvalidatedByBiometricEnrollment()
try {hookSetIsStrongBoxBacked();} catch (error){console.log("hookSetIsStrongBoxBacked not supported on this android version")}
hookSetUserAuthenticationValidityDurationSeconds()
hookSetKeySize();
});
console.log("KeyGenParameterSpec.Builder hooks loaded!");
var cipherList = [];
var StringCls = null;
Java.perform(function () {
StringCls = Java.use('java.lang.String');
});
function hookSetInvalidatedByBiometricEnrollment()
{
var keyGenParameterSpec = Java.use('android.security.keystore.KeyGenParameterSpec$Builder')['setInvalidatedByBiometricEnrollment'];
keyGenParameterSpec.implementation = function(flag) {
console.log("[!!!!][KeyGenParameterSpec.setInvalidatedByBiometricEnrollment()]: flag: " + flag );
return this.setInvalidatedByBiometricEnrollment(flag);
}
}
function hookSetUnlockedDeviceRequired()
{
var keyGenParameterSpec = Java.use('android.security.keystore.KeyGenParameterSpec$Builder')['setUnlockedDeviceRequired'];
keyGenParameterSpec.implementation = function(flag) {
console.log("[KeyGenParameterSpec.setUnlockedDeviceRequired()]: flag: " + flag );
return this.setUnlockedDeviceRequired(flag);
}
}
function hookSetUserConfirmationRequired()
{
var keyGenParameterSpec = Java.use('android.security.keystore.KeyGenParameterSpec$Builder')['setUserConfirmationRequired'];
keyGenParameterSpec.implementation = function(flag) {
console.log("[KeyGenParameterSpec.setUserConfirmationRequired()]: flag: " + flag );
return this.setUserConfirmationRequired(flag);
}
}
function hookSetUserAuthenticationValidityDurationSeconds()
{
var keyGenParameterSpec = Java.use('android.security.keystore.KeyGenParameterSpec$Builder')['setUserAuthenticationValidityDurationSeconds'];
keyGenParameterSpec.implementation = function(sec) {
console.log("[KeyGenParameterSpec.setUserAuthenticationValidityDurationSeconds()]: seconds: " + sec );
return this.setUserAuthenticationValidityDurationSeconds(sec);
}
}
function hookSetUserAuthenticationRequired()
{
var keyGenParameterSpec = Java.use('android.security.keystore.KeyGenParameterSpec$Builder')['setUserAuthenticationRequired'];
keyGenParameterSpec.implementation = function(flag) {
console.log("[KeyGenParameterSpec.setUserAuthenticationRequired()]: flag: " + flag );
return this.setUserAuthenticationRequired(flag);
}
}
function hookSetUserPresenceRequired()
{
var keyGenParameterSpec = Java.use('android.security.keystore.KeyGenParameterSpec$Builder')['setUserPresenceRequired'];
keyGenParameterSpec.implementation = function(flag) {
console.log("[KeyGenParameterSpec.setUserPresenceRequired()]: flag: " + flag );
return this.setUserPresenceRequired(flag);
}
}
function hookSetRandomizedEncryptionRequired()
{
var keyGenParameterSpec = Java.use('android.security.keystore.KeyGenParameterSpec$Builder')['setRandomizedEncryptionRequired'];
keyGenParameterSpec.implementation = function(flag) {
console.log("[KeyGenParameterSpec.setRandomizedEncryptionRequired()]: flag: " + flag );
return this.setRandomizedEncryptionRequired(flag);
}
}
function hookSetInvalidatedByBiometricEnrollment()
{
var keyGenParameterSpec = Java.use('android.security.keystore.KeyGenParameterSpec$Builder')['setInvalidatedByBiometricEnrollment'];
keyGenParameterSpec.implementation = function(flag) {
console.log("[KeyGenParameterSpec.setInvalidatedByBiometricEnrollment()]: flag: " + flag );
return this.setInvalidatedByBiometricEnrollment(flag);
}
}
function hookSetIsStrongBoxBacked()
{
var keyGenParameterSpec = Java.use('android.security.keystore.KeyGenParameterSpec$Builder')['setIsStrongBoxBacked'];
keyGenParameterSpec.implementation = function(flag) {
console.log("[KeyGenParameterSpec.setIsStrongBoxBacked()]: flag: " + flag );
return this.setIsStrongBoxBacked(flag);
}
}
function hookSetUserAuthenticationValidityDurationSeconds()
{
var keyGenParameterSpec = Java.use('android.security.keystore.KeyGenParameterSpec$Builder')['setUserAuthenticationValidityDurationSeconds'];
keyGenParameterSpec.implementation = function(flag) {
console.log("[KeyGenParameterSpec.setUserAuthenticationValidityDurationSeconds()]: flag: " + flag );
return this.setUserAuthenticationValidityDurationSeconds(flag);
}
}
function hookSetKeySize()
{
var keyGenParameterSpec = Java.use('android.security.keystore.KeyGenParameterSpec$Builder')['setKeySize'];
keyGenParameterSpec.implementation = function(flag) {
console.log("[KeyGenParameterSpec.setKeySize()]: keySize: " + flag );
return this.setKeySize(flag);
}
}