Hook rand() and random()

Updates #6.
iSECPartners · Apr 29, 2013 · 09728b9 · 09728b9
1 parent d9eb5f5
commit 09728b9
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 1 deletion.
diff --git a/tracer/Makefile b/tracer/Makefile
@@ -3,7 +3,7 @@
 include theos/makefiles/common.mk
 
 TWEAK_NAME = introspy
-introspy_FILES = Tweak.xmi CallTracer.m hooks/CommonDigestHooks.m hooks/KeychainHooks.m hooks/DelegateProxies.m PlistObjectConverter.m hooks/CCKeyDerivationPBKDFHooks.m CallStackInspector.m SQLiteStorage.m hooks/SecurityHooks.m hooks/CCCryptorHooks.m hooks/CCHmacHooks.m
+introspy_FILES = Tweak.xmi CallTracer.m hooks/CommonDigestHooks.m hooks/LibCHooks.m hooks/KeychainHooks.m hooks/DelegateProxies.m PlistObjectConverter.m hooks/CCKeyDerivationPBKDFHooks.m CallStackInspector.m SQLiteStorage.m hooks/SecurityHooks.m hooks/CCCryptorHooks.m hooks/CCHmacHooks.m
 introspy_LIBRARIES = sqlite3 
 
 introspy_FRAMEWORKS = UIKit, Foundation, Security

diff --git a/tracer/Tweak.xmi b/tracer/Tweak.xmi
@@ -16,6 +16,7 @@ static NSString *preferenceFilePath = @"/private/var/mobile/Library/Preferences/
 #import "hooks/CCHmacHooks.h"
 #import "hooks/CCKeyDerivationPBKDFHooks.h"
 #import "hooks/CommonDigestHooks.h"
+#import "hooks/LibCHooks.h"
 
 
 
@@ -123,6 +124,7 @@ static void traceURISchemes() {
         }
         // Crypto hooks
         if (getBoolFromPreferences(preferences, @"CommonCryptoHooks")) {
+            [LibCHooks enableHooks]; // Not really part of CommonCrypto
             [CCCryptorHooks enableHooks];
             [CCHmacHooks enableHooks];
             [CCKeyDerivationPBKDFHooks enableHooks];

diff --git a/tracer/hooks/LibCHooks.h b/tracer/hooks/LibCHooks.h
@@ -0,0 +1,9 @@
+
+@interface LibCHooks : NSObject {
+
+}
+
++ (void)enableHooks;
+
+@end
+
diff --git a/tracer/hooks/LibCHooks.m b/tracer/hooks/LibCHooks.m
@@ -0,0 +1,59 @@
+
+#include <substrate.h>
+
+#import "LibCHooks.h"
+#import "../SQLiteStorage.h"
+#import "../PlistObjectConverter.h"
+#import "../CallStackInspector.h"
+
+// Nice global
+extern SQLiteStorage *traceStorage;
+
+
+// Hook rand()
+static int (*original_rand)();
+
+static int replaced_rand() {
+
+    int origResult = original_rand();
+
+    // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls
+    if ([CallStackInspector wasDirectlyCalledByApp]) {
+
+        CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"rand"];
+        [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedInt:origResult]];
+        [traceStorage saveTracedCall: tracer];
+        [tracer release];
+    }
+    return origResult;
+}
+
+
+// Hook random()
+static long (*original_random)();
+
+static long replaced_random() {
+
+    long origResult = original_random();
+
+    // Only log what the application directly calls. For example we don't want to log internal SSL crypto calls
+    if ([CallStackInspector wasDirectlyCalledByApp]) {
+
+        CallTracer *tracer = [[CallTracer alloc] initWithClass:@"C" andMethod:@"random"];
+        [tracer addReturnValueFromPlistObject: [NSNumber numberWithUnsignedLong:origResult]];
+        [traceStorage saveTracedCall: tracer];
+        [tracer release];
+    }
+    return origResult;
+}
+
+
+
+@implementation LibCHooks
+
++ (void)enableHooks {
+    MSHookFunction(random, replaced_random, (void **) &original_random);
+    MSHookFunction(rand, replaced_rand, (void **) &original_rand);
+}
+
+@end