Skip to content

Commit 8008c55

Browse files
NSEchoNSEcho
committed
feat: add support for whitelist
1 parent b7bad9f commit 8008c55

File tree

2 files changed

+53
-28
lines changed

2 files changed

+53
-28
lines changed

main.go

Lines changed: 21 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ import (
88
"os"
99
"os/signal"
1010
"regexp"
11+
"runtime/pprof"
1112
"strings"
1213
"syscall"
1314
)
@@ -19,6 +20,10 @@ var rootCmd = &cobra.Command{
1920
Use: "gxpc [spawn_args]",
2021
Short: "XPC sniffer",
2122
Run: func(cmd *cobra.Command, args []string) {
23+
out, _ := os.Create("out.pprof")
24+
pprof.StartCPUProfile(out)
25+
defer pprof.StopCPUProfile()
26+
2227
logger := NewLogger()
2328

2429
list, err := cmd.Flags().GetBool("list")
@@ -196,11 +201,21 @@ var rootCmd = &cobra.Command{
196201
return
197202
}
198203

204+
whitelist, err := cmd.Flags().GetStringSlice("whitelist")
205+
if err != nil {
206+
logger.Errorf("%v", err)
207+
}
208+
199209
script.On("message", func(message string) {
200210
msg, _ := frida.ScriptMessageToMessage(message)
201211
switch msg.Type {
202212
case frida.MessageTypeSend:
203-
PrintData(msg.Payload, false, false, blacklistToRegex(blacklist), logger)
213+
PrintData(msg.Payload,
214+
false,
215+
false,
216+
listToRegex(whitelist),
217+
listToRegex(blacklist),
218+
logger)
204219
case frida.MessageTypeLog:
205220
logger.Infof("SCRIPT: %v", msg)
206221
default:
@@ -246,10 +261,10 @@ var rootCmd = &cobra.Command{
246261
},
247262
}
248263

249-
func blacklistToRegex(bl []string) []*regexp.Regexp {
250-
rex := make([]*regexp.Regexp, len(bl))
251-
for i, b := range bl {
252-
replaced := strings.ReplaceAll(b, "*", ".*")
264+
func listToRegex(ls []string) []*regexp.Regexp {
265+
rex := make([]*regexp.Regexp, len(ls))
266+
for i, item := range ls {
267+
replaced := strings.ReplaceAll(item, "*", ".*")
253268
r := regexp.MustCompile(replaced)
254269
rex[i] = r
255270
}
@@ -263,6 +278,7 @@ func main() {
263278
rootCmd.Flags().StringP("file", "f", "", "spawn the file")
264279
rootCmd.Flags().StringP("output", "o", "", "save output to this file")
265280

281+
rootCmd.Flags().StringSliceP("whitelist", "w", []string{}, "whitelist the following wildcard connections")
266282
rootCmd.Flags().StringSliceP("blacklist", "b", []string{}, "blacklist the following wildcard connections")
267283

268284
rootCmd.Flags().BoolP("list", "l", false, "list available devices")

object.go

Lines changed: 32 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ import (
88
"strings"
99
)
1010

11-
func PrintData(value any, decode, printHex bool, blacklist []*regexp.Regexp, logger *Logger) {
11+
func PrintData(value any, decode, printHex bool, whitelist, blacklist []*regexp.Regexp, logger *Logger) {
1212
val := reflect.ValueOf(value)
1313

1414
data := make(map[string]any)
@@ -20,30 +20,39 @@ func PrintData(value any, decode, printHex bool, blacklist []*regexp.Regexp, log
2020
}
2121
}
2222
name := data["connName"].(string)
23-
if !connectionNameInBlacklist(name, blacklist) {
24-
var message string
25-
fnName := fmt.Sprintf("Name: %s\n", data["name"])
26-
connName := fmt.Sprintf("Connection Name: %s\n", data["connName"])
27-
printData(reflect.ValueOf(data["dictionary"]), "", "", &message)
28-
total := len(fnName) + len(connName) + len(message) + 100
2923

30-
builder := strings.Builder{}
31-
builder.Grow(total)
24+
if len(whitelist) > 0 {
25+
if !connInList(name, whitelist) {
26+
return
27+
}
28+
} else {
29+
if connInList(name, blacklist) {
30+
return
31+
}
32+
}
3233

33-
builder.WriteString(fnName)
34-
builder.WriteString(connName)
35-
builder.WriteString("Data:\n")
36-
builder.WriteString(message)
37-
builder.WriteString(fmt.Sprintf("\n%s\n", strings.Repeat("=", 80)))
34+
var message string
35+
fnName := fmt.Sprintf("Name: %s\n", data["name"])
36+
connName := fmt.Sprintf("Connection Name: %s\n", data["connName"])
37+
printData(reflect.ValueOf(data["dictionary"]), "", "", &message)
38+
total := len(fnName) + len(connName) + len(message) + 100
3839

39-
logger.Scriptf("Name: %s", data["name"])
40-
logger.Scriptf("Connection Name: %s", data["connName"])
41-
logger.Scriptf("Data:")
42-
logger.Scriptf("%s", message)
43-
fmt.Println(strings.Repeat("=", 80))
40+
builder := strings.Builder{}
41+
builder.Grow(total)
4442

45-
logger.writeToFileScript(builder.String())
46-
}
43+
builder.WriteString(fnName)
44+
builder.WriteString(connName)
45+
builder.WriteString("Data:\n")
46+
builder.WriteString(message)
47+
builder.WriteString(fmt.Sprintf("\n%s\n", strings.Repeat("=", 80)))
48+
49+
logger.Scriptf("Name: %s", data["name"])
50+
logger.Scriptf("Connection Name: %s", data["connName"])
51+
logger.Scriptf("Data:")
52+
logger.Scriptf("%s", message)
53+
fmt.Println(strings.Repeat("=", 80))
54+
55+
logger.writeToFileScript(builder.String())
4756
}
4857

4958
func printData(v reflect.Value, key, indent string, message *string) {
@@ -78,8 +87,8 @@ func printData(v reflect.Value, key, indent string, message *string) {
7887
}
7988
}
8089

81-
func connectionNameInBlacklist(connName string, blacklist []*regexp.Regexp) bool {
82-
for _, b := range blacklist {
90+
func connInList(connName string, list []*regexp.Regexp) bool {
91+
for _, b := range list {
8392
if match := b.MatchString(connName); match {
8493
return true
8594
}

0 commit comments

Comments
 (0)