frida
12.9.5 version handles strings with embedded nuls not right
if utf8 string contains nuls, the stringFromJni only return string ends with nuls, it truncates string
var blob = [126,83,69,77,73,95,88,77,76,126,0,20,46,109,115,103];
the right utf8 string is "~SEMI_XML~
i think the real resolution is comment code g_utf8_validate (data, length, &end) at bindings/gumjs/gumdukmemory.c:
`case GUM_MEMORY_VALUE_UTF8_STRING: { gchar * data; guint8 dummy_to_trap_bad_pointer_early; const gchar * end;
data = address;
if (data == NULL)
{
duk_push_null (ctx);
break;
}
if (length != 0)
memcpy (&dummy_to_trap_bad_pointer_early, data, sizeof (guint8));
if (!g_utf8_validate (data, length, &end))
{
_gum_duk_throw (ctx, "can't decode byte 0x%02x in position %u",
(guint8) *end, (guint) (end - data));
}
if (length < 0)
{
duk_push_string (ctx, data);
}
else
{
gchar * slice;
slice = g_strndup (data, length);
duk_push_string (ctx, slice);
g_free (slice);
}
break;
}`
use readUtf8String not readUtf16String
I've also encountered this issue. Java strings get truncated if they contain a null byte.
As an example, this code will show param1 as having a length of 14 characters, when in fact it should have 36 characters. The 15th character is a null byte.
SecureStorage.decrypt.overload('java.lang.String', 'byte').implementation = function(param1, param2) {
console.log("Param1: " + param1);
console.log("Param1 length: " + param1.length);
}
This issue was also identified in December 2019 issue #1120 in the main frida/frida repo: https://github.com/frida/frida/issues/1120
Is there a work around where we could access the native parameter in memory without too much trouble?
Frida is wonderful, thanks so much for creating it oleavr
Can you please confirm that this issue is present on latest frida (15.0.17)?
I only tried it on the frida-15.0.15 and the target app was KGB-Messenger.
I am seeing this issue on Frida 15.1.1 (specifically, I am running into https://github.com/frida/frida/issues/1120)
