undetected-frida #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: undetected-frida | |
on: | |
schedule: | |
- cron: "0 * * * *" | |
workflow_dispatch: | |
jobs: | |
check: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check for existing release | |
id: check | |
run: | | |
frida_version="$(curl -fs https://api.github.com/repos/frida/frida/releases | jq -r .[].tag_name | sort -nr | head -n1)" | |
frida_version="$(curl -fs https://api.github.com/repos/frida/frida/releases/latest | jq -r .tag_name)" | |
echo "FRIDA_VERSION=${frida_version}" >> "${GITHUB_OUTPUT}" # gh env? | |
release_exists=0 | |
set +e | |
curl -fso /dev/null "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/tags/${frida_version}" | |
[ "${?}" -ne 0 ] || release_exists=1 | |
echo "RELEASE_EXISTS=${release_exists}" >> "${GITHUB_OUTPUT}" | |
outputs: | |
FRIDA_VERSION: ${{ steps.check.outputs.FRIDA_VERSION }} | |
RELEASE_EXISTS: ${{ steps.check.outputs.RELEASE_EXISTS }} | |
create: | |
runs-on: ubuntu-latest | |
needs: | |
- check | |
if: needs.check.outputs.RELEASE_EXISTS == '0' | |
steps: | |
- name: Create release | |
id: create | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
# might need to use bash arrays for adequate DRY quotation? | |
curl_args="-fs -H 'Authorization: token ${GITHUB_TOKEN}'" | |
api_args="${curl_args} -H 'Content-Type: application/json' -d@-" | |
upload_args="${curl_args} -H 'Content-Type: application/octet-stream' -o /dev/null --data-binary @-" # cat | curl --data-binary | |
tmpfile="$(mktemp)" # a bit excessive, but eh | |
echo '{"tag_name":"${{ needs.check.outputs.FRIDA_VERSION }}","name":"${{ needs.check.outputs.FRIDA_VERSION }}","body":"${{ needs.check.outputs.FRIDA_VERSION }}","draft":true}' | curl -fs -H "Authorization: token ${GITHUB_TOKEN}" -H "Content-Type: application/json" -d@- "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases" >"${tmpfile}" | |
echo "RELEASE_ID=$(jq -r .id "${tmpfile}")" >> "${GITHUB_OUTPUT}" | |
#echo "UPLOAD_URL=$(jq -r .upload_url "${tmpfile}")" >> "${GITHUB_OUTPUT}" | |
outputs: | |
RELEASE_ID: ${{ steps.create.outputs.RELEASE_ID }} | |
build: | |
runs-on: ubuntu-latest | |
needs: | |
- check | |
- create | |
if: needs.check.outputs.RELEASE_EXISTS == '0' | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: | |
- arm64 | |
- arm | |
- x86_64 | |
- x86 | |
#bin: ["server", "inject"] | |
#devkit: ["core", "gum", "gumjs"] | |
os: | |
- android | |
#target: ["core", "gum"] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Node 18 setup | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: JDK 8 setup | |
uses: actions/setup-java@v4 | |
with: | |
java-version: "8" | |
distribution: temurin | |
- name: Python 3.12 setup | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: NDK 25c setup | |
run: | | |
curl -sSLO https://dl.google.com/android/repository/android-ndk-r25c-linux.zip | |
[ "$(sha1sum android-ndk-r25c-linux.zip | awk '{print $1}')" = "53af80a1cce9144025b81c78c8cd556bff42bd0e" ] || exit 1 | |
unzip -qo android-ndk-r25c-linux.zip; rm android-ndk-r25c-linux.zip; | |
rm -rf "${ANDROID_NDK%/*}/25.2.9519653"; mv -v android-ndk-r25c "${ANDROID_NDK%/*}/25.2.9519653"; export ANDROID_NDK="${ANDROID_NDK%/*}/25.2.9519653" | |
export ANDROID_NDK_HOME="${ANDROID_NDK}" ANDROID_NDK_ROOT="${ANDROID_NDK}" ANDROID_NDK_LATEST_HOME="${ANDROID_NDK}" | |
- name: Install dependencies | |
run: | | |
sudo apt-get update && DEBIAN_FRONTEND=noninteractive sudo apt-get install -y build-essential tree ninja-build gcc-multilib g++-multilib lib32stdc++-9-dev flex bison libc6-dev libc6-dev-i386 upx xz-utils plzip zstd pigz | |
sudo /opt/hostedtoolcache/Python/3.12.*/x64/bin/pip3 install -U lief setuptools | |
_CARCH="${{ matrix.arch }}"; if [ "${_CARCH%64}" = "${_CARCH}" ]; then # && bit_width=32 || bit_width=64 # not an exact science, but honk it, good enough™ | |
pushd /opt/hostedtoolcache/Python/3.12.*/x64/include/python3.12; patch -Rp1 <${{ github.workspace }}/pyconfig.h-i686-x86_64.patch; popd | |
fi | |
- name: Build Frida | |
run: | | |
export ANDROID_NDK="${ANDROID_NDK%/*}/25.2.9519653"; export ANDROID_NDK_HOME="${ANDROID_NDK}" ANDROID_NDK_ROOT="${ANDROID_NDK}" ANDROID_NDK_LATEST_HOME="${ANDROID_NDK}" | |
git clone --recurse-submodules https://github.com/frida/frida -b "${{ needs.check.outputs.FRIDA_VERSION }}"; pushd frida | |
FRIDA_PREFIX="$(tr -cd 'a-z0-9' </dev/urandom | head -c32)" SESSION_SERVICE="$(tr -cd 'a-f0-9' </dev/urandom | head -c32)" | |
for k in strongR-frida florida asenosen fridare; do for i in "../${k}/"*; do pushd "subprojects/${i##*/}"; for j in "../../../${k}/${i##*/}/"*.patch; do FRIDA_PREFIX="${FRIDA_PREFIX}" SESSION_SERVICE="${SESSION_SERVICE}" envsubst <"${j}" | patch -p1; done; popd; done; done | |
#for j in core gum; do make "${j}-${{ matrix.os }}-${{ matrix.arch }}"; done # target | |
#for j in core gum gumjs; do python releng/mkdevkit.py "frida-${j}" "${{ matrix.os }}-${{ matrix.arch }}" "build/devkits/${{ matrix.os }}/${{ matrix.arch }}/${j}"; done # devkit | |
./configure --prefix="${PWD}/build" --host="${{ matrix.os }}-${{ matrix.arch }}" --enable-frida-tools --enable-gadget --enable-server --enable-portal --enable-gadget -- -Dfrida-gum:devkits=gum,gumjs -Dfrida-core:devkits=core | |
make | |
popd | |
- name: Ship artifacts | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
gh_release_put(){ curl -fs -H "Authorization: token ${GITHUB_TOKEN}" -H "Content-Type: application/octet-stream" -o /dev/null --data-binary "@${1}" "https://uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${{ needs.create.outputs.RELEASE_ID }}/assets?name=${2}"; } | |
export XZ_OPT="-9e -T0" ZSTD_NBTHREADS=0 ZSTD_CLEVEL=19 | |
ZSTD_OPT="-${ZSTD_CLEVEL:-22} --ultra -T${ZSTD_NBTHREADS:-0}" LZIP_OPT="-n$(nproc) -9" PIGZ="-p$(nproc) -11" # GZIP="-9" PIGZ="${GZIP}" | |
#for compr in "xz ${XZ_OPT}:xz" "plzip ${LZIP_OPT}:lz"; do # "pigz ${PIGZ}:gz" "zstd ${ZSTD_OPT}:zst"; do …; done | |
compr="xz ${XZ_OPT}:xz" | |
pushd frida | |
gh_release_put subprojects/frida-core/src/anti-anti-frida.py anti-anti-frida.py ||: | |
for j in server inject; do # bin | |
#upx --lzma --best "build/frida-${{ matrix.os }}-${{ matrix.arch }}/bin/frida-${j}" | |
#_src="build/frida-${{ matrix.os }}-${{ matrix.arch }}/bin/frida-${j}" | |
_src="build/subprojects/frida-core/${j}/frida-${j}" | |
${compr%:*} -k "${_src}" | |
gh_release_put "${_src}.${compr#*:}" "${GITHUB_REPOSITORY##*/}-${j}-${{ needs.check.outputs.FRIDA_VERSION }}-${{ matrix.os }}-${{ matrix.arch }}.${compr#*:}" | |
done | |
python subprojects/frida-core/src/anti-anti-frida.py build/subprojects/frida-core/server/frida-server | |
mv build/subprojects/frida-core/server/frida-server ../frida-server-${{ matrix.arch }} | |
#[ "$(echo ${{ matrix.arch }} | sed 's/64$//')" != "${{ matrix.arch }}" ] && bit_width=64 || bit_width=32 | |
#upx --lzma --best "build/frida-${{ matrix.os }}-${{ matrix.arch }}/lib/frida/${bit_width}/frida-gadget.so" | |
#_src="build/frida-${{ matrix.os }}-${{ matrix.arch }}/lib/frida/${bit_width}/frida-gadget.so" | |
_src="build/subprojects/frida-core/lib/gadget/frida-gadget.so" | |
${compr#*:} -k "${_src}" | |
gh_release_put "${_src}.${compr#*:}" "${GITHUB_REPOSITORY##*/}-gadget-${{ needs.check.outputs.FRIDA_VERSION }}-${{ matrix.os }}-${{ matrix.arch }}.so.${compr#*:}" | |
for j in $(find build/subprojects -iname '*-example.c'); do # devkit | |
_j="${j##*/}" | |
_tar="build/${_j%-example.c}-devkit-${{ matrix.os }}-${{ matrix.arch }}.tar" | |
#_tgt="${GITHUB_REPOSITORY##*/}-${j}-devkit-${{ needs.check.outputs.FRIDA_VERSION }}-${{ matrix.os }}-${{ matrix.arch }}.tar.${compr#*:}" | |
_tgt="undetected-${_j%-example.c}-devkit-${{ needs.check.outputs.FRIDA_VERSION }}-${{ matrix.os }}-${{ matrix.arch }}.tar.${compr#*:}" | |
tar -cf "${_tar}" -C "${j%/*}" . | |
${compr%:*} -k "${_tar}" | |
gh_release_put "${_tar}.${compr#*:}" "${_tgt}" | |
done | |
popd | |
- name: Pass servers for Magisk module | |
uses: actions/upload-artifact@v4 | |
with: | |
name: frida-server-${{ matrix.arch }} | |
path: frida-server-${{ matrix.arch }} | |
if-no-files-found: warn | |
retention-days: 1 | |
compression-level: 9 | |
publish: | |
runs-on: ubuntu-latest | |
needs: | |
- check | |
- create | |
- build | |
if: needs.check.outputs.RELEASE_EXISTS == '0' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Pass servers for Magisk module | |
uses: actions/download-artifact@v4 | |
with: | |
path: frida-servers | |
pattern: frida-server-* | |
merge-multiple: true | |
- name: Assemble Magisk module and publish release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
gh_release_put(){ curl -fs -H "Authorization: token ${GITHUB_TOKEN}" -H "Content-Type: application/octet-stream" -o /dev/null --data-binary "@${1}" "https://uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${{ needs.create.outputs.RELEASE_ID }}/assets?name=${2}"; } | |
MAGISK_DIR="$(mktemp -d)"; mkdir "${MAGISK_DIR}/files" | |
cat <<EOF >feed.json | |
{ | |
"version": "${{ needs.check.outputs.FRIDA_VERSION }}", | |
"versionCode": "$(echo -n ${{ needs.check.outputs.FRIDA_VERSION }} | xargs -d. -n1 -- printf '%02d')", | |
"zipUrl": "https://github.com/${GITHUB_REPOSITORY}/releases/download/${{ needs.check.outputs.FRIDA_VERSION }}/${GITHUB_REPOSITORY##*/}-magisk-${{ needs.check.outputs.FRIDA_VERSION }}.zip", | |
"changelog": "https://raw.githubusercontent.com/${GITHUB_REPOSITORY}/master/CHANGELOG.md" | |
} | |
EOF | |
gh_release_put feed.json feed.json | |
cat <<EOF >"${MAGISK_DIR}/module.prop" | |
id=${GITHUB_REPOSITORY##*/} | |
name=Undetected F(lo)rida | |
version=${{ needs.check.outputs.FRIDA_VERSION }} | |
versionCode=$(echo -n ${{ needs.check.outputs.FRIDA_VERSION }} | xargs -d. -n1 -- printf '%02d') | |
author=too many to list, ask for shoutout in repo | |
description=Run ${GITHUB_REPOSITORY##*/}-server on boot | |
updateJson=https://github.com/${GITHUB_REPOSITORY}/releases/latest/download/feed.json | |
EOF | |
cp -r magisk/* "${MAGISK_DIR}" | |
mv frida-servers/* "${MAGISK_DIR}/files/" | |
pushd "${MAGISK_DIR}" | |
zip -9qr "${OLDPWD}/magisk.zip" * | |
gh_release_put "${OLDPWD}/magisk.zip" "${GITHUB_REPOSITORY##*/}-magisk-${{ needs.check.outputs.FRIDA_VERSION }}.zip" | |
popd | |
echo '{"draft":false}' | curl -fs -H "Authorization: token ${GITHUB_TOKEN}" -H "Content-Type: application/json" -d@- -o /dev/null -XPATCH "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/${{ needs.create.outputs.RELEASE_ID }}" |