Read uchar value from hooked method using Frida
How can i read value of uchar* ?
I tried many ways, it's code which i used:
Interceptor.attach(Module.getExportByName('libsigning.so', 'EVP_DigestSignFinal'), {
onEnter: function (args) {
console.log("RSA.doFinal() [VALID]")
console.log("arg0: OpenSSL object")
console.log("arg1: " + Memory.readUtf8String(args[1]))
console.log("arg2: " + args[2].readUInt())
},
onLeave: function (retval) {
// simply replace the value to be returned with 0
return retval
}
});
What i got:
RSA.doFinal() [VALID]
arg0: RSA object
arg1:
arg2: 512
How it looks in ghidra:
In output I'm getting unknown character instead of real value
What is a proper way of doing this?
The method you hook is documented
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
According to it's documentation the second argument receives the created signature:
signs the data in ctx and places the signature in sig. If sig is NULL then the maximum size of the output buffer is written to the siglen parameter. If sig is not NULL then before the call the siglen parameter should contain the length of the sig buffer. If the call is successful the signature is written to sig and the amount of data written to siglen.
(Cryptographic) signatures are binary data and in C the type unsigned char is often used to store such binary data. Therefore even if it contains the name char you won't find any printable characters or a complete string in it.
Therefore if you want to print it as a string it will fail as the "real value" is binary data.
To read binary data you can use Frida readByteArray from NativePointer
- Error submitting tokenized card data to Intuit/Quickbooks Payments API
- How can I count Mongoose Schema documents with a filter?
- how to make a button call different function every-time it's clicked?
- In JavaScript, why should I usually prefer 'const' to 'let'?
- Trying to join two collections together, array in collection map to other collection. MongoDB
- Query firestore database for document id
- Return multiple values in JavaScript?
- react native typescript, property 'textalign' does not exist on the type textinput
- Convert an array of object into 2-dimensional array to group the elements with same id in typescript
- How to load up CSS files using Javascript?
- How to use Navigate component to capture incoming query string / searchParams?
- Can I avoid Vite transforming class fields from javascript files?
- How can I determine what browser is being used with JavaScript?
- How do cookie consent banners work on the background? Can a website that sets 3rd party cookies on another website ask to allow its cookies?
- AddEventListener on all created li elements
- React Navigation animation still showing when animationEnabled prop is set to false
- How do I convert a string to a function reference in JavaScript?
- Why does my `name` variable show it's deprecated?
- Image and slider dot is out of sync
- Importing ethers via Hardhat fails despite official testing documentation
- Codeigniter - How to fetch datatable data from ajax?
- How do I convert text entered in form to Title Case Using PHP before submitting to MySQL?
- How to notify blazor(webassembly) about DOM changes made from js?
- Uncaught (in promise) Unable to find element in cloned iframe #2460
- Latency / Ping test from Browser
- GoJS `diagram.model.toJson()` is not not updating after change
- Forward body from request to another url
- Get all user properties from Microsoft graph
- How to stop VS Code importing react methods from Minified React?
- How can i access index of foreach when iterating through ko.computed in knockout.js