Releases: FrenchYeti/interruptor
Interruptor 1.0.9
Annoucements
Breaking changes since 1.0.8 : InterruptorAPI to define syscalls/modules excluded/included has been changed.
Interruptor API has now a website
Interruptor is now available as NPM package : @reversense/interruptor
News
Support of (linux or android)/x64 has been improved and tested with Android 13 + emulator.
This version works finelly with Frida 16.x
Support of linux/aarch32 supports is work in progress
🔥 Improvements :
- ESM Module
- Improve typing (type for everything including syscall signature)
- Improve ErrorCode parsing for arm64
- Add aarch32 support for Linux syscalls tracing
- Improve x64 support for Linux syscalls tracing
- Fix bugs inside argument parsing
- Improve reliability when linker
✅ Supported:
- linux : x64 / aarch64 / aarch32
- Close to 100% of coverage for Flag/Bitmap textual decomposition
- Add a way to define structures for complex arguments, to parse and dump it
- Internals : add a callback to execute code only when the device is virtual
- Parsing of syscall args (near of 100% for primitive types) : ORed flags, mode, descriptors, ..
- Start to retrieve name of error code
- More than 1200 constants from Kernel supported
- Implement all descriptors : fd, dfd, wd, sockfd, msqd, ..
- API to use constant from Kernel API inside hooks, including error code
- Follow Threads
- Module filtering by name, by regexp, by properties
- System call filtering by name, by regexp, by properties
- Thread coloring
- Android/Arm64 syscalls according to AOSP
- Include deprecated syscalls/flags from linux kernel 2.x -> 5.x
- Syscall interrupt hooking
- Dynamic loading
- Callback function when start() happens
📆 Partially supported:
* socket, ...
* Signals
* Error code retrieving / returned value parsing
* Contextual args hint : exploring cmd/opts as in prctl()
* Coverage
🛰️ Not supported:
* MacOS
* windows
* HVC, SMC, ...
* host-less follow-fork
Interruptor 1.0.8
Annoucements
Important : InterruptorAPI to define syscalls/modules excluded/included has been changed. This page ll be updated ASAP
Interruptor API has now a website
Interruptor is now available as NPM package : @reversense/interruptor
News
Interruptor is now a bit more multiplatform than the time, and support tracing for followings combinations :
- linux / arm64
- linux / arm
- linux / x64
Add aarch32 supports and extend the parsing of syscall args for x64.
🔥 Improvements :
- Move entire project from CommonJS to ESM to allow it to be directly used by frida (frida-compile not still required)
- Improve typing (type for everything including syscall signature)
- Improve ErrorCode parsing for arm64
- Add aarch32 support for Linux syscalls tracing
- Improve x64 support for Linux syscalls tracing
- Fix bugs inside argument parsing
- Improve reliability
✅ Supported:
- linux : x64 / aarch64 / aarch32
- Close to 100% of coverage for Flag/Bitmap textual decomposition
- Add a way to define structures for complex arguments, to parse and dump it
- Internals : add a callback to execute code only when the device is virtual
- Parsing of syscall args (near of 100% for primitive types) : ORed flags, mode, descriptors, ..
- Start to retrieve name of error code
- More than 1200 constants from Kernel supported
- Implement all descriptors : fd, dfd, wd, sockfd, msqd, ..
- API to use constant from Kernel API inside hooks, including error code
- Follow Threads
- Module filtering by name, by regexp, by properties
- System call filtering by name, by regexp, by properties
- Thread coloring
- Android/Arm64 syscalls according to AOSP
- Include deprecated syscalls/flags from linux kernel 2.x -> 5.x
- SVC hooking
- Dynamic loading
- Callback function when start() happens
📆 Partially supported:
* socket, ...
* Signals
* Error code retrieving / returned value parsing
* Contextual args hint : exploring cmd/opts as in prctl()
* Coverage
🛰️ Not supported:
* MacOS
* windows
* HVC, SMC, ...
* follow fork
Interruptor 0.2.0
Interruptor is now multiplatform, and support tracing for followings combinations :
- linux (or android)/arm64
- linux (or android)/x64
Add x64 supports and extend the parsing of syscall args.
Kernel structures involved into syscall API will be published into separate repository:
https://github.com/FrenchYeti/frida-systruct
🔥 Improvements :
- Add x64 support for Linux syscalls tracing
✅ Supported:
- linux / x64
- Close to 100% of coverage for Flag/Bitmap textual decomposition
- Add a way to define structures for complex arguments, to parse and dump it
- Internals : add a callback to execute code only when the device is virtual
- Parsing of syscall args (near of 100% for primitive types) : ORed flags, mode, descriptors, ..
- Start to retrieve name of error code
- More than 950 constants from Kernel supported
- Implement all descriptors : fd, dfd, wd, sockfd, msqd, ..
- API to use constant from Kernel API inside hooks, including error code
- Follow Threads
- Module filtering by name, by regexp, by properties
- System call filtering by name, by regexp, by properties
- Thread coloring
- Android/Arm64 syscalls according to AOSP
- Include deprecated syscalls/flags from linux kernel 2.x -> 5.x
- SVC hooking
- Dynamic loading
- Callback function when start() happens
📆 Partially supported:
- socket, ...
- Signals
- Error code retrieving / returned value parsing
- Contextual args hint : exploring cmd/opts as in prctl()
- Coverage
🛰️ Not supported:
- HVC, SMC, ...
- follow fork
Interruptor 0.1.4
Android / arm64 Only
Improvement of stability and add a ways to map a type to a complex custom structure.
Structures are parsed automatically in memory for each syscall using this type.
Kernel structures involved into syscall API will be published into separate repository:
https://github.com/FrenchYeti/frida-systruct
🔥 Improvements :
- Fix issue when file descriptor origin cannot be retirved
- Add a way to define structures for complex arguments, to parse and dump it
- Internals : add a callback to execute code only when the device is virtual
✅ Supported:
- Close to 100% of coverage for Flag/Bitmap textual decomposition
- Parsing of syscall args (near of 100% for primitive types) : ORed flags, mode, descriptors, ..
- Start to retrieve name of error code
- More than 950 constants from Kernel supported
- Implement all descriptors : fd, dfd, wd, sockfd, msqd, ..
- API to use constant from Kernel API inside hooks, including error code
- Follow Threads
- Module filtering by name, by regexp, by properties
- System call filtering by name, by regexp, by properties
- Thread coloring
- Android/Arm64 syscalls according to AOSP
- Include deprecated syscalls/flags from linux kernel 2.x -> 5.x
- SVC hooking
- Dynamic loading
- Callback function when start() happens
📆 Partially supported:
- socket, ...
- Signals
- Error code retrieving / returned value parsing
- Contextual args hint : exploring cmd/opts as in prctl()
- Coverage
🛰️ Not supported:
- HVC, SMC, ...
- follow fork
Interruptor 0.1.3
Android / arm64 Only
Improvement of stability and add a ways to map a type to a complex custom structure.
Structures are parsed automatically in memory for each syscall using this type.
Kernel structures involved into syscall API will be published into separate repository:
https://github.com/FrenchYeti/frida-systruct
🔥 Improvements :
- Fix issue when file descriptor origin cannot be retirved
- Add a way to define structures for complex arguments, to parse and dump it
- Internals : add a callback to execute code only when the device is virtual
✅ Supported:
- Close to 100% of coverage for Flag/Bitmap textual decomposition
- Parsing of syscall args (near of 100% for primitive types) : ORed flags, mode, descriptors, ..
- Start to retrieve name of error code
- More than 950 constants from Kernel supported
- Implement all descriptors : fd, dfd, wd, sockfd, msqd, ..
- API to use constant from Kernel API inside hooks, including error code
- Follow Threads
- Module filtering by name, by regexp, by properties
- System call filtering by name, by regexp, by properties
- Thread coloring
- Android/Arm64 syscalls according to AOSP
- Include deprecated syscalls/flags from linux kernel 2.x -> 5.x
- SVC hooking
- Dynamic loading
- Callback function when start() happens
📆 Partially supported:
- socket, ...
- Signals
- Error code retrieving / returned value parsing
- Contextual args hint : exploring cmd/opts as in prctl()
- Coverage
🛰️ Not supported:
- HVC, SMC, ...
- follow fork
Interruptor 0.1.2
Android / arm64 Only
Big improvement of coverage for arg parsing.
🔥 Improvements :
- Start to retrieve name of error code
- Add configurable complex structure parsing (verbos:false by default)
- Implement all descriptors : fd, dfd, wd, sockfd, msqd, ..
- Parsing of syscall args (near of 100% for primitive types) : ORed flags, mode, descriptors, ..
- More than 950 constants from Kernel supported
✅ Supported:
- Close to 100% of coverage for Flag/Bitmap textual decomposition
- API to use constant from Kernel API inside hooks, including error code
- Follow Threads
- Module filtering by name, by regexp, by properties
- System call filtering by name, by regexp, by properties
- Thread coloring
- Android/Arm64 syscalls according to AOSP
- Include deprecated syscalls/flags from linux kernel 2.x -> 5.x
- SVC hooking
- Dynamic loading
- Callback function when start() happens
📆 Partially supported:
- socket, ...
- Signals
- Error code retrieving / returned value parsing
- Contextual args hint : exploring cmd/opts as in prctl()
- Coverage
🛰️ Not supported:
- HVC, SMC, ...
- follow fork
Interruptor 0.1.1
Android / arm64 Only
Same feature as v0.1.1 + API to use kernel constants into hook + improvement of syscall parsing
❤️ Contributors :
🔥 Improvements :
- Socket domain
- Socket type
- File access errors
- File mode parsing
- Constant from Kernel API can be used inside hooks
✅ Supported:
- API to use constant from Kernel API inside hooks, including error code
- Follow Threads
- Module filtering by name, by regexp, by properties
- System call filtering by name, by regexp, by properties
- Thread coloring
- Android/Arm64 syscalls according to AOSP
- Include deprecated syscalls/flags from linux kernel 2.x -> 5.x
- SVC hooking
- Dynamic loading
- Callback function when start() happens
📆 Partially supported:
- ** More Flag/Bitmap textual decomposition **
- Error code retrieving / returned value parsing
- Contextual args hint : exploring cmd/opts as in prctl()
- Coverage
🛰️ Not supported:
- HVC, SMC, ...
- follow fork
Contributors
Assets 3
Interruptor 0.1.0
Same feature as v0.1.0-alpha + follow threads + improvements
Supported:
- Follow Threads
- Module filtering by name, by regexp, by properties
- System call filtering by name, by regexp, by properties
- Thread coloring
- Android/Arm64 syscalls according to AOSP
- Include deprecated syscalls/flags from linux kernel 2.x -> 5.x
- SVC hooking
- Dynamic loading
- Callback function when start() happens
Partially supported:
- API to use constant from Kernel API inside hooks
- Error code retrieving / returned value parsing
- Flag/Bitmap textual decomposition
- Contextual args hint : exploring cmd/opts as in prctl()
- Coverage
Not supported:
- HVC, SMC, ...
- follow fork
Interruptor 0.1.0-alpha
Supported:
- Android/Arm64 syscalls according to AOSP
- Include deprecated syscalls/flags from linux kernel 2.x -> 5.x
- SVC hooking,
- Dynamic loading
- Callback function when start() happens
Partially supported:
- Error code retrieving / returned value parsing
- Flag/Bitmap textual decomposition
- Contextual args hint : exploring cmd/opts as in prctl()
- Coverage
Not supported:
- HVC, SMC, ...
- follow thread / fork