Frida-sidecar NPM

Sidecar

Sidecar is a runtime hooking tool for intercepting function calls by TypeScript annotation with ease, powered by Frida.RE.

Frida Sidecar

Image source: 1920s Raleigh Box Sidecar Outfit & ShellterProject

What is a "Sidecar" Pattern?

Segregating the functionalities of an application into a separate process can be viewed as a Sidecar pattern. The Sidecar design pattern allows you to add a number of capabilities to your application without the need of additional configuration code for 3rd party components.
As a sidecar is attached to a motorcycle, similarly in software architecture a sidecar is attached to a parent application and extends/enhances its functionalities. A Sidecar is loosely coupled with the main application.
— SOURCE: Sidecar Design Pattern in your Microservices Ecosystem, Samir Behara, July 23, 2018

What is a "Hooking" Patern?

Hook: by intercepting function calls or messages or events passed between software components.
— SOURCE: Hooking, Wikipedia

Features

Easy to use by TypeScript decorators/annotations
1. @Call(memory_address) for make a API for calling memory address from the binary
2. @Hook(memory_address) for emit arguments when a memory address is being called
Portable on Windows, macOS, GNU/Linux, iOS, Android, and QNX, as well as X86, Arm, Thumb, Arm64, AArch64, and Mips.
Powered by Frida.RE and can extended by any agent script.

Example

Talk is cheap, show me the code.

@Sidecar('chatbox')
class ChatboxSidecar extends SidecarBody {

  @Call(0x11C9)
  @RetType('void')
  mo (
    @ParamType('pointer', 'Utf8String') content: string,
  ): Promise<string> {
    return Ret(content)
  }

  @Hook(0x11F4)
  mt (
    @ParamType('pointer', 'Utf8String') content: string,
  ) {
    return Ret(content)
  }

}

Learn more from the example directory: https://github.com/huan/sidecar/blob/main/examples

Requirements

Mac: disable System Integrity Protection

Install

npm install sidecar

Usage

// tbw

Related project: FFI Adapter

I have another NPM module named ffi-adapter, which is a Foreign Function Interface Adapter Powered by Decorator & TypeScript.

FFi Adapter example:

import {
  LIBRARY,
  API,
  RETURN,
}             from 'ffi-adapter'

@LIBRARY('./libfactorial')
export class LibFactorial {
  @API() factorial (n: number): number { return RETURN(n) }
}

const lib = new LibFactorial()
console.log('factorial(5) =', lib.factorial(5))
// Output: factorial(5) = 120

Learn more about examples at https://github.com/huan/ffi-adapter/tree/master/tests/fixtures/library

Resources

Papers

Assembly to Open Source Code Matching for Reverse Engineering and Malware Analysis

Dll

Frida

Unicode

字符编码笔记：ASCII，Unicode 和 UTF-8, 阮一峰，2007年10月28日

Assembler

Online x86 / x64 Assembler and Disassembler (0xf is not valid, use 0x0f instead)
易语言汇编代码转置入代码开源
The 32 bit x86 C Calling Convention

iOS

Objective C

History

Master

0.1 (Jul 4, 2021)

First worked version, published to NPM as frida-sidecar.

0.0.1 (Jun 13, 2021)

Repo created.

Special thanks

Thanks to Quinton Ashley @quinton-ashley who is the previous owner of NPM name sidecar and he transfer this beautify name to me for publishing this project after I requested via email. Appreciate it! (Jun 29, 2021)