Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Material to reverse/patch electron apps on windows? (https://forum.exetools.com/showthread.php?t=19910)

Artic 08-20-2021 22:15

Material to reverse/patch electron apps on windows?
 
I know that electron apps are chrome based applications, cross plattform.
What is the best idea/way to attack these apps?

atom0s 08-23-2021 08:52

In a lot of cases, the developer console/tools are still left in the resulting package and can be turned on/opened with either a command-line option or a shortcut key combo like (Ctrl+Shift+I or similar).

If the package uses a bundler setup NW.js or similar, those usually offer development packages as well as retail packages. For that, you can just download the developer SDK and overwrite the files the program uses as with the dev ones and it'll re-enable the developer console.

sendersu 08-23-2021 16:47

Sometimes modern web based apps are using wasm modules (WebAssembly)
in this case Chrome has very nice wasm debugger (yes, you coudl step into it!)
but it's on low level wasm opcodes only...
For static analysis I'd recommend Jeb 4.x - it has very nice wasm decompiler into C-like language

CryptXor 08-23-2021 19:34

Quote:

Originally Posted by Artic (Post 123618)
I know that electron apps are chrome based applications, cross plattform.
What is the best idea/way to attack these apps?

TL;DR Unpack app.asar (contains the logic) in the 'resources' subfolder, deobfuscate a bit if you need too, mod as you please, repack, done.

sh3dow 08-24-2021 02:24

Generally, electron app source code will always be exposed to the "know where to look" user.

When the developer build his app which is written in electron, he will notice that when the binaries build is completed, the resource/source code are also exposed in the final built folder. in the resource folder all the app source code revealed to anyone who can access to this folder.

Just unpack the Whatever_name_here.asar file(s) in the resources folder, though sometimes they obfuscate the JavaScript files so you need to deobfuscate them. then read the code, modify it and build again.

Artic 08-24-2021 21:34

Quote:

Originally Posted by CryptXor (Post 123638)
TL;DR Unpack app.asar (contains the logic) in the 'resources' subfolder, deobfuscate a bit if you need too, mod as you please, repack, done.

Thanks for all the answers! ;)

i have already unpacked the asar file. It is not obfuscated (lucky me :) )

i want to remove a limit in the application, bcs thats the only limitation, which bothers me rly, everything just works perfect.

It goes like this: you do something 40 times and then a limitation dialog comes up (i found the limitation dialog already, also the about dialog)

but so far i have no idea how the limitation dialog is triggered, and how i can for example lift it to N times (even something like 1000 or so would do already.)

I will better leave out, which app im trying to modify here, unless it is allowed here to post.

Any information i could provide that i could understand better how an electron app works?

i mean there is a 110MB exe file, then the asar file (which i unpacked already). The asar files has all the layout in it.

But where could be the limit hidden?

atom0s 08-25-2021 02:29

It'll most likely be in one of the JS files. They may have minified it so variable names will be nuked and shortened to the smallest amount of characters available.

Quote:

I will better leave out, which app im trying to modify here, unless it is allowed here to post.
You should be fine to post that here, there isn't a rule against naming the software you're targeting for something like this.

Artic 08-25-2021 20:03

I was not sure if i can reveal which software i want to target.

Okay i havnt had any time yet to look into it again with the ideas i got here.

I found this app here by Mindomo, which provides offline Concept Maps.
Free version is limited to 40 topics.

you can find it here.
Code:

https://www.mindomo.com/download/10.0/Mindomo_v.10.0.3_x64.exe
Like i wrote it uses a 100+MB exe file, but also has an asar file, which i could unpack.

Mendax47 08-25-2021 23:44

Quote:

Originally Posted by Artic (Post 123652)
I was not sure if i can reveal which software i want to target.

Okay i havnt had any time yet to look into it again with the ideas i got here.

I found this app here by Mindomo, which provides offline Concept Maps.
Free version is limited to 40 topics.

you can find it here.
Code:

https://www.mindomo.com/download/10.0/Mindomo_v.10.0.3_x64.exe
Like i wrote it uses a 100+MB exe file, but also has an asar file, which i could unpack.

I tried to remove all the limitations which are the quickest method to do so... don't worry about dialog showing it free version... everything will work like charm...

copy and replace app.asar or make your original app.asar -> app.asar.bak (a backup) so you can switch between them quickely... but first rename and remove .exetools....

https://drive.google.com/file/d/1Z1O1aoW4Gp2hzPDALPl59YER0ITBNj5g/view?usp=sharing

Artic 08-26-2021 01:24

wow this is perfect! thanks alot to everybody.


All times are GMT +8. The time now is 07:14.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX