added file motitoring modules

Author: Ch0pin

modules/file_system/context_file_input_ouput.med

@@ -0,0 +1,49 @@
+{
+    "Name": "file_system/context_file_input_output",
+    "Description": "Use this module to monitor file input output operations associated with Context application package",
+    "Help": "https://developer.android.com/reference/android/content/Context#openFileInput(java.lang.String)",
+    "Code": "
+console.log('-------App context file input output operations monitor by @chopin--------------');
+
+      var contextWrapper= Java.use('android.content.ContextWrapper');
+
+
+      if (contextWrapper.openFileInput) {
+        // Ref: https://developer.android.com/reference/android/content/ContextWrapper.html#openFileInput(java.lang.String)
+        contextWrapper.openFileInput.overload(\"java.lang.String\").implementation = function(fileName) {
+          
+          colorLog('[+] App is opening the file: '+fileName + ' for reading',{c: Color.Red} );
+          return this.openFileInput.overload(\"java.lang.String\").apply(this, arguments);
+       
+        };
+      }
+
+      if (contextWrapper.openFileOutput) {
+        // Ref: https://developer.android.com/reference/android/content/ContextWrapper.html#openFileOutput(java.lang.String, int)
+        contextWrapper.openFileOutput.overload(\"java.lang.String\", \"int\").implementation = function(fileName, mode) {
+
+          colorLog('[+] App is opening the file: '+fileName + ' using mode: '+mode,{c: Color.Red});
+          return this.openFileOutput.overload(\"java.lang.String\", \"int\").apply(this, arguments);
+        };
+      }
+
+      if (contextWrapper.deleteFile) {
+        // Ref: https://developer.android.com/reference/android/content/ContextWrapper.html#deleteFile(java.lang.String)
+        contextWrapper.deleteFile.overload(\"java.lang.String\").implementation = function(fileName) {
+          
+          /*   --- Payload Header --- */
+          colorLog('[+] App is deleting the file: '+fileName,{c: Color.Red});
+
+          return this.deleteFile.overload(\"java.lang.String\").apply(this, arguments);
+        };
+      }
+"
+}
+
+
+
+
+
+
+
+

modules/file_system/file_input_stream.med

@@ -0,0 +1,30 @@
+{
+    "Name": "file_system/file_input_stream",
+    "Description": "Use this module to monitor file input stream operations",
+    "Help": "https://docs.oracle.com/javase/7/docs/api/java/io/FileInputStream.html",
+    "Code": "
+console.log('-------file input stream operations monitor by @chopin--------------');
+
+      var fileInputStream= Java.use('java.io.FileInputStream');
+
+
+      fileInputStream.$init.overload('java.io.File').implementation = function(file){
+        var fname = file.getAbsolutePath();
+        colorLog('[+] App is opening: '+fname + ' for READ',{c: Color.Green} );
+        
+        return this.$init(file);
+      }
+      fileInputStream.$init.overload('java.io.FileDescriptor').implementation = function(fd){
+        var fname = fd.toString();
+        colorLog('[+] App is opening: '+fname + ' for READ',{c: Color.Green} );
+        
+        return this.$init(fd);
+      }
+      fileInputStream.$init.overload('java.lang.String').implementation = function(name){
+        var fname = name;
+        colorLog('[+] App is opening: '+fname + ' for READ',{c: Color.Green} );
+        
+        return this.$init(name);
+      }
+"
+}

modules/file_system/file_output_stream.med

@@ -0,0 +1,70 @@
+{
+    "Name": "file_system/file_output_stream",
+    "Description": "Use this module to monitor file output stream operations",
+    "Help": "https://docs.oracle.com/javase/7/docs/api/java/io/FileOutputStream.html",
+    "Code": "
+console.log('-------file output stream operations monitor by @chopin--------------');
+
+      var fileOutputStream = Java.use('java.io.FileOutputStream');
+ 
+
+      fileOutputStream.$init.overload('java.io.File').implementation = function(name){
+        var fname = name.getAbsolutePath();
+        colorLog('[+] App is opening: '+fname + ' for WRITE',{c: Color.Red} );
+        
+        return this.$init(name);
+      }
+
+      fileOutputStream.$init.overload('java.io.File','boolean').implementation = function(name, append){
+        var fname = name.getAbsolutePath();
+        let mode = '';
+        if(append==true) 
+            mode = 'APPEND';
+        else
+            mode = 'WRITE'
+
+
+        colorLog('[+] App is opening: '+fname + ' for '+mode,{c: Color.Red} );
+        
+        return this.$init(name,append);
+      }
+
+
+      fileOutputStream.$init.overload('java.io.FileDescriptor').implementation = function(fd){
+        var fname = fd.toString();
+
+        colorLog('[+] App is opening: '+fname + ' for WRITE',{c: Color.Red} );
+        
+        return this.$init(fd);
+      }
+
+      fileOutputStream.$init.overload('java.lang.String').implementation = function(filename){
+
+        colorLog('[+] App is opening: '+filename + ' for WRITE',{c: Color.Red} );
+        
+        return this.$init(filename);
+      }
+    
+    fileOutputStream.$init.overload('java.lang.String','boolean').implementation = function(filename,append){
+        let mode = '';
+        if(append==true) 
+            mode = 'APPEND';
+        else
+            mode = 'WRITE'
+
+
+        colorLog('[+] App is opening: '+filename + ' for '+mode,{c: Color.Red} );
+        
+        return this.$init(filename,append);
+
+      }
+
+"
+}
+
+
+
+
+
+
+