Welcome to docker-in-an-hour! This is a "JIT" for docker, with many explanations being just enough to defend yourself. It is highly recommended that you go and at least Google some of the stuff here after doing the workshop. Read the official docs with real explanations.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// to speed up, I removed all data validation | |
function MemoryBuffer(address, size) { | |
this.base = address | |
if (!size) { | |
// const range = Process.findRangeByAddress(address) | |
// if (!range) | |
// throw new Error('invalid address: ' + address) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include "enc_str.h" | |
#include <cstdio> | |
static_assert(next_prime<next_prime<4>> == next_prime<4> && next_prime<4> == 5, "??"); | |
static constexpr auto j = "I love vvb2060 and she's my wife."_senc; | |
static constexpr auto k = ".."_senc; | |
static constexpr auto l = j + k; | |
int main() { |
Most of the time, applications won't pin the certificate. Running mitmproxy and passing all Android traffic through it is as simple as adb connect <IP> && adb shell settings put global http_proxy <mitmproxy host>:<mitmproxy port>
(or use Android's UI)
Some applications, however, pin the certificate and will refuse to do any network calls if using mitmproxy.
Luckily, Frida is here!
This assumes Android x86 is running in a VM, that you are a developer in Android (tap the build version enough times), adb debugging is enabled, and that android tools are installed on the host.
- start mitmproxy on host
- visit mitm.it on the target (after setting the proxy) and install the spoofed cert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import { log } from "./logger"; | |
import { AssertionError } from "assert"; | |
const libil2cpp = Process.getModuleByName("libil2cpp.so"); | |
const libil2cppb = libil2cpp.base; | |
const playerinfo_serialize = libil2cppb.add(0x6c2e30); | |
const playerinfo_deserialize = libil2cppb.add(0x6c316c); | |
console.log("Starting script.."); | |
function readString(pointr:NativePointer){ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* run the script to a running app: frida -U "appName" -l flutter_ios.js --no-pause | |
* start app direct with the script: frida -Uf bundleIdentifier -l flutter_ios.js --no-pause | |
*/ | |
// ############################################# | |
// HELPER SECTION START | |
var colors = { | |
"resetColor": "\x1b[0m", | |
"green": "\x1b[32m", | |
"yellow": "\x1b[33m", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Java.perform(function () { | |
var act = Java.use("android.app.Activity"); | |
act.getIntent.overload().implementation = function () { | |
var intent = this.getIntent() | |
var cp = intent.getComponent() | |
console.log("Starting " + cp.getPackageName() + "/" + cp.getClassName()) | |
var ext = intent.getExtras(); | |
if (ext) { | |
var keys = ext.keySet() | |
var iterator = keys.iterator() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function get_url(url){ | |
if(!url){ | |
url = "http://www.baidu.com"; | |
} | |
Java.perform(function(){ | |
console.log("==========================get_url Begin=========================="); | |
var URL = Java.use("java.net.URL"); | |
var objURL = URL.$new(url); | |
var openstream = objURL.openStream(); | |
var InputStream = Java.use("java.io.InputStream"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var target_fn = "open" | |
//target module can be set to null, but it will cause lower speed. | |
var target_module = "libc.so" | |
var callback_obj = | |
{ | |
onEnter: function (args) { | |
var path = Memory.readUtf8String(args[0]); | |
path = path.replace("\n",""); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
console.log("SIMON TEST Begin!"); | |
console.log("Java.available:" + Java.available); | |
console.log("SIMON TEST End!"); | |
if(Java.available){ | |
Java.perform(function(){ | |
NewerOlder