This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
typedef void **va_list; | |
typedef uint8_t jboolean; | |
typedef int8_t jbyte; | |
typedef uint16_t jchar; | |
typedef int16_t jshort; | |
typedef int32_t jint; | |
typedef int64_t jlong; | |
typedef float jfloat; | |
typedef double jdouble; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function replaceFinaleField(object, fieldName, value){ | |
var field = object.class.getDeclaredField(fieldName) | |
field.setAccessible(true) | |
field.set(null, value) | |
} | |
Java.perform(function(){ | |
// Class containing const that we want to modify | |
const Build = Java.use("android.os.Build") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function bypassCheckProperties() { | |
/* | |
* Function used to bypass common checks to | |
* Android OS properties | |
* Bypass the props checking from this git : https://github.com/strazzere/anti-emulator | |
* | |
*/ | |
const SystemProperties = Java.use('android.os.SystemProperties') | |
const String = Java.use('java.lang.String') | |
const Properties = { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
from subprocess import Popen | |
import frida | |
import time | |
import sys | |
dumped = False | |
def get_script(package_name): | |
jscode = """ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python2.7 | |
# coding: utf8 | |
import subprocess | |
import time | |
import itertools as it | |
import commands | |
import sys | |
base_command = "adb shell " |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const simulated_latitude = 48.8534 | |
const simulated_longitude = 2.3488 | |
Java.perform(function(){ | |
const Location = Java.use('android.location.Location') | |
var location = Location.$new("gps") | |
location.setLatitude(simulated_latitude) | |
location.setLongitude(simulated_longitude) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import zlib | |
import json | |
from Crypto.Cipher import AES | |
from Crypto.Util.Padding import pad, unpad | |
magic_number = b"ACBJA\x01\x00" | |
def uncipherAES(data : bytes): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from binascii import hexlify | |
import sys | |
import re | |
# PDF TEMPLATE, index number should be shifted enough to avoid collision with number of the object | |
# we want to exfiltrate | |
PDF_TEMPLATE = """%PDF-2.0 | |
100 0 obj |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var library_name = "libil2cpp.so"; | |
var library_loaded = 0; | |
var base_address = 0; | |
// frida -U -l script.js -f com.youmusic.magictiles --no-pause | |
var parse_tile_base_o = function(tile_base_o) { | |
return { | |
tileSizeX : tile_base_o.add(0x6c).readFloat(), |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import argparse | |
import json | |
predefined_struct = { | |
"UnityEngine_Vector3_o" : [("float","x"),("float","y"),("float","z")] | |
} | |
def extract_class_methods(methods_informations, clazz): | |
""" | |
We check if the signature start with the class we want to hook, if so |
OlderNewer