Last active
August 15, 2018 14:43
-
-
Save FrankSpierings/6c3065bf6a71df52e927b7d01b26e30f to your computer and use it in GitHub Desktop.
Learning how to use Frida - Trying to modify Real Racing 3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function ProgressHack() { | |
| progressObject = null | |
| intProgress = Interceptor.attach(Module.findExportByName("libRealRacing3.so", "_ZNK10Characters14CareerProgress16IsStreamUnlockedEi"), { | |
| onEnter: function(args) { | |
| progressObject = args[0] | |
| }, | |
| onLeave: function(result) { | |
| } | |
| }); | |
| while (progressObject === null) { | |
| console.log('.') | |
| Thread.sleep(1) | |
| } | |
| intProgress.detach() | |
| console.log("Progress Object @" + progressObject) | |
| symbol = DebugSymbol.fromName('_ZN10Characters14CareerProgress15SetStreamLockedEib') | |
| f = new NativeFunction(symbol.address, 'pointer', ['pointer', 'int', 'bool']) | |
| intProgress.detach() | |
| for (i = 0; i < 0xffff; i++) { | |
| f(ptr(progressObject),i,-1) | |
| } | |
| } | |
| //Money hack | |
| function MoneyHack(amount) { | |
| moneyObject = null | |
| intMoney = Interceptor.attach(Module.findExportByName("libRealRacing3.so", "_ZN10Characters5Money9GetAmountEv"), { | |
| onEnter: function(args) { | |
| moneyObject = args[0] | |
| }, | |
| onLeave: function(result) { | |
| } | |
| }); | |
| while (moneyObject === null) { | |
| console.log('.') | |
| Thread.sleep(1) | |
| } | |
| intMoney.detach() | |
| console.log("Money Object @" + moneyObject) | |
| symbol = DebugSymbol.fromName('_ZN10Characters5Money9GiveMoneyEi') | |
| f = new NativeFunction(symbol.address, 'pointer', ['pointer', 'int']) | |
| f(ptr(moneyObject), amount) | |
| } | |
| //Gold hack | |
| function GoldHack(amount) { | |
| currencyObject = null | |
| intCurrency = Interceptor.attach(Module.findExportByName("libRealRacing3.so", "_ZN10Characters8Currency9GetAmountEv"), { | |
| onEnter: function(args) { | |
| currencyObject = args[0] | |
| }, | |
| onLeave: function(result) { | |
| } | |
| }); | |
| while (currencyObject === null) { | |
| console.log('.') | |
| Thread.sleep(1) | |
| } | |
| console.log("Currency Object @" + currencyObject) | |
| symbol = DebugSymbol.fromName('_ZN10Characters8Currency4GiveEi') | |
| f = new NativeFunction(symbol.address, 'pointer', ['pointer', 'int']) | |
| f(ptr(currencyObject), amount) | |
| intCurrency.detach() | |
| } | |
| //Car hack | |
| Interceptor.attach(Module.findExportByName("libRealRacing3.so", "_ZN10Characters7Unlocks13IsCarUnlockedEi"), { | |
| onEnter: function(args) { | |
| this.name = '_ZN10Characters7Unlocks13IsCarUnlockedEi' | |
| console.log(this.name + "(" +")"); | |
| }, | |
| onLeave: function(result) { | |
| console.log("[!] Replacing result") | |
| result.replace(1) | |
| console.log(this.name + "=> (" + result +")"); | |
| } | |
| }); | |
| ProgressHack() | |
| MoneyHack(10000) | |
| GoldHack(1000) |
Where is the money and gold definition in real racing's source code?
I unpack the apk and decompile the "classes.dex" and "classes2.dex" but can't find relative code.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How do I run this or where do I store this script for it to run on my Android device?