CaiRuJi G5t4r

## finalScript.sh
# Create the .itmsp folder
mkdir <path to your .itmsp folder>/<name of your .itmsp folder>.itmsp

# Move your .ipa file into the .itmsp folder
cp <path to where your .ipa file is stored> <path to your .itmsp folder>/<name of your .itmsp folder >.itmsp

# Generate the metadata.xml file
fileSize=` stat -f %z <Your .ipa file>`
md5Checksum=`md5 <Your .ipa file>  | cut -d "=" -f 2 | awk '{print $1}'`

## RootAndSSLBypass.js
Java.perform(function() {

    var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
        "com.koushikdutta.superuser", "com.thirdparty.superuser", "com.yellowes.su", "com.koushikdutta.rommanager",
        "com.koushikdutta.rommanager.license", "com.dimonvideo.luckypatcher", "com.chelpus.lackypatch",
        "com.ramdroid.appquarantine", "com.ramdroid.appquarantinepro", "com.devadvance.rootcloak", "com.devadvance.rootcloakplus",
        "de.robv.android.xposed.installer", "com.saurik.substrate", "com.zachspong.temprootremovejb", "com.amphoras.hidemyroot",
        "com.amphoras.hidemyrootadfree", "com.formyhm.hiderootPremium", "com.formyhm.hideroot", "me.phh.superuser",
        "eu.chainfire.supersu.pro", "com.kingouser.com"
    ];

## pb_json.py
# -*- coding: utf-8 -*-

#for py3  test in py3.7.3

import sys
import struct
import json
import traceback

strings = []

## frida_hook_sign.py
import frida
import sys,os

#frida 12.5.7
device = frida.get_usb_device()
pid = device.spawn(["com.ylc2.qp.Pokermate"])
session = device.attach(pid)
device.resume(pid)

# rdev = frida.get_remote_device()

## gist:7844e78c040d8cde9ec6275b4c471f09
@import com.saurik.substrate.MS
var log = []
NSLog_ = dlsym(RTLD_DEFAULT, "NSLog")
NSLog = function() { var types = 'v', args = [], count = arguments.length; for (var i = 0; i != count; ++i) { types += '@'; args.push(arguments[i]); } new Functor(NSLog_, types).apply(null, args); }

_CFXPCCreateXPCMessageWithCFObject = dlsym(RTLD_DEFAULT, "_CFXPCCreateXPCMessageWithCFObject");
_CFXPCCreateXPCMessageWithCFObject = @encode(void *(NSDictionary * object))(_CFXPCCreateXPCMessageWithCFObject)
_CFXPCCreateXPCMessageWithCFObject_Old ={}

MS.hookFunction(_CFXPCCreateXPCMessageWithCFObject, function(object) {var result =  (*_CFXPCCreateXPCMessageWithCFObject_Old )(object); log.push(object); NSLog("Object>>: " + object); return result}, _CFXPCCreateXPCMessageWithCFObject_Old)

## gist:cc5c11218b26497c0d9a6daf57e92ca5
UIApp.keyWindow.recursiveDescription().toString()
UIButton点击事件获取： [xxx allTargets] [xxx allControlEvents] [xxxx actionsForTarget:#0x12610c200 forControlEvent:64] [xx sendActionsForControlEvents:64]
地址转对象 var p = #0x8614390
打印变量的内存变量 *controller   或者  [i for (i in *UIApp)] 或者使用 function tryPrintIvars(a){ var x={}; for(i in *a){ try{ x[i] = (*a)[i]; } catch(e){} } return x; }
获取包名 NSBundle.mainBundle.bundleIdentifier
打印类的所有方法：
  function printMethods(className, isa) {
  var count = new new Type("I");
  var classObj = (isa != undefined) ? objc_getClass(className).constructor : objc_getClass(className);
  var methods = class_copyMethodList(classObj, count);

## common.cy
// 打印按钮的action及其target
function actionWithTargets(button) {
	var allTargets = [button allTargets].allObjects();
	if (!allTargets) {
		return "is not a uicontrol"
	}
	var allShow = [];
	for (var i = 0; i < allTargets.length; i++) {
		var target = allTargets[i];
		var actions = [button actionsForTarget: target forControlEvent: UIControlEventTouchUpInside];

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                G5t4r
                / keybase.md
            
            
              Created
              January 17, 2018 04:32
            
          
    Keybase proof

I hereby claim:

I am gitforneo on github.
I am 5t4r (https://keybase.io/5t4r) on keybase.
I have a public key ASBZYPTmA7WtLynjhMUdfWX8D38dqFbmCPSKytc_r3CA9Qo

To claim this, I am signing this object:

  
## bin2elf.sh
#!/bin/sh
# Convert a raw binary image into an ELF file suitable for loading into a disassembler

cat > raw$$.ld <<EOF
SECTIONS
{
EOF

echo " . = $3;" >> raw$$.ld
	# Create the .itmsp folder
	mkdir <path to your .itmsp folder>/<name of your .itmsp folder>.itmsp

	# Move your .ipa file into the .itmsp folder
	cp <path to where your .ipa file is stored> <path to your .itmsp folder>/<name of your .itmsp folder >.itmsp

	# Generate the metadata.xml file
	fileSize=` stat -f %z <Your .ipa file>`
	md5Checksum=`md5 <Your .ipa file> \| cut -d "=" -f 2 \| awk '{print $1}'`
	Java.perform(function() {

	var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
	"com.koushikdutta.superuser", "com.thirdparty.superuser", "com.yellowes.su", "com.koushikdutta.rommanager",
	"com.koushikdutta.rommanager.license", "com.dimonvideo.luckypatcher", "com.chelpus.lackypatch",
	"com.ramdroid.appquarantine", "com.ramdroid.appquarantinepro", "com.devadvance.rootcloak", "com.devadvance.rootcloakplus",
	"de.robv.android.xposed.installer", "com.saurik.substrate", "com.zachspong.temprootremovejb", "com.amphoras.hidemyroot",
	"com.amphoras.hidemyrootadfree", "com.formyhm.hiderootPremium", "com.formyhm.hideroot", "me.phh.superuser",
	"eu.chainfire.supersu.pro", "com.kingouser.com"
	];
	# -- coding: utf-8 --

	#for py3 test in py3.7.3

	import sys
	import struct
	import json
	import traceback

	strings = []
	import frida
	import sys,os

	#frida 12.5.7
	device = frida.get_usb_device()
	pid = device.spawn(["com.ylc2.qp.Pokermate"])
	session = device.attach(pid)
	device.resume(pid)

	# rdev = frida.get_remote_device()
	@import com.saurik.substrate.MS
	var log = []
	NSLog_ = dlsym(RTLD_DEFAULT, "NSLog")
	NSLog = function() { var types = 'v', args = [], count = arguments.length; for (var i = 0; i != count; ++i) { types += '@'; args.push(arguments[i]); } new Functor(NSLog_, types).apply(null, args); }

	_CFXPCCreateXPCMessageWithCFObject = dlsym(RTLD_DEFAULT, "_CFXPCCreateXPCMessageWithCFObject");
	_CFXPCCreateXPCMessageWithCFObject = @encode(void (NSDictionary object))(_CFXPCCreateXPCMessageWithCFObject)
	_CFXPCCreateXPCMessageWithCFObject_Old ={}

	MS.hookFunction(_CFXPCCreateXPCMessageWithCFObject, function(object) {var result = (*_CFXPCCreateXPCMessageWithCFObject_Old )(object); log.push(object); NSLog("Object>>: " + object); return result}, _CFXPCCreateXPCMessageWithCFObject_Old)
	UIApp.keyWindow.recursiveDescription().toString()
	UIButton点击事件获取： [xxx allTargets] [xxx allControlEvents] [xxxx actionsForTarget:#0x12610c200 forControlEvent:64] [xx sendActionsForControlEvents:64]
	地址转对象 var p = #0x8614390
	打印变量的内存变量 controller 或者 [i for (i in UIApp)] 或者使用 function tryPrintIvars(a){ var x={}; for(i in a){ try{ x[i] = (a)[i]; } catch(e){} } return x; }
	获取包名 NSBundle.mainBundle.bundleIdentifier
	打印类的所有方法：
	function printMethods(className, isa) {
	var count = new new Type("I");
	var classObj = (isa != undefined) ? objc_getClass(className).constructor : objc_getClass(className);
	var methods = class_copyMethodList(classObj, count);
	// 打印按钮的action及其target
	function actionWithTargets(button) {
	var allTargets = [button allTargets].allObjects();
	if (!allTargets) {
	return "is not a uicontrol"
	}
	var allShow = [];
	for (var i = 0; i < allTargets.length; i++) {
	var target = allTargets[i];
	var actions = [button actionsForTarget: target forControlEvent: UIControlEventTouchUpInside];
	#!/bin/sh
	# Convert a raw binary image into an ELF file suitable for loading into a disassembler

	cat > raw$$.ld <<EOF
	SECTIONS
	{
	EOF

	echo " . = $3;" >> raw$$.ld