CaiRuJi G5t4r

## hook_dexloader.js
Java.perform(function(){
    let ThreadDef = Java.use('java.lang.Thread');
    let ThreadObj = ThreadDef.$new();
    function stackTrace() {
                console.log('------------START STACK---------------')
                let stack = ThreadObj.currentThread().getStackTrace();
                for (let i = 0; i < stack.length; i++) {
                                console.log(i + ' => ' + stack[i].toString());
                            }
                console.log('------------END STACK---------------');

## icloud-bypass.sh
#!/bin/bash

# colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
RESET='\033[0m'

# install homebrew
echo -e "[-] ${GREEN}install homebrew...${RESET}"

## finalScript.sh
# Create the .itmsp folder
mkdir <path to your .itmsp folder>/<name of your .itmsp folder>.itmsp

# Move your .ipa file into the .itmsp folder
cp <path to where your .ipa file is stored> <path to your .itmsp folder>/<name of your .itmsp folder >.itmsp

# Generate the metadata.xml file
fileSize=` stat -f %z <Your .ipa file>`
md5Checksum=`md5 <Your .ipa file>  | cut -d "=" -f 2 | awk '{print $1}'`

## codesign-ticket-fmt.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                nmoinvaz
                / codesign-ticket-fmt.md
            
            
              Last active
              April 16, 2024 14:38
            
              
                Apple MachO Code Signature Ticket Format
              
          
    Apple MachO Code Signature with Ticket file format structure


Super blob (embedded signature = 0xfade0cc0)

Blob (code directory = 0xfade0c02)

Code signature (DER encoded)


Blob wrapper (fade0b01)

Length [4]
Offset [4]
Type? [4] = 256? (signature?)


Unknown [4] 239?


## inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c
void inject_trusts(int pathc, const char *paths[])
{
    printf("[+] injecting into trust cache...\n");

    extern uint64_t g_kern_base;

    static uint64_t tc = 0;
    if (tc == 0) {
        /* loaded_trust_caches
         iPhone11,2-4-6: 0xFFFFFFF008F702C8

## pinning.js
// start with:
//   frida -U -l pinning.js -f [APP_ID] --no-pause

Java.perform(function () {
    console.log('')
    console.log('===')
    console.log('* Injecting hooks into common certificate pinning methods *')
    console.log('===')

    var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');

## common.cy
// 打印按钮的action及其target
function actionWithTargets(button) {
	var allTargets = [button allTargets].allObjects();
	if (!allTargets) {
		return "is not a uicontrol"
	}
	var allShow = [];
	for (var i = 0; i < allTargets.length; i++) {
		var target = allTargets[i];
		var actions = [button actionsForTarget: target forControlEvent: UIControlEventTouchUpInside];

## install_lamp_16.sh
#!/bin/bash
set -euo pipefail
IFS=$'\n\t'

# Ubuntu 16.04 Dev Server
# Run like - bash install_lamp.sh
# Script should auto terminate on errors

echo -e "\e[96m Adding PPA  \e[39m"
sudo add-apt-repository -y ppa:ondrej/apache2

## test_aes128.py
#!/usr/bin/env python3

from Crypto.Cipher import AES
import hashlib
import os

# message to crypt with AES-128
text = 'the secret message'

# define 128-bit key from a text password

## common.cy
// 打印按钮的action及其target
function actionWithTargets(button) {
	var allTargets = [button allTargets].allObjects();
	if (!allTargets) {
		return "is not a uicontrol"
	}
	var allShow = [];
	for (var i = 0; i < allTargets.length; i++) {
		var target = allTargets[i];
		var actions = [button actionsForTarget: target forControlEvent: UIControlEventTouchUpInside];
	Java.perform(function(){
	let ThreadDef = Java.use('java.lang.Thread');
	let ThreadObj = ThreadDef.$new();
	function stackTrace() {
	console.log('------------START STACK---------------')
	let stack = ThreadObj.currentThread().getStackTrace();
	for (let i = 0; i < stack.length; i++) {
	console.log(i + ' => ' + stack[i].toString());
	}
	console.log('------------END STACK---------------');
	#!/bin/bash

	# colors
	RED='\033[0;31m'
	GREEN='\033[0;32m'
	YELLOW='\033[0;33m'
	RESET='\033[0m'

	# install homebrew
	echo -e "[-] ${GREEN}install homebrew...${RESET}"
	# Create the .itmsp folder
	mkdir <path to your .itmsp folder>/<name of your .itmsp folder>.itmsp

	# Move your .ipa file into the .itmsp folder
	cp <path to where your .ipa file is stored> <path to your .itmsp folder>/<name of your .itmsp folder >.itmsp

	# Generate the metadata.xml file
	fileSize=` stat -f %z <Your .ipa file>`
	md5Checksum=`md5 <Your .ipa file> \| cut -d "=" -f 2 \| awk '{print $1}'`
	void inject_trusts(int pathc, const char *paths[])
	{
	printf("[+] injecting into trust cache...\n");

	extern uint64_t g_kern_base;

	static uint64_t tc = 0;
	if (tc == 0) {
	/* loaded_trust_caches
	iPhone11,2-4-6: 0xFFFFFFF008F702C8
	// start with:
	// frida -U -l pinning.js -f [APP_ID] --no-pause

	Java.perform(function () {
	console.log('')
	console.log('===')
	console.log('* Injecting hooks into common certificate pinning methods *')
	console.log('===')

	var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
	// 打印按钮的action及其target
	function actionWithTargets(button) {
	var allTargets = [button allTargets].allObjects();
	if (!allTargets) {
	return "is not a uicontrol"
	}
	var allShow = [];
	for (var i = 0; i < allTargets.length; i++) {
	var target = allTargets[i];
	var actions = [button actionsForTarget: target forControlEvent: UIControlEventTouchUpInside];
	#!/bin/bash
	set -euo pipefail
	IFS=$'\n\t'

	# Ubuntu 16.04 Dev Server
	# Run like - bash install_lamp.sh
	# Script should auto terminate on errors

	echo -e "\e[96m Adding PPA \e[39m"
	sudo add-apt-repository -y ppa:ondrej/apache2
	#!/usr/bin/env python3

	from Crypto.Cipher import AES
	import hashlib
	import os

	# message to crypt with AES-128
	text = 'the secret message'

	# define 128-bit key from a text password