LeadroyaL LeadroyaL

## Entry.java
package com.leadroyal.oppousb;

import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;

import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XC_MethodReplacement;
import de.robv.android.xposed.XposedBridge;

## Entry.java
package com.leadroyal.oppousb;

import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;

public class Entry implements IXposedHookLoadPackage {
    @Override

## Entry.java
package com.leadroyal.miuiusb;

import java.lang.reflect.Field;
import java.lang.reflect.Method;

import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;

## graph_demo.py
# coding:utf-8
from graphviz import Digraph

# 先加载asm文件，按照列表的方式去存

fd = open("main.asm")
lines = [l.strip('\n') for l in fd.readlines()]
fd.close()

# 遍历label，找到label对应的addr（应该是第一个label的addr）

## decrypt_hikari.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              0 stars
            
          
                LeadroyaL
                / decrypt_hikari.md
            
            
              Created
              September 17, 2019 09:27
            
              
                Unicorn实战（三）：去掉hikari的字符串加密
              
          
    https://github.com/LeadroyaL/decrypt_str_hikari

  
## decrypt_armariris.py
from elftools.elf.constants import P_FLAGS
from elftools.elf.elffile import ELFFile
from elftools.elf.sections import SymbolTableSection
from unicorn import Uc, UC_ARCH_ARM, UC_MODE_LITTLE_ENDIAN, UC_PROT_WRITE, UC_PROT_READ, UC_PROT_EXEC
from unicorn.arm_const import *
from capstone import Cs, CS_ARCH_ARM, CS_MODE_THUMB, CsInsn
from keystone import Ks, KS_MODE_THUMB, KS_ARCH_ARM, KS_MODE_ARM
import struct

filename = "./libcms.so"

## unflower_cms.py
from elftools.elf.constants import P_FLAGS
from elftools.elf.elffile import ELFFile
from unicorn import Uc, UC_ARCH_ARM, UC_MODE_LITTLE_ENDIAN, UC_HOOK_CODE, UC_PROT_READ, UC_PROT_WRITE, UC_PROT_EXEC
from unicorn.arm_const import *
from capstone import Cs, CS_ARCH_ARM, CS_MODE_THUMB, CsInsn
from keystone import Ks, KS_MODE_THUMB, KS_ARCH_ARM

# 找到.text节

filename = "./libcms.so"
	package com.leadroyal.oppousb;

	import android.content.BroadcastReceiver;
	import android.content.Context;
	import android.content.Intent;

	import de.robv.android.xposed.IXposedHookLoadPackage;
	import de.robv.android.xposed.XC_MethodHook;
	import de.robv.android.xposed.XC_MethodReplacement;
	import de.robv.android.xposed.XposedBridge;
	package com.leadroyal.miuiusb;

	import java.lang.reflect.Field;
	import java.lang.reflect.Method;

	import de.robv.android.xposed.IXposedHookLoadPackage;
	import de.robv.android.xposed.XC_MethodHook;
	import de.robv.android.xposed.XposedBridge;
	import de.robv.android.xposed.XposedHelpers;
	import de.robv.android.xposed.callbacks.XC_LoadPackage;
	# coding:utf-8
	from graphviz import Digraph

	# 先加载asm文件，按照列表的方式去存

	fd = open("main.asm")
	lines = [l.strip('\n') for l in fd.readlines()]
	fd.close()

	# 遍历label，找到label对应的addr（应该是第一个label的addr）
	from elftools.elf.constants import P_FLAGS
	from elftools.elf.elffile import ELFFile
	from elftools.elf.sections import SymbolTableSection
	from unicorn import Uc, UC_ARCH_ARM, UC_MODE_LITTLE_ENDIAN, UC_PROT_WRITE, UC_PROT_READ, UC_PROT_EXEC
	from unicorn.arm_const import *
	from capstone import Cs, CS_ARCH_ARM, CS_MODE_THUMB, CsInsn
	from keystone import Ks, KS_MODE_THUMB, KS_ARCH_ARM, KS_MODE_ARM
	import struct

	filename = "./libcms.so"