SeeFlowerX SeeFlowerX
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 算法还原 | |
| import binascii | |
| from Crypto.Cipher import AES | |
| from Crypto.Util import Padding | |
| def get_cipher(): | |
| key = b'goodl-aes-key124' | |
| iv = b'goodl-aes-iv1235' | |
| return AES.new(key, AES.MODE_CBC, iv=iv) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let jni_struct_array = [ | |
| "reserved0", "reserved1", "reserved2", "reserved3", "GetVersion", "DefineClass", "FindClass", "FromReflectedMethod", "FromReflectedField", "ToReflectedMethod", "GetSuperclass", "IsAssignableFrom", "ToReflectedField", "Throw", "ThrowNew", | |
| "ExceptionOccurred", "ExceptionDescribe", "ExceptionClear", "FatalError", "PushLocalFrame", "PopLocalFrame", "NewGlobalRef", "DeleteGlobalRef", "DeleteLocalRef", "IsSameObject", "NewLocalRef", "EnsureLocalCapacity", "AllocObject", "NewObject", | |
| "NewObjectV", "NewObjectA", "GetObjectClass", "IsInstanceOf", "GetMethodID", "CallObjectMethod", "CallObjectMethodV", "CallObjectMethodA", "CallBooleanMethod", "CallBooleanMethodV", "CallBooleanMethodA", "CallByteMethod", "CallByteMethodV", | |
| "CallByteMethodA", "CallCharMethod", "CallCharMethodV", "CallCharMethodA", "CallShortMethod", "CallShortMethodV", "CallShortMethodA", "CallIntMethod", "CallIntMethodV", "CallIntMethodA", "CallLongMethod", "CallLongMethodV", "CallLongMethodA", | |
| "CallFloatMet |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let funcs = {}; | |
| let sprintf_ptr = Module.findExportByName("libc.so", "sprintf"); | |
| Interceptor.attach(base_addr.add(0x58E490), { | |
| onEnter: function (args) { | |
| let fmt = args[1].readUtf8String(); | |
| let count = (fmt.split("%%").join("").match(/%/g) || []).length; | |
| if(count == 0) return; | |
| if (!funcs[count]){ | |
| funcs[count] = new NativeFunction(sprintf_ptr, 'int', new Array(2 + count).fill("pointer")); | |
| } |
SeeFlowerX
/ nativeGenerate2.java
Last active
November 12, 2023 05:50
unidbg通过签名调用native方法,这样不用去看方法的地址是多少~~
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public void nativeGenerate2() { | |
| System.out.println("start call nativeGenerate2"); | |
| DvmClass SecureNative_cls = vm.resolveClass("com/xunmeng/pinduoduo/secure/SecureNative"); | |
| DvmObject<?> context = vm.resolveClass("android/content/Context").newObject(null); | |
| int context_ptr = vm.addLocalObject(context); | |
| int str1_ptr = vm.addLocalObject(new StringObject(vm, "")); | |
| int str2_ptr = vm.addLocalObject(new StringObject(vm, "Ck5UqWFzreofeABcWvkAAg==")); | |
| int str3_ptr = vm.addLocalObject(new StringObject(vm, "1Hdy4cQW")); | |
| int str4_ptr = vm.addLocalObject(new StringObject(vm, "/storage/emulated/0")); | |
| int str5_ptr = vm.addLocalObject(new StringObject(vm, "version=134&info=g6iUSuzNlWeDi%2FxPng%2FN%2B8ZyQEP%2FnQuHC42hkmSWvCOg79IqfkRW5Lu3jsAh0QwizbgZZSg1FOEI%0Ao4R%2F6pw6XXsv%2FxH%2FzUDXzxJ5UXUYGMSYhF%2BULFIhbWMihyiUWSRA%2FamuTFPOOd17oppNLL6QvlSp%0A9rC2BHcgOMfMaYgq0uuiVDJB4cXNREX10fgGf20jz56kh%2B6ejh1iHIEYffs3OKbtp9M7FqmSpiQY%0AuAHzn7rCorHuZDP8tyvStvBqpdDxO92eeEt%2BprLDqsM1HfA%2BX3ItGURbaT4%2BQ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // from https://bbs.pediy.com/thread-263210.htm | |
| function hook_Impl() { | |
| var module_libart = Process.findModuleByName("libart.so"); | |
| var symbols = module_libart.enumerateSymbols(); | |
| var ArtMethod_ExecuteSwitchImpltt = null; | |
| var ArtMethod_ExecuteSwitchImpltf = null; | |
| var ArtMethod_ExecuteSwitchImplff = null; | |
| var ArtMethod_ExecuteMterpImpl = null; | |
| //_ZN3art11interpreter17ExecuteSwitchImplILb1ELb1EEENS_6JValueEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameES2_b ; art::interpreter::ExecuteSwitchImpl<true,true>(art::Thread *,art::DexFile::CodeItem const*,art::ShadowFrame &,art::JValue,bool) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MODEL=Pixel 4 | |
| PRODUCT=flame | |
| DEVICE=flame | |
| FINGERPRINT=google/flame/flame:10/QQ1B.200105.004/6031802:user/release-keys | |
| MANUFACTURER=Google | |
| BRAND=google |
SeeFlowerX
/ dx_jar2dex.bat
Last active
June 13, 2022 15:45
将此bat放入Android Sdk的build-tools/{版本号}文件夹下 然后把jar拖到bat上即可转换到dex,原dx.bat逻辑和命令有问题,改了下方便转换,记得修改JAVA_HOME。
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| setlocal | |
| set prog=%~f0 | |
| set JAVA_HOME=C:\Users\see\Documents\android-studio\jre | |
| set java_exe=%JAVA_HOME%\bin\java.exe | |
| set jarfile=dx.jar |
SeeFlowerX
/ UiccUnlock.cpp
Created
November 19, 2021 07:12
— forked from tewilove/UiccUnlock.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <android/log.h> | |
| #include <jni.h> | |
| #include <binder/Binder.h> | |
| #include <binder/Parcel.h> | |
| #include <binder/IServiceManager.h> | |
| #include <dlfcn.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> |
SeeFlowerX
/ qbdi_android.cpp
Created
November 22, 2021 01:52
— forked from romainthomas/qbdi_android.cpp
QBDI API example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <iomanip> | |
| #include <cstdlib> | |
| #include <cstdint> | |
| #include <cstring> | |
| #include <jni.h> | |
| #include <set> | |
| #include "LIEF/ELF.hpp" |
OlderNewer