Skip to content

Instantly share code, notes, and snippets.

View SeeFlowerX's full-sized avatar

SeeFlowerX SeeFlowerX

422 followers · 277 following
View GitHub Profile
@SeeFlowerX
SeeFlowerX / test.js
Created March 27, 2023 08:30
问题 无法构造参数类型为 java.lang.CharSequence 的对象进行主动调用
function main() {
// hook test
Java.perform(function() {
let Uri = Java.use("android.net.Uri");
let StringCls = Java.use("java.lang.String");
let CharSequence = Java.use("java.lang.CharSequence");
let ClipData = Java.use("android.content.ClipData");
let ClipDataItem = Java.use("android.content.ClipData$Item");
let label = StringCls.$new("hhh");
@SeeFlowerX
SeeFlowerX / clean.sh
Last active December 4, 2023 18:31
clash透明代理抓包配置文件
#!/system/bin/sh
set -ex
ip rule del fwmark 666 table 666 || true
ip route del local 0.0.0.0/0 dev lo table 666 || true
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
@SeeFlowerX
SeeFlowerX / logcat_crash.log
Created January 18, 2023 06:08
偶然遇到大量APP打开后在进入某些界面出现崩溃,Pixel 6 Android 12, SQ1D.220205.0004,记录日志如下,手机重启后恢复
01-18 14:03:04.217 1510 3211 V ActivityManager: Got obituary of 22855:com.google.android.gms.persistent
01-18 14:03:04.219 1510 2130 D ContextHubClientManager: Unregistered client with host endpoint ID 12285
01-18 14:03:04.219 1510 1538 I ServiceWatcher: [RealLocationTimeZoneProviderProxy] disconnected from 10141/com.google.android.gms/.geotimezone.GeoTimeZoneService@1
01-18 14:03:04.219 1510 1960 D ContextHubClientManager: Unregistered client with host endpoint ID 12284
01-18 14:03:04.219 1510 3108 D ContextHubClientManager: Unregistered client with host endpoint ID 12286
01-18 14:03:04.219 1510 1538 I ServiceWatcher: [network] disconnected from 10141/com.google.android.gms/com.google.android.location.network.NetworkLocationService@2
01-18 14:03:04.219 1510 1538 I ServiceWatcher: [GeocoderProxy] disconnected from 10141/com.google.android.gms/.location.geocode.GeocodeService@2
01-18 14:03:04.220 687 687 I Zygote : Process 22855 exited due to signal 9 (Killed)
01-18 14:03:04.220 1510 4669
@SeeFlowerX
SeeFlowerX / get_lr_info.js
Last active January 5, 2023 11:22
frida 获取 lr 信息
export function get_lr_info(ctx: Arm64CpuContext) {
let mm = new ModuleMap();
let lr_info = mm.find(ctx.lr);
if (lr_info == null) return "";
return ` ${lr_info.name}!${ctx.lr.sub(lr_info.base)}`;
}
@SeeFlowerX
SeeFlowerX / hexdump.py
Created December 20, 2022 02:34
打印hex数据,简单优雅,适合接入unicorn
# from https://gist.github.com/NeatMonster/c06c61ba4114a2b31418a364341c26c0
class hexdump:
def __init__(self, buf, off=0):
self.buf = buf
self.off = off
def __iter__(self):
last_bs, last_line = None, None
for i in range(0, len(self.buf), 16):
@SeeFlowerX
SeeFlowerX / frida_hook_java_template.ts
Created November 11, 2022 02:15
function log(message: string): void {
console.log(message);
}
function hook_demo(){
hook_java();
}
function hook_java() {
Java.perform(function() {
@SeeFlowerX
SeeFlowerX / tmp.log
Created November 10, 2022 15:26
stack_2022/11/10 15:10:32 StackMod module initialization
stack_2022/11/10 15:10:32 StackMod Module.Run()
stack_2022/11/10 15:10:32 StackMod BPF bytecode filename:user/bytecode/stack.o
stack_2022/11/10 15:10:32 StackMod module started successfully
stack_2022/11/10 15:10:32 start 1 modules
stack_2022/11/10 15:10:33 PID:4524, Comm:com.sfx.ebpf, TID:4524, Regs:
{"lr":"0x762ab3ac34","pc":"0x76557a1e50","sp":"0x7fdb20faa0","x0":"0x4b","x1":"0xb4000074e863e228","x10":"0x13559d4a5bcacde9","x11":"0x6","x12":"0xef5d","x13":"0x110ef0109a7f","x14":"0x7fdb20fef0","x15":"0x0","x16":"0x762ab50208","x17":"0x76557a1e50","x18":"0x7658bba000","x19":"0xb4000073c86823d0","x2":"0x928","x20":"0xb4000074e863e228","x21":"0xb4000074e863eba0","x22":"0xb4000074e863ebd0","x23":"0xb4000074e863e210","x24":"0xb4000074e863e22c","x25":"0xb4000074e863e228","x26":"0x2aaaaaaaaaaaaaab","x27":"0x762ab1006c","x28":"0xffffffff","x29":"0x7fdb20faa0","x3":"0x40","x4":"0x0","x5":"0x0","x6":"0x313c","x7":"0x309ff","x8":"0x0","x9":"0xb4000074e863ee50"}
S
@SeeFlowerX
SeeFlowerX / Makefile
Created October 27, 2022 02:39
尝试在linux x86_64上使用ndk交叉编译eBPF程序,以及混合go程序...
.PHONY: all
all: ebpf assets build
@echo $(shell date)
.ONESHELL:
SHELL = /bin/bash
# export PATH=/home/kali/Desktop/android-ndk-r25b/toolchains/llvm/prebuilt/linux-x86_64/bin:$PATH
# export PATH=/home/kali/Desktop/android-ndk-r23c/toolchains/llvm/prebuilt/linux-x86_64/bin:$PATH
GOARCH = arm64
@SeeFlowerX
SeeFlowerX / invoke_exe_via_ie.bat
Last active October 26, 2022 03:00
通过IE启动任意exe
@echo off
set TmpRoot=%~dp0tmproot
set TmpSys=%TmpRoot%\System32
set RealSys=%SystemRoot%\System32
if exist %TmpRoot% (
RMDIR /Q /S %TmpRoot%
)
@SeeFlowerX
SeeFlowerX / stacktrace.js
Last active May 14, 2024 13:17
手工实现堆栈回溯,参考Frida-Seccomp
let mem_regions = [];
function read_maps(){
let libc = Process.getModuleByName("libc.so");
let fopen = new NativeFunction(libc.getExportByName("fopen"), "pointer", ["pointer", "pointer"]);
let fgets = new NativeFunction(libc.getExportByName("fgets"), "pointer", ["pointer", "int", "pointer"]);
let fclose = new NativeFunction(libc.getExportByName("fclose"), "int", ["pointer"]);
let filepath = Memory.allocUtf8String("/proc/self/maps");
let mode = Memory.allocUtf8String("r");
let file = fopen(filepath, mode);