Skip to content

Instantly share code, notes, and snippets.

View apkunpacker's full-sized avatar

ApkUnpacker apkunpacker

390 followers · 41 following
View GitHub Profile
@talaviram
talaviram / add_debug_entitlement.sh
Last active July 15, 2024 10:58
Simple Utility Script for allowing debug of hardened macOS apps.
#! /bin/bash
# Simple Utility Script for allowing debug of hardened macOS apps.
# This is useful mostly for plug-in developer that would like keep developing without turning SIP off.
# Credit for idea goes to (McMartin): https://forum.juce.com/t/apple-gatekeeper-notarised-distributables/29952/57?u=ttg
# Update 2022-03-10: Based on Fabian's feedback, add capability to inject DYLD for sanitizers.
#
# Please note:
# - Modern Logic (on M1s) uses `AUHostingService` which resides within the system thus not patchable and REQUIRES to turn-off SIP.
# - Some hosts uses separate plug-in scanning or sandboxing.
# if that's the case, it's required to patch those (if needed) and attach debugger to them instead.
@chrisdmc
chrisdmc / monitorMemory.js
Last active June 19, 2024 23:01
Frida MemoryAccessMonitor that auto-renews on access
function monitorMemory(base, length, interceptedInstructions = new Set()) {
const baseAddress = ptr(base.toString());
MemoryAccessMonitor.enable({base: baseAddress, size: length}, {
onAccess: function(details) {
let baseOffset = details.address.sub(baseAddress);
console.log(`${details.address} (offset in range ${baseAddress} = ${baseOffset}) accessed for ${details.operation} from address ${DebugSymbol.fromAddress(details.from)}. Page ${details.pageIndex + 1} of ${details.pagesTotal}`);
let instruction = Instruction.parse(details.from);
const nextInstr = ptr(instruction.next.toString());
if (interceptedInstructions.has(nextInstr.toString())) {
return;
@eybisi
eybisi / hook_dexloader.js
Last active May 15, 2024 15:11
frida script for hooking loaded classes with the help of dexclassloader init
Java.perform(function(){
let ThreadDef = Java.use('java.lang.Thread');
let ThreadObj = ThreadDef.$new();
function stackTrace() {
console.log('------------START STACK---------------')
let stack = ThreadObj.currentThread().getStackTrace();
for (let i = 0; i < stack.length; i++) {
console.log(i + ' => ' + stack[i].toString());
}
console.log('------------END STACK---------------');
@miticollo
miticollo / How-to-build-frida-server-for-ios.md
Last active July 19, 2024 22:19
How to build frida server for iOS jailbroken devices

Here, I'll show you how to compile Frida for both rootfull and rootless jailbreaks.

TL;DR

On Dopamine/Fugu15 Max or palera1n you can add my repo (open the link in your favorite browser on your jailbroken iDevice).

The DEBs you will install are build using the following instructions.

Update 2024-02-29

@incogbyte
incogbyte / mixunpin.js
Last active May 2, 2024 07:03
Frida script to bypass common methods of sslpining Android
console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);
/**
* by incogbyte
* Common functions
* thx apkunpacker, NVISOsecurity, TheDauntless
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
* !!! THIS SCRIPT IS NOT A SILVER BULLET !!
@aemmitt-ns
aemmitt-ns / funtime.js
Last active December 30, 2023 06:26
funtime: detailed objective-c runtime tracing. ex `python funtime.py -n Messages '-[NSRegularExpression *]'`
const typeMap = {
"c": "char",
"i": "int",
"s": "short",
"l": "long",
"q": "long long",
"C": "unsigned char",
"I": "unsigned int",
"S": "unsigned short",
@vadim-a-yegorov
vadim-a-yegorov / sslkeylogger.js
Last active August 6, 2023 18:11
/**
* Android, iOS (12.0-15.7.3), Linux universal SSLKEYLOG dumper.
*
* Usage:
*
* # For iOS and mac:
* rvictl -s [UDID]
* # Then open Wireshark and select rvi0
*
* # For iOS and not mac:
@SirionRazzer
SirionRazzer / How to use O-MVLL with WSL for Android projects.md
Created March 8, 2023 10:39

How to use O-MVLL with WSL for Android projects

  • Use this guide to integrate the O-MVLL obfuscator using WSL and command line
  • The guide has two parts, the first one explains the installation of Android build tools, the second part presents all the adjustments I needed to make to standard O-MVLL integration process (https://obfuscator.re/omvll/introduction/getting-started/). Read that 'Getting started' guide first.

Preparing the WSL for commandline Android development

Based on this article https://dev.to/halimsamy/wsl-for-developers-installing-the-android-sdk-53n9

Installing OpenJDK and Gradle

sudo apt-get update
@miticollo
miticollo / child-gating.py
Created April 28, 2023 19:21
A gist to show an example
import threading
from frida_tools.application import Reactor
import frida
class Application:
def __init__(self):
self._stop_requested = threading.Event()
@miticollo
miticollo / permissions.py
Created May 9, 2023 01:07
A frida agent to reset all permissions on specific app. This work is based on https://github.com/FouadRaheb/AppData.
#!/usr/bin/env python3
import json
import frida
from frida.core import Device, Session, Script, ScriptExportsSync
compiler: frida.Compiler = frida.Compiler()
compiler.on("diagnostics", lambda diag: print(f"on_diagnostics: {diag}"))
bundle: str = compiler.build('permissions.ts', compression='terser')