Sheng-Fu Chang csftech
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .text | |
| .intel_syntax noprefix | |
| .def "?call_by_value_swap@@YAXHH@Z"; | |
| .scl 2; | |
| .type 32; | |
| .endef | |
| .globl "?call_by_value_swap@@YAXHH@Z" # -- Begin function ?call_by_value_swap@@YAXHH@Z | |
| .p2align 4, 0x90 | |
| "?call_by_value_swap@@YAXHH@Z": # @"?call_by_value_swap@@YAXHH@Z" | |
| .seh_proc "?call_by_value_swap@@YAXHH@Z" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| void call_by_value_swap(int v1, int v2) { | |
| //std::cout << "Address of v1, v2 is (" << &v1 << ", " << &v2 << ")" << std::endl; | |
| int temp = v1; | |
| v1 = v2; | |
| v2 = temp; | |
| } | |
| void call_by_address_swap(int *v1, int *v2) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var hooked = false; | |
| send('Script Start'); | |
| Interceptor.attach(Module.findExportByName(null, 'dlopen'), { | |
| onEnter: function (args) { | |
| this.path = Memory.readUtf8String(args[0]); | |
| }, | |
| onLeave: function (retval) { | |
| if(this.path.indexOf('libmono.so') !== -1 && !hooked) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import codecs | |
| import frida | |
| import sys | |
| def on_message(message, data): | |
| if message['type'] == 'send': | |
| print(message['payload']) | |
| if data: | |
| #print(base64.b64encode(data)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| posix_spawn(&client_pid, "/bootstrap/jailbreakd_client", NULL, NULL, (char **)&(const char*[]){ "jailbreakd_client", [[@(app_pid) stringValue] UTF8String], "1", NULL }, NULL); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| var readPointer = Memory.readPointer; | |
| var readString = Memory.readUtf8String; | |
| var pointerSize = Process.pointerSize; | |
| Interceptor.attach(Module.findExportByName('/usr/lib/system/libsystem_kernel.dylib', '__posix_spawn'), { | |
| onEnter: function (args) { | |
| console.log('\n----- Debug -----'); |