Skip to content

Instantly share code, notes, and snippets.

Avatar
👀
hooking functions

Ahmet Bilal Can eybisi

👀
hooking functions
View GitHub Profile
View ra2.ts
var DEBUG = false
console.log('Starting ..')
const YourCountry = 'Americans'
const HACKS = ['Cost','BuildTime','Armor','income','speed','firepower']
function processCountry(rawCountry: NativePointer) {
const buffer = rawCountry.readByteArray(0x1A9);
@eybisi
eybisi / index.ts
Last active Nov 21, 2020
frida script to find imposter (amongus 2020.9.9 arm64-v8a)
View index.ts
import { log } from "./logger";
import { AssertionError } from "assert";
const libil2cpp = Process.getModuleByName("libil2cpp.so");
const libil2cppb = libil2cpp.base;
const playerinfo_serialize = libil2cppb.add(0x6c2e30);
const playerinfo_deserialize = libil2cppb.add(0x6c316c);
console.log("Starting script..");
function readString(pointr:NativePointer){
@eybisi
eybisi / luac.ksy
Last active May 16, 2020
Lua5.1 bytecode kaitai struct file
View luac.ksy
meta:
id: luac
file-extension: luac
endian: le
seq:
- id: file_header
type: header
- id: top_level_function
type: function
@eybisi
eybisi / frida.vim
Last active Sep 27, 2020
vim frida codeblock builder
View frida.vim
command! -nargs=+ FridaV call FridaV(<f-args>)
command! -nargs=+ Frida call Frida(<f-args>)
function! FridaV( ... )
let class = split(a:1,"\\V.")
let last = class[len(class)-1]
let S = ":normal i"
let S .= "\tvar %s = Java.use(\"%s\")\n"
execute printf(S,last,a:1)
call Frida(last,a:2,a:3)
@eybisi
eybisi / hooky.js
Created Apr 18, 2020
hookymooky.js
View hooky.js
// install package with adb install package.name
// do not open application
// use -f force option
// frida -U -f package.name -l del.js
Java.perform(function() {
var ssl = Java.use("k.x$b")
var channel = Java.use("f.e.c.b.g.f.g.a.c")
var Integer = Java.use("java.lang.Integer");
var ArrayList = Java.use("java.util.ArrayList");
var ArrayList = Java.use("java.util.ArrayList");
@eybisi
eybisi / solv_strings.py
Last active Feb 22, 2020
cerberus string decryption,
View solv_strings.py
import sys
from Crypto.Cipher import ARC4
import base64
f = open(sys.argv[1],"r")
r = f.readlines()
for l in r:
c = ARC4.new(l[:12].encode("utf8"))
h = base64.b64decode(l[12:-1]).decode("utf-8")
@eybisi
eybisi / remove_app.sh
Created Feb 12, 2020
bash script to remove apps easily
View remove_app.sh
arr=($(adb shell "ls /data/app" | tr "\r\n" " " | sed 's/-[0-9]//g') "Quit")
echo "It's time to choose"
select opt in "${arr[@]}";do
case $opt in
"Quit")
break
esac
re='^[0-9]+$'
if ! [[ $REPLY =~ $re ]]; then
View ninja.js
//frida -U -f appinventor.ai_turkprogrammerman.rubiko -l ninja.js --no-pause
Java.perform(function() {
var f = Java.use("appinventor.ai_turkprogrammerman.rubiko.Screen1$frame")
f.apply0.implementation = function(a){
//send(a.selector)
return this.apply0(a)
}
var f2 = Java.use("com.tiziano1960.cryptoextension.cryptoextension")
@eybisi
eybisi / getsim.js
Last active Nov 23, 2019
hook getsimoperator function
View getsim.js
Java.perform(function() {
var ThreadDef = Java.use('java.lang.Thread');
var ThreadObj = ThreadDef.$new();
var dalvik = Java.use("android.telephony.TelephonyManager")
dalvik.getSimOperator.overload().implementation = function(){
console.log("[+] sim operator Catched -> ")
stackTrace()
return "302"
@eybisi
eybisi / checkgp.py
Created Oct 30, 2019
check if app is on gplay
View checkgp.py
#/usr/bin/python
#python checkgp.py list.txt
import requests
import sys
f = open(sys.argv[1])
r = f.readlines()
for i in r:
try:
req = requests.get("https://play.google.com/store/apps/details?id="+i)