Created
April 18, 2020 20:59
-
-
Save eybisi/886c0d5c2a8a6eb24356514aad2143af to your computer and use it in GitHub Desktop.
hookymooky.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // install package with adb install package.name | |
| // do not open application | |
| // use -f force option | |
| // frida -U -f package.name -l del.js | |
| Java.perform(function() { | |
| var ssl = Java.use("k.x$b") | |
| var channel = Java.use("f.e.c.b.g.f.g.a.c") | |
| var Integer = Java.use("java.lang.Integer"); | |
| var ArrayList = Java.use("java.util.ArrayList"); | |
| var ArrayList = Java.use("java.util.ArrayList"); | |
| var questionsAll = Java.use("f.e.c.b.h.c.a") | |
| var vip_class = Java.use("com.onedio.oynakazan.presentation.k0.v") | |
| vip_class.c.implementation = function(){ | |
| console.log("required 0") | |
| return 0 | |
| } | |
| questionsAll.a.overload('int', 'java.util.List', 'java.util.List', 'java.util.List', 'java.util.List', 'java.util.Map').implementation = function(g,b,c,d,e,f){ | |
| console.log("answerIdxs: ") | |
| send(d) | |
| this.a(g,b,c,d,e,f) | |
| } | |
| channel.a.implementation = function(b,c){ | |
| console.log("subbed channel name : " + b) | |
| console.log("listener name : " + c) | |
| return this.a(b,c) | |
| } | |
| var choice = Java.use("f.e.c.b.g.f.f.i0") | |
| choice.$init.implementation = function(a,b,c,d){ | |
| console.log("add other choices") | |
| var arr = ArrayList.$new(b) | |
| arr.add(Integer.$new(0)) | |
| try{ | |
| this.$init(a,arr,c,d) | |
| } | |
| catch(err){ | |
| console.log("err") | |
| this.$init(a,b,c,d) | |
| } | |
| } | |
| choice.a.implementation = function(){ | |
| console.log("get choices") | |
| this.choiceIndexes.add(Integer.valueOf(0)) | |
| return this.choiceIndexes; | |
| } | |
| var q = Java.use("kotlin.q") | |
| //hooking anyways | |
| var aes = Java.use("f.e.c.b.c") | |
| aes.a.overload('[B', '[B', '[B', 'f.e.c.a.l').implementation = function(e,b,c,d){ | |
| console.log("aes enc start+++++++++++++") | |
| //send(e) | |
| //send(b) | |
| //send(c) | |
| // should return json | |
| var dec = this.a(e,b,c,d) | |
| send(b2s(dec)) | |
| console.log("aes enc end+++++++++++++") | |
| return this.a(e,b,c,d) | |
| } | |
| aes.a.overload('java.lang.String').implementation = function(b){ | |
| console.log("md5 start+++++++++++++") | |
| console.log("str : " + b) | |
| var hashed = this.a(b) | |
| console.log("md5 : " + hashed) | |
| console.log("md5 end+++++++++++++++") | |
| return hashed | |
| } | |
| //kotlin interface hook | |
| q.a.implementation = function(b,c){ | |
| console.log("type: " + b + " value: "+c) | |
| return this.a(b,c) | |
| } | |
| var dec = Java.use("f.e.c.b.g.f.g.b.g.a$a") | |
| dec.a.implementation = function(e,b){ | |
| return this.a(e,b) | |
| } | |
| ssl.a.overload('k.g').implementation = function(a){ | |
| console.log("[+] bypass sslpin bing bong=>") | |
| return "lel" | |
| } | |
| var f = Java.use("com.onedio.ably_websocket.d.a") | |
| f.a.implementation = function(mes){ | |
| //console.log(mes.name,mes.data) | |
| console.log(mes.toString()) | |
| return this.a(mes) | |
| } | |
| var publisher = Java.use("io.ably.lib.d.c") | |
| publisher.a.overload('[Lio.ably.lib.types.Message;').implementation = function(mes){ | |
| //console.log(mes.name,mes.data) | |
| console.log("Send message+++++++++++++++++++++") | |
| send(mes) | |
| this.a(mes) | |
| } | |
| var jsonSerialize = Java.use("io.ably.lib.types.ProtocolSerializer") | |
| jsonSerialize.writeJSON.implementation = function(a){ | |
| console.log("serialize json") | |
| send(this.writeJson(a)) | |
| return this.writeJson(a) | |
| } | |
| jsonSerialize.fromJSON.implementation = function(a){ | |
| console.log("from serialize json") | |
| send(a) | |
| return this.fromJson(a) | |
| } | |
| var use_single_byte = false; | |
| var complete_bytes = new Array(); | |
| var index = 0; | |
| var secretKeySpecDef = Java.use('javax.crypto.spec.SecretKeySpec'); | |
| var ivParameterSpecDef = Java.use('javax.crypto.spec.IvParameterSpec'); | |
| var cipherDef = Java.use('javax.crypto.Cipher'); | |
| var cipherDoFinal_1 = cipherDef.doFinal.overload(); | |
| var cipherDoFinal_2 = cipherDef.doFinal.overload('[B'); | |
| var cipherDoFinal_3 = cipherDef.doFinal.overload('[B', 'int'); | |
| var cipherDoFinal_4 = cipherDef.doFinal.overload('[B', 'int', 'int'); | |
| var cipherDoFinal_5 = cipherDef.doFinal.overload('[B', 'int', 'int', '[B'); | |
| var cipherDoFinal_6 = cipherDef.doFinal.overload('[B', 'int', 'int', '[B', 'int'); | |
| var cipherUpdate_1 = cipherDef.update.overload('[B'); | |
| var cipherUpdate_2 = cipherDef.update.overload('[B', 'int', 'int'); | |
| var cipherUpdate_3 = cipherDef.update.overload('[B', 'int', 'int', '[B'); | |
| var cipherUpdate_4 = cipherDef.update.overload('[B', 'int', 'int', '[B', 'int'); | |
| var secretKeySpecDef_init_1 = secretKeySpecDef.$init.overload('[B', 'java.lang.String'); | |
| var secretKeySpecDef_init_2 = secretKeySpecDef.$init.overload('[B', 'int', 'int', 'java.lang.String'); | |
| var ivParameterSpecDef_init_1 = ivParameterSpecDef.$init.overload('[B'); | |
| var ivParameterSpecDef_init_2 = ivParameterSpecDef.$init.overload('[B', 'int', 'int'); | |
| secretKeySpecDef_init_1.implementation = function(arr, alg) { | |
| var key = b2s(arr); | |
| send("Creating " + alg + " secret key, plaintext:\\n" + hexdump(key)); | |
| return secretKeySpecDef_init_1.call(this, arr, alg); | |
| } | |
| secretKeySpecDef_init_2.implementation = function(arr, off, len, alg) { | |
| var key = b2s(arr); | |
| send("Creating " + alg + " secret key, plaintext:\\n" + hexdump(key)); | |
| return secretKeySpecDef_init_2.call(this, arr, off, len, alg); | |
| } | |
| /*ivParameterSpecDef_init_1.implementation = function(arr) | |
| { | |
| var iv = b2s(arr); | |
| send("Creating IV:\\n" + hexdump(iv)); | |
| return ivParameterSpecDef_init_1.call(this, arr); | |
| } | |
| ivParameterSpecDef_init_2.implementation = function(arr, off, len) | |
| { | |
| var iv = b2s(arr); | |
| send("Creating IV, plaintext:\\n" + hexdump(iv)); | |
| return ivParameterSpecDef_init_2.call(this, arr, off, len); | |
| }*/ | |
| cipherDoFinal_1.implementation = function() { | |
| var ret = cipherDoFinal_1.call(this); | |
| info(this.getIV(), this.getAlgorithm(), complete_bytes, ret); | |
| return ret; | |
| } | |
| cipherDoFinal_2.implementation = function(arr) { | |
| addtoarray(arr); | |
| var ret = cipherDoFinal_2.call(this, arr); | |
| info(this.getIV(), this.getAlgorithm(), complete_bytes, ret); | |
| return ret; | |
| } | |
| cipherDoFinal_3.implementation = function(arr, a) { | |
| addtoarray(arr); | |
| var ret = cipherDoFinal_3.call(this, arr, a); | |
| info(this.getIV(), this.getAlgorithm(), complete_bytes, ret); | |
| return ret; | |
| } | |
| cipherDoFinal_4.implementation = function(arr, a, b) { | |
| addtoarray(arr); | |
| var ret = cipherDoFinal_4.call(this, arr, a, b); | |
| info(this.getIV(), this.getAlgorithm(), complete_bytes, ret); | |
| return ret; | |
| } | |
| cipherDoFinal_5.implementation = function(arr, a, b, c) { | |
| addtoarray(arr); | |
| var ret = cipherDoFinal_5.call(this, arr, a, b, c); | |
| info(this.getIV(), this.getAlgorithm(), complete_bytes, ret); | |
| return ret; | |
| } | |
| cipherDoFinal_6.implementation = function(arr, a, b, c, d) { | |
| addtoarray(arr); | |
| var ret = cipherDoFinal_6.call(this, arr, a, b, c, d); | |
| info(this.getIV(), this.getAlgorithm(), complete_bytes, c); | |
| return ret; | |
| } | |
| cipherUpdate_1.implementation = function(arr) { | |
| addtoarray(arr); | |
| return cipherUpdate_1.call(this, arr); | |
| } | |
| cipherUpdate_2.implementation = function(arr, a, b) { | |
| addtoarray(arr); | |
| return cipherUpdate_2.call(this, arr, a, b); | |
| } | |
| cipherUpdate_3.implementation = function(arr, a, b, c) { | |
| addtoarray(arr); | |
| return cipherUpdate_3.call(this, arr, a, b, c); | |
| } | |
| cipherUpdate_4.implementation = function(arr, a, b, c, d) { | |
| addtoarray(arr); | |
| return cipherUpdate_4.call(this, arr, a, b, c, d); | |
| } | |
| function info(iv, alg, plain, encoded) { | |
| /* | |
| send("Performing encryption/decryption"); | |
| if (iv) { | |
| send("Initialization Vector: \\n" + hexdump(b2s(iv))); | |
| } else { | |
| send("Initialization Vector: " + iv); | |
| } | |
| //send("Algorithm: " + alg); | |
| //send("In: \\n" + hexdump(b2s(plain))); | |
| */ | |
| send("Out: \\n" + b2s(encoded)) | |
| complete_bytes = []; | |
| index = 0; | |
| } | |
| function hexdump(buffer, blockSize) { | |
| blockSize = blockSize || 16; | |
| var lines = []; | |
| var hex = "0123456789ABCDEF"; | |
| for (var b = 0; b < buffer.length; b += blockSize) { | |
| var block = buffer.slice(b, Math.min(b + blockSize, buffer.length)); | |
| var addr = ("0000" + b.toString(16)).slice(-4); | |
| var codes = block.split('').map(function(ch) { | |
| var code = ch.charCodeAt(0); | |
| return " " + hex[(0xF0 & code) >> 4] + hex[0x0F & code]; | |
| }).join(""); | |
| codes += " ".repeat(blockSize - block.length); | |
| var chars = block.replace(/[\\x00-\\x1F\\x20]/g, '.'); | |
| chars += " ".repeat(blockSize - block.length); | |
| lines.push(addr + " " + codes + " " + chars); | |
| } | |
| return lines.join("\\n"); | |
| } | |
| function b2s(array) { | |
| var result = ""; | |
| for (var i = 0; i < array.length; i++) { | |
| result += String.fromCharCode(modulus(array[i], 256)); | |
| } | |
| return result; | |
| } | |
| function modulus(x, n) { | |
| return ((x % n) + n) % n; | |
| } | |
| function addtoarray(arr) { | |
| for (var i = 0; i < arr.length; i++) { | |
| complete_bytes[index] = arr[i]; | |
| index = index + 1; | |
| } | |
| } | |
| }) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment