Last active
January 12, 2020 14:02
-
-
Save jcalabres/f90c601d4f02874f34f6974e657ae3f5 to your computer and use it in GitHub Desktop.
CyberTruckChallenge19 Solutions (Frida)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Process.enumerateModules({ | |
onMatch: function(module){ | |
console.log('Module name: ' + module.name + " - " + "Base Address: " + module.base.toString()); | |
if (module.name=="libnative-lib.so"){ | |
var secret="" | |
Interceptor.attach(module.base.add(0x06cf), function() { | |
var x = this.context.eax; | |
var y = this.context.ecx; | |
var z = x ^ y; | |
secret+=String.fromCharCode(z) | |
send(secret) | |
}); | |
} | |
}, | |
onComplete: function(){} | |
}); | |
Java.perform(function () { | |
function ba2hex(bufArray) { | |
var uint8arr = new Uint8Array(bufArray); | |
if (!uint8arr) { | |
return ''; | |
} | |
var hexStr = ''; | |
for (var i = 0; i < uint8arr.length; i++) { | |
var hex = (uint8arr[i] & 0xff).toString(16); | |
hex = (hex.length === 1) ? '0' + hex : hex; | |
hexStr += hex; | |
} | |
return hexStr.toLowerCase(); | |
} | |
// Class to hook is defined here | |
var hookDetector = Java.use('org.nowsecure.cybertruck.detections.HookDetector'); | |
var challenge1 = Java.use('org.nowsecure.cybertruck.keygenerators.Challenge1') | |
var challenge2 = Java.use('org.nowsecure.cybertruck.keygenerators.a') | |
hookDetector.isFridaServerInDevice.implementation = function (v) { | |
console.log('[hook] isFridaServerInDevice') | |
return false | |
}; | |
challenge1.generateDynamicKey.implementation = function (v) { | |
var secret=this.generateDynamicKey(v) | |
send(ba2hex(secret)); | |
return secret | |
}; | |
challenge2.a.overload('[B', '[B').implementation = function (v1,v2) { | |
var secret=this.a.overload('[B', '[B').call(this,v1,v2) | |
send(ba2hex(secret)); | |
return secret | |
}; | |
}); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://www.verso.re/