Extract assets protected using Kroll's AssetCrypt using runtime code injection.
Specifically org.appcelerator.kroll.util.KrollAssetHelper.AssetCrypt
hope this is useful to someone!
You'll need:
- a rooted android device
- frida set up and running
- your target app installed and running (doesn't matter what state it's in so long as it's running)
- grab the files from the gist, replacing
com.target.app
with your app's package - get the resources by running
frida -U -l inject.js com.target.app
- use
adb shell
to copy thecode.json
to/sdcard/
theadb pull
it to your machine - rename your
{package}.code.json
toapp.code.json
- extract the .js files from the
app.code.json
by runningnpm install fs-extra && node extract.js
- ???
- profit
NB: this will give you the JS code from their app, however the other resources (images, fonts, etc.) will have to be extracted from the apk using JadX or such (they should be in assets/resources)
<3 to frida for making this possible