Skip to content

Instantly share code, notes, and snippets.

@leveled
Last active October 28, 2019 17:11
Show Gist options
  • Save leveled/2867794a890d1cbffec441ee027ab7ad to your computer and use it in GitHub Desktop.
Save leveled/2867794a890d1cbffec441ee027ab7ad to your computer and use it in GitHub Desktop.
Frida Cheatsheet
//Executing Frida and loading script
//frida -U --no-pause -l disableRoot.js -f sg.vantagepoint.uncrackable1
//Overwriting a function and getting a return value
aes_decrypt.a.overload("[B","[B").implementation = function(var_0,var_1) {
send("sg.vantagepoint.a.a.a([B[B)[B doFinal(enc) // AES/ECB/PKCS7Padding");
send("Key : " + var_0);
send("Encrypted : " + var_1);
var ret = this.a.overload("[B","[B").call(this,var_0,var_1);
send("Decrypted : " + ret);
flag = "";
for (var i=0; i < ret.length; i++){
flag += String.fromCharCode(ret[i]);
}
send("Decrypted flag: " + flag);
return ret; //[B
};
//Hook a native function and print out it's params
//Hook Library loading
Java.perform(function() {
const System = Java.use('java.lang.System');
const Runtime = Java.use('java.lang.Runtime');
const VMStack = Java.use('dalvik.system.VMStack');
System.loadLibrary.implementation = function(library) {
try {
console.log('System.loadLibrary("' + library + '")');
const loaded = Runtime.getRuntime().loadLibrary0(VMStack.getCallingClassLoader(), library);
return loaded;
} catch(ex) {
console.log(ex);
}
};
System.load.implementation = function(library) {
try {
console.log('System.load("' + library + '")');
const loaded = Runtime.getRuntime().load0(VMStack.getCallingClassLoader(), library);
return loaded;
} catch(ex) {
console.log(ex);
}
};
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment