Top HN posts
incogbyte
/ mixunpin.js
Last active
May 2, 2024 07:03
Frida script to bypass common methods of sslpining Android
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| console.log("[*] SSL Pinning Bypasses"); | |
| console.log(`[*] Your frida version: ${Frida.version}`); | |
| console.log(`[*] Your script runtime: ${Script.runtime}`); | |
| /** | |
| * by incogbyte | |
| * Common functions | |
| * thx apkunpacker, NVISOsecurity, TheDauntless | |
| * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that. | |
| * !!! THIS SCRIPT IS NOT A SILVER BULLET !! |
ianhanniballake
/ PickImageContracts.kt
Last active
September 10, 2022 18:03
Gist showing how to write backward compatible ActivityResultContracts for supporting Android 13's new Photo Picker: https://developer.android.com/about/versions/13/features/photopicker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Use this [ActivityResultContract] to seamlessly switch between | |
| * the new [MediaStore.ACTION_PICK_IMAGES] and [Intent.ACTION_GET_CONTENT] | |
| * based on the availability of the Photo Picker. | |
| * | |
| * Use [PickMultipleImages] if you'd like the user to be able to select multiple | |
| * photos/videos. | |
| * | |
| * Input: the mimeType you'd like to receive. This should generally be | |
| * either `image/\*` or `video/\*` for requesting only images or only videos |
agnostic-apollo
/ Android-Phantom,Cached-And-Empty-Processes.md
Last active
June 19, 2024 23:49
Android Phantom, Cached And Empty Processes
This has been moved to https://github.com/agnostic-apollo/Android-Docs/blob/master/en/docs/apps/processes/phantom-cached-and-empty-processes.md
Some important headings are kept so that users can redirect to new link if they land here.
LionZXY
/ smali-cheatsheet.md
Last active
March 12, 2024 12:17
Smali docs на русском. Теперь в Markdown
Приветствую, любители реверс-инжинирить Android. Перед вами шпаргалка по Smali - аналогу ассемблера для Android-приложений.
Изначальный текст на русском взят отсюда. Там текст появился из машинного перевода официальной документации.
В итоге, оформил сухой текст + поправил небольшие опечатки и корявости перевода. По поводу замечаний и предложений можете писать либо мне в ЛС, либо оформлять PR на Gist.
vavkamil
/ android-burp-cert.sh
Created
September 10, 2019 14:47
One Liner For Installing Burp Certificate Into Android Nougat and Later
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://securitychops.com/2019/08/31/dev/random/one-liner-to-install-burp-cacert-into-android.html | |
| # | |
| curl --proxy http://127.0.0.1:8080 -o cacert.der http://burp/cert \ | |
| && openssl x509 -inform DER -in cacert.der -out cacert.pem \ | |
| && cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 \ | |
| && adb root \ | |
| && adb remount \ | |
| && adb push $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /sdcard/ \ | |
| && echo -n "mv /sdcard/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /system/etc/security/cacerts/" | adb shell \ | |
| && echo -n "chmod 644 /system/etc/security/cacerts/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0" | adb shell \ |
pich4ya
/ root_bypass.js
Created
August 5, 2019 20:14
Bypass Android Root Detection / Bypass RootBeer - August 2019
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // $ frida -l antiroot.js -U -f com.example.app --no-pause | |
| // CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh): | |
| // - I added extra whitelisted items to deal with the latest versions | |
| // of RootBeer/Cordova iRoot as of August 6, 2019 | |
| // - The original one just fucked up (kill itself) if Magisk is installed lol | |
| // Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/ | |
| // If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so | |
| Java.perform(function() { | |
| var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu", |
akabe1
/ frida_multiple_unpinning.js
Last active
June 16, 2024 19:15
Another Android ssl certificate pinning bypass for various methods
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Android ssl certificate pinning bypass script for various methods | |
| by Maurizio Siddu | |
| Run with: | |
| frida -U -f <APP_ID> -l frida_multiple_unpinning.js [--no-pause] | |
| */ | |
| setTimeout(function() { | |
| Java.perform(function() { | |
| console.log(''); |
cubehouse
/ pinning.js
Last active
May 12, 2024 14:08
A Frida script to bypass SSL Pinning on Android. https://blog.jamie.holdings/2019/01/19/advanced-certificate-bypassing-in-android-with-frida/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // start with: | |
| // frida -U -l pinning.js -f [APP_ID] --no-pause | |
| Java.perform(function () { | |
| console.log('') | |
| console.log('===') | |
| console.log('* Injecting hooks into common certificate pinning methods *') | |
| console.log('===') | |
| var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager'); |
ArsalRaza
/ VideoUtils.java
Last active
January 25, 2024 11:39
Extract Audio from Video, Mute Video, Crop Video from start, Crop Video from end Android MediaMuxer - JAVA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import android.annotation.SuppressLint; | |
| import android.media.MediaCodec; | |
| import android.media.MediaExtractor; | |
| import android.media.MediaFormat; | |
| import android.media.MediaMetadataRetriever; | |
| import android.media.MediaMuxer; | |
| import android.util.Log; | |
| import java.io.IOException; | |
| import java.nio.ByteBuffer; |
NewerOlder