Skip to content

Instantly share code, notes, and snippets.

View sdex's full-sized avatar
🇺🇦

Yuriy Mysochenko sdex

🇺🇦
View GitHub Profile
@incogbyte
incogbyte / mixunpin.js
Last active May 2, 2024 07:03
Frida script to bypass common methods of sslpining Android
console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);
/**
* by incogbyte
* Common functions
* thx apkunpacker, NVISOsecurity, TheDauntless
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
* !!! THIS SCRIPT IS NOT A SILVER BULLET !!
@ianhanniballake
ianhanniballake / PickImageContracts.kt
Last active September 10, 2022 18:03
Gist showing how to write backward compatible ActivityResultContracts for supporting Android 13's new Photo Picker: https://developer.android.com/about/versions/13/features/photopicker
/**
* Use this [ActivityResultContract] to seamlessly switch between
* the new [MediaStore.ACTION_PICK_IMAGES] and [Intent.ACTION_GET_CONTENT]
* based on the availability of the Photo Picker.
*
* Use [PickMultipleImages] if you'd like the user to be able to select multiple
* photos/videos.
*
* Input: the mimeType you'd like to receive. This should generally be
* either `image/\*` or `video/\*` for requesting only images or only videos
@agnostic-apollo
agnostic-apollo / Android-Phantom,Cached-And-Empty-Processes.md
Last active June 6, 2024 01:31
Android Phantom, Cached And Empty Processes
@LionZXY
LionZXY / smali-cheatsheet.md
Last active March 12, 2024 12:17
Smali docs на русском. Теперь в Markdown

Русская шпаргалка по Smali

Приветствую, любители реверс-инжинирить Android. Перед вами шпаргалка по Smali - аналогу ассемблера для Android-приложений.

Изначальный текст на русском взят отсюда. Там текст появился из машинного перевода официальной документации.

В итоге, оформил сухой текст + поправил небольшие опечатки и корявости перевода. По поводу замечаний и предложений можете писать либо мне в ЛС, либо оформлять PR на Gist.

Общая информация

Виды(Types)

@vavkamil
vavkamil / android-burp-cert.sh
Created September 10, 2019 14:47
One Liner For Installing Burp Certificate Into Android Nougat and Later
# https://securitychops.com/2019/08/31/dev/random/one-liner-to-install-burp-cacert-into-android.html
#
curl --proxy http://127.0.0.1:8080 -o cacert.der http://burp/cert \
&& openssl x509 -inform DER -in cacert.der -out cacert.pem \
&& cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 \
&& adb root \
&& adb remount \
&& adb push $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /sdcard/ \
&& echo -n "mv /sdcard/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /system/etc/security/cacerts/" | adb shell \
&& echo -n "chmod 644 /system/etc/security/cacerts/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0" | adb shell \
@pich4ya
pich4ya / root_bypass.js
Created August 5, 2019 20:14
Bypass Android Root Detection / Bypass RootBeer - August 2019
// $ frida -l antiroot.js -U -f com.example.app --no-pause
// CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh):
// - I added extra whitelisted items to deal with the latest versions
// of RootBeer/Cordova iRoot as of August 6, 2019
// - The original one just fucked up (kill itself) if Magisk is installed lol
// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/
// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so
Java.perform(function() {
var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
@akabe1
akabe1 / frida_multiple_unpinning.js
Last active June 16, 2024 19:15
Another Android ssl certificate pinning bypass for various methods
/* Android ssl certificate pinning bypass script for various methods
by Maurizio Siddu
Run with:
frida -U -f <APP_ID> -l frida_multiple_unpinning.js [--no-pause]
*/
setTimeout(function() {
Java.perform(function() {
console.log('');
// start with:
// frida -U -l pinning.js -f [APP_ID] --no-pause
Java.perform(function () {
console.log('')
console.log('===')
console.log('* Injecting hooks into common certificate pinning methods *')
console.log('===')
var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
@ArsalRaza
ArsalRaza / VideoUtils.java
Last active January 25, 2024 11:39
Extract Audio from Video, Mute Video, Crop Video from start, Crop Video from end Android MediaMuxer - JAVA
import android.annotation.SuppressLint;
import android.media.MediaCodec;
import android.media.MediaExtractor;
import android.media.MediaFormat;
import android.media.MediaMetadataRetriever;
import android.media.MediaMuxer;
import android.util.Log;
import java.io.IOException;
import java.nio.ByteBuffer;