Last active
September 5, 2022 15:29
-
-
Save theseann/67f0b9b10cf0922f7c0fa816214bc4de to your computer and use it in GitHub Desktop.
FridaLab-solver-by-lushann
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // frida -U uk.rossmarks.fridalab -l agent/demo.js --runtime=v8 | |
| function challenge01() { | |
| Java.perform(function () { | |
| Java.use("uk.rossmarks.fridalab.challenge_01").chall01.value = 1 | |
| }) | |
| } | |
| function challenge02() { | |
| Java.perform(function () { | |
| Java.choose('uk.rossmarks.fridalab.MainActivity', { | |
| onMatch: function (instance) { | |
| instance.chall02() | |
| }, onComplete: function () { } | |
| }) | |
| }) | |
| } | |
| function challenge03() { | |
| Java.perform(function () { | |
| Java.use('uk.rossmarks.fridalab.MainActivity').chall03.implementation = function () { | |
| return true | |
| } | |
| }) | |
| } | |
| function challenge04() { | |
| Java.perform(function () { | |
| Java.choose('uk.rossmarks.fridalab.MainActivity', { | |
| onMatch: function (instance) { | |
| instance.chall04("frida") | |
| }, onComplete: function () { } | |
| }) | |
| }) | |
| } | |
| function challenge05() { | |
| Java.perform(function () { | |
| Java.use('uk.rossmarks.fridalab.MainActivity').chall05.implementation = function (x) { | |
| var res = this.chall05("frida") | |
| return res | |
| } | |
| }) | |
| } | |
| function challenge06() { | |
| setTimeout(function() { | |
| Java.perform(function () { | |
| var challenge_06 = Java.use('uk.rossmarks.fridalab.challenge_06') | |
| var chall06 = challenge_06.chall06.value | |
| console.log("NOW CLICK") | |
| Java.choose('uk.rossmarks.fridalab.MainActivity', { | |
| onMatch: function (instance) { | |
| instance.chall06(chall06) | |
| }, onComplete: function () { } | |
| }) | |
| }) | |
| }, 10000) | |
| } | |
| function challenge07() { | |
| Java.perform(function () { | |
| var challenge_07 = Java.use('uk.rossmarks.fridalab.challenge_07') | |
| console.log("the pass : ", challenge_07.chall07.value) | |
| var main; | |
| Java.choose('uk.rossmarks.fridalab.MainActivity', { | |
| onMatch: function (instance) { | |
| main = instance | |
| }, | |
| onComplete: function () { | |
| } | |
| }) | |
| for (var i = 9999; i > 999; i--) { | |
| var str = i.toString() | |
| var pass = str.padStart(4, '0') | |
| if (challenge_07.check07Pin(pass)) { | |
| console.log('bruteforce:', pass) | |
| main.chall07(pass) | |
| break | |
| } | |
| } | |
| }) | |
| } | |
| function challenge08() { | |
| Java.perform(function () { | |
| var main; | |
| Java.choose('uk.rossmarks.fridalab.MainActivity', { | |
| onMatch: function (instance) { | |
| main = instance | |
| }, | |
| onComplete: function () { | |
| } | |
| }) | |
| var btn = Java.use('android.widget.Button') | |
| var checkid = main.findViewById(2131165231) | |
| console.log('check:', checkid) | |
| var checkbtn = Java.cast(checkid.$handle, btn) | |
| checkbtn.setText(Java.use('java.lang.String').$new('Confirm')) | |
| }) | |
| } | |
| function main() { | |
| challenge01() | |
| challenge02() | |
| challenge03() | |
| challenge04() | |
| challenge05() | |
| challenge06() | |
| challenge07() | |
| challenge08() | |
| } | |
| setImmediate(main) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment