Created
March 6, 2021 23:54
-
-
Save timschneeb/fd9cfc391c07047598abe1c8c5c74b5b to your computer and use it in GitHub Desktop.
Galaxy Buds+ Custom firmware injector (frida.re)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import frida, sys, argparse | |
| parser = argparse.ArgumentParser(description='Inject custom firmware updates into Samsung\'s official Wearable app (Buds Plus only)') | |
| parser.add_argument('path', metavar='path', type=str, nargs=1, | |
| help='Path to firmware archive (on the Android device: ex. \'/sdcard/FOTA_R175XXU0ATF2.bin\')') | |
| args = parser.parse_args() | |
| jscode = ''' | |
| setTimeout(function() {{ | |
| Java.perform(function(){{ | |
| Java.choose("com.samsung.accessory.hearablemgr.core.service.CoreService", {{ | |
| onMatch: function(instance) {{ | |
| Java.scheduleOnMainThread(function () {{ | |
| instance.startFotaInstall("{path}"); | |
| }}); | |
| }}, | |
| onComplete: function() {{ }} | |
| }}); | |
| }}); | |
| }}, 0); | |
| '''.format(path=args.path[0]) | |
| process = frida.get_usb_device().attach('com.samsung.accessory.popcornmgr') | |
| script = process.create_script(jscode) | |
| print('[*] Loading script...') | |
| script.load() | |
| print('[*] Done.'); | |
| print('[*] Note: You can check logcat for progress information and other details (filter by \'Popcorn\')'); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment