Created
January 20, 2022 14:32
-
-
Save xhlove/b87d36370fcd825e4a2208df0fcb8085 to your computer and use it in GitHub Desktop.
peacock HMAC key frida hook script, use frida 14.2.18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function jhexdump(array) { | |
| if(!array) return; | |
| console.log("---------jhexdump start---------"); | |
| var ptr = Memory.alloc(array.length); | |
| for(var i = 0; i < array.length; ++i) | |
| Memory.writeS8(ptr.add(i), array[i]); | |
| console.log(hexdump(ptr, {offset: 0, length: array.length, header: false, ansi: false})); | |
| console.log("---------jhexdump end---------"); | |
| } | |
| function java_hook(){ | |
| Java.perform(function(){ | |
| let HMACCls = Java.use("com.sky.sps.security.HMAC"); | |
| let SecurityUtilsCls = Java.use("com.sky.sps.utils.SecurityUtils"); | |
| let SecretKeySpecCls = Java.use("javax.crypto.spec.SecretKeySpec"); | |
| let MacCls = Java.use("javax.crypto.Mac"); | |
| HMACCls.calculate.overload('java.lang.String', 'boolean').implementation = function(text, flag){ | |
| console.log("---------enter calculate---------"); | |
| let ret = this.calculate(text, flag); | |
| console.log(text, flag, ret); | |
| jhexdump(ret); | |
| return ret; | |
| } | |
| SecurityUtilsCls.createMD5Digest.overload('java.lang.String').implementation = function(text){ | |
| console.log("---------enter createMD5Digest---------"); | |
| let ret = this.createMD5Digest(text); | |
| console.log(text, ret); | |
| return ret; | |
| } | |
| SecretKeySpecCls.$init.overload('[B', 'java.lang.String').implementation = function(key, method){ | |
| console.log("---------enter SecretKeySpec init---------"); | |
| jhexdump(key); | |
| let ret = this.$init(key, method); | |
| console.log(key, method, ret); | |
| return ret; | |
| } | |
| MacCls.doFinal.overload('[B').implementation = function(data){ | |
| console.log("---------enter SecretKeySpec init---------"); | |
| jhexdump(data); | |
| let ret = this.doFinal(data); | |
| console.log(data, ret); | |
| return ret; | |
| } | |
| }) | |
| } | |
| setImmediate(java_hook) | |
| // frida 14.2.18 | |
| // frida -U -n com.peacocktv.peacockandroid -l peacock.js -o peacock.log |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
you may need to the following with some android applications
Certificate Pinning Bypasse
Certificate Pinning Bypass
Security Config Bypass
these can all be done using frida as well