5ec1cff
🥰
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <string.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> | |
| #include <pthread.h> | |
| #include <err.h> | |
| #include <errno.h> | |
| #include <fcntl.h> | |
| #include <sys/wait.h> | |
| #include <signal.h> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <cstdio> | |
| #include <fcntl.h> | |
| #include <sys/mman.h> | |
| #include <unistd.h> | |
| #include <cstring> | |
| #include <cerrno> | |
| #include <string> | |
| #include <utility> |
5ec1cff
/ bootloader_miui.java
Created
November 22, 2023 15:29
— forked from sopanatx/bootloader_miui.java
Xiaomi Bootloader Bind API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.android.settings.bootloader; | |
| import android.content.Context; | |
| import android.database.Cursor; | |
| import android.net.Uri; | |
| import android.os.Build; | |
| import android.text.TextUtils; | |
| import android.util.Log; | |
| import com.android.settings.AESUtil; | |
| import com.android.settings.bootloader.Utils; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| ################################################################################ | |
| # | |
| # Universal JDWP shellifier | |
| # | |
| # @_hugsy_ | |
| # | |
| # And special cheers to @lanjelot | |
| # https://github.com/IOActive/jdwp-shellifier/blob/e82ec26193861ba58179aae7f3fa93654b7abc8a/jdwp-shellifier.py |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package io.github.a13e300.demo.maho | |
| import android.app.PendingIntent | |
| import android.content.BroadcastReceiver | |
| import android.content.Context | |
| import android.content.Intent | |
| import android.content.IntentFilter | |
| import android.content.pm.PackageInstaller | |
| import android.content.pm.PackageInstaller.EXTRA_STATUS | |
| import android.content.pm.PackageInstaller.STATUS_PENDING_USER_ACTION |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function injector(url) { | |
| console.log("injected"); | |
| let im = document.querySelector("img"); | |
| function loaded() { | |
| let canvas = document.createElement("canvas"); | |
| canvas.width = im.naturalWidth; | |
| canvas.height = im.naturalHeight; | |
| var ctx = canvas.getContext("2d"); | |
| ctx.drawImage(im, 0, 0); |
5ec1cff
/ generate.py
Last active
April 3, 2023 11:35
Generate windows registry of context menu of IDEs in JB ToolBox
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| # find icons in %AppData%\Microsoft\Windows\Start Menu\Programs\JetBrains Toolbox | |
| template_add = r'''Windows Registry Editor Version 5.00 | |
| [HKEY_CLASSES_ROOT\Directory\Background\shell\{prog_name}] | |
| @="Open with {name}" | |
| "Icon"="\"{current}\\icons\\{prog_name}.ico\"" |
使用 frida 的时候经常需要通过 pid 附加到进程,因为 frida 自带的 -n 参数实在太不好用了——本来 Android 的「进程名」概念是很清楚的,在 Manifest 就能看到,要是不清楚也可以通过 packageName 或者 cmdline 来替代,但 frida 却非要让「应用的名字」作为注入应用主进程的唯一标识,什么包名、命令行,统统不认,遇到中文应用名就很麻烦;此外,这个操作似乎还要注入系统服务,从而导致 stop server 后发生各种诡异崩溃,因此我不太喜欢用这个参数。然而每次都要打开 shell ,输入 ps -ef | grep 找应用的 pid 很是麻烦,并且对于多进程的应用并非总是能「猜对」它的进程名的。于是写了这个脚本,至少可以确定当前看到的这个窗口属于哪个进程(没焦点的就不好说了)。
脚本运行在 Android 上的 shell (建议 /system/bin/sh),在主机端只要简单用 adb shell 之类的封装一下用起来就很方便了。
脚本主要利用 dumpsys window 的 mFocusedWindow 取得当前焦点窗口的 hash ,并查找 hash 对应窗口的 Session 信息获取 uid 和 pid 。
仅在 Android 11 上通过测试,adb 权限即可。
Window Manager Service 是 Android 的重要服务,各种窗口(Activity, toast, Dialog, 系统 UI 等)都通过这个服务注册和管理。
经常玩系统隐藏 API 的都知道这个实际上是一个名为 window 的 Binder 服务,通过 ServiceManager.getService("window") 就能拿到它的 BinderProxy ,进而转为 android.view.IWindowManager 直接调用 API
但是当你在 app 的 shell 下尝试获取这个服务,却会发现根本无法找到(以下在 Termux 中测试):
对比 activity 服务:
NewerOlder