G5t4r

#!/bin/sh
# Convert a raw binary image into an ELF file suitable for loading into a disassembler

cat > raw$$.ld <<EOF
SECTIONS
{
EOF

echo " . = $3;" >> raw$$.ld

G5t4r

Keybase proof

I hereby claim:

• I am gitforneo on github.
• I am 5t4r (https://keybase.io/5t4r) on keybase.
• I have a public key ASBZYPTmA7WtLynjhMUdfWX8D38dqFbmCPSKytc_r3CA9Qo

To claim this, I am signing this object:

G5t4r

// 打印按钮的action及其target
function actionWithTargets(button) {
	var allTargets = [button allTargets].allObjects();
	if (!allTargets) {
		return "is not a uicontrol"
	}
	var allShow = [];
	for (var i = 0; i < allTargets.length; i++) {
		var target = allTargets[i];
		var actions = [button actionsForTarget: target forControlEvent: UIControlEventTouchUpInside];

G5t4r

UIApp.keyWindow.recursiveDescription().toString()
UIButton点击事件获取： [xxx allTargets] [xxx allControlEvents] [xxxx actionsForTarget:#0x12610c200 forControlEvent:64] [xx sendActionsForControlEvents:64]
地址转对象 var p = #0x8614390
打印变量的内存变量 *controller   或者  [i for (i in *UIApp)] 或者使用 function tryPrintIvars(a){ var x={}; for(i in *a){ try{ x[i] = (*a)[i]; } catch(e){} } return x; }
获取包名 NSBundle.mainBundle.bundleIdentifier
打印类的所有方法：
  function printMethods(className, isa) {
  var count = new new Type("I");
  var classObj = (isa != undefined) ? objc_getClass(className).constructor : objc_getClass(className);
  var methods = class_copyMethodList(classObj, count);

G5t4r

@import com.saurik.substrate.MS
var log = []
NSLog_ = dlsym(RTLD_DEFAULT, "NSLog")
NSLog = function() { var types = 'v', args = [], count = arguments.length; for (var i = 0; i != count; ++i) { types += '@'; args.push(arguments[i]); } new Functor(NSLog_, types).apply(null, args); }

_CFXPCCreateXPCMessageWithCFObject = dlsym(RTLD_DEFAULT, "_CFXPCCreateXPCMessageWithCFObject");
_CFXPCCreateXPCMessageWithCFObject = @encode(void *(NSDictionary * object))(_CFXPCCreateXPCMessageWithCFObject)
_CFXPCCreateXPCMessageWithCFObject_Old ={}

MS.hookFunction(_CFXPCCreateXPCMessageWithCFObject, function(object) {var result =  (*_CFXPCCreateXPCMessageWithCFObject_Old )(object); log.push(object); NSLog("Object>>: " + object); return result}, _CFXPCCreateXPCMessageWithCFObject_Old)

G5t4r

import frida
import sys,os

#frida 12.5.7
device = frida.get_usb_device()
pid = device.spawn(["com.ylc2.qp.Pokermate"])
session = device.attach(pid)
device.resume(pid)
    
# rdev = frida.get_remote_device()

G5t4r

# -*- coding: utf-8 -*-

#for py3  test in py3.7.3

import sys
import struct
import json
import traceback

strings = []

G5t4r

Java.perform(function() {

    var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
        "com.koushikdutta.superuser", "com.thirdparty.superuser", "com.yellowes.su", "com.koushikdutta.rommanager",
        "com.koushikdutta.rommanager.license", "com.dimonvideo.luckypatcher", "com.chelpus.lackypatch",
        "com.ramdroid.appquarantine", "com.ramdroid.appquarantinepro", "com.devadvance.rootcloak", "com.devadvance.rootcloakplus",
        "de.robv.android.xposed.installer", "com.saurik.substrate", "com.zachspong.temprootremovejb", "com.amphoras.hidemyroot",
        "com.amphoras.hidemyrootadfree", "com.formyhm.hiderootPremium", "com.formyhm.hideroot", "me.phh.superuser",
        "eu.chainfire.supersu.pro", "com.kingouser.com"
    ];

G5t4r

# Create the .itmsp folder
mkdir <path to your .itmsp folder>/<name of your .itmsp folder>.itmsp

# Move your .ipa file into the .itmsp folder
cp <path to where your .ipa file is stored> <path to your .itmsp folder>/<name of your .itmsp folder >.itmsp

# Generate the metadata.xml file
fileSize=` stat -f %z <Your .ipa file>`
md5Checksum=`md5 <Your .ipa file>  | cut -d "=" -f 2 | awk '{print $1}'`