SeeFlowerX SeeFlowerX

从人海走到你面前，然后离开。

495 followers · 294 following

China
https://blog.seeflower.dev/

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

SeeFlowerX / build.bat

Created April 17, 2024 05:58

ndk + cmake on Windows

	@echo on

	set PATH=%PATH%;C:\Users\....\AppData\Local\Android\Sdk\cmake\3.22.1\bin
	set ANDROID_NDK=C:/Users/..../AppData/Local/Android/Sdk/ndk/25.1.8937393

	mkdir build
	cd build

	cmake -DCMAKE_TOOLCHAIN_FILE=%ANDROID_NDK%/build/cmake/android.toolchain.cmake ^
	-DANDROID=1 ^

SeeFlowerX / iptables.sh

Created December 4, 2023 05:48

iptables + clash透明代理

	#!/system/bin/sh

	set -ex

	# ENABLE ipv4 forward
	sysctl -w net.ipv4.ip_forward=1

	# DISABLE ipv6
	sysctl -w net.ipv6.conf.all.disable_ipv6=1
	sysctl -w net.ipv6.conf.default.disable_ipv6=1

SeeFlowerX / wasm逆向的资料收集.md

Created August 9, 2023 06:52

SeeFlowerX / 脚本.md

Created July 19, 2023 02:19

宿主机和虚拟机同时使用adb + 右键菜单

vm_adb.reg 下面的路径要根据自己放的位置改下

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory\Background\shell\OpenBat]
@="vm_adb"

[HKEY_CLASSES_ROOT\Directory\Background\shell\OpenBat\command]
@="cmd /c D: &amp;&amp; cd D:\\ &amp;&amp; vm_adb.vbs"

SeeFlowerX / objectdump.js

Last active March 27, 2024 02:35

参考了Wallbreaker，把全部父类的的field也打印了，可以直接在hook脚本接入，不需要额外代码

	function log(msg) {
	console.log(msg);
	}

	let handleCache = [];

	function getRealClassName(object) {
	const objClass = Java.use("java.lang.Object").getClass.apply(object);
	return Java.use("java.lang.Class").getName.apply(objClass)
	}

SeeFlowerX / poc_frida_bug.js

Created May 26, 2023 08:45

使用Java.retain出现了非常诡异的现象，最后发现是因为没有把Java.retain的结果赋值给全局变量导致的...

	function log(msg) {
	console.log(msg);
	}

	function getRealClassNameByHandle (handle) {
	let obj = Java.use("java.lang.Object");
	log(`[getRealClassNameByHandle] obj => ${obj}`);
	let jObject = Java.cast(ptr(handle), obj);
	log(`[getRealClassNameByHandle] jObject => ${jObject}`);
	let objClass = jObject.getClass();

SeeFlowerX / LLDB动态调试步骤.md

Last active May 11, 2023 13:58

和IDA类似，记录一些内容

全局调试，root下

magisk resetprop ro.debuggable 1
stop
start

SeeFlowerX / IDA动态调试步骤.md

Last active May 8, 2023 01:54

IDA动态调试步骤

    将dbgsrv/android_server64推送到/data/local/tmp
adb push android_server64 /data/local/tmp/ida_android_server64
授予权限
adb shell chmod +x /data/local/tmp/ida_android_server64

  

SeeFlowerX / crash.log

Created April 23, 2023 15:26

微信二维码扫描崩溃堆栈，测试版本：weixin8016android2040_arm64.apk

	04-23 23:23:31.322 10756 10756 F DEBUG : * * * * * * * * * * * * * * * *
	04-23 23:23:31.322 10756 10756 F DEBUG : Build fingerprint: 'google/flame/flame:11/RQ3A.210805.001.A1/7474174:user/release-keys'
	04-23 23:23:31.322 10756 10756 F DEBUG : Revision: 'MP1.0'
	04-23 23:23:31.322 10756 10756 F DEBUG : ABI: 'arm64'
	04-23 23:23:31.323 10756 10756 F DEBUG : Timestamp: 2023-04-23 23:23:31+0800
	04-23 23:23:31.323 10756 10756 F DEBUG : pid: 10736, tid: 10736, name: main >>> ./wxharness <<<
	04-23 23:23:31.323 10756 10756 F DEBUG : uid: 0
	04-23 23:23:31.323 10756 10756 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
	04-23 23:23:31.323 10756 10756 F DEBUG : Cause: null pointer dereference
	04-23 23:23:31.323 10756 10756 F DEBUG : x0 b4000075d0d7c48f x1 0000000000000000 x2 0000000000000001 x3 616600474f4c5241

SeeFlowerX / InMemoryDexClassLoaderFactory.java

Created March 29, 2023 03:11 — forked from vvb2060/InMemoryDexClassLoaderFactory.java

	import android.app.AppComponentFactory;
	import android.content.pm.ApplicationInfo;
	import android.util.Log;

	import java.io.IOException;
	import java.nio.ByteBuffer;
	import java.nio.channels.Channels;
	import java.util.ArrayList;
	import java.util.List;
	import java.util.zip.ZipFile;

NewerOlder