Skip to content

Instantly share code, notes, and snippets.

View SeeFlowerX's full-sized avatar

SeeFlowerX SeeFlowerX

549 followers · 311 following
View GitHub Profile
@SeeFlowerX
SeeFlowerX / clash.yaml
Created January 24, 2022 03:24
clash+Charles抓包配置
# (HTTP and SOCKS5 in one port)
mixed-port: 7890
# RESTful API for clash
external-controller: 127.0.0.1:9090
allow-lan: false
mode: global
log-level: info
#bind-address:*
dns:
enable: true
@SeeFlowerX
SeeFlowerX / hook_popen.js
Created February 20, 2022 14:11
打印popen执行结果
function hook_libc(){
let fgets_ptr = Module.findExportByName("libc.so", "fgets");
let fgets = new NativeFunction(fgets_ptr, "pointer", ["pointer", "int", "pointer"]);
let popen_addr = Module.findExportByName("libc.so", "popen");
console.log(`popen_addr => ${popen_addr}`);
Interceptor.attach(popen_addr, {
onEnter: function(args){
let command = args[0].readUtf8String();
let mode = args[1].readUtf8String();
console.log(`[popen] [onEnter] command=${command} mode=${mode}`)
@SeeFlowerX
SeeFlowerX / hook_loadLibrary.js
Created February 21, 2022 01:20
https://github.com/frida/frida-java-bridge/issues/63
Java.perform(function() {
const System = Java.use('java.lang.System');
const Runtime = Java.use('java.lang.Runtime');
const SystemLoad_2 = System.loadLibrary.overload('java.lang.String');
const VMStack = Java.use('dalvik.system.VMStack');
SystemLoad_2.implementation = function(library) {
send("Loading dynamic library => " + library);
try {
const loaded = Runtime.getRuntime().loadLibrary0(VMStack.getCallingClassLoader(), library);
@SeeFlowerX
SeeFlowerX / frida_native_write.js
Last active January 5, 2023 11:23
frida native层写文件
// https://www.cnblogs.com/c-x-a/p/15192821.html
function main(){
write_file1()
write_File2()
}
function write_file1(){
//使用firda的自带api
var file = new File("/data/local/tmp/mytest.dat")
file.write("1234");
file.flush();
@SeeFlowerX
SeeFlowerX / unidbg使用小技巧.md
Created February 27, 2022 06:48

ctx_pointer.getPointer(0x484) 取偏移0x484处的值,将其作为指针返回

ctx_pointer.share(0x484L) 偏移0x484,将其作为指针返回

@SeeFlowerX
SeeFlowerX / daemon.sh
Last active November 11, 2023 04:16
用来保活APP和注入frida js对外提供http服务的脚本
#! /bin/sh
#进程名字可修改
#脚本逻辑 -> 存在端口 pass 不存在则检查小红书在不在 在就注入 否则-f启动或者点击方式启动 然后循环
#用frida加载androidAsync.dex在APP跑了个http服务对外提供接口,PORT是http服务监听的端口,用的是frida-inject注入js
#如果是frida-server那么可以改为用ps判断frida-server在不在
#启动命令 sh -T- /data/local/tmp/daemon.sh
PORT=45459
CURRENT_WINDOW_COUNT=0
PRO_NAME=com.xingin.xhs
@SeeFlowerX
SeeFlowerX / 生成证书并移动到安卓系统证书目录
Created June 2, 2022 06:45
Android MITM Cert
cp mitm.pem `openssl x509 -inform PEM -subject_hash_old -noout -in mitm.pem`.0
mount -o rw,remount /system
mv abcdef00.0 /system/etc/security/cacerts/
chmod 644 /system/etc/security/cacerts/abcdef00.0.0
@SeeFlowerX
SeeFlowerX / 感叹号.md
Created June 23, 2022 14:05 
settings put global captive_portal_https_url https://connect.rom.miui.com/generate_204
settings put global captive_portal_http_url http://connect.rom.miui.com/generate_204
@SeeFlowerX
SeeFlowerX / openssl-frida.js
Created June 30, 2022 04:00 — forked from FrankSpierings/openssl-frida.js
Some OpenSSL hooks in Frida - Work in progress....
const utils = {
colors: {
red: function(string) {
return '\x1b[31m' + string + '\x1b[0m';
},
green: function(string) {
return '\x1b[32m' + string + '\x1b[0m';
},
@SeeFlowerX
SeeFlowerX / Pixel6 编译内核.md
Created July 6, 2022 07:14
Pixel6 编译内核相关的资料