- https://forum.xda-developers.com/t/kernel-radioactive-kernel-v1-1-9-a12l-2022-06-09-unified-pixel6-pixel6pro.4375933/
- https://forum.xda-developers.com/t/how-to-compile-and-run-custom-kernel-for-pixel-6.4374557/#post-86090363
- https://forum.xda-developers.com/t/kernel-08-06-2022-android-12-1-0-kirisakura-3-0-1-for-pixel-6-pro-aka-raviole.4358435/
SeeFlowerX SeeFlowerX
SeeFlowerX
/ hook_snprintf_with_filter.js
Last active
December 28, 2022 07:06
有时候想hook一下libc中的函数,但是调用太多分不出来,我们可以使用lr来判断,通过下面的typescript脚本实现了对来自特定so特定偏移的调用;如果要直接获取lr信息,可以使用get_lr_info
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 有时候想hook一下libc中的函数,但是调用太多分不出来,我们可以使用lr来判断,通过下面的typescript脚本实现了对来自特定so特定偏移的调用 | |
| function hook_snprintf(){ | |
| let libc = Process.getModuleByName("libc.so"); | |
| let libdemo = Process.getModuleByName("libdemo.so"); | |
| let symbol = "snprintf"; | |
| let symbol_addr = libc.getExportByName(symbol); | |
| log(`[${symbol}_addr] ${symbol_addr}`); | |
| Interceptor.attach(symbol_addr, { | |
| onEnter: function(args){ | |
| this.result = args[0]; |
SeeFlowerX
/ gen_frida.py
Last active
April 22, 2024 05:59
IDA插件,用于生成 frida hook 代码,放入plugins目录后,手动在插件菜单激活然后右键双击、选中释放;或者直接在汇编界面右键使用,选择GenFrida
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from typing import TYPE_CHECKING | |
| if TYPE_CHECKING: | |
| from ida_hexrays import cfunc_t | |
| from ida_kernwin import view_mouse_event_t | |
| import idc | |
| import idaapi | |
| import ida_lines |
SeeFlowerX
/ disable-flutter-tls.js
Created
August 19, 2022 02:39
https://github.com/NVISOsecurity/disable-flutter-tls-verification/blob/main/disable-flutter-tls.js
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| A Frida script that disables Flutter's TLS verification | |
| This script works on Android x86, Android x64 and iOS x64. It uses pattern matching to find [ssl_verify_peer_cert in handshake.cc](https://github.com/google/boringssl/blob/master/ssl/handshake.cc#L323) | |
| If the script can't find ssl_verify_peer_cert, please create an issue at https://github.com/NVISOsecurity/disable-flutter-tls-verification/issues | |
| */ | |
| var TLSValidationDisabled = false; | |
| var secondRun = false; | |
| if (Java.available) { | |
| console.log("[+] Java environment detected"); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function get_call_function() { | |
| var call_function_addr = null; | |
| var symbols = Process.getModuleByName("linker").enumerateSymbols(); | |
| for (var m = 0; m < symbols.length; m++) { | |
| if (symbols[m].name == "__dl__ZL13call_functionPKcPFviPPcS2_ES0_") { | |
| call_function_addr = symbols[m].address; | |
| console.log("found call_function_addr => ", call_function_addr) | |
| hook_call_function(call_function_addr) | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| from pathlib import Path | |
| import idautils | |
| import ida_nalt | |
| def get_libc_import(): | |
| info = {} | |
| nimps = ida_nalt.get_import_module_qty() |
SeeFlowerX
/ gist:b82dd134bb3b19a5e2668cafd92af8da
Created
July 11, 2022 06:23
— forked from floyd-fuh/gist:7a7d4c4aa0d479a1562feb962a579448
Automate fix on https://httptoolkit.tech/blog/chrome-android-certificate-transparency/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # see https://httptoolkit.tech/blog/chrome-android-certificate-transparency/ | |
| # put your Burp cacert.der in the current working directory! | |
| FINGERPRINT=`openssl x509 -in cacert.der -inform der -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64` | |
| echo "chrome --ignore-certificate-errors-spki-list=$FINGERPRINT" > chrome.sh | |
| adb push chrome.sh /data/local/tmp/chrome.sh | |
| adb shell su -c cp /data/local/tmp/chrome.sh /data/local/chrome-command-line | |
| adb shell su -c cp /data/local/tmp/chrome.sh /data/local/android-webview-command-line |
SeeFlowerX
/ openssl-frida.js
Created
June 30, 2022 04:00
— forked from FrankSpierings/openssl-frida.js
Some OpenSSL hooks in Frida - Work in progress....
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const utils = { | |
| colors: { | |
| red: function(string) { | |
| return '\x1b[31m' + string + '\x1b[0m'; | |
| }, | |
| green: function(string) { | |
| return '\x1b[32m' + string + '\x1b[0m'; | |
| }, |
SeeFlowerX
/ 感叹号.md
Created
June 23, 2022 14:05
settings put global captive_portal_https_url https://connect.rom.miui.com/generate_204
settings put global captive_portal_http_url http://connect.rom.miui.com/generate_204
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cp mitm.pem `openssl x509 -inform PEM -subject_hash_old -noout -in mitm.pem`.0 | |
| mount -o rw,remount /system | |
| mv abcdef00.0 /system/etc/security/cacerts/ | |
| chmod 644 /system/etc/security/cacerts/abcdef00.0.0 |