Skip to content

Instantly share code, notes, and snippets.

View SeeFlowerX's full-sized avatar

SeeFlowerX SeeFlowerX

550 followers · 311 following
View GitHub Profile
@SeeFlowerX
SeeFlowerX / frida异常处理.md
Created January 5, 2022 01:32
frida magisk problem 
setprop persist.device_config.runtime_native.usap_pool_enabled false
@SeeFlowerX
SeeFlowerX / UI信息.md
Created December 16, 2021 02:13
@SeeFlowerX
SeeFlowerX / patch.js
Created November 29, 2021 14:25
jnitrace patch 避免APP卡死
Interceptor.attach(dlopenRef, {
onEnter:function(args){
this.path = args[0].readCString();
},onLeave:function(retval){
if (this.path != null) {
if (checkLibrary(this.path)) {
trackedLibs.set(retval.toString(), true);
}
else {
libBlacklist.set(retval.toString(), true);
@SeeFlowerX
SeeFlowerX / tree.txt
Created November 27, 2021 17:17
build folder tree of qemu dependency library
.
├── [4.0K] bin
│   ├── [ 24K] autopoint
│   ├── [125K] envsubst
│   ├── [ 28K] gapplication
│   ├── [ 81K] gdbus
│   ├── [2.0K] gdbus-codegen
│   ├── [121K] gettext
│   ├── [ 42K] gettextize
│   ├── [4.5K] gettext.sh
@SeeFlowerX
SeeFlowerX / error.log
Created November 23, 2021 10:03
11-23 18:02:50.363 22621 22621 F art : art/runtime/indirect_reference_table.cc:82] JNI ERROR (app bug): accessed stale Local 0x55847a90ad (index 42027 in a table of size 209)
11-23 18:02:50.386 22621 22621 F art : art/runtime/runtime.cc:438] Runtime aborting...
11-23 18:02:50.386 22621 22621 F art : art/runtime/runtime.cc:438] Aborting thread:
11-23 18:02:50.386 22621 22621 F art : art/runtime/runtime.cc:438] "main" prio=5 tid=1 Runnable
11-23 18:02:50.386 22621 22621 F art : art/runtime/runtime.cc:438] | group="" sCount=0 dsCount=0 obj=0x12c041f0 self=0x7f942cba00
11-23 18:02:50.386 22621 22621 F art : art/runtime/runtime.cc:438] | sysTid=22621 nice=0 cgrp=default sched=0/0 handle=0x7f94b2cab0
11-23 18:02:50.386 22621 22621 F art : art/runtime/runtime.cc:438] | state=R schedstat=( 682180112 4030261 62 ) utm=49 stm=19 core=6 HZ=100
11-23 18:02:50.386 22621 22621 F art : art/runtime/runtime.cc:438] | stack=0x7fde1a8000-0x7fde1aa000 stackSize=8MB
11-23 18:02:50.386 22621
@SeeFlowerX
SeeFlowerX / calltest.js
Created November 23, 2021 03:33
验证hook NativeFunction原地址后,再通过NativeFunction对象调用是否会陷入死循环。结果:会。
let gettid_ptr = Module.getExportByName(null, 'gettid');
let my_gettid = new NativeFunction(gettid_ptr, 'int', []);
Interceptor.attach(gettid_ptr, {
onEnter: function (args) {
console.log(`ddddhm`);
}
});
let jnienv_addr = Java.vm.getEnv().handle.readPointer();
let findclass_addr = jnienv_addr.add(6 * Process.pointerSize).readPointer();
@SeeFlowerX
SeeFlowerX / qbdi_android.cpp
Created November 22, 2021 01:52 — forked from romainthomas/qbdi_android.cpp
QBDI API example
#include <iostream>
#include <iomanip>
#include <cstdlib>
#include <cstdint>
#include <cstring>
#include <jni.h>
#include <set>
#include "LIEF/ELF.hpp"
@SeeFlowerX
SeeFlowerX / UiccUnlock.cpp
Created November 19, 2021 07:12 — forked from tewilove/UiccUnlock.cpp
#include <android/log.h>
#include <jni.h>
#include <binder/Binder.h>
#include <binder/Parcel.h>
#include <binder/IServiceManager.h>
#include <dlfcn.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
@SeeFlowerX
SeeFlowerX / fuzzing.md
Created November 19, 2021 06:35
fuzz资料
@SeeFlowerX
SeeFlowerX / dx_jar2dex.bat
Last active June 13, 2022 15:45
将此bat放入Android Sdk的build-tools/{版本号}文件夹下 然后把jar拖到bat上即可转换到dex,原dx.bat逻辑和命令有问题,改了下方便转换,记得修改JAVA_HOME。
@echo off
setlocal
set prog=%~f0
set JAVA_HOME=C:\Users\see\Documents\android-studio\jre
set java_exe=%JAVA_HOME%\bin\java.exe
set jarfile=dx.jar