Skip to content

Instantly share code, notes, and snippets.

View apkunpacker's full-sized avatar

ApkUnpacker apkunpacker

632 followers · 103 following
View GitHub Profile
@apkunpacker
apkunpacker / monitorMemory.js
Created February 9, 2023 05:04 — forked from chrisdmc/monitorMemory.js
Frida MemoryAccessMonitor that auto-renews on access
function monitorMemory(base, length, interceptedInstructions = new Set()) {
const baseAddress = ptr(base.toString());
MemoryAccessMonitor.enable({base: baseAddress, size: length}, {
onAccess: function(details) {
let baseOffset = details.address.sub(baseAddress);
console.log(`${details.address} (offset in range ${baseAddress} = ${baseOffset}) accessed for ${details.operation} from address ${DebugSymbol.fromAddress(details.from)}. Page ${details.pageIndex + 1} of ${details.pagesTotal}`);
let instruction = Instruction.parse(details.from);
const nextInstr = ptr(instruction.next.toString());
if (interceptedInstructions.has(nextInstr.toString())) {
return;
@apkunpacker
apkunpacker / sslkeylogger.js
Created February 9, 2023 11:24 — forked from vadim-a-yegorov/sslkeylogger.js
/**
* Sleep
*/
async function sleep(seconds = 0) {
await new Promise(r => setTimeout(r, seconds * 1000))
}
/**
* Logging function, reads null terminated string from address in line.
@apkunpacker
apkunpacker / How to use O-MVLL with WSL for Android projects.md
Created March 11, 2023 17:39 — forked from SirionRazzer/How to use O-MVLL with WSL for Android projects.md

How to use O-MVLL with WSL for Android projects

  • Use this guide to integrate the O-MVLL obfuscator using WSL and command line
  • The guide has two parts, the first one explains the installation of Android build tools, the second part presents all the adjustments I needed to make to standard O-MVLL integration process (https://obfuscator.re/omvll/introduction/getting-started/). Read that 'Getting started' guide first.

Preparing the WSL for commandline Android development

Based on this article https://dev.to/halimsamy/wsl-for-developers-installing-the-android-sdk-53n9

Installing OpenJDK and Gradle

sudo apt-get update
@apkunpacker
apkunpacker / How-to-build-frida-server-for-ios.md
Created March 30, 2023 04:16 — forked from miticollo/How-to-build-frida-server-for-ios.md
How to build frida server for iOS jailbroken devices

Here, I'll show you how to compile Frida for both rootfull and rootless jailbreaks.

Requirements

macOS

@apkunpacker
apkunpacker / permissions.py
Created May 9, 2023 01:57 — forked from miticollo/permissions.py
A frida agent to reset all permissions on specific app. This work is based on https://github.com/FouadRaheb/AppData.
#!/usr/bin/env python3
import json
import frida
from frida.core import Device, Session, Script, ScriptExportsSync
compiler: frida.Compiler = frida.Compiler()
compiler.on("diagnostics", lambda diag: print(f"on_diagnostics: {diag}"))
bundle: str = compiler.build('permissions.ts', compression='terser')
@apkunpacker
apkunpacker / child-gating.py
Created May 12, 2023 01:50 — forked from miticollo/child-gating.py
A gist to show an example
import threading
from frida_tools.application import Reactor
import frida
class Application:
def __init__(self):
self._stop_requested = threading.Event()
@apkunpacker
apkunpacker / restricted.m
Created May 19, 2023 14:25 — forked from aemmitt-ns/restricted.m
program to dump out forbidden classes and selectors in NSPredicates
// dump classes and selectors forbidden in NSPredicates
// `cc -framework Foundation -o restricted restricted.m`
#import <Foundation/Foundation.h>
#import <dlfcn.h>
int main() {
void *cf = dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", 0);
NSDictionary* (*RestrictedClasses)() = dlsym(cf, "_CFPredicatePolicyRestrictedClasses");
NSDictionary* (*RestrictedSelectors)() = dlsym(cf, "_CFPredicatePolicyRestrictedSelectors");
NSLog(@"Restricted Selectors: %@", RestrictedSelectors());
@apkunpacker
apkunpacker / add_debug_entitlement.sh
Created May 24, 2023 14:58 — forked from talaviram/add_debug_entitlement.sh
Simple Utility Script for allowing debug of hardened macOS apps.
#! /bin/bash
# Simple Utility Script for allowing debug of hardened macOS apps.
# This is useful mostly for plug-in developer that would like keep developing without turning SIP off.
# Credit for idea goes to (McMartin): https://forum.juce.com/t/apple-gatekeeper-notarised-distributables/29952/57?u=ttg
# Update 2022-03-10: Based on Fabian's feedback, add capability to inject DYLD for sanitizers.
#
# Please note:
# - Modern Logic (on M1s) uses `AUHostingService` which resides within the system thus not patchable and REQUIRES to turn-off SIP.
# - Some hosts uses separate plug-in scanning or sandboxing.
# if that's the case, it's required to patch those (if needed) and attach debugger to them instead.
@apkunpacker
apkunpacker / example.txt
Created July 14, 2023 03:58 — forked from jevinskie/example.txt
xnu-unsuspend
jevin@wombat [22:32:18] [~/code/mac/widget/xnu_unsuspend] [main *]
-> % sudo taskinfo 'Deliveries Widget'
process: "Deliveries Widget" [30145] [unique ID: 1220404]
architecture: arm64
coalition (type 0) ID: 105936
coalition (type 1) ID: 591
suspend count: 1
virtual bytes: 389.40 GB; phys_footprint bytes: 8.92 MB; phys_footprint lifetime maximum bytes: 8.92 MB
run time: 42 s
user/system time (current threads): 0.046565 s / 0.036279 s
@apkunpacker
apkunpacker / CorePatchDetector.kt
Created August 3, 2023 16:11 — forked from 5ec1cff/CorePatchDetector.kt
CorePatch detector
package io.github.a13e300.demo.maho
import android.app.PendingIntent
import android.content.BroadcastReceiver
import android.content.Context
import android.content.Intent
import android.content.IntentFilter
import android.content.pm.PackageInstaller
import android.content.pm.PackageInstaller.EXTRA_STATUS
import android.content.pm.PackageInstaller.STATUS_PENDING_USER_ACTION