apkunpacker

// dump classes and selectors forbidden in NSPredicates
// `cc -framework Foundation -o restricted restricted.m`
#import <Foundation/Foundation.h>
#import <dlfcn.h>

int main() {
    void *cf = dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", 0);
    NSDictionary* (*RestrictedClasses)() = dlsym(cf, "_CFPredicatePolicyRestrictedClasses");
    NSDictionary* (*RestrictedSelectors)() = dlsym(cf, "_CFPredicatePolicyRestrictedSelectors");
    NSLog(@"Restricted Selectors: %@", RestrictedSelectors());

apkunpacker

import threading

from frida_tools.application import Reactor

import frida


class Application:
    def __init__(self):
        self._stop_requested = threading.Event()

apkunpacker

#!/usr/bin/env python3
import json

import frida
from frida.core import Device, Session, Script, ScriptExportsSync

compiler: frida.Compiler = frida.Compiler()
compiler.on("diagnostics", lambda diag: print(f"on_diagnostics: {diag}"))
bundle: str = compiler.build('permissions.ts', compression='terser')

apkunpacker

Here, I'll show you how to compile Frida for both rootfull and rootless jailbreaks.

Requirements

• Make sure you have:
  • Python 3 in your PATH
  • Node.js in your PATH
  • ldid in your PATH

macOS

apkunpacker

How to use O-MVLL with WSL for Android projects

• Use this guide to integrate the O-MVLL obfuscator using WSL and command line
• The guide has two parts, the first one explains the installation of Android build tools, the second part presents all the adjustments I needed to make to standard O-MVLL integration process (https://obfuscator.re/omvll/introduction/getting-started/). Read that 'Getting started' guide first.

Preparing the WSL for commandline Android development

Based on this article https://dev.to/halimsamy/wsl-for-developers-installing-the-android-sdk-53n9

Installing OpenJDK and Gradle

sudo apt-get update

apkunpacker

/**
 * Sleep
 */
async function sleep(seconds = 0) {
 await new Promise(r => setTimeout(r, seconds * 1000))
}


/**
 * Logging function, reads null terminated string from address in line.

apkunpacker

function monitorMemory(base, length, interceptedInstructions = new Set()) {
    const baseAddress = ptr(base.toString());
    MemoryAccessMonitor.enable({base: baseAddress, size: length}, {
        onAccess: function(details) {
            let baseOffset = details.address.sub(baseAddress);
            console.log(`${details.address} (offset in range ${baseAddress} = ${baseOffset}) accessed for ${details.operation} from address ${DebugSymbol.fromAddress(details.from)}. Page ${details.pageIndex + 1} of ${details.pagesTotal}`);
            let instruction = Instruction.parse(details.from);
            const nextInstr = ptr(instruction.next.toString());
            if (interceptedInstructions.has(nextInstr.toString())) {
                return;

apkunpacker

echo ""
echo "************ Github Dork Links (must be logged in) *******************"
echo ""
echo "  password"
echo "https://github.com/search?q="hackertarget.site"+password&type=Code"
echo "https://github.com/search?q=""hackertarget""+password&type=Code"
echo ""
echo " npmrc _auth"

apkunpacker

const typeMap = {
    "c": "char",
    "i": "int",
    "s": "short",
    "l": "long",
    "q": "long long",
    "C": "unsigned char",
    "I": "unsigned int",
    "S": "unsigned short",

apkunpacker

console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);

/**
 * by incogbyte
 * Common functions 
 * thx apkunpacker, NVISOsecurity, TheDauntless
 * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
 * !!! THIS SCRIPT IS NOT A SILVER BULLET !!