Skip to content

Instantly share code, notes, and snippets.

View apkunpacker's full-sized avatar

ApkUnpacker apkunpacker

569 followers · 85 following
View GitHub Profile
@aemmitt-ns
aemmitt-ns / funtime.js
Last active December 30, 2023 06:26
funtime: detailed objective-c runtime tracing. ex `python funtime.py -n Messages '-[NSRegularExpression *]'`
const typeMap = {
"c": "char",
"i": "int",
"s": "short",
"l": "long",
"q": "long long",
"C": "unsigned char",
"I": "unsigned int",
"S": "unsigned short",
@incogbyte
incogbyte / mixunpin.js
Last active June 29, 2025 09:53
Frida script to bypass common methods of sslpining Android
console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);
/**
* by incogbyte
* Common functions
* thx apkunpacker, NVISOsecurity, TheDauntless
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
* !!! THIS SCRIPT IS NOT A SILVER BULLET !!
@miticollo
miticollo / How-to-build-frida-server-for-ios.md
Last active June 5, 2025 08:16
How to build frida server for iOS jailbroken devices

Here, I'll show you how to compile Frida for both rootfull and rootless jailbreaks.

TL;DR

On Dopamine/Fugu15 Max or palera1n you can add my repo (open the link in your favorite browser on your jailbroken iDevice).

The DEBs you will install are build using the following instructions.

Update 2024-02-29

@eybisi
eybisi / hook_dexloader.js
Last active May 15, 2024 15:11
frida script for hooking loaded classes with the help of dexclassloader init
Java.perform(function(){
let ThreadDef = Java.use('java.lang.Thread');
let ThreadObj = ThreadDef.$new();
function stackTrace() {
console.log('------------START STACK---------------')
let stack = ThreadObj.currentThread().getStackTrace();
for (let i = 0; i < stack.length; i++) {
console.log(i + ' => ' + stack[i].toString());
}
console.log('------------END STACK---------------');
@chrisdmc
chrisdmc / monitorMemory.js
Last active April 17, 2025 03:08
Frida MemoryAccessMonitor that auto-renews on access
function monitorMemory(base, length, interceptedInstructions = new Set()) {
const baseAddress = ptr(base.toString());
MemoryAccessMonitor.enable({base: baseAddress, size: length}, {
onAccess: function(details) {
let baseOffset = details.address.sub(baseAddress);
console.log(`${details.address} (offset in range ${baseAddress} = ${baseOffset}) accessed for ${details.operation} from address ${DebugSymbol.fromAddress(details.from)}. Page ${details.pageIndex + 1} of ${details.pagesTotal}`);
let instruction = Instruction.parse(details.from);
const nextInstr = ptr(instruction.next.toString());
if (interceptedInstructions.has(nextInstr.toString())) {
return;
@talaviram
talaviram / add_debug_entitlement.sh
Last active July 9, 2025 18:00
Simple Utility Script for allowing debug of hardened macOS apps.
#! /bin/bash
# Simple Utility Script for allowing debug of hardened macOS apps.
# This is useful mostly for plug-in developer that would like keep developing without turning SIP off.
# Credit for idea goes to (McMartin): https://forum.juce.com/t/apple-gatekeeper-notarised-distributables/29952/57?u=ttg
# Update 2022-03-10: Based on Fabian's feedback, add capability to inject DYLD for sanitizers.
#
# Please note:
# - Modern Logic (on M1s) uses `AUHostingService` which resides within the system thus not patchable and REQUIRES to turn-off SIP.
# - Some hosts uses separate plug-in scanning or sandboxing.
# if that's the case, it's required to patch those (if needed) and attach debugger to them instead.