Created
September 4, 2024 10:50
-
-
Save cyberheartmi9/5826149e92e50315cdd31c3b4ae1ac07 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Java.perform(() => { | |
| var inc = 0; | |
| function waitForLibrary(name, callback) { | |
| var lib = null; | |
| var interval = setInterval(() => { | |
| try { | |
| lib = Module.ensureInitialized(name); | |
| console.log(`[+] ${name} is loaded`); | |
| clearInterval(interval); | |
| callback(); | |
| } catch (e) { | |
| console.log(`[+] Waiting for ${name} to be loaded...`); | |
| } | |
| }, 100); // Check every 100ms | |
| } | |
| waitForLibrary("libkonyjsvm.so", () => { | |
| Interceptor.attach(Module.getExportByName("libkonyjsvm.so", "lzf"), { | |
| onEnter: function(args) { | |
| console.log("[+] Hooked zip files!"); | |
| this.zipfiles = args[2]; | |
| this.ziplength = args[3]; | |
| }, | |
| onLeave: function(retval) { | |
| send("================"); | |
| console.log("zip files length", this.ziplength); | |
| var readzipfiles = Memory.readByteArray(this.zipfiles, this.ziplength.toInt32()); | |
| var file = new File("/data/data/com.victim.app/" + inc + ".zip", "w"); | |
| inc += 1; | |
| file.write(readzipfiles); | |
| } | |
| }); | |
| }); | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment