Created
November 2, 2018 06:25
-
-
Save d3vilbug/41deacfe52a476d68d6f21587c5f531d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from __future__ import print_function | |
| import frida | |
| import sys | |
| import json | |
| import time | |
| def on_message(message, payload): | |
| if(message['type'] == 'send'): | |
| rec_data = json.loads(message['payload']) | |
| if rec_data['my_type'] == 'IV': | |
| print("[$] IvParameterSpec :: {}".format(payload.decode('utf-8'))) | |
| elif rec_data['my_type'] == 'KEY': | |
| print("[$] SecretSpecKey :: {}".format(payload.decode('utf-8'))) | |
| else: | |
| print(message) | |
| else: | |
| print(message) | |
| js_code = """ | |
| console.log("Script loaded"); | |
| Java.perform(function x() { | |
| //hooking SecretKeySpec's constructor to get the SecretKeySpec | |
| var secret_key_spec = Java.use("javax.crypto.spec.SecretKeySpec"); | |
| secret_key_spec.$init.overload("[B", "java.lang.String").implementation = function (x, y) { | |
| send('{"my_type" : "KEY"}', new Uint8Array(x)); | |
| return this.$init(x, y); | |
| } | |
| //hooking IvParameterSpec's constructor to get the IV | |
| var iv_parameter_spec = Java.use("javax.crypto.spec.IvParameterSpec"); | |
| iv_parameter_spec.$init.overload("[B").implementation = function (x) { | |
| send('{"my_type" : "IV"}', new Uint8Array(x)); | |
| return this.$init(x); | |
| } | |
| }); | |
| """ | |
| # device = frida.get_usb_device() | |
| # pid = device.spawn(["com.example.a11x256.frida_test"]) | |
| # device.resume(pid) | |
| # time.sleep(1) | |
| # session = device.attach(pid) | |
| session = frida.get_usb_device().attach('com.example.a11x256.frida_test') | |
| script = session.create_script(js_code) | |
| script.on("message", on_message) | |
| script.load() | |
| sys.stdin.read() |
Hello,
I found a bypass for *AES/CBC/PKCS5Padding*, now I'm trying to reverse
engine a new application that is may using *AES/CBC/PKCS7Padding *or
*AES/GCM/NoPadding*
do have an idea, I've texted you on twitter, I really need a help from an
expert like you
thanks
…On Wed, Nov 17, 2021 at 7:52 PM Abdul Wahab ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
Hi @Mr4FX <https://github.com/Mr4FX>
You can find the updated script from my blog post
https://n00b.sh/posts/aes-killer-mobile-app-demo/
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<https://gist.github.com/41deacfe52a476d68d6f21587c5f531d#gistcomment-3965814>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AK4TIBWOA3JR3T2Y4XQDHOTUMP2WTANCNFSM4I7INMKA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
Ohhh sorry, haven't noticed. Responding on twitter
The python code at link: https://11x256.github.io/Frida-hooking-android-part-5/
shows below error: \\\frida-AES-KEY-Script> .\frida-get-AES-keys_1.py File "D:\Android Testing Stuff\frida-AES-KEY-Script\frida-get-AES-keys_1.py", line 16 print "Key sent to SecretKeySpec()", payload.encode("hex")
moved to here
https://infosec-blog.com/frida/android-reversing/Frida-hooking-android-part-5/
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi @Mr4FX
You can find the updated script from my blog post https://n00b.sh/posts/aes-killer-mobile-app-demo/