System directories
| Method | Result |
|---|---|
| Environment.getDataDirectory() | /data |
| Environment.getDownloadCacheDirectory() | /cache |
| Environment.getRootDirectory() | /system |
External storage directories
enovella
/ DexGuardStringDecoder.java
Created
February 4, 2016 22:45
— forked from AKosterin/DexGuardStringDecoder.java
JEB Plugin for decrypt DexGuard encrypted Strings.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import jeb.api.IScript; | |
| import jeb.api.JebInstance; | |
| import jeb.api.ast.*; | |
| import jeb.api.ast.Class; | |
| import jeb.api.dex.Dex; | |
| import jeb.api.dex.DexCodeItem; | |
| import jeb.api.dex.DexFieldData; | |
| import jeb.api.dex.DexMethod; | |
| import jeb.api.ui.JavaView; | |
| import jeb.api.ui.View; |
enovella
/ mixunpin.js
Created
December 13, 2022 16:16
— forked from incogbyte/mixunpin.js
Frida script to bypass common methods of sslpining Android
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| console.log("[*] SSL Pinning Bypasses"); | |
| console.log(`[*] Your frida version: ${Frida.version}`); | |
| console.log(`[*] Your script runtime: ${Script.runtime}`); | |
| /** | |
| * by incogbyte | |
| * Common functions | |
| * thx apkunpacker, NVISOsecurity, TheDauntless | |
| * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that. | |
| * !!! THIS SCRIPT IS NOT A SILVER BULLET !! |
enovella
/ EachDirectoryPath.md
Created
September 13, 2023 10:22
— forked from granoeste/EachDirectoryPath.md
[Android] How to get the each directory path.
enovella
/ simpleceptor-arm.ts
Created
September 17, 2023 17:51
— forked from oleavr/simpleceptor-arm.ts
Simplified Interceptor reimplemented in TypeScript
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const THUMB_HOOK_REDIRECT_SIZE = 8; | |
| const THUMB_BIT_REMOVAL_MASK = ptr(1).not(); | |
| const trampolines: NativePointer[] = []; | |
| const replacements: NativePointer[] = []; | |
| export function makeTrampoline(target: NativePointer): NativePointer { | |
| const targetAddress = target.and(THUMB_BIT_REMOVAL_MASK); | |
| const trampoline = Memory.alloc(Process.pageSize); |
enovella
/ zshield_notes.md
Created
August 16, 2024 16:01
— forked from DavidBuchanan314/zshield_notes.md
Newer versions of the Rabbit R1's APK are protected by https://www.zimperium.com/zshield/ (I don't know this for certain, somebody told me it is but I haven't really seen any identifying marks in the code yet)
Interesting assets within the APK:
lib/arm64-v8a/liboptipkawfn.so ~3MB packed/encrypted ELF
assets/optipkawfn/0.odex only 41 bytes (EDIT: I think this is part of an asset obfuscation scheme, the real file contents are likely elsewhere - inside the .szip maybe?)
assets/optipkawfn.szip ~8MB - I predict containing encrypted+compressed bytecode