Skip to content

Instantly share code, notes, and snippets.

View eybisi's full-sized avatar
👀
hooking functions

eyb eybisi

👀
hooking functions
236 followers · 131 following
View GitHub Profile
@eybisi
eybisi / del.js
Created March 29, 2021 13:31
Java.perform(function() {
var f = Java.use("java.io.File")
f.delete.implementation = function(a){
console.log("[+] Delete catched =>" +this.getAbsolutePath())
return true
}
})
@eybisi
eybisi / darkcon_fire_in_the_androiddd.js
Created February 21, 2021 10:32
// send following command to trigger
// adb shell 'am broadcast -a flag_checker --es flag "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -n com.application.darkcon/com.application.darkcon.MyReceiver'
var flag = ""
var looper = Module.getExportByName("libnative-lib.so","_Z6looperj")
var nlib = Module.getBaseAddress("libnative-lib.so")
function bytes2hex(array) {
array = Java.array('byte',array)
@eybisi
eybisi / hook_dexloader.js
Last active May 15, 2024 15:11
frida script for hooking loaded classes with the help of dexclassloader init
Java.perform(function(){
let ThreadDef = Java.use('java.lang.Thread');
let ThreadObj = ThreadDef.$new();
function stackTrace() {
console.log('------------START STACK---------------')
let stack = ThreadObj.currentThread().getStackTrace();
for (let i = 0; i < stack.length; i++) {
console.log(i + ' => ' + stack[i].toString());
}
console.log('------------END STACK---------------');
@eybisi
eybisi / ra2.ts
Last active December 4, 2020 18:54
var DEBUG = false
console.log('Starting ..')
const YourCountry = 'Americans'
const HACKS = ['Cost','BuildTime','Armor','income','speed','firepower']
function processCountry(rawCountry: NativePointer) {
const buffer = rawCountry.readByteArray(0x1A9);
@eybisi
eybisi / index.ts
Last active November 17, 2024 23:40
frida script to find imposter (amongus 2020.9.9 arm64-v8a)
import { log } from "./logger";
import { AssertionError } from "assert";
const libil2cpp = Process.getModuleByName("libil2cpp.so");
const libil2cppb = libil2cpp.base;
const playerinfo_serialize = libil2cppb.add(0x6c2e30);
const playerinfo_deserialize = libil2cppb.add(0x6c316c);
console.log("Starting script..");
function readString(pointr:NativePointer){
@eybisi
eybisi / luac.ksy
Last active July 26, 2021 07:54
Lua5.1 bytecode kaitai struct file
meta:
id: luac
file-extension: luac
endian: le
seq:
- id: file_header
type: header
- id: top_level_function
type: function
@eybisi
eybisi / frida.vim
Last active February 19, 2025 22:25
vim frida codeblock builder
command! -nargs=+ FridaV call FridaV(<f-args>)
command! -nargs=+ Frida call Frida(<f-args>)
function! FridaV( ... )
let class = split(a:1,"\\V.")
let last = class[len(class)-1]
let S = ":normal i"
let S .= "\tvar %s = Java.use(\"%s\")\n"
execute printf(S,last,a:1)
call Frida(last,a:2,a:3)
@eybisi
eybisi / hooky.js
Created April 18, 2020 20:59
hookymooky.js
// install package with adb install package.name
// do not open application
// use -f force option
// frida -U -f package.name -l del.js
Java.perform(function() {
var ssl = Java.use("k.x$b")
var channel = Java.use("f.e.c.b.g.f.g.a.c")
var Integer = Java.use("java.lang.Integer");
var ArrayList = Java.use("java.util.ArrayList");
var ArrayList = Java.use("java.util.ArrayList");
@eybisi
eybisi / solv_strings.py
Last active February 22, 2020 08:15
cerberus string decryption,
import sys
from Crypto.Cipher import ARC4
import base64
f = open(sys.argv[1],"r")
r = f.readlines()
for l in r:
c = ARC4.new(l[:12].encode("utf8"))
h = base64.b64decode(l[12:-1]).decode("utf-8")
@eybisi
eybisi / remove_app.sh
Created February 12, 2020 12:32
bash script to remove apps easily
arr=($(adb shell "ls /data/app" | tr "\r\n" " " | sed 's/-[0-9]//g') "Quit")
echo "It's time to choose"
select opt in "${arr[@]}";do
case $opt in
"Quit")
break
esac
re='^[0-9]+$'
if ! [[ $REPLY =~ $re ]]; then