harshitm98 · January 1, 2020 14:11
diff --git a/flag1-capture.py b/flag1-capture.py
 import frida, sys

 def append_zero(hex):
 	if len(hex) == 1:
 		return '0'+hex
 	return hex

 def on_message(message, data):
 	
 	if message['type'] == 'send':
 		byte_array = message['payload']
 		flag = ""
 		for byte in byte_array:
 			if byte < 0:
 				flag += append_zero(str(hex(byte & 0xff))[2:])
 			else:
 				flag += append_zero(str(hex(byte))[2:])

 		print("[*] {}".format(flag))
 	else:
 		print(message)
 	

 jscode = """
 Java.perform(function(){	
 	var Challenge1 = Java.use('org.nowsecure.cybertruck.keygenerators.Challenge1');
 	Challenge1.generateDynamicKey.overload('[B').implementation = function(b){
 		var result = this.generateDynamicKey(b);
 		console.log("[->] Flag1 Captured...");
 		send(result);
 		return result 
 	};
 });
 """

 process = frida.get_usb_device().attach('org.nowsecure.cybertruck')
 script = process.create_script(jscode)
 script.on('message', on_message)
 script.load()
 sys.stdin.read()
	import frida, sys

	def append_zero(hex):
	if len(hex) == 1:
	return '0'+hex
	return hex

	def on_message(message, data):

	if message['type'] == 'send':
	byte_array = message['payload']
	flag = ""
	for byte in byte_array:
	if byte < 0:
	flag += append_zero(str(hex(byte & 0xff))[2:])
	else:
	flag += append_zero(str(hex(byte))[2:])

	print("[*] {}".format(flag))
	else:
	print(message)


	jscode = """
	Java.perform(function(){
	var Challenge1 = Java.use('org.nowsecure.cybertruck.keygenerators.Challenge1');
	Challenge1.generateDynamicKey.overload('[B').implementation = function(b){
	var result = this.generateDynamicKey(b);
	console.log("[->] Flag1 Captured...");
	send(result);
	return result
	};
	});
	"""

	process = frida.get_usb_device().attach('org.nowsecure.cybertruck')
	script = process.create_script(jscode)
	script.on('message', on_message)
	script.load()
	sys.stdin.read()