Skip to content

Instantly share code, notes, and snippets.

View jimmy947788's full-sized avatar
🙄
faping

吉掰米 jimmy947788 jimmy947788

🙄
faping
View GitHub Profile
@jimmy947788
jimmy947788 / hook_RegisterNatives.js
Created September 15, 2025 09:49
hook 动态注册
function find_RegisterNatives(params) {
let symbols = Module.enumerateSymbolsSync("libart.so");
let addrRegisterNatives = null;
for (let i = 0; i < symbols.length; i++) {
let symbol = symbols[i];
//_ZN3art3JNI15RegisterNativesEP7_JNIEnvP7_jclassPK15JNINativeMethodi
if (symbol.name.indexOf("art") >= 0 &&
symbol.name.indexOf("JNI") >= 0 &&
@jimmy947788
jimmy947788 / find_dartObjectPool_index_ex.py
Created July 30, 2025 08:41
IDA 腳本讀取 blutter產生的 pp.json 並將常數字串,註解在對應的IDA反編譯指令碼旁
import idaapi
import idautils
import idc
import ida_search
import ida_kernwin
import os
import ida_bytes
import ida_segment
import json
from collections import defaultdict
# IDA Python Script:將剛才列出的 data item(DCD/DCQ/DCB 等)強制轉換為指令
# 🎯 用於修復誤標為資料的 code,特別是經過 VM Flatten 或 Anti-disasm 處理的 binary
import idaapi
import idautils
import idc
def is_exec_segment(seg):
return seg.perm & idaapi.SEGPERM_EXEC
@jimmy947788
jimmy947788 / jni_all.h
Created May 28, 2025 08:23 — forked from Jinmo/jni_all.h
Useful when reversing JNI on IDA Pro
/*
* Copyright (c) 1996, 1998, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
@jimmy947788
jimmy947788 / install-cert.sh
Created February 28, 2025 04:48
android install self signed certificate
# Create a separate temp directory, to hold the current certificates
# Otherwise, when we add the mount we can't read the current certs anymore.
mkdir -p -m 700 /data/local/tmp/tmp-ca-copy
# Copy out the existing certificates
cp /apex/com.android.conscrypt/cacerts/* /data/local/tmp/tmp-ca-copy/
# Create the in-memory mount on top of the system certs folder
mount -t tmpfs tmpfs /system/etc/security/cacerts
@jimmy947788
jimmy947788 / hook_init_array.js
Last active February 28, 2025 04:40
frida 腳本hook so的 .init_array 區段的執行函數,再接著跑stalker
// 來源:frida hook init_array自吐新解
// https://bbs.kanxue.com/thread-280135.htm
const TARGET_SO_NAME = "libaaaaaaaa.so";
function start_stalker(tragetAddress){
const module = Process.findModuleByAddress(tragetAddress);
console.log(`[start_stalker] tragetAddress: ${tragetAddress} module: ${module.name} base: ${module.base} size: ${module.size}`);
Interceptor.attach(tragetAddress, {
@jimmy947788
jimmy947788 / apk-pull.sh
Last active July 25, 2025 21:28
use adb command pull latest version apk(s)
#!/bin/bash
PACKAGE_NAME=$1
adb kill-server && adb start-server
VERSION=$(adb shell dumpsys package $PACKAGE_NAME | grep versionName)
VERSION=$(echo $VERSION | cut -d'=' -f 2)
echo "$PACKAGE_NAME ver:$VERSION"
#include <Servo.h>
// 修改可用:https://www.thingiverse.com/thing:2847024
// 原始專案:https://www.thingiverse.com/thing:1258082
const int switchPin = 2; // 開關連接到 D2
const int servoPin = 9; // SG90 伺服馬達連接到 D9
Servo myServo; // 創建伺服對象
@jimmy947788
jimmy947788 / vscode-tunnel-daemon-oracle-cloud.md
Created August 22, 2024 11:49 — forked from nonkronk/vscode-tunnel-daemon-oracle-cloud.md
Setup an Always-on VSCode Tunnel on Ubuntu Server

Setup an Always-on VSCode Tunnel on Oracle Cloud Always-free Instance

Access Oracle Cloud VM from any browser on any devices

Install VSCode for arm64

wget -O vscode.deb https://code.visualstudio.com/sha/download\?build\=stable\&os\=linux-deb-arm64 && sudo apt install ./vscode.deb --fix-broken -y && rm vscode.deb
@jimmy947788
jimmy947788 / mixunpin.js
Created August 15, 2024 12:55 — forked from incogbyte/mixunpin.js
Frida script to bypass common methods of sslpining Android
console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);
/**
* by incogbyte
* Common functions
* thx apkunpacker, NVISOsecurity, TheDauntless
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
* !!! THIS SCRIPT IS NOT A SILVER BULLET !!