jimmy947788

function find_RegisterNatives(params) {
    let symbols = Module.enumerateSymbolsSync("libart.so");
    let addrRegisterNatives = null;
    for (let i = 0; i < symbols.length; i++) {
        let symbol = symbols[i];
        
        //_ZN3art3JNI15RegisterNativesEP7_JNIEnvP7_jclassPK15JNINativeMethodi
        if (symbol.name.indexOf("art") >= 0 &&
                symbol.name.indexOf("JNI") >= 0 && 

jimmy947788

import idaapi
import idautils
import idc
import ida_search
import ida_kernwin
import os
import ida_bytes
import ida_segment
import json
from collections import defaultdict

jimmy947788

# IDA Python Script：將剛才列出的 data item（DCD/DCQ/DCB 等）強制轉換為指令
# 🎯 用於修復誤標為資料的 code，特別是經過 VM Flatten 或 Anti-disasm 處理的 binary

import idaapi
import idautils
import idc

def is_exec_segment(seg):
    return seg.perm & idaapi.SEGPERM_EXEC

jimmy947788

/*
 * Copyright (c) 1996, 1998, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *

jimmy947788

# Create a separate temp directory, to hold the current certificates
# Otherwise, when we add the mount we can't read the current certs anymore.
mkdir -p -m 700 /data/local/tmp/tmp-ca-copy

# Copy out the existing certificates
cp /apex/com.android.conscrypt/cacerts/* /data/local/tmp/tmp-ca-copy/

# Create the in-memory mount on top of the system certs folder
mount -t tmpfs tmpfs /system/etc/security/cacerts

jimmy947788

// 來源：frida hook init_array自吐新解 
// https://bbs.kanxue.com/thread-280135.htm

const TARGET_SO_NAME = "libaaaaaaaa.so";

function start_stalker(tragetAddress){
  const module = Process.findModuleByAddress(tragetAddress);
  console.log(`[start_stalker] tragetAddress: ${tragetAddress} module: ${module.name} base: ${module.base} size: ${module.size}`);
  Interceptor.attach(tragetAddress, {

jimmy947788

#!/bin/bash

PACKAGE_NAME=$1

adb kill-server && adb start-server

VERSION=$(adb shell dumpsys package $PACKAGE_NAME  | grep versionName)
VERSION=$(echo $VERSION | cut -d'=' -f 2)
echo "$PACKAGE_NAME ver:$VERSION"

jimmy947788

#include <Servo.h>


// 修改可用：https://www.thingiverse.com/thing:2847024
// 原始專案：https://www.thingiverse.com/thing:1258082

const int switchPin = 2;  // 開關連接到 D2
const int servoPin = 9;   // SG90 伺服馬達連接到 D9

Servo myServo;            // 創建伺服對象

jimmy947788

Setup an Always-on VSCode Tunnel on Oracle Cloud Always-free Instance

Access Oracle Cloud VM from any browser on any devices

Install VSCode for arm64

wget -O vscode.deb https://code.visualstudio.com/sha/download\?build\=stable\&os\=linux-deb-arm64 && sudo apt install ./vscode.deb --fix-broken -y && rm vscode.deb

jimmy947788

console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);

/**
 * by incogbyte
 * Common functions 
 * thx apkunpacker, NVISOsecurity, TheDauntless
 * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
 * !!! THIS SCRIPT IS NOT A SILVER BULLET !!