日期: 2025-12-17
App 版本: 25.12.3
解決方案: 將注入代碼移動到新的 smali_classes 目錄
吉掰米 jimmy947788 jimmy947788
🙄
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| # ====== 使用說明 ====== | |
| # 本腳本支援本地同步和遠端同步兩種模式 | |
| # | |
| # 本地同步(移動): | |
| # ./rsync-move.sh local "/source/path/" "/dest/path/" | |
| # | |
| # 遠端同步(複製): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function find_RegisterNatives(params) { | |
| let symbols = Module.enumerateSymbolsSync("libart.so"); | |
| let addrRegisterNatives = null; | |
| for (let i = 0; i < symbols.length; i++) { | |
| let symbol = symbols[i]; | |
| //_ZN3art3JNI15RegisterNativesEP7_JNIEnvP7_jclassPK15JNINativeMethodi | |
| if (symbol.name.indexOf("art") >= 0 && | |
| symbol.name.indexOf("JNI") >= 0 && |
jimmy947788
/ find_dartObjectPool_index_ex.py
Created
July 30, 2025 08:41
IDA 腳本讀取 blutter產生的 pp.json 並將常數字串,註解在對應的IDA反編譯指令碼旁
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idaapi | |
| import idautils | |
| import idc | |
| import ida_search | |
| import ida_kernwin | |
| import os | |
| import ida_bytes | |
| import ida_segment | |
| import json | |
| from collections import defaultdict |
jimmy947788
/ ida_fix_data2code.py
Created
June 18, 2025 19:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # IDA Python Script:將剛才列出的 data item(DCD/DCQ/DCB 等)強制轉換為指令 | |
| # 🎯 用於修復誤標為資料的 code,特別是經過 VM Flatten 或 Anti-disasm 處理的 binary | |
| import idaapi | |
| import idautils | |
| import idc | |
| def is_exec_segment(seg): | |
| return seg.perm & idaapi.SEGPERM_EXEC |
jimmy947788
/ jni_all.h
Created
May 28, 2025 08:23
— forked from Jinmo/jni_all.h
Useful when reversing JNI on IDA Pro
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Copyright (c) 1996, 1998, Oracle and/or its affiliates. All rights reserved. | |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. | |
| * | |
| * This code is free software; you can redistribute it and/or modify it | |
| * under the terms of the GNU General Public License version 2 only, as | |
| * published by the Free Software Foundation. Oracle designates this | |
| * particular file as subject to the "Classpath" exception as provided | |
| * by Oracle in the LICENSE file that accompanied this code. | |
| * |
jimmy947788
/ install-cert.sh
Created
February 28, 2025 04:48
android install self signed certificate
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create a separate temp directory, to hold the current certificates | |
| # Otherwise, when we add the mount we can't read the current certs anymore. | |
| mkdir -p -m 700 /data/local/tmp/tmp-ca-copy | |
| # Copy out the existing certificates | |
| cp /apex/com.android.conscrypt/cacerts/* /data/local/tmp/tmp-ca-copy/ | |
| # Create the in-memory mount on top of the system certs folder | |
| mount -t tmpfs tmpfs /system/etc/security/cacerts |
jimmy947788
/ hook_init_array.js
Last active
February 28, 2025 04:40
frida 腳本hook so的 .init_array 區段的執行函數,再接著跑stalker
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 來源:frida hook init_array自吐新解 | |
| // https://bbs.kanxue.com/thread-280135.htm | |
| const TARGET_SO_NAME = "libaaaaaaaa.so"; | |
| function start_stalker(tragetAddress){ | |
| const module = Process.findModuleByAddress(tragetAddress); | |
| console.log(`[start_stalker] tragetAddress: ${tragetAddress} module: ${module.name} base: ${module.base} size: ${module.size}`); | |
| Interceptor.attach(tragetAddress, { |
jimmy947788
/ apk-pull.sh
Last active
July 25, 2025 21:28
use adb command pull latest version apk(s)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| PACKAGE_NAME=$1 | |
| adb kill-server && adb start-server | |
| VERSION=$(adb shell dumpsys package $PACKAGE_NAME | grep versionName) | |
| VERSION=$(echo $VERSION | cut -d'=' -f 2) | |
| echo "$PACKAGE_NAME ver:$VERSION" |
NewerOlder