吉掰米 jimmy947788 jimmy947788

Setup an Always-on VSCode Tunnel on Oracle Cloud Always-free Instance

Access Oracle Cloud VM from any browser on any devices

Install VSCode for arm64

wget -O vscode.deb https://code.visualstudio.com/sha/download\?build\=stable\&os\=linux-deb-arm64 && sudo apt install ./vscode.deb --fix-broken -y && rm vscode.deb

setup termux-app & ssh-server in pixel6 pro

Host side

download termux-app apk in host.
install termux-app to target

adb install termux-app.apk

	# Create a separate temp directory, to hold the current certificates
	# Otherwise, when we add the mount we can't read the current certs anymore.
	mkdir -p -m 700 /data/local/tmp/tmp-ca-copy

	# Copy out the existing certificates
	cp /apex/com.android.conscrypt/cacerts/* /data/local/tmp/tmp-ca-copy/

	# Create the in-memory mount on top of the system certs folder
	mount -t tmpfs tmpfs /system/etc/security/cacerts


	// 來源：frida hook init_array自吐新解
	// https://bbs.kanxue.com/thread-280135.htm

	const TARGET_SO_NAME = "libaaaaaaaa.so";

	function start_stalker(tragetAddress){
	const module = Process.findModuleByAddress(tragetAddress);
	console.log(`[start_stalker] tragetAddress: ${tragetAddress} module: ${module.name} base: ${module.base} size: ${module.size}`);
	Interceptor.attach(tragetAddress, {

	#!/bin/bash

	PACKAGE_NAME=$1

	VERSION=$(adb shell dumpsys package $PACKAGE_NAME \| grep versionName)
	VERSION=$(echo $VERSION \| cut -d'=' -f 2)
	echo "$PACKAGE_NAME ver:$VERSION"

	mkdir -p apk
	mkdir -p apk/$PACKAGE_NAME-$VERSION

	console.log("[*] SSL Pinning Bypasses");
	console.log(`[*] Your frida version: ${Frida.version}`);
	console.log(`[*] Your script runtime: ${Script.runtime}`);

	/**
	* by incogbyte
	* Common functions
	* thx apkunpacker, NVISOsecurity, TheDauntless
	* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
	* !!! THIS SCRIPT IS NOT A SILVER BULLET !!

	# Description: 该脚本用于在 IDA 中查找 ARM64 架构的 SVC 指令，并添加注释显示系统调用号对应的系统调用名称。
	# environment: IDA 7.7, python 3.9
	# Author: jimmy947788 吉掰米
	# email: [email protected]

	import idautils
	import idc

	# 系統調用號到名稱的映射
	syscall_mapping = {

	From 19ee19d33ff27ef58b5fa81f7f8337ae61e5781f Mon Sep 17 00:00:00 2001
	From: Jimmy Wu <[email protected]>
	Date: Wed, 20 Dec 2023 16:40:35 +0800
	Subject: [PATCH] =?UTF-8?q?=E6=94=B9=E7=89=B9=E5=BE=B5=E6=94=AF=E6=8F=B4rh?=
	=?UTF-8?q?b?=
	MIME-Version: 1.0
	Content-Type: text/plain; charset=UTF-8
	Content-Transfer-Encoding: 8bit

	---

	function hook_classLoader() {
	Java.perform(function () {
	Java.enumerateLoadedClasses({
	onMatch: function (className) {
	try {

	if (className == "om.b") {
	var om_b = Java.use("om.b");
	console.log(om_b);
	om_b["o"].implementation = function (jVar) {

	package main

	import (
	"bufio"
	"fmt"
	"log"
	"os"
	"syscall"
	)