jimmy947788

# IDA Python Script：將剛才列出的 data item（DCD/DCQ/DCB 等）強制轉換為指令
# 🎯 用於修復誤標為資料的 code，特別是經過 VM Flatten 或 Anti-disasm 處理的 binary

import idaapi
import idautils
import idc

def is_exec_segment(seg):
    return seg.perm & idaapi.SEGPERM_EXEC

jimmy947788

/*
 * Copyright (c) 1996, 1998, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *

jimmy947788

# Create a separate temp directory, to hold the current certificates
# Otherwise, when we add the mount we can't read the current certs anymore.
mkdir -p -m 700 /data/local/tmp/tmp-ca-copy

# Copy out the existing certificates
cp /apex/com.android.conscrypt/cacerts/* /data/local/tmp/tmp-ca-copy/

# Create the in-memory mount on top of the system certs folder
mount -t tmpfs tmpfs /system/etc/security/cacerts

jimmy947788

// 來源：frida hook init_array自吐新解 
// https://bbs.kanxue.com/thread-280135.htm

const TARGET_SO_NAME = "libaaaaaaaa.so";

function start_stalker(tragetAddress){
  const module = Process.findModuleByAddress(tragetAddress);
  console.log(`[start_stalker] tragetAddress: ${tragetAddress} module: ${module.name} base: ${module.base} size: ${module.size}`);
  Interceptor.attach(tragetAddress, {

jimmy947788

#!/bin/bash

PACKAGE_NAME=$1

VERSION=$(adb shell dumpsys package $PACKAGE_NAME  | grep versionName)
VERSION=$(echo $VERSION | cut -d'=' -f 2)
echo "$PACKAGE_NAME ver:$VERSION"

mkdir -p apk
mkdir -p apk/$PACKAGE_NAME-$VERSION

jimmy947788

Setup an Always-on VSCode Tunnel on Oracle Cloud Always-free Instance

Access Oracle Cloud VM from any browser on any devices

Install VSCode for arm64

wget -O vscode.deb https://code.visualstudio.com/sha/download\?build\=stable\&os\=linux-deb-arm64 && sudo apt install ./vscode.deb --fix-broken -y && rm vscode.deb

jimmy947788

console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);

/**
 * by incogbyte
 * Common functions 
 * thx apkunpacker, NVISOsecurity, TheDauntless
 * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
 * !!! THIS SCRIPT IS NOT A SILVER BULLET !!

jimmy947788

# Description: 该脚本用于在 IDA 中查找 ARM64 架构的 SVC 指令，并添加注释显示系统调用号对应的系统调用名称。
# environment: IDA 7.7, python 3.9
# Author: jimmy947788 吉掰米
# email: [email protected]

import idautils
import idc

# 系統調用號到名稱的映射
syscall_mapping = {

jimmy947788

package main

import (
	"bufio"
	"fmt"
	"log"
	"os"
	"syscall"
)

jimmy947788

setup termux-app & ssh-server in pixel6 pro

Host side

1. download termux-app apk in host.

2. install termux-app to target

adb install termux-app.apk