Skip to content

Instantly share code, notes, and snippets.

@su-vikas

su-vikas/screenshot.js

Created October 7, 2018 07:55
Show Gist options
  • Save su-vikas/36410f67c9e0127961ae344010c4c0ef to your computer and use it in GitHub Desktop.
Save su-vikas/36410f67c9e0127961ae344010c4c0ef to your computer and use it in GitHub Desktop.
Download ZIP
FRIDA script for bypassing Android FLAG_SECURE
Raw
screenshot.js
Java.perform(function() {
var surface_view = Java.use('android.view.SurfaceView');
var set_secure = surface_view.setSecure.overload('boolean');
set_secure.implementation = function(flag){
console.log("setSecure() flag called with args: " + flag);
set_secure.call(false);
};
var window = Java.use('android.view.Window');
var set_flags = window.setFlags.overload('int', 'int');
var window_manager = Java.use('android.view.WindowManager');
var layout_params = Java.use('android.view.WindowManager$LayoutParams');
set_flags.implementation = function(flags, mask){
//console.log(Object.getOwnPropertyNames(window.__proto__).join('\n'));
console.log("flag secure: " + layout_params.FLAG_SECURE.value);
console.log("before setflags called flags: "+ flags);
flags =(flags.value & ~layout_params.FLAG_SECURE.value);
console.log("after setflags called flags: "+ flags);
set_flags.call(this, flags, mask);
};
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment