Info
Π’ΡΠ»Π·Π° Π½Π°Π΄ ΡΡΠΈΠ΄ΠΎΠΉ. Π£ΠΌΠ΅Π΅Ρ ΠΊΡΡΠ° Π²ΡΠ΅Π³ΠΎ.
ΠΠ°ΠΏΠΈΡΠ°Π½ΠΈΠ΅ ΠΏΠ»Π°Π³ΠΈΠ½ΠΎΠ²
Π‘ΡΡΡΠΊΡΡΡΠ°:
name_plugin/ - <name_plugin> - Π½Π°Π·Π²Π°Π½ΠΈΠ΅ ΠΏΠ»Π°Π³ΠΈΠ½Π°
__init__.py - ΠΊΠΎΠ΄
ΠΠ°ΠΏΡΡΠΊ:
objection --gadget "ru.sberbank.*" explore -P "/Users/**/Work/pentest/projects/**/scripts" -s "plugin bypass info"
-P - ΡΠΊΠ°Π·Π°ΡΡ ΠΏΠ°ΠΏΠΊΡ Ρ ΠΏΠ»Π°Π³ΠΈΠ½Π°ΠΌΠΈ
-s - Π·Π°ΠΏΡΡΡΠΈΡΡ ΠΏΠ»Π°Π³ΠΈΠ½ Π²ΠΎ Π²ΡΠ΅ΠΌΡ Π·Π°ΠΏΡΡΠΊΠ° ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ
ΠΡΠΈΠΌΠ΅Ρ ΠΏΠ»Π°Π³ΠΈΠ½Π° (ΡΠ°ΠΉΠ» __init__.py)
__description__ = "***: JB Bypass (***)"
from objection.utils.plugin import Plugin
s = """
rpc.exports = {
test: function() {
console.log("[+] Jailbreak Detection Bypass");
if (ObjC.available) {
try {
var module = "***"; // finded by frida-trace -U -f ru.sberbank.*** -i "sbf_***"
var functionName = "sbf_***";
var sbf_***_ptr = Module.findExportByName(module, functionName);
// var sbf_***_func = new NativeFunction(sbf_***_ptr, "bool", []);
Interceptor.attach(sbf_***_ptr, {
onLeave: function(retval) {
// console.log("[*] retval sbf_***(): " + retval);
var newretval = ptr("0x0");
retval.replace(newretval);
console.log("[*] *** bypass");
}
});
}
catch(err) {
console.log("[!] Exception2: " + err.message);
}
}
else {
console.log("Objective-C Runtime is not available!");
}
}
}
"""
class JBBypass(Plugin):
""" JBBypass is a plugin for bypass JB Detection (***) """
def __init__(self, ns):
"""
Creates a new instance of the plugin
:param ns:
"""
self.script_src = s
# self.script_path = os.path.join(os.path.dirname(__file__), "script.js")
implementation = {
'meta': 'JB Detection bypass',
'commands': {
'info': {
'meta': 'Get the current Frida version',
'exec': self.bypass
}
}
}
super().__init__(__file__, ns, implementation)
self.inject()
def bypass(self, args: list):
"""
"""
self.api.test()
# print('Frida version: {0}'.format(v))
namespace = 'bypass'
plugin = JBBypass
ΠΠΎΠ»ΡΡΠ΅ ΠΏΠ»Π°Π³ΠΈΠ½ΠΎΠ² ΡΠΌΠΎΡΡΠΈ Π² ΠΏΡΠΈΠΌΠ΅ΡΠ°Ρ
Π² ΠΊΠΎΠ΄Π΅: ΡΠ°ΠΌ Π΅ΡΡΡ Π²ΡΠ΅ - ΠΈ ΠΏΠΎΠ΄Π³ΡΡΠ·ΠΊΠ° ΡΠ²ΠΎΠΈΡ
ΠΊΠ»Π°ΡΡΠΎΠ², apk, jar ΠΈ ΡΠ΄
ΠΡΠΈΠΌΠ΅ΡΡ
ΠΠ°ΠΏΡΡΠΊ
ΠΠ°ΠΏΡΡΠΊ Π½ΠΎΠ²ΠΎΠ³ΠΎ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ: objection --gadget "<app-id>" explore
ΠΡΠΈΡΠΎΠ΅Π΄ΠΈΠ½ΠΈΡΡΡΡ ΠΊ ΡΠΆΠ΅ Π·Π°ΠΏΡΡΠ΅Π½Π½ΠΎΠΌΡ: objection --gadget <pid> explore
ΠΠΎΠΈΡΠΊ ΠΈ ΠΏΠ΅ΡΠ΅Ρ
Π²Π°Ρ ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ²
watching
ΠΡΡΡ Π±Π°Π³Π°: ΠΏΡΠΈ ΠΎΡΡΠ»Π΅ΠΆΠΈΠ²Π°Π½ΠΈΠΈ ΠΊΠ»Π°ΡΡΠ°, Π² objection Π½Π΅ ΡΠ°Π±ΠΎΡΠ°ΡΡ dump args, ΠΈ ΡΠΏ ΠΊΠ»ΡΡΠΈ. ΠΡΠΈ ΠΎΡΡΠ»Π΅ΠΆΠΈΠ²Π°Π½ΠΈΠΈ ΠΎΡΠ΄Π΅Π»ΡΠ½ΠΎΠ³ΠΎ ΠΌΠ΅ΡΠΎΠ΄Π° β Π²ΡΠ΅ ΠΠ.
android hooking watch class android.webkit.WebView
android hooking watch class_method android.webkit.WebView.loadData --dump-args
Search
ΠΠΎΠΈΡΠΊ CNF*:
ios hooking search [classes|methods] CNF
ΠΡΡΠ³ΠΎΠ΅