objection

Info

Π’ΡƒΠ»Π·Π° Π½Π°Π΄ Ρ„Ρ€ΠΈΠ΄ΠΎΠΉ. Π£ΠΌΠ΅Π΅Ρ‚ ΠΊΡƒΡ‡Π° всСго.

НаписаниС плагинов

Π‘Ρ‚Ρ€ΡƒΠΊΡ‚ΡƒΡ€Π°: 

name_plugin/         - <name_plugin> - Π½Π°Π·Π²Π°Π½ΠΈΠ΅ ΠΏΠ»Π°Π³ΠΈΠ½Π°
    __init__.py  - ΠΊΠΎΠ΄

Запуск:

objection --gadget "ru.sberbank.*" explore -P "/Users/**/Work/pentest/projects/**/scripts" -s "plugin bypass info"

-P - ΡƒΠΊΠ°Π·Π°Ρ‚ΡŒ ΠΏΠ°ΠΏΠΊΡƒ с ΠΏΠ»Π°Π³ΠΈΠ½Π°ΠΌΠΈ -s - Π·Π°ΠΏΡƒΡΡ‚ΠΈΡ‚ΡŒ ΠΏΠ»Π°Π³ΠΈΠ½ Π²ΠΎ врСмя запуска прилоТСния

ΠŸΡ€ΠΈΠΌΠ΅Ρ€ ΠΏΠ»Π°Π³ΠΈΠ½Π° (Ρ„Π°ΠΉΠ» __init__.py)

__description__ = "***: JB Bypass (***)"

from objection.utils.plugin import Plugin

s = """
rpc.exports = {
    test: function() {
        console.log("[+] Jailbreak Detection Bypass"); 
        if (ObjC.available) {
            try {  
                var module = "***";  // finded by frida-trace -U -f ru.sberbank.*** -i "sbf_***"
                
                var functionName = "sbf_***";
                
                var sbf_***_ptr = Module.findExportByName(module, functionName);
                // var sbf_***_func = new NativeFunction(sbf_***_ptr, "bool", []);
                
                Interceptor.attach(sbf_***_ptr, {
                    onLeave: function(retval) {
                        // console.log("[*] retval sbf_***(): " + retval);
                        var newretval = ptr("0x0"); 
                        retval.replace(newretval);
                        console.log("[*] *** bypass");
                    }
                });
            } 
            catch(err) { 
                console.log("[!] Exception2: " + err.message); 
            } 
        } 
        else { 
            console.log("Objective-C Runtime is not available!"); 
        }
    }
}
"""


class JBBypass(Plugin):
    """ JBBypass is a plugin for bypass JB Detection (***) """

    def __init__(self, ns):
        """
            Creates a new instance of the plugin

            :param ns:
        """

        self.script_src = s
        # self.script_path = os.path.join(os.path.dirname(__file__), "script.js")

        implementation = {
            'meta': 'JB Detection bypass',
            'commands': {
                'info': {
                    'meta': 'Get the current Frida version',
                    'exec': self.bypass
                }
            }
        }

        super().__init__(__file__, ns, implementation)

        self.inject()

    def bypass(self, args: list):
        """
            
        """

        self.api.test()
        # print('Frida version: {0}'.format(v))


namespace = 'bypass'
plugin = JBBypass

Π‘ΠΎΠ»ΡŒΡˆΠ΅ ΠΏΠ»Π°Π³ΠΈΠ½ΠΎΠ² смотри Π² ΠΏΡ€ΠΈΠΌΠ΅Ρ€Π°Ρ… Π² ΠΊΠΎΠ΄Π΅: Ρ‚Π°ΠΌ Π΅ΡΡ‚ΡŒ всС - ΠΈ ΠΏΠΎΠ΄Π³Ρ€ΡƒΠ·ΠΊΠ° своих классов, apk, jar ΠΈ Ρ‚Π΄

ΠŸΡ€ΠΈΠΌΠ΅Ρ€Ρ‹

Запуск

Запуск Π½ΠΎΠ²ΠΎΠ³ΠΎ прилоТСния: objection --gadget "<app-id>" explore

ΠŸΡ€ΠΈΡΠΎΠ΅Π΄ΠΈΠ½ΠΈΡ‚ΡŒΡΡ ΠΊ ΡƒΠΆΠ΅ Π·Π°ΠΏΡƒΡ‰Π΅Π½Π½ΠΎΠΌΡƒ: objection --gadget <pid> explore

Поиск ΠΈ ΠΏΠ΅Ρ€Π΅Ρ…Π²Π°Ρ‚ ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΎΠ²

watching

Π•ΡΡ‚ΡŒ Π±Π°Π³Π°: ΠΏΡ€ΠΈ отслСТивании класса, Π² objection Π½Π΅ Ρ€Π°Π±ΠΎΡ‚Π°ΡŽΡ‚ dump args, ΠΈ Ρ‚ΠΏ ΠΊΠ»ΡŽΡ‡ΠΈ. ΠŸΡ€ΠΈ отслСТивании ΠΎΡ‚Π΄Π΅Π»ΡŒΠ½ΠΎΠ³ΠΎ ΠΌΠ΅Ρ‚ΠΎΠ΄Π° β€” всС ОК.

android hooking watch class android.webkit.WebView
android hooking watch class_method android.webkit.WebView.loadData --dump-args

Search

Поиск CNF*:
ios hooking search [classes|methods] CNF

Π”Ρ€ΡƒΠ³ΠΎΠ΅

PreviousΠŸΠ΅Ρ€Π΅Ρ…Π²Π°Ρ‚ Ρ„ΡƒΠ½ΠΊΡ†ΠΈΠΈ ΠΏΠΎ ΡΠΌΠ΅Ρ‰Π΅Π½ΠΈΡŽ (sub_*)Nextluject

Last updated

Was this helpful?