SMALL
1. memory에 올라와 있는 내용은 java.use
2. memory에 올라와있지 않으면 이미 존재하는 instance 획득해서 사용(java.choose)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
Java.perform(function(){
console.log("[*] Chall 01 solve");
var challenge_01 = Java.use('uk.rossmarks.fridalab.challenge_01');
challenge_01.chall01.value = 1;
var instance_2 ;
Java.choose("uk.rossmarks.fridalab.MainActivity", {
onMatch: function (instance) {
instance_2 = instance
},
onComplete: function () { }
});
instance_2.chall02();
var challenge_03 = Java.use('uk.rossmarks.fridalab.MainActivity');
challenge_03.chall03.implementation = function(){
return true;
}
var challenge_04 = instance_2;
challenge_04.chall04("frida");
var challenge_05 = instance_2;
challenge_05.chall05.implementation = function(str){
challenge_05.chall05("frida");
}
console.log('[*] challenge 6 solve')
var challenge_06 = instance_2;
var class06 = Java.use('uk.rossmarks.fridalab.challenge_06');
var tmpValue = 0;
class06.addChall06.overload('int').implementation = function(value){
// console.log(value);
class06.addChall06.overload('int').call(this, value);
tmpValue = class06.chall06.value;
// console.log(class06.chall06.value);
return
};
//setTimeout(function () {
// console.log('[*] Timeout Test');
//}, 10000);
class06.confirmChall06.overload('int').implementation = function(arg0){
return class06.confirmChall06.overload('int').call(this, tmpValue);
};
Thread.sleep(10);
console.log('[*] call chall06');
challenge_06.chall06(tmpValue);
var challenge_07 = instance_2;
var class07 = Java.use('uk.rossmarks.fridalab.challenge_07');
var btStartNum = 0;
while (btStartNum < 10000){
console.log(btStartNum);
console.log(class07.chall07.value);
var ret = class07.check07Pin(String(btStartNum));
if (ret == true){
break;
}
btStartNum = btStartNum+1
}
challenge_07.chall07(String(btStartNum));
var objectclass = Java.use('java.lang.Object');
var challenge_08 = instance_2;
/*
((Button) findViewById(C0274R.C0276id.check)).setOnClickListener(new View.OnClickListener() {
public void onClick(View view) {
if (challenge_01.getChall01Int() == 1) {
MainActivity.this.completeArr[0] = 1;
}
if (MainActivity.this.chall03()) {
MainActivity.this.completeArr[2] = 1;
}
MainActivity.this.chall05("notfrida!");
if (MainActivity.this.chall08()) {
MainActivity.this.completeArr[7] = 1;
}
MainActivity.this.changeColors();
}
});
public static final int check = 2131165231;
java.lang.Object
↳ android.view.View
↳ android.widget.TextView
↳ android.widget.Button
*/
var button = Java.use('android.widget.Button');
var checkid = challenge_08.findViewById(2131165231);
var check = Java.cast(checkid.$handle, button);
var string = Java.use('java.lang.String');
check.setText(string.$new("Confirm"));
});
|
cs |
LIST
'reversing > android' 카테고리의 다른 글
frida - script (0) | 2020.12.02 |
---|---|
frida dynamic loader hook Script (0) | 2020.07.15 |