Process.enumerateModules({ onMatch: function(module){ console.log('Module

1. Process.enumerateModules({
2. onMatch: function(module){
3. console.log('Module name: ' + module.name + " - " + "Base Address: " + module.base.toString());
4. if (module.name=="libnative-lib.so"){
5. var secret=""
6. Interceptor.attach(module.base.add(0x06cf), function() {
7. var x = this.context.eax;
8. var y = this.context.ecx;
9. var z = x ^ y;
10. secret+=String.fromCharCode(z)
11. send(secret)
12. });
13. }
14. },
15. onComplete: function(){}
16. });
17.  
18. Java.perform(function () {
19.  
20. function ba2hex(bufArray) {
21. var uint8arr = new Uint8Array(bufArray);
22. if (!uint8arr) {
23. return '';
24. }
25. var hexStr = '';
26. for (var i = 0; i < uint8arr.length; i++) {
27. var hex = (uint8arr[i] & 0xff).toString(16);
28. hex = (hex.length === 1) ? '0' + hex : hex;
29. hexStr += hex;
30. }
31. return hexStr.toLowerCase();
32. }
33.  
34. // Class to hook is defined here
35. var hookDetector = Java.use('org.nowsecure.cybertruck.detections.HookDetector');
36. var challenge1 = Java.use('org.nowsecure.cybertruck.keygenerators.Challenge1')
37. var challenge2 = Java.use('org.nowsecure.cybertruck.keygenerators.a')
38.  
39. hookDetector.isFridaServerInDevice.implementation = function (v) {
40. console.log('[hook] isFridaServerInDevice')
41. return false
42. };
43.  
44. challenge1.generateDynamicKey.implementation = function (v) {
45. var secret=this.generateDynamicKey(v)
46. send(ba2hex(secret));
47. return secret
48. };
49.  
50. challenge2.a.overload('[B', '[B').implementation = function (v1,v2) {
51. var secret=this.a.overload('[B', '[B').call(this,v1,v2)
52. send(ba2hex(secret));
53. return secret
54. };
55.  
56. });