Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Process.enumerateModules({
- onMatch: function(module){
- console.log('Module name: ' + module.name + " - " + "Base Address: " + module.base.toString());
- if (module.name=="libnative-lib.so"){
- var secret=""
- Interceptor.attach(module.base.add(0x06cf), function() {
- var x = this.context.eax;
- var y = this.context.ecx;
- var z = x ^ y;
- secret+=String.fromCharCode(z)
- send(secret)
- });
- }
- },
- onComplete: function(){}
- });
- Java.perform(function () {
- function ba2hex(bufArray) {
- var uint8arr = new Uint8Array(bufArray);
- if (!uint8arr) {
- return '';
- }
- var hexStr = '';
- for (var i = 0; i < uint8arr.length; i++) {
- var hex = (uint8arr[i] & 0xff).toString(16);
- hex = (hex.length === 1) ? '0' + hex : hex;
- hexStr += hex;
- }
- return hexStr.toLowerCase();
- }
- // Class to hook is defined here
- var hookDetector = Java.use('org.nowsecure.cybertruck.detections.HookDetector');
- var challenge1 = Java.use('org.nowsecure.cybertruck.keygenerators.Challenge1')
- var challenge2 = Java.use('org.nowsecure.cybertruck.keygenerators.a')
- hookDetector.isFridaServerInDevice.implementation = function (v) {
- console.log('[hook] isFridaServerInDevice')
- return false
- };
- challenge1.generateDynamicKey.implementation = function (v) {
- var secret=this.generateDynamicKey(v)
- send(ba2hex(secret));
- return secret
- };
- challenge2.a.overload('[B', '[B').implementation = function (v1,v2) {
- var secret=this.a.overload('[B', '[B').call(this,v1,v2)
- send(ba2hex(secret));
- return secret
- };
- });
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement