Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- * This script combines, fixes & extends a long list of other scripts, most notably including:
- *
- * - https://codeshare.frida.re/@akabe1/frida-multiple-unpinning/
- * - https://codeshare.frida.re/@avltree9798/universal-android-ssl-pinning-bypass/
- * - https://pastebin.com/TVJD63uM
- */
- setTimeout(function () {
- Java.perform(function () {
- console.log("---");
- console.log("Unpinning Android app...");
- /// -- Generic hook to protect against SSLPeerUnverifiedException -- ///
- // In some cases, with unusual cert pinning approaches, or heavy obfuscation, we can't
- // match the real method & package names. This is a problem! Fortunately, we can still
- // always match built-in types, so here we spot all failures that use the built-in cert
- // error type (notably this includes OkHttp), and after the first failure, we dynamically
- // generate & inject a patch to completely disable the method that threw the error.
- try {
- const UnverifiedCertError = Java.use('javax.net.ssl.SSLPeerUnverifiedException');
- UnverifiedCertError.$init.implementation = function (str) {
- console.log(' --> Unexpected SSL verification failure, adding dynamic patch...');
- try {
- const stackTrace = Java.use('java.lang.Thread').currentThread().getStackTrace();
- const exceptionStackIndex = stackTrace.findIndex(stack =>
- stack.getClassName() === "javax.net.ssl.SSLPeerUnverifiedException"
- );
- const callingFunctionStack = stackTrace[exceptionStackIndex + 1];
- const className = callingFunctionStack.getClassName();
- const methodName = callingFunctionStack.getMethodName();
- console.log(` Thrown by ${className}->${methodName}`);
- const callingClass = Java.use(className);
- const callingMethod = callingClass[methodName];
- if (callingMethod.implementation) return; // Already patched by Frida - skip it
- console.log(' Attempting to patch automatically...');
- const returnTypeName = callingMethod.returnType.type;
- callingMethod.implementation = function () {
- console.log(` --> Bypassing ${className}->${methodName} (automatic exception patch)`);
- // This is not a perfect fix! Most unknown cases like this are really just
- // checkCert(cert) methods though, so doing nothing is perfect, and if we
- // do need an actual return value then this is probably the best we can do,
- // and at least we're logging the method name so you can patch it manually:
- if (returnTypeName === 'void') {
- return;
- } else {
- return null;
- }
- };
- console.log(` [+] ${className}->${methodName} (automatic exception patch)`);
- } catch (e) {
- console.log(' [ ] Failed to automatically patch failure');
- }
- return this.$init(str);
- };
- console.log('[+] SSLPeerUnverifiedException auto-patcher');
- } catch (err) {
- console.log('[ ] SSLPeerUnverifiedException auto-patcher');
- }
- /// -- Specific targeted hooks: -- ///
- // HttpsURLConnection
- try {
- const HttpsURLConnection = Java.use("javax.net.ssl.HttpsURLConnection");
- HttpsURLConnection.setDefaultHostnameVerifier.implementation = function (hostnameVerifier) {
- console.log(' --> Bypassing HttpsURLConnection (setDefaultHostnameVerifier)');
- return; // Do nothing, i.e. don't change the hostname verifier
- };
- console.log('[+] HttpsURLConnection (setDefaultHostnameVerifier)');
- } catch (err) {
- console.log('[ ] HttpsURLConnection (setDefaultHostnameVerifier)');
- }
- try {
- const HttpsURLConnection = Java.use("javax.net.ssl.HttpsURLConnection");
- HttpsURLConnection.setSSLSocketFactory.implementation = function (SSLSocketFactory) {
- console.log(' --> Bypassing HttpsURLConnection (setSSLSocketFactory)');
- return; // Do nothing, i.e. don't change the SSL socket factory
- };
- console.log('[+] HttpsURLConnection (setSSLSocketFactory)');
- } catch (err) {
- console.log('[ ] HttpsURLConnection (setSSLSocketFactory)');
- }
- try {
- const HttpsURLConnection = Java.use("javax.net.ssl.HttpsURLConnection");
- HttpsURLConnection.setHostnameVerifier.implementation = function (hostnameVerifier) {
- console.log(' --> Bypassing HttpsURLConnection (setHostnameVerifier)');
- return; // Do nothing, i.e. don't change the hostname verifier
- };
- console.log('[+] HttpsURLConnection (setHostnameVerifier)');
- } catch (err) {
- console.log('[ ] HttpsURLConnection (setHostnameVerifier)');
- }
- // SSLContext
- try {
- const X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
- const SSLContext = Java.use('javax.net.ssl.SSLContext');
- const TrustManager = Java.registerClass({
- // Implement a custom TrustManager
- name: 'dev.asd.test.TrustManager',
- implements: [X509TrustManager],
- methods: {
- checkClientTrusted: function (chain, authType) { },
- checkServerTrusted: function (chain, authType) { },
- getAcceptedIssuers: function () { return []; }
- }
- });
- // Prepare the TrustManager array to pass to SSLContext.init()
- const TrustManagers = [TrustManager.$new()];
- // Get a handle on the init() on the SSLContext class
- const SSLContext_init = SSLContext.init.overload(
- '[Ljavax.net.ssl.KeyManager;', '[Ljavax.net.ssl.TrustManager;', 'java.security.SecureRandom'
- );
- // Override the init method, specifying the custom TrustManager
- SSLContext_init.implementation = function (keyManager, trustManager, secureRandom) {
- console.log(' --> Bypassing Trustmanager (Android < 7) request');
- SSLContext_init.call(this, keyManager, TrustManagers, secureRandom);
- };
- console.log('[+] SSLContext');
- } catch (err) {
- console.log('[ ] SSLContext');
- }
- // TrustManagerImpl (Android > 7)
- try {
- const array_list = Java.use("java.util.ArrayList");
- const TrustManagerImpl = Java.use('com.android.org.conscrypt.TrustManagerImpl');
- // This step is notably what defeats the most common case: network security config
- TrustManagerImpl.checkTrustedRecursive.implementation = function(a1, a2, a3, a4, a5, a6) {
- console.log(' --> Bypassing TrustManagerImpl checkTrusted ');
- return array_list.$new();
- }
- TrustManagerImpl.verifyChain.implementation = function (untrustedChain, trustAnchorChain, host, clientAuth, ocspData, tlsSctData) {
- console.log(' --> Bypassing TrustManagerImpl verifyChain: ' + host);
- return untrustedChain;
- };
- console.log('[+] TrustManagerImpl');
- } catch (err) {
- console.log('[ ] TrustManagerImpl');
- }
- // OkHTTPv3 (quadruple bypass)
- try {
- // Bypass OkHTTPv3 {1}
- const okhttp3_Activity_1 = Java.use('okhttp3.CertificatePinner');
- okhttp3_Activity_1.check.overload('java.lang.String', 'java.util.List').implementation = function (a, b) {
- console.log(' --> Bypassing OkHTTPv3 (list): ' + a);
- return;
- };
- console.log('[+] OkHTTPv3 (list)');
- } catch (err) {
- console.log('[ ] OkHTTPv3 (list)');
- }
- try {
- // Bypass OkHTTPv3 {2}
- // This method of CertificatePinner.check could be found in some old Android app
- const okhttp3_Activity_2 = Java.use('okhttp3.CertificatePinner');
- okhttp3_Activity_2.check.overload('java.lang.String', 'java.security.cert.Certificate').implementation = function (a, b) {
- console.log(' --> Bypassing OkHTTPv3 (cert): ' + a);
- return;
- };
- console.log('[+] OkHTTPv3 (cert)');
- } catch (err) {
- console.log('[ ] OkHTTPv3 (cert)');
- }
- try {
- // Bypass OkHTTPv3 {3}
- const okhttp3_Activity_3 = Java.use('okhttp3.CertificatePinner');
- okhttp3_Activity_3.check.overload('java.lang.String', '[Ljava.security.cert.Certificate;').implementation = function (a, b) {
- console.log(' --> Bypassing OkHTTPv3 (cert array): ' + a);
- return;
- };
- console.log('[+] OkHTTPv3 (cert array)');
- } catch (err) {
- console.log('[ ] OkHTTPv3 (cert array)');
- }
- try {
- // Bypass OkHTTPv3 {4}
- const okhttp3_Activity_4 = Java.use('okhttp3.CertificatePinner');
- okhttp3_Activity_4['check$okhttp'].implementation = function (a, b) {
- console.log(' --> Bypassing OkHTTPv3 ($okhttp): ' + a);
- return;
- };
- console.log('[+] OkHTTPv3 ($okhttp)');
- } catch (err) {
- console.log('[ ] OkHTTPv3 ($okhttp)');
- }
- // Trustkit (triple bypass)
- try {
- // Bypass Trustkit {1}
- const trustkit_Activity_1 = Java.use('com.datatheorem.android.trustkit.pinning.OkHostnameVerifier');
- trustkit_Activity_1.verify.overload('java.lang.String', 'javax.net.ssl.SSLSession').implementation = function (a, b) {
- console.log(' --> Bypassing Trustkit OkHostnameVerifier(SSLSession): ' + a);
- return true;
- };
- console.log('[+] Trustkit OkHostnameVerifier(SSLSession)');
- } catch (err) {
- console.log('[ ] Trustkit OkHostnameVerifier(SSLSession)');
- }
- try {
- // Bypass Trustkit {2}
- const trustkit_Activity_2 = Java.use('com.datatheorem.android.trustkit.pinning.OkHostnameVerifier');
- trustkit_Activity_2.verify.overload('java.lang.String', 'java.security.cert.X509Certificate').implementation = function (a, b) {
- console.log(' --> Bypassing Trustkit OkHostnameVerifier(cert): ' + a);
- return true;
- };
- console.log('[+] Trustkit OkHostnameVerifier(cert)');
- } catch (err) {
- console.log('[ ] Trustkit OkHostnameVerifier(cert)');
- }
- try {
- // Bypass Trustkit {3}
- const trustkit_PinningTrustManager = Java.use('com.datatheorem.android.trustkit.pinning.PinningTrustManager');
- trustkit_PinningTrustManager.checkServerTrusted.implementation = function () {
- console.log(' --> Bypassing Trustkit PinningTrustManager');
- };
- console.log('[+] Trustkit PinningTrustManager');
- } catch (err) {
- console.log('[ ] Trustkit PinningTrustManager');
- }
- // Appcelerator Titanium
- try {
- const appcelerator_PinningTrustManager = Java.use('appcelerator.https.PinningTrustManager');
- appcelerator_PinningTrustManager.checkServerTrusted.implementation = function () {
- console.log(' --> Bypassing Appcelerator PinningTrustManager');
- };
- console.log('[+] Appcelerator PinningTrustManager');
- } catch (err) {
- console.log('[ ] Appcelerator PinningTrustManager');
- }
- // OpenSSLSocketImpl Conscrypt
- try {
- const OpenSSLSocketImpl = Java.use('com.android.org.conscrypt.OpenSSLSocketImpl');
- OpenSSLSocketImpl.verifyCertificateChain.implementation = function (certRefs, JavaObject, authMethod) {
- console.log(' --> Bypassing OpenSSLSocketImpl Conscrypt');
- };
- console.log('[+] OpenSSLSocketImpl Conscrypt');
- } catch (err) {
- console.log('[ ] OpenSSLSocketImpl Conscrypt');
- }
- // OpenSSLEngineSocketImpl Conscrypt
- try {
- const OpenSSLEngineSocketImpl_Activity = Java.use('com.android.org.conscrypt.OpenSSLEngineSocketImpl');
- OpenSSLEngineSocketImpl_Activity.verifyCertificateChain.overload('[Ljava.lang.Long;', 'java.lang.String').implementation = function (a, b) {
- console.log(' --> Bypassing OpenSSLEngineSocketImpl Conscrypt: ' + b);
- };
- console.log('[+] OpenSSLEngineSocketImpl Conscrypt');
- } catch (err) {
- console.log('[ ] OpenSSLEngineSocketImpl Conscrypt');
- }
- // OpenSSLSocketImpl Apache Harmony
- try {
- const OpenSSLSocketImpl_Harmony = Java.use('org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl');
- OpenSSLSocketImpl_Harmony.verifyCertificateChain.implementation = function (asn1DerEncodedCertificateChain, authMethod) {
- console.log(' --> Bypassing OpenSSLSocketImpl Apache Harmony');
- };
- console.log('[+] OpenSSLSocketImpl Apache Harmony');
- } catch (err) {
- console.log('[ ] OpenSSLSocketImpl Apache Harmony');
- }
- // PhoneGap sslCertificateChecker (https://github.com/EddyVerbruggen/SSLCertificateChecker-PhoneGap-Plugin)
- try {
- const phonegap_Activity = Java.use('nl.xservices.plugins.sslCertificateChecker');
- phonegap_Activity.execute.overload('java.lang.String', 'org.json.JSONArray', 'org.apache.cordova.CallbackContext').implementation = function (a, b, c) {
- console.log(' --> Bypassing PhoneGap sslCertificateChecker: ' + a);
- return true;
- };
- console.log('[+] PhoneGap sslCertificateChecker');
- } catch (err) {
- console.log('[ ] PhoneGap sslCertificateChecker');
- }
- // IBM MobileFirst pinTrustedCertificatePublicKey (double bypass)
- try {
- // Bypass IBM MobileFirst {1}
- const WLClient_Activity_1 = Java.use('com.worklight.wlclient.api.WLClient');
- WLClient_Activity_1.getInstance().pinTrustedCertificatePublicKey.overload('java.lang.String').implementation = function (cert) {
- console.log(' --> Bypassing IBM MobileFirst pinTrustedCertificatePublicKey (string): ' + cert);
- return;
- };
- console.log('[+] IBM MobileFirst pinTrustedCertificatePublicKey (string)');
- } catch (err) {
- console.log('[ ] IBM MobileFirst pinTrustedCertificatePublicKey (string)');
- }
- try {
- // Bypass IBM MobileFirst {2}
- const WLClient_Activity_2 = Java.use('com.worklight.wlclient.api.WLClient');
- WLClient_Activity_2.getInstance().pinTrustedCertificatePublicKey.overload('[Ljava.lang.String;').implementation = function (cert) {
- console.log(' --> Bypassing IBM MobileFirst pinTrustedCertificatePublicKey (string array): ' + cert);
- return;
- };
- console.log('[+] IBM MobileFirst pinTrustedCertificatePublicKey (string array)');
- } catch (err) {
- console.log('[ ] IBM MobileFirst pinTrustedCertificatePublicKey (string array)');
- }
- // IBM WorkLight (ancestor of MobileFirst) HostNameVerifierWithCertificatePinning (quadruple bypass)
- try {
- // Bypass IBM WorkLight {1}
- const worklight_Activity_1 = Java.use('com.worklight.wlclient.certificatepinning.HostNameVerifierWithCertificatePinning');
- worklight_Activity_1.verify.overload('java.lang.String', 'javax.net.ssl.SSLSocket').implementation = function (a, b) {
- console.log(' --> Bypassing IBM WorkLight HostNameVerifierWithCertificatePinning (SSLSocket): ' + a);
- return;
- };
- console.log('[+] IBM WorkLight HostNameVerifierWithCertificatePinning (SSLSocket)');
- } catch (err) {
- console.log('[ ] IBM WorkLight HostNameVerifierWithCertificatePinning (SSLSocket)');
- }
- try {
- // Bypass IBM WorkLight {2}
- const worklight_Activity_2 = Java.use('com.worklight.wlclient.certificatepinning.HostNameVerifierWithCertificatePinning');
- worklight_Activity_2.verify.overload('java.lang.String', 'java.security.cert.X509Certificate').implementation = function (a, b) {
- console.log(' --> Bypassing IBM WorkLight HostNameVerifierWithCertificatePinning (cert): ' + a);
- return;
- };
- console.log('[+] IBM WorkLight HostNameVerifierWithCertificatePinning (cert)');
- } catch (err) {
- console.log('[ ] IBM WorkLight HostNameVerifierWithCertificatePinning (cert)');
- }
- try {
- // Bypass IBM WorkLight {3}
- const worklight_Activity_3 = Java.use('com.worklight.wlclient.certificatepinning.HostNameVerifierWithCertificatePinning');
- worklight_Activity_3.verify.overload('java.lang.String', '[Ljava.lang.String;', '[Ljava.lang.String;').implementation = function (a, b) {
- console.log(' --> Bypassing IBM WorkLight HostNameVerifierWithCertificatePinning (string string): ' + a);
- return;
- };
- console.log('[+] IBM WorkLight HostNameVerifierWithCertificatePinning (string string)');
- } catch (err) {
- console.log('[ ] IBM WorkLight HostNameVerifierWithCertificatePinning (string string)');
- }
- try {
- // Bypass IBM WorkLight {4}
- const worklight_Activity_4 = Java.use('com.worklight.wlclient.certificatepinning.HostNameVerifierWithCertificatePinning');
- worklight_Activity_4.verify.overload('java.lang.String', 'javax.net.ssl.SSLSession').implementation = function (a, b) {
- console.log(' --> Bypassing IBM WorkLight HostNameVerifierWithCertificatePinning (SSLSession): ' + a);
- return true;
- };
- console.log('[+] IBM WorkLight HostNameVerifierWithCertificatePinning (SSLSession)');
- } catch (err) {
- console.log('[ ] IBM WorkLight HostNameVerifierWithCertificatePinning (SSLSession)');
- }
- // Conscrypt CertPinManager
- try {
- const conscrypt_CertPinManager_Activity = Java.use('com.android.org.conscrypt.CertPinManager');
- conscrypt_CertPinManager_Activity.isChainValid.overload('java.lang.String', 'java.util.List').implementation = function (a, b) {
- console.log(' --> Bypassing Conscrypt CertPinManager: ' + a);
- return true;
- };
- console.log('[+] Conscrypt CertPinManager');
- } catch (err) {
- console.log('[ ] Conscrypt CertPinManager');
- }
- // CWAC-Netsecurity (unofficial back-port pinner for Android<4.2) CertPinManager
- try {
- const cwac_CertPinManager_Activity = Java.use('com.commonsware.cwac.netsecurity.conscrypt.CertPinManager');
- cwac_CertPinManager_Activity.isChainValid.overload('java.lang.String', 'java.util.List').implementation = function (a, b) {
- console.log(' --> Bypassing CWAC-Netsecurity CertPinManager: ' + a);
- return true;
- };
- console.log('[+] CWAC-Netsecurity CertPinManager');
- } catch (err) {
- console.log('[ ] CWAC-Netsecurity CertPinManager');
- }
- // Worklight Androidgap WLCertificatePinningPlugin
- try {
- const androidgap_WLCertificatePinningPlugin_Activity = Java.use('com.worklight.androidgap.plugin.WLCertificatePinningPlugin');
- androidgap_WLCertificatePinningPlugin_Activity.execute.overload('java.lang.String', 'org.json.JSONArray', 'org.apache.cordova.CallbackContext').implementation = function (a, b, c) {
- console.log(' --> Bypassing Worklight Androidgap WLCertificatePinningPlugin: ' + a);
- return true;
- };
- console.log('[+] Worklight Androidgap WLCertificatePinningPlugin');
- } catch (err) {
- console.log('[ ] Worklight Androidgap WLCertificatePinningPlugin');
- }
- // Netty FingerprintTrustManagerFactory
- try {
- const netty_FingerprintTrustManagerFactory = Java.use('io.netty.handler.ssl.util.FingerprintTrustManagerFactory');
- netty_FingerprintTrustManagerFactory.checkTrusted.implementation = function (type, chain) {
- console.log(' --> Bypassing Netty FingerprintTrustManagerFactory');
- };
- console.log('[+] Netty FingerprintTrustManagerFactory');
- } catch (err) {
- console.log('[ ] Netty FingerprintTrustManagerFactory');
- }
- // Squareup CertificatePinner [OkHTTP<v3] (double bypass)
- try {
- // Bypass Squareup CertificatePinner {1}
- const Squareup_CertificatePinner_Activity_1 = Java.use('com.squareup.okhttp.CertificatePinner');
- Squareup_CertificatePinner_Activity_1.check.overload('java.lang.String', 'java.security.cert.Certificate').implementation = function (a, b) {
- console.log(' --> Bypassing Squareup CertificatePinner (cert): ' + a);
- return;
- };
- console.log('[+] Squareup CertificatePinner (cert)');
- } catch (err) {
- console.log('[ ] Squareup CertificatePinner (cert)');
- }
- try {
- // Bypass Squareup CertificatePinner {2}
- const Squareup_CertificatePinner_Activity_2 = Java.use('com.squareup.okhttp.CertificatePinner');
- Squareup_CertificatePinner_Activity_2.check.overload('java.lang.String', 'java.util.List').implementation = function (a, b) {
- console.log(' --> Bypassing Squareup CertificatePinner (list): ' + a);
- return;
- };
- console.log('[+] Squareup CertificatePinner (list)');
- } catch (err) {
- console.log('[ ] Squareup CertificatePinner (list)');
- }
- // Squareup OkHostnameVerifier [OkHTTP v3] (double bypass)
- try {
- // Bypass Squareup OkHostnameVerifier {1}
- const Squareup_OkHostnameVerifier_Activity_1 = Java.use('com.squareup.okhttp.internal.tls.OkHostnameVerifier');
- Squareup_OkHostnameVerifier_Activity_1.verify.overload('java.lang.String', 'java.security.cert.X509Certificate').implementation = function (a, b) {
- console.log(' --> Bypassing Squareup OkHostnameVerifier (cert): ' + a);
- return true;
- };
- console.log('[+] Squareup OkHostnameVerifier (cert)');
- } catch (err) {
- console.log('[ ] Squareup OkHostnameVerifier (cert)');
- }
- try {
- // Bypass Squareup OkHostnameVerifier {2}
- const Squareup_OkHostnameVerifier_Activity_2 = Java.use('com.squareup.okhttp.internal.tls.OkHostnameVerifier');
- Squareup_OkHostnameVerifier_Activity_2.verify.overload('java.lang.String', 'javax.net.ssl.SSLSession').implementation = function (a, b) {
- console.log(' --> Bypassing Squareup OkHostnameVerifier (SSLSession): ' + a);
- return true;
- };
- console.log('[+] Squareup OkHostnameVerifier (SSLSession)');
- } catch (err) {
- console.log('[ ] Squareup OkHostnameVerifier (SSLSession)');
- }
- // Android WebViewClient (double bypass)
- try {
- // Bypass WebViewClient {1} (deprecated from Android 6)
- const AndroidWebViewClient_Activity_1 = Java.use('android.webkit.WebViewClient');
- AndroidWebViewClient_Activity_1.onReceivedSslError.overload('android.webkit.WebView', 'android.webkit.SslErrorHandler', 'android.net.http.SslError').implementation = function (obj1, obj2, obj3) {
- console.log(' --> Bypassing Android WebViewClient (SslErrorHandler)');
- };
- console.log('[+] Android WebViewClient (SslErrorHandler)');
- } catch (err) {
- console.log('[ ] Android WebViewClient (SslErrorHandler)');
- }
- try {
- // Bypass WebViewClient {2}
- const AndroidWebViewClient_Activity_2 = Java.use('android.webkit.WebViewClient');
- AndroidWebViewClient_Activity_2.onReceivedSslError.overload('android.webkit.WebView', 'android.webkit.WebResourceRequest', 'android.webkit.WebResourceError').implementation = function (obj1, obj2, obj3) {
- console.log(' --> Bypassing Android WebViewClient (WebResourceError)');
- };
- console.log('[+] Android WebViewClient (WebResourceError)');
- } catch (err) {
- console.log('[ ] Android WebViewClient (WebResourceError)');
- }
- // Apache Cordova WebViewClient
- try {
- const CordovaWebViewClient_Activity = Java.use('org.apache.cordova.CordovaWebViewClient');
- CordovaWebViewClient_Activity.onReceivedSslError.overload('android.webkit.WebView', 'android.webkit.SslErrorHandler', 'android.net.http.SslError').implementation = function (obj1, obj2, obj3) {
- console.log(' --> Bypassing Apache Cordova WebViewClient');
- obj3.proceed();
- };
- } catch (err) {
- console.log('[ ] Apache Cordova WebViewClient');
- }
- // Boye AbstractVerifier
- try {
- const boye_AbstractVerifier = Java.use('ch.boye.httpclientandroidlib.conn.ssl.AbstractVerifier');
- boye_AbstractVerifier.verify.implementation = function (host, ssl) {
- console.log(' --> Bypassing Boye AbstractVerifier: ' + host);
- };
- } catch (err) {
- console.log('[ ] Boye AbstractVerifier');
- }
- // Appmattus
- try {
- const appmatus_Activity = Java.use('com.appmattus.certificatetransparency.internal.verifier.CertificateTransparencyInterceptor');
- appmatus_Activity['intercept'].implementation = function (a) {
- console.log(' --> Bypassing Appmattus (Transparency)');
- return a.proceed(a.request());
- };
- console.log('[+] Appmattus (Transparency)');
- } catch (err) {
- console.log('[ ] Appmattus (Transparency)');
- }
- console.log("Unpinning setup completed");
- console.log("---");
- });
- }, 0);
- /*
- Java.perform(function () {
- var foy = Java.use('f8');
- foy.invoke.overload('java.lang.Object', 'java.lang.Object').implementation = function(a) {
- console.log(a);
- return this.invoke(a);
- }
- })
- */
- var N_ENCRYPT_MODE = 1
- var N_DECRYPT_MODE = 2
- function showStacks() {
- var Exception = Java.use("java.lang.Exception");
- var ins = Exception.$new("Exception");
- var straces = ins.getStackTrace();
- if (undefined == straces || null == straces) {
- return;
- }
- console.log("============================= Stack strat=======================");
- console.log("");
- /*
- for (var i = 0; i < straces.length; i++) {
- var str = " " + straces[i].toString();
- if (!str.includes('Native')){
- console.log(str);
- }}
- */
- console.log("");
- console.log("============================= Stack end=======================\r\n");
- Exception.$dispose();
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement