/
file.py
51 lines (35 loc) · 1.33 KB
/
file.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import frida
import sys
from subprocess import Popen
package_name = "com.jni.anto.kalip"
def get_messages_from_js(message, data):
print(message)
def fake_file_checks():
hook_code = """
setTimeout(function(){
Dalvik.perform(function () {
var TM = Dalvik.use("java.io.File");
TM.exists.implementation = function () {
send("Called - canRead()");
console.log(this.path['value']);
var file_path = this.path['value'];
var root_locations = ['/bin/su','/xbin/su','Superuser.apk','busybox','/sdcard/test'];
for (i = 0; i < root_locations.length; i++) {
console.log(" Comparing " + root_locations[i] + " with "+file_path);
if(root_locations[i] === file_path){
console.log('lalal');
return false;
}
}
return true;
};
});
},0);
"""
return hook_code
Popen("adb forward tcp:27042 tcp:27042", shell=True).wait()
process = frida.get_device_manager().enumerate_devices()[-1].attach(package_name)
script = process.create_script(fake_file_checks())
script.on('message',get_messages_from_js)
script.load()
sys.stdin.read()