-
-
Save 4ft35t/c1a8adf3df5a83bc5ca11e9d0b7b5501 to your computer and use it in GitHub Desktop.
Revisions
-
d3vilbug created this gist
Nov 2, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,53 @@ #!/usr/bin/env python3 from __future__ import print_function import frida import sys import json import time def on_message(message, payload): if(message['type'] == 'send'): rec_data = json.loads(message['payload']) if rec_data['my_type'] == 'IV': print("[$] IvParameterSpec :: {}".format(payload.decode('utf-8'))) elif rec_data['my_type'] == 'KEY': print("[$] SecretSpecKey :: {}".format(payload.decode('utf-8'))) else: print(message) else: print(message) js_code = """ console.log("Script loaded"); Java.perform(function x() { //hooking SecretKeySpec's constructor to get the SecretKeySpec var secret_key_spec = Java.use("javax.crypto.spec.SecretKeySpec"); secret_key_spec.$init.overload("[B", "java.lang.String").implementation = function (x, y) { send('{"my_type" : "KEY"}', new Uint8Array(x)); return this.$init(x, y); } //hooking IvParameterSpec's constructor to get the IV var iv_parameter_spec = Java.use("javax.crypto.spec.IvParameterSpec"); iv_parameter_spec.$init.overload("[B").implementation = function (x) { send('{"my_type" : "IV"}', new Uint8Array(x)); return this.$init(x); } }); """ # device = frida.get_usb_device() # pid = device.spawn(["com.example.a11x256.frida_test"]) # device.resume(pid) # time.sleep(1) # session = device.attach(pid) session = frida.get_usb_device().attach('com.example.a11x256.frida_test') script = session.create_script(js_code) script.on("message", on_message) script.load() sys.stdin.read()