#Hooking SafetyNet stuff for fun (no profit tho :( )
#Several Functions just uncomment to use or modify :)
#by T31M

import frida
import sys

PACKAGE_NAME = "com.nianticlabs.pokemongo"

process = frida.get_usb_device().attach(PACKAGE_NAME)
print("Attached")

script = process.create_script("""

/*
Java.enumerateLoadedClasses({
    onMatch: function(match) {
        if(match.indexOf("safetynet") !== -1)
            send("Enumerate: " + match );

            Java.perform(function () {
            var TM = Java.use(match);
            TM.init.implementation = function (args) {
                send(args);
            }
            });

    },    
    onComplete: function() { }
});
*/

/*
var module = Process.findModuleByName("libcrypto.so");
//var exports = Module.enumerateExportsSync("libc.so");

//Process.enumerateModulesSync().forEach(function (module) {
    //send(module);
    Module.enumerateExportsSync(module.name).forEach(function (exp) {

        //send("Hook: " + exp.name + " in: " + module.name + " at: " + ptr(exp.address));

        try {
            Interceptor.attach(ptr(exp.address), {
                onEnter: function (args) {
                    send("Called: "+ exp.name);
                }
            });
         } catch (e) {
            send("Error: " + e + " at F: " + exp.name + "in M: " + module.name);
         }
    });
//});

*/

Java.perform(function () {
    //var TM = Java.use("com.google.android.gms.safetynet.SafetyNetApi");
    var TM = Java.use("com.nianticlabs.nia.platform.SafetyNetService");
    TM.checkResult.implementation = function (result) {
        this.result = result;
        send("Debug: checkResult() got called! Let's call the original implementation");
        send("Hook: Result: " + result);
        orig = this.checkResult(result);
        send("Original Returned: " + orig);
        return orig;
    };
});

Java.perform(function () {
    var TM = Java.use("com.nianticlabs.nia.platform.SafetyNetService");
    TM.nativeAttestResponse.implementation = function (nonce, result) {
            send("Debug: NativeAttestResponse() got called! Let's call the original implementation");
            send("Hook: Nonce: " + nonce);
            send("Hook: Result: " + result);
            //send("Original Returned: " + this.nativeAttestResponse(nonce, this.result));
            //return True;
    };
});

/*
Java.perform(function () {
    var TM = Java.use("com.nianticlabs.nia.platform.SafetyNetService");
    TM.attestResponse.implementation = function (nonce, result) {
            send("Debug: attestResponse() got called! Let's call the original implementation");
            send("Hook: Nonce: " + nonce);
            send("Hook: Result: " + result);
            send("Original Returned: " + this.attestResponse(nonce, this.result));
            //return True;
    };
});
*/

Java.perform(function() {
        var TM = Java.use("java.lang.StringBuilder");
        TM.append.overload("java.lang.String").implementation = function (add) {
            if(add.indexOf("rmn") == -1 && add != "" && add != ":" && add.indexOf("Thread") && add.length > 5) {
                send(add);
            }
            return (this.append(add));
        };
    });


""")

def get_messages(message, data):
    if message['type'] == 'send':
        payload = message['payload']
        print(payload);
    else:
        print (message)
 
script.on('message',get_messages)
script.load()
print("Script Loaded")
sys.stdin.read()