d3vilbug/frida-get-AES-keys

Hi d2vilbug, I tried the python code, it is also showing the syntax error, can u check please. Sent from Mail for Windows 10 From: Abdul Wahab Sent: Thursday, October 10, 2019 11:14 AM To: d3vilbug Cc: gurtej741; Mention Subject: Re: d3vilbug/frida-get-AES-keys Hi @gurtej741 You can try this script. https://11x256.github.io/Frida-hooking-android-part-5/ — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

Yes, I tied with 5s.js file. I also checked the python complier online it shows the same issue. Sent from Mail for Windows 10 From: Abdul Wahab Sent: Thursday, October 10, 2019 1:49 PM To: d3vilbug Cc: gurtej741; Mention Subject: Re: d3vilbug/frida-get-AES-keys and did you also used the .js file from the same link? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

Please find the attachment.you need to change .txt to .js

import time import frida import json enc_cipher_hashcodes = [] #cipher objects with Cipher.ENCRYPT_MODE will be stored here dec_cipher_hashcodes = [] #cipher objects with Cipher.ENCRYPT_MODE will be stored here def my_message_handler(message, payload): #mainly printing the data sent from the js code, and managing the cipher objects according to their operation mode if message["type"] == "send": # print message["payload"] my_json = json.loads(message["payload"]) if my_json["my_type"] == "KEY": print "Key sent to SecretKeySpec()", payload.encode("hex") elif my_json["my_type"] == "IV": print "Iv sent to IvParameterSpec()", payload.encode("hex") elif my_json["my_type"] == "hashcode_enc": enc_cipher_hashcodes.append(my_json["hashcode"]) elif my_json["my_type"] == "hashcode_dec": dec_cipher_hashcodes.append(my_json["hashcode"]) elif my_json["my_type"] == "Key from call to cipher init": print "Key sent to cipher init()", payload.encode("hex") elif my_json["my_type"] == "IV from call to cipher init": print "Iv sent to cipher init()", payload.encode("hex") elif my_json["my_type"] == "before_doFinal" and my_json["hashcode"] in enc_cipher_hashcodes: #if the cipher object has Cipher.MODE_ENCRYPT as the operation mode, the data before doFinal will be printed #and the data returned (ciphertext) will be ignored print "Data to be encrypted :", payload elif my_json["my_type"] == "after_doFinal" and my_json["hashcode"] in dec_cipher_hashcodes: print "Decrypted data :", payload else: print message print '*' * 16 print payload device = frida.get_usb_device() pid = device.spawn(["com.example.a11x256.frida_test"]) device.resume(pid) time.sleep(1) # Without it Java.perform silently fails session = device.attach(pid) with open("s5.js") as f: script = session.create_script(f.read()) script.on("message", my_message_handler) # register the message handler script.load() raw_input() console.log("Script loaded successfully 55"); Java.perform(function x(){ var secret_key_spec = Java.use("javax.crypto.spec.SecretKeySpec"); secret_key_spec.$init.overload("[B", "java.lang.String").implementation = function(x , y){ send('{"my_type" : "KEY"}' ,new Uint8Array(x)); //console.log(xx.join(" ")) return this.$init(x , y); } var iv_parameter_spec = Java.use("javax.crypto.spec.IvParameterSpec"); iv_parameter_spec.$init.overload("[B").implementation = function(x){ send('{"my_type" : "IV"}' , new Uint8Array(x)); return this.$init(x); } var cipher = Java.use("javax.crypto.Cipher"); cipher.init.overload("int" , "java.security.Key" , "java.security.spec.AlgorithmParameterSpec").implementation = function(x,y,z){ //console.log(z.getClass()); if (x == 1) send('{"my_type" : "hashcode_enc", "hashcode" :"' +this.hashCode().toString() +'" }'); else send('{"my_type" : "hashcode_dec", "hashcode" :"' +this.hashCode().toString() +'" }'); send('{"my_type" : "Key from call to cipher init"}', new Uint8Array(y.getEncoded()) ); send('{"my_type" : "IV from call to cipher init"}' , new Uint8Array(Java.cast(z , iv_parameter_spec).getIV() )); return cipher.init.overload("int" , "java.security.Key" , "java.security.spec.AlgorithmParameterSpec").call(this,x,y,z); } cipher.doFinal.overload("[B").implementation = function(x){ send('{"my_type" : "before_doFinal" , "hashcode" :"' +this.hashCode().toString() +'" }' , new Uint8Array(x)); var ret = cipher.doFinal.overload("[B").call(this,x); send('{"my_type" : "after_doFinal" , "hashcode" :"' +this.hashCode().toString() +'" }' , new Uint8Array(ret)); return ret; } });

HI, Did you got any solution. Sent from Mail for Windows 10 From: Gurtej SINGH Sent: Thursday, October 10, 2019 8:46 PM To: d3vilbug Cc: d3vilbug; Mention Subject: Re: d3vilbug/frida-get-AES-keys Please find the attachment.you need to change .txt to .js On Thu, Oct 10, 2019 at 8:18 PM Abdul Wahab <[email protected]> wrote: Can you share your .js and .py files ?? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

Hello, I found a bypass for *AES/CBC/PKCS5Padding*, now I'm trying to reverse engine a new application that is may using *AES/CBC/PKCS7Padding *or *AES/GCM/NoPadding* do have an idea, I've texted you on twitter, I really need a help from an expert like you thanks