• Unicorn使用笔记(一):安装

     · Grape

    Unicorn 是一个模拟执行库,支持多个平台,在逆向工程中动态分析指令流程非常有用。

    笔者某些IDA脚本需要依赖unicorn,今天在安装后,发现不能使用 …

  • How to jailbreak iOS 16 using palera1n

     · 7 min read  · Grape

    Building iOS environment for reverse engineering. How to jailbreak iOS 15~18 using palera1n. Install Sileo and frida .

  • Using IDAPython to Make Your Life Easier: Part 1 - Setup Environment

     · 3 min read  · Grape

    Background

    As a reverse engineer, I often use IDA Pro in my daily work. This is not surprising, as IDA Pro is the industry standard (although alternatives such as radare2 and Hopper are becoming increasingly popular). One of the most powerful features of IDA that I recommended all reverse engineers …

  • [Android]追书神器:章节内容解密分析

     · Grape

    章节内容解密

    package com.ushaqi.zhuishushenqi.reader.txtreader.activity;
public class ReaderNewActivity{
    private void a(FineBookConfigBean bean){

    }
}

    示例数据

    // 章节解密密码
auth.zhuishushenqi.com
productLine=1&
startSeqId=2669&
cp=567b60b6ea95f6ea479a177e&token=tyU2QCjdYHCNyeF8e6476ef1f13b652d13d25d2310eeca5f69e15570325cbac7fd0286494441df9829eb2de8a8b333a98f328b4ba39c4b5475118db133d1742945d11d88087f117c8a4227dce946dd92f13f914076840c97&
bookId=516531015a29ee6a5e0000e1&
chapterNum=1

  • Frida : 在Android上简单使用

     · Grape

    环境搭建

    frida-server : 12.8.19

    下载frida-server并解压

    xz -d frida-server-12.8.19-android-arm64.xz
adb push frida-server-12.8.19-android-arm64 /data/local/tmp/frida-server-arm64

    修改权限并启动frida-server

    adb shell
cd /data/local/tmp
chown root:root frida-server-arm64
chmod a+x frida-server-arm64
./frida-server-arm64

    遇 …

  • capture package with charles

     · Grape

  • C++ 继承

     · 7 min read  · Grape 
    export NDK_ROOT=~/android-ndk-r18b

${NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/clang
  --target=x86_64-none-linux-android
  --gcc-toolchain=${NDK_ROOT}/toolchains/x86_64-4.9/prebuilt/linux-x86_64
  --sysroot=${NDK_ROOT}/sysroot
  -isystem ${NDK_ROOT}/sysroot/usr/include/x86_64-linux-android
  -pie -o  hello.c.o -c hello.c

${NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/clang
  --target=x86_64-none-linux-android
  --gcc-toolchain=${NDK_ROOT}/toolchains/x86_64-4.9 …

  • hacking android app with frida

     · Grape

    环境安装

    • frida-server
    • frida-tools
    pip3 install frida
pip3 install frida-tools

    基础用法

    frida-ps -U
frida-trace -U -i "recvfrom" com.android.chrome

    Javascript example 1

    Java.enumerateLoadedClasses(
  {
  "onMatch": function(className){ 
        console.log(className) 
    },
  "onComplete":function(){}
  }
)

    Javascript example 2:chrome.js

    Java.perform(function () {
    var Activity = Java.use …