How to jailbreak iOS 16 using palera1n

Building iOS environment for reverse engineering. How to jailbreak iOS 15~18 using palera1n. Install Sileo and frida .

Using IDAPython to Make Your Life Easier: Part 1 - Setup Environment

Background

As a reverse engineer, I often use IDA Pro in my daily work. This is not surprising, as IDA Pro is the industry standard (although alternatives such as radare2 and Hopper are becoming increasingly popular). One of the most powerful features of IDA that I recommended all reverse engineers is the Python extension, aptly named 'IDAPython', which exposes a large number of IDA …

[Android]追书神器：章节内容解密分析

章节内容解密

package com.ushaqi.zhuishushenqi.reader.txtreader.activity;
public class ReaderNewActivity{
    private void a(FineBookConfigBean bean){

    }
}

示例数据

// 章节解密密码
auth.zhuishushenqi.com
productLine=1&
startSeqId=2669&
cp=567b60b6ea95f6ea479a177e&token=tyU2QCjdYHCNyeF8e6476ef1f13b652d13d25d2310eeca5f69e15570325cbac7fd0286494441df9829eb2de8a8b333a98f328b4ba39c4b5475118db133d1742945d11d88087f117c8a4227dce946dd92f13f914076840c97&
bookId=516531015a29ee6a5e0000e1&
chapterNum=1

Frida : 在Android上简单使用

环境搭建

frida-server : 12.8.19

下载frida-server并解压

xz -d frida-server-12.8.19-android-arm64.xz
adb push frida-server-12.8.19-android-arm64 /data/local/tmp/frida-server-arm64

修改权限并启动frida-server

adb shell
cd /data/local/tmp
chown root:root frida-server-arm64
chmod a+x frida-server-arm64
./frida-server-arm64

遇到的问题

Unable to preload: Unable to access process with pid 402 …

capture package with charles

C++ 继承

export NDK_ROOT=~/android-ndk-r18b

${NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/clang
  --target=x86_64-none-linux-android
  --gcc-toolchain=${NDK_ROOT}/toolchains/x86_64-4.9/prebuilt/linux-x86_64
  --sysroot=${NDK_ROOT}/sysroot
  -isystem ${NDK_ROOT}/sysroot/usr/include/x86_64-linux-android
  -pie -o  hello.c.o -c hello.c

${NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/clang
  --target=x86_64-none-linux-android
  --gcc-toolchain=${NDK_ROOT}/toolchains/x86_64-4.9/prebuilt/linux-x86_64
  --sysroot  ${NDK_ROOT}/platforms/android-21/arch-x86_64
  -pie hello.c.o -o hello

  ${NDK_ROOT …

hacking android app with frida

环境安装

frida-server
frida-tools

pip3 install frida
pip3 install frida-tools

基础用法

frida-ps -U
frida-trace -U -i "recvfrom" com.android.chrome

Javascript example 1

Java.enumerateLoadedClasses(
  {
  "onMatch": function(className){ 
        console.log(className) 
    },
  "onComplete":function(){}
  }
)

Javascript example 2:chrome.js

Java.perform(function () {
    var Activity = Java.use("android.app.Activity");
    Activity.onResume.implementation = function () {
        console.log("[*] onResume() got called!");
        this.onResume …