Hack. Eat. Sleep. Repeat!!!
//Hooking methods
Java.perform(function() {
var mainActivity = Java.use('com.ad2001.frida0x1.MainActivity');
//Textview
mainActivity.get_random.overload().implementation = function() {
console.log('[+] Hooked get_random');
return 1;
}
})
public static void get_flag(int a) {
if (a == 4919) {
try {
SecretKeySpec secretKeySpec = new SecretKeySpec("HILLBILLWILLBINN".getBytes(), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
IvParameterSpec iv = new IvParameterSpec(new byte[16]);
cipher.init(2, secretKeySpec, iv);
byte[] decryptedBytes = cipher.doFinal(Base64.decode("q7mBQegjhpfIAr0OgfLvH0t/D0Xi0ieG0vd+8ZVW+b4=", 0));
String decryptedText = new String(decryptedBytes);
t1.setText(decryptedText);
} catch (Exception e) {
e.printStackTrace();
}
}
}
Java.perform(function() {
var check = Java.use("com.ad2001.frida0x2.MainActivity");
check.get_flag(4919);
})
Java.perform(function() {
var checker = Java.use('com.ad2001.frida0x3.Checker');
checker.code.value = 512;
})
//Vulnerable code
package com.ad2001.frida0x4;
/* JADX INFO: loaded from: classes3.dex */
public class Check {
public String get_flag(int a) {
if (a == 1337) {
byte[] decoded = new byte["I]FKNtW@]JKPFA\\[NALJr".getBytes().length];
for (int i = 0; i < "I]FKNtW@]JKPFA\\[NALJr".getBytes().length; i++) {
decoded[i] = (byte) ("I]FKNtW@]JKPFA\\[NALJr".getBytes()[i] ^ 15);
}
return new String(decoded);
}
return "";
}
}
Java.perform(function() {
var cls = Java.use('com.ad2001.frida0x4.Check');
var obj = cls.$new();
console.log(obj.get_flag(1337));
})