hacktricks/mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md

# Frida教程3

<details>

<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks云 ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>

* 你在一家**网络安全公司**工作吗？想要在HackTricks中**宣传你的公司**吗？或者你想要**获取PEASS的最新版本或下载PDF格式的HackTricks**吗？请查看[**订阅计划**](https://github.com/sponsors/carlospolop)！
* 发现我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)收藏品——[**The PEASS Family**](https://opensea.io/collection/the-peass-family)
* 获取[**官方PEASS和HackTricks周边产品**](https://peass.creator-spring.com)
* **加入**[**💬**](https://emojipedia.org/speech-balloon/) [**Discord群组**](https://discord.gg/hRep4RUj7f)或[**电报群组**](https://t.me/peass)，或者**关注**我在**Twitter**上的[**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**。**
* **通过向**[**hacktricks repo**](https://github.com/carlospolop/hacktricks) **和**[**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud) **提交PR来分享你的黑客技巧。**

</details>

<figure><img src="https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-L_2uGJGU7AVNRcqRvEi%2Fuploads%2FwdlXOpyZOVGNzyhOiiFK%2Fimage%20(1).png?alt=media&#x26;token=13f4d279-7d3f-47ce-a68e-35f9a906973f" alt=""><figcaption></figcaption></figure>

如果你对**黑客职业**感兴趣并且想要破解不可破解的东西-**我们正在招聘！**（需要流利的波兰语书写和口语能力）。

{% embed url="https://www.stmcyber.com/careers" %}

\\

***

**来源**: [https://joshspicer.com/android-frida-1](https://joshspicer.com/android-frida-1)\
**APK**: [https://github.com/OWASP/owasp-mstg/blob/master/Crackmes/Android/Level\_01/UnCrackable-Level1.apk](https://github.com/OWASP/owasp-mstg/blob/master/Crackmes/Android/Level\_01/UnCrackable-Level1.apk)

## 解决方案1

基于[https://joshspicer.com/android-frida-1](https://joshspicer.com/android-frida-1)

**Hook \_exit()**\_函数和**解密函数**，这样当你按下验证按钮时，它会在frida控制台中打印出flag：
```javascript
Java.perform(function () {
send("Starting hooks OWASP uncrackable1...");

function getString(data){
var ret = "";
for (var i=0; i < data.length; i++){
ret += "#" + data[i].toString();
}
return ret
}

var aes_decrypt = Java.use("sg.vantagepoint.a.a");
aes_decrypt.a.overload("[B","[B").implementation = function(var_0,var_1) {
send("sg.vantagepoint.a.a.a([B[B)[B   doFinal(enc)  // AES/ECB/PKCS7Padding");
send("Key       : " + getString(var_0));
send("Encrypted : " + getString(var_1));
var ret = this.a.overload("[B","[B").call(this,var_0,var_1);
send("Decrypted : " + getString(ret));

var flag = "";
for (var i=0; i < ret.length; i++){
flag += String.fromCharCode(ret[i]);
}
send("Decrypted flag: " + flag);
return ret; //[B
};

var sysexit = Java.use("java.lang.System");
sysexit.exit.overload("int").implementation = function(var_0) {
send("java.lang.System.exit(I)V  // We avoid exiting the application  :)");
};

send("Hooks installed.");
});
```
## 解决方案2

基于[https://joshspicer.com/android-frida-1](https://joshspicer.com/android-frida-1)

**钩住root检查**和解密函数，使其在按下验证按钮时在frida控制台打印出标志。
```javascript
Java.perform(function () {
send("Starting hooks OWASP uncrackable1...");

function getString(data){
var ret = "";
for (var i=0; i < data.length; i++){
ret += "#" + data[i].toString();
}
return ret
}

var aes_decrypt = Java.use("sg.vantagepoint.a.a");
aes_decrypt.a.overload("[B","[B").implementation = function(var_0,var_1) {
send("sg.vantagepoint.a.a.a([B[B)[B   doFinal(enc)  // AES/ECB/PKCS7Padding");
send("Key       : " + getString(var_0));
send("Encrypted : " + getString(var_1));
var ret = this.a.overload("[B","[B").call(this,var_0,var_1);
send("Decrypted : " + getString(ret));

var flag = "";
for (var i=0; i < ret.length; i++){
flag += String.fromCharCode(ret[i]);
}
send("Decrypted flag: " + flag);
return ret; //[B
};

var rootcheck1 = Java.use("sg.vantagepoint.a.c");
rootcheck1.a.overload().implementation = function() {
send("sg.vantagepoint.a.c.a()Z   Root check 1 HIT!  su.exists()");
return false;
};

var rootcheck2 = Java.use("sg.vantagepoint.a.c");
rootcheck2.b.overload().implementation = function() {
send("sg.vantagepoint.a.c.b()Z  Root check 2 HIT!  test-keys");
return false;
};

var rootcheck3 = Java.use("sg.vantagepoint.a.c");
rootcheck3.c.overload().implementation = function() {
send("sg.vantagepoint.a.c.c()Z  Root check 3 HIT!  Root packages");
return false;
};

var debugcheck = Java.use("sg.vantagepoint.a.b");
debugcheck.a.overload("android.content.Context").implementation = function(var_0) {
send("sg.vantagepoint.a.b.a(Landroid/content/Context;)Z  Debug check HIT! ");
return false;
};

send("Hooks installed.");
});
```
<figure><img src="https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-L_2uGJGU7AVNRcqRvEi%2Fuploads%2FwdlXOpyZOVGNzyhOiiFK%2Fimage%20(1).png?alt=media&#x26;token=13f4d279-7d3f-47ce-a68e-35f9a906973f" alt=""><figcaption></figcaption></figure>

如果你对**黑客职业**感兴趣并且想要攻破不可攻破的东西 - **我们正在招聘！**（需要流利的波兰语书面和口语能力）。

{% embed url="https://www.stmcyber.com/careers" %}

<details>

<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>

* 你在一家**网络安全公司**工作吗？想要在HackTricks中**宣传你的公司**吗？或者你想要**获取最新版本的PEASS或下载PDF格式的HackTricks**吗？请查看[**订阅计划**](https://github.com/sponsors/carlospolop)！
* 发现我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)收藏品 - [**The PEASS Family**](https://opensea.io/collection/the-peass-family)
* 获得[**官方PEASS和HackTricks周边产品**](https://peass.creator-spring.com)
* **加入**[**💬**](https://emojipedia.org/speech-balloon/) [**Discord群组**](https://discord.gg/hRep4RUj7f) 或 [**Telegram群组**](https://t.me/peass)，或者在**Twitter**上**关注**我[**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**。**
* **通过向**[**hacktricks repo**](https://github.com/carlospolop/hacktricks) **和**[**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud) **提交PR来分享你的黑客技巧。**

</details>
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								# Frida教程3
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								<details>
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks云 ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['mobile-pentesting/android-app-pentesting/frida-tutorial/owa

											
										
										
											2023-10-26 14:38:55 +00:00
+								* 你在一家**网络安全公司**工作吗？想要在HackTricks中**宣传你的公司**吗？或者你想要**获取PEASS的最新版本或下载PDF格式的HackTricks**吗？请查看[**订阅计划**](https://github.com/sponsors/carlospolop)！
 								* 发现我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)收藏品——[**The PEASS Family**](https://opensea.io/collection/the-peass-family)
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								* 获取[**官方PEASS和HackTricks周边产品**](https://peass.creator-spring.com)
-												Translated ['mobile-pentesting/android-app-pentesting/frida-tutorial/owa

											
										
										
											2023-10-26 14:38:55 +00:00
+								* **加入**[**💬**](https://emojipedia.org/speech-balloon/) [**Discord群组**](https://discord.gg/hRep4RUj7f)或[**电报群组**](https://t.me/peass)，或者**关注**我在**Twitter**上的[**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**。**
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								* **通过向**[**hacktricks repo**](https://github.com/carlospolop/hacktricks) **和**[**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud) **提交PR来分享你的黑客技巧。**
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												GitBook: [#3633] No subject

											
										
										
											2022-10-27 23:22:18 +00:00
+								</details>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												GitBook: [#3633] No subject

											
										
										
											2022-10-27 23:22:18 +00:00
+								<figure><img src="https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-L_2uGJGU7AVNRcqRvEi%2Fuploads%2FwdlXOpyZOVGNzyhOiiFK%2Fimage%20(1).png?alt=media&#x26;token=13f4d279-7d3f-47ce-a68e-35f9a906973f" alt=""><figcaption></figcaption></figure>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['mobile-pentesting/android-app-pentesting/frida-tutorial/owa

											
										
										
											2023-10-26 14:38:55 +00:00
+								如果你对**黑客职业**感兴趣并且想要破解不可破解的东西-**我们正在招聘！**（需要流利的波兰语书写和口语能力）。
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												GitBook: [#3633] No subject

											
										
										
											2022-10-27 23:22:18 +00:00
+								{% embed url="https://www.stmcyber.com/careers" %}
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												GITBOOK-4008: change request with no subject merged in GitBook

											
										
										
											2023-07-13 09:57:55 +00:00
+								\\
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['mobile-pentesting/android-app-pentesting/frida-tutorial/owa

											
										
										
											2023-10-26 14:38:55 +00:00
+								***
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								**来源**: [https://joshspicer.com/android-frida-1](https://joshspicer.com/android-frida-1)\
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								**APK**: [https://github.com/OWASP/owasp-mstg/blob/master/Crackmes/Android/Level\_01/UnCrackable-Level1.apk](https://github.com/OWASP/owasp-mstg/blob/master/Crackmes/Android/Level\_01/UnCrackable-Level1.apk)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								## 解决方案1
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								基于[https://joshspicer.com/android-frida-1](https://joshspicer.com/android-frida-1)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								**Hook \_exit()**\_函数和**解密函数**，这样当你按下验证按钮时，它会在frida控制台中打印出flag：
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								Java.perform(function () {
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								send("Starting hooks OWASP uncrackable1...");
 								function getString(data){
 								var ret = "";
 								for (var i=0; i < data.length; i++){
 								ret += "#" + data[i].toString();
 								}
 								return ret
 								}
 								var aes_decrypt = Java.use("sg.vantagepoint.a.a");
 								aes_decrypt.a.overload("[B","[B").implementation = function(var_0,var_1) {
 								send("sg.vantagepoint.a.a.a([B[B)[B   doFinal(enc)  // AES/ECB/PKCS7Padding");
 								send("Key       : " + getString(var_0));
 								send("Encrypted : " + getString(var_1));
 								var ret = this.a.overload("[B","[B").call(this,var_0,var_1);
 								send("Decrypted : " + getString(ret));
 								var flag = "";
 								for (var i=0; i < ret.length; i++){
 								flag += String.fromCharCode(ret[i]);
 								}
 								send("Decrypted flag: " + flag);
 								return ret; //[B
 								};
 								var sysexit = Java.use("java.lang.System");
 								sysexit.exit.overload("int").implementation = function(var_0) {
 								send("java.lang.System.exit(I)V  // We avoid exiting the application  :)");
 								};
 								send("Hooks installed.");
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								});
 								```
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								## 解决方案2
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								基于[https://joshspicer.com/android-frida-1](https://joshspicer.com/android-frida-1)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'forensics/basic-forensi

											
										
										
											2023-12-16 14:32:12 +00:00
+								**钩住root检查**和解密函数，使其在按下验证按钮时在frida控制台打印出标志。
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								Java.perform(function () {
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								send("Starting hooks OWASP uncrackable1...");
 								function getString(data){
 								var ret = "";
 								for (var i=0; i < data.length; i++){
 								ret += "#" + data[i].toString();
 								}
 								return ret
 								}
 								var aes_decrypt = Java.use("sg.vantagepoint.a.a");
 								aes_decrypt.a.overload("[B","[B").implementation = function(var_0,var_1) {
 								send("sg.vantagepoint.a.a.a([B[B)[B   doFinal(enc)  // AES/ECB/PKCS7Padding");
 								send("Key       : " + getString(var_0));
 								send("Encrypted : " + getString(var_1));
 								var ret = this.a.overload("[B","[B").call(this,var_0,var_1);
 								send("Decrypted : " + getString(ret));
 								var flag = "";
 								for (var i=0; i < ret.length; i++){
 								flag += String.fromCharCode(ret[i]);
 								}
 								send("Decrypted flag: " + flag);
 								return ret; //[B
 								};
 								var rootcheck1 = Java.use("sg.vantagepoint.a.c");
 								rootcheck1.a.overload().implementation = function() {
 								send("sg.vantagepoint.a.c.a()Z   Root check 1 HIT!  su.exists()");
 								return false;
 								};
 								var rootcheck2 = Java.use("sg.vantagepoint.a.c");
 								rootcheck2.b.overload().implementation = function() {
 								send("sg.vantagepoint.a.c.b()Z  Root check 2 HIT!  test-keys");
 								return false;
 								};
 								var rootcheck3 = Java.use("sg.vantagepoint.a.c");
 								rootcheck3.c.overload().implementation = function() {
 								send("sg.vantagepoint.a.c.c()Z  Root check 3 HIT!  Root packages");
 								return false;
 								};
 								var debugcheck = Java.use("sg.vantagepoint.a.b");
 								debugcheck.a.overload("android.content.Context").implementation = function(var_0) {
 								send("sg.vantagepoint.a.b.a(Landroid/content/Context;)Z  Debug check HIT! ");
 								return false;
 								};
 								send("Hooks installed.");
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								});
 								```
-												GitBook: [#3633] No subject

											
										
										
											2022-10-27 23:22:18 +00:00
+								<figure><img src="https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-L_2uGJGU7AVNRcqRvEi%2Fuploads%2FwdlXOpyZOVGNzyhOiiFK%2Fimage%20(1).png?alt=media&#x26;token=13f4d279-7d3f-47ce-a68e-35f9a906973f" alt=""><figcaption></figcaption></figure>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['mobile-pentesting/android-app-pentesting/frida-tutorial/owa

											
										
										
											2023-10-26 14:38:55 +00:00
+								如果你对**黑客职业**感兴趣并且想要攻破不可攻破的东西 - **我们正在招聘！**（需要流利的波兰语书面和口语能力）。
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												GitBook: [#3633] No subject

											
										
										
											2022-10-27 23:22:18 +00:00
+								{% embed url="https://www.stmcyber.com/careers" %}
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												GitBook: [#3633] No subject

											
										
										
											2022-10-27 23:22:18 +00:00
+								<details>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												update twitter

											
										
										
											2023-04-25 18:35:28 +00:00
+								<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								* 你在一家**网络安全公司**工作吗？想要在HackTricks中**宣传你的公司**吗？或者你想要**获取最新版本的PEASS或下载PDF格式的HackTricks**吗？请查看[**订阅计划**](https://github.com/sponsors/carlospolop)！
 								* 发现我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)收藏品 - [**The PEASS Family**](https://opensea.io/collection/the-peass-family)
 								* 获得[**官方PEASS和HackTricks周边产品**](https://peass.creator-spring.com)
-												Translated ['mobile-pentesting/android-app-pentesting/frida-tutorial/owa

											
										
										
											2023-10-26 14:38:55 +00:00
+								* **加入**[**💬**](https://emojipedia.org/speech-balloon/) [**Discord群组**](https://discord.gg/hRep4RUj7f) 或 [**Telegram群组**](https://t.me/peass)，或者在**Twitter**上**关注**我[**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**。**
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								* **通过向**[**hacktricks repo**](https://github.com/carlospolop/hacktricks) **和**[**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud) **提交PR来分享你的黑客技巧。**
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>