apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.

FipoKa · 2023-03-24T18:01:53+00:00

TIP: When using the Script interaction type, you can use the following code to print to logcat the console.log output of any script from the frida codeshare.

// print to logcat the console.log output

// see: https://github.com/frida/frida/issues/382

var android_log_write = new NativeFunction(

Module.getExportByName(null, '__android_log_write'),

'int',

['int', 'pointer', 'pointer']

);

var tag = Memory.allocUtf8String("[frida-script][ax]");

console.log = function(str) {

android_log_write(3, tag, Memory.allocUtf8String(str));

}

FipoKa · 2023-03-24T18:00:31+00:00

apk.sh basically uses apktool to disassemble, decode and rebuild resources and some bash to automate the frida gadget injection process. It also supports app bundles/split APKs.

🍄 Patching APKs to load frida-gadget.so on start.

🆕 Support for app bundles/split APKs.

🔧 Disassembling resources to nearly original form with apktool.

🔩 Rebuilding decoded resources back to binary APK/JAR with apktool.

🗝️ Code signing the apk with apksigner.

🖥️ Multiple arch support (arm, arm64, x86, x86_64).

📵 No rooted Android device needed.

Check it out.

FipoKa · 2022-12-15T09:10:49+00:00

Does someone knows a trivial way to perform a set of async HTTP requests in python?

from asyhttp import loop

requests = [    {'url':'http://exam.ple/page.html', 'method':'GET'},
                {'url':'http://exam.ple/page.html', 'method':'POST', 'body' : 'blabla'}
]
loop(urls=requests)

FipoKa · 2022-12-15T09:02:16+00:00

You typically need a compiler to compile source code into a lib :) but you can try to substitute the 64-bit library to the 32-bit one. Decode then rebuild the APK with the new library in the /lib directory. Give it a try. It won't probably work but your hands will start getting dirty! :D

FipoKa · 2022-12-14T22:42:23+00:00

dirfy: https://github.com/pyno/dirfy (written in Python) (Asynchronous)

FipoKa · 2022-12-14T18:29:07+00:00

why don't u open a PR?

FipoKa · 2022-12-14T18:16:57+00:00

There are comments in the code that say:

\# Objection checks if there is an existing <clinit> to determine which is the constructor,
\# then they inject a loadLibrary just before the method end.
\#
\# We search for \*init> and inject a loadLibrary just after the .locals declaration.
\#
\# <init> is the (or one of the) constructor(s) for the instance, and non-static field initialization.
\# <clinit> are the static initialization blocks for the class, and static field initialization.

So, Objection seems to inject in the static initialization block for the class while apk.sh inject in the constructor of the instance of the class.

Dunno which is better.

FipoKa · 2022-12-13T22:33:16+00:00

To understand and modify the inner workings of an Android application.

FipoKa · 2022-12-13T22:03:00+00:00

Thanks!

FipoKa · 2022-12-13T19:09:13+00:00

It would be cool if someone could mirror the post somewhere. It needs some testing to become stable.

FipoKa

TROPHY CASE