-
-
Notifications
You must be signed in to change notification settings - Fork 111
/
InMemoryDexClassLoader.js
101 lines (100 loc) · 4.51 KB
/
InMemoryDexClassLoader.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
/*
Created By @Cryptax & Modified By @ApkUnpacker
*/
function ProcessName() {
var openPtr = Module.getExportByName('libc.so', 'open');
var open = new NativeFunction(openPtr, 'int', ['pointer', 'int']);
var readPtr = Module.getExportByName('libc.so', 'read');
var read = new NativeFunction(readPtr, 'int', ['int', 'pointer', 'int']);
var closePtr = Module.getExportByName('libc.so', 'close');
var close = new NativeFunction(closePtr, 'int', ['int']);
var path = Memory.allocUtf8String('/proc/self/cmdline');
var fd = open(path, 0);
if (fd != -1) {
var buffer = Memory.alloc(0x1000);
var result = read(fd, buffer, 0x1000);
close(fd);
result = ptr(buffer).readCString();
return result;
}
return -1;
}
var ProcessN = ProcessName();
try {
Java.performNow(function() {
console.log("Running In Java.performNow().....");
var memoryclassLoader = Java.use('dalvik.system.InMemoryDexClassLoader');
memoryclassLoader.$init.overload('java.nio.ByteBuffer', 'java.lang.ClassLoader').implementation = function(dexbuffer, loader) {
var object = this.$init(dexbuffer, loader);
var remaining = dexbuffer.remaining();
var theDate = new Date();
var hour = theDate.getHours();
var minute = theDate.getMinutes();
var second = theDate.getSeconds();
var mSecond = theDate.getMilliseconds()
hour < 10 ? hour = '0' + hour : hour;
minute < 10 ? minute = '0' + minute : minute;
second < 10 ? second = '0' + second : second;
mSecond < 10 ? mSecond = '00' + mSecond : mSecond < 100 ? mSecond = '0' + mSecond : mSecond;
var time = hour + '.' + minute + '.' + second + '.' + mSecond;
const filename = '/data/data/' + ProcessN + '/' + time + '_dump.dex';
console.warn('[*] Opening file name=' + filename + ' to write ' + remaining + ' bytes');
const f = new File(filename, 'wb');
var buf = new Uint8Array(remaining);
for (var i = 0; i < remaining; i++) {
buf[i] = dexbuffer.get();
}
console.log('[*] Writing ' + remaining + ' bytes...');
f.write(buf);
f.close();
remaining = dexbuffer.remaining();
if (remaining > 0) {
console.log('[-] Error: There are ' + remaining + ' remaining bytes!');
} else {
console.log('[+] Dex dumped successfully in ' + filename);
}
return object;
}
});
} catch (error) {
console.error("Error in PerformNow : ", error);
}
try {
Java.perform(function() {
console.log("Running In Java.perform().....");
var memoryclassLoader = Java.use('dalvik.system.InMemoryDexClassLoader');
memoryclassLoader.$init.overload('java.nio.ByteBuffer', 'java.lang.ClassLoader').implementation = function(dexbuffer, loader) {
var object = this.$init(dexbuffer, loader);
var remaining = dexbuffer.remaining();
var theDate = new Date();
var hour = theDate.getHours();
var minute = theDate.getMinutes();
var second = theDate.getSeconds();
var mSecond = theDate.getMilliseconds()
hour < 10 ? hour = '0' + hour : hour;
minute < 10 ? minute = '0' + minute : minute;
second < 10 ? second = '0' + second : second;
mSecond < 10 ? mSecond = '00' + mSecond : mSecond < 100 ? mSecond = '0' + mSecond : mSecond;
var time = hour + '.' + minute + '.' + second + '.' + mSecond;
const filename = '/data/data/' + ProcessN + '/' + time + '_dump.dex';
console.warn('[*] Opening file name=' + filename + ' to write ' + remaining + ' bytes');
const f = new File(filename, 'wb');
var buf = new Uint8Array(remaining);
for (var i = 0; i < remaining; i++) {
buf[i] = dexbuffer.get();
}
console.log('[*] Writing ' + remaining + ' bytes...');
f.write(buf);
f.close();
remaining = dexbuffer.remaining();
if (remaining > 0) {
console.log('[-] Error: There are ' + remaining + ' remaining bytes!');
} else {
console.log('[+] Dex dumped successfully in ' + filename);
}
return object;
}
});
} catch (error) {
console.error("Error in Perform : ", error);
}