[FRIDALAB] 1~8번 Frida 후킹코드

Java.perform(function(){
    var MainActivity = Java.use('uk.rossmarks.fridalab.MainActivity');
    var Challenge01 = Java.use('uk.rossmarks.fridalab.challenge_01');
    var Challenge06 = Java.use('uk.rossmarks.fridalab.challenge_06');
    var Challenge07 = Java.use('uk.rossmarks.fridalab.challenge_07');

    // 1. Change class challenge_01's variable 'chall01' to: 1
    Challenge01.chall01.value = 1;
    console.log("[+] Challenge 1 completed: 'chall01' variable set to 1");

    // 2. Run chall02()
    // 4. Send "frida" to chall04()
    Java.choose('uk.rossmarks.fridalab.MainActivity', {
        onMatch: function(instance){
            instance.chall02();
            console.log("[+] Challenge 2 completed: chall02 called successfully");
            instance.chall04("frida");
            console.log("[+] Challenge 4 completed: chall04 calling with 'frida'");

        },
        onComplete: function(){  }
    });
    // 3. Make chall03() return true
    MainActivity.chall03.implementation = function(){
        console.log("[+] Challenge 3 completed: chall03 now returns true");
        return true;
    };

    // 5. Always send "frida" to chall05()
    MainActivity.chall05.overload('java.lang.String').implementation = function(input){
        console.log("[+] Challenge 5 completed: chall05 now always receives 'frida'");
        return this.chall05("frida");
    };

    // 6. Run chall06() after 10 seconds with correct value
    console.log("[*] Waiting 10 seconds before calling chall06...");
    setTimeout(function(){
        Java.choose('uk.rossmarks.fridalab.MainActivity', {
            onMatch: function(instance){
                var correctValue = Challenge06.chall06.value;
                instance.chall06(correctValue);
                console.log("[+] Challenge 6 completed: chall06 called with correct value: " + correctValue);
            },
            onComplete: function(){}
        });
    }, 10000);

    // 7. Bruteforce check07Pin() then confirm with chall07()
    for(var i=0;i<10000;i++){
        var pin = i.toString().padStart(4, '0');
        if(Challenge07.check07Pin(pin)){
            console.log("[*] Challenge 7: Correct PIN found: " + pin);
            Java.choose('uk.rossmarks.fridalab.MainActivity', {
                onMatch: function(instance){
                    instance.chall07(pin);
                    console.log("[+] Challenge 7 completed: chall07 called with correct pin");
                },
                onComplete: function(){}
            });
            break;
        }
    }

    // 8. Change 'check' button's text value to 'Confirm'
    setImmediate(function(){
        Java.perform(function(){
            var klass = Java.use('android.widget.Button');
            Java.choose('uk.rossmarks.fridalab.MainActivity', {
                onMatch: function(instance){
                    Java.scheduleOnMainThread(function(){
                        var checkid = instance.findViewById(0x7f07002f);
                        var check = Java.cast(checkid, klass);
                        var string = Java.use('java.lang.String');
                        check.setText(string.$new("Confirm"));
                        console.log("[+] Chellenge 8 Completed: Button text changed to 'Confirm'");
                    });
                },
                onComplete: function(){}
            });
        });
    });
});