Facebook

Untitled safest cryptocurrency exchange

From me, 1 Month ago, written in Plain Text.
URL https://pastebin.pl/view/4d0514eb
Embed
Download Paste or View Raw
Hits: 143
  1. ////////////////// 1 ///////////////////////
  2. // console.log("v8_inspector::V8ProfilerAgentImpl::startProfiling(v8_inspector::String16 ");
  3. // const f1 = Module.getExportByName('libmmv8.so', '_ZN12v8_inspector19V8ProfilerAgentImpl14startProfilingERKNS_8String16E')
  4. // if(f1 == null){
  5. //     console.log("Function not found");
  6. // }
  7. // console.log("Function found: "+ f1);
  8. // try{
  9. //     var startProfiling = new NativeFunction(f1, 'pointer',['pointer']);
  10. //     var para2 = createString16('Haseeb');
  11. //     var s = startProfiling(para2);
  12. //     console.log("startProfiling called");
  13. //     console.log("startProfiling2: "+ s);
  14. // }
  15. // catch(err){
  16. //     console.log("Error: "+err.stack);
  17. // }
  18.  
  19.  
  20.  
  21.  
  22.  
  23. ////////////////// 2 ////////////////////////
  24. // working with string parameter
  25. // console.log(" _ZN2v88internal22TracingCpuProfilerImpl14StartProfilingEv")
  26. // const f2 = Module.getExportByName('libmmv8.so', '_ZN2v88internal22TracingCpuProfilerImpl14StartProfilingEv')
  27. // if(f2 == null){
  28. //     console.log("Function not found");
  29. // }
  30. // console.log("Function found: "+ f2);
  31. // try{
  32. //     var startProfiling = new NativeFunction(f2, 'void',['pointer']);
  33. //     var para2 = createString8('');
  34. //     startProfiling(para2); // Error: Error: access violation accessing 0xd671e3f4
  35. //     console.log("startProfiling called");
  36. // }
  37. // catch(err){
  38. //     console.log("Error: "+err.stack);
  39. // }
  40.  
  41.  
  42. ////////////////// 3 ////////////////////////
  43. // console.log("_ZNK2v810CpuProfile15GetSamplesCountEv")
  44. // const f3 = Module.getExportByName('libmmv8.so', '_ZNK2v810CpuProfile15GetSamplesCountEv')
  45. // // const f3 = new NativeFunction(ptr("0x746ce9cc08"), 'int',[]);
  46. // if(f3 == null){
  47. //     console.log("Function not found");
  48. // }
  49. // console.log("Function found: "+ f3);
  50. // console.log("0x746ce9cc08")
  51. // try{
  52. //     var startProfiling = new NativeFunction(f3, 'int',['pointer']);
  53. //     var pointer = Memory.allocUtf8String('Haseeb');
  54. //     var s = startProfiling(pointer);
  55. //     console.log("startProfiling called");
  56. //     console.log("startProfiling2: "+ s);
  57. // }
  58. // catch(err){
  59. //     console.log("Error: "+err.stack);
  60. // }
  61.  
  62.  
  63.  
  64.  
  65. ////////////////// 4 ////////////////////////
  66. // console.log("_ZN2v811CpuProfiler14StartProfilingENS_5LocalINS_6StringEEEb")
  67. // const f4 = Module.getExportByName('libmmv8.so', '_ZN2v811CpuProfiler14StartProfilingENS_5LocalINS_6StringEEEb')
  68. // if(f4 == null){
  69. //     console.log("Function not found");
  70. // }
  71. // console.log("Function found: " + f4);
  72. // try{
  73. //     var startProfiling = new NativeFunction(f4, 'void',['pointer','pointer','bool']);
  74. //     var para1 = Memory.allocUtf16String(' ');
  75. //     var para2 = Memory.allocUtf8String('Haseeb');
  76. //     // var somebool = 1;
  77. //     var somebool = 1;
  78. //     var s = startProfiling(para1, para2, 23);
  79. //     console.log("startProfiling called");
  80. //     console.log("startProfiling222: "+ s);
  81. // }
  82. // catch(err){
  83. //     console.log("Error: "+err.stack);
  84. // }
  85. var v8Initialised = false
  86.  
  87. // if(!v8Initialised){
  88. //     console.log("_ZN2v82V810InitializeEi")
  89. //     const f = Module.getExportByName('libmmv8.so', '_ZN2v82V810InitializeEi')
  90. //     if(f == null){
  91. //         console.log("Function not found");
  92. //     }
  93. //     console.log("Function found: "+ f);
  94. //     try{
  95. //         var v8Init = new NativeFunction(f, 'bool',['int']);
  96. //         console.log("v8Init called");
  97. //         v8Init(0);
  98. //         v8Initialised = true;
  99. //         console.log("v8Initialised: "+ v8Initialised);
  100. //     }
  101. //     catch(err){
  102. //         console.log("Error: "+err.stack);
  103. //     }
  104.  
  105. // }
  106.  
  107.  
  108. // var v8IsolateEnter = "_ZN2v87Isolate5EnterEv"
  109. // waitForModule('libmmv8.so', interceptV8Initialize);
  110. // for (var i = 184; i < 1000; i++) {
  111. //     setTimeout(initialiseParam(i), 5000);
  112. // }
  113.  
  114.  
  115. // waitForModule('libmmv8.so', interceptV8Initialize);
  116. // interceptV8Initialize();
  117.  
  118. initialiseParam(185)
  119.  
  120. function interceptIsolateEnter(){
  121.     console.log("_ZN2v87Isolate5EnterEv")
  122.     const f = Module.getExportByName('libmmv8.so', '_ZN2v87Isolate5EnterEv')
  123.     if(f == null){
  124.         console.log("Function not found");
  125.     }
  126.     else{
  127.     console.log("Function found: "+ f);
  128.     Interceptor.attach(f, {
  129.         onEnter: function (args) {
  130.             console.log("v8::Isolate::Enter called");
  131.         },
  132.         onLeave: function (retval) {
  133.             console.log("v8::Isolate::Enter returned");
  134.         }
  135.     });
  136. }
  137. }
  138.  
  139. function interceptnewIsolate(){
  140.     console.log("_ZN2v87Isolate3NewERKNS0_12CreateParamsE")
  141.     const f = Module.getExportByName('libmmv8.so', '_ZN2v87Isolate8AllocateEv')
  142.     if(f == null){
  143.         console.log("Function not found");
  144.     }
  145.     else{
  146.     console.log("Function found: "+ f);
  147.     Interceptor.attach(f, {
  148.         onEnter: function (args) {
  149.             console.log("v8::Isolate::New called");
  150.         },
  151.         onLeave: function (retval) {
  152.             console.log("v8::Isolate::New returned");
  153.             var isolate = retval;
  154.             console.log("isolate: "+ isolate);
  155.         }
  156.     });
  157. }
  158.  
  159. }
  160.  
  161. function interceptV8Initialize() {
  162.     if (!v8Initialised) {
  163.         console.log("Attempting to intercept v8::V8::Initialize...");
  164.         const f = Module.getExportByName('libmmv8.so', '_ZN2v82V810InitializeEi');
  165.         if (f == null) {
  166.             console.log("Function not found");
  167.         } else {
  168.             console.log("Function found: " + f);
  169.             Interceptor.attach(f, {
  170.                 onEnter: function (args) {
  171.                     console.log("v8::V8::Initialize called with arg: " + args[0].toInt32());
  172.                 },
  173.                 onLeave: function (retval) {
  174.                     console.log("v8::V8::Initialize returned");
  175.                     v8Initialised = true;
  176.                     console.log("v8Initialised: " + retval.toInt32());
  177.                     // getCurrent();
  178.                     // setTimeout(()=>getCurrent(),1000)
  179.                    
  180.                     // Now that V8 is initialized, we can proceed create an Isolate
  181.                     // setTimeout(()=>initialiseParam(184),5000)
  182.                     setTimeout(()=>initialiseParam(185),5000)
  183.                 }
  184.             });
  185.         }
  186.     }
  187. }
  188.  
  189. function newIsolate(paramPointer){
  190.     console.log("_ZN2v87Isolate3NewERKNS0_12CreateParamsE")
  191.     const f = Module.getExportByName('libmmv8.so', '_ZN2v87Isolate3NewERKNS0_12CreateParamsE')
  192.     if(f == null){
  193.         console.log("Function not found");
  194.     }
  195.     else{
  196.         try{
  197.     console.log("Function found: "+ f);
  198.     var isolatepointer = new NativeFunction(f, 'pointer',['pointer']);
  199.     console.log("isolatepointer called");
  200.     var isolatepointer = isolatepointer(paramPointer);
  201.     console.log("isolatepointer: "+ isolatepointer);
  202.     }catch(err){
  203.         console.log("Error: "+err.stack);
  204.     }}
  205. }
  206.  
  207. function interceptv8ContextCreate() {
  208.         console.log("_ZN2v87Context3NewEPNS_7IsolateEPNS_22ExtensionConfigurationENS_10MaybeLocalINS_14ObjectTemplateEEENS5_INS_5ValueEEENS_33DeserializeInternalFieldsCallbackEPNS_14MicrotaskQueueE")
  209.         const f = Module.getExportByName('libmmv8.so', '_ZN2v87Context3NewEPNS_7IsolateEPNS_22ExtensionConfigurationENS_10MaybeLocalINS_14ObjectTemplateEEENS5_INS_5ValueEEENS_33DeserializeInternalFieldsCallbackEPNS_14MicrotaskQueueE')
  210.         var context = null;
  211.         if(f == null){
  212.             console.log("Function not found");
  213.         }
  214.         else{
  215.         console.log("Function found: "+ f);
  216.         Interceptor.attach(f, {
  217.             onEnter: function (args) {
  218.                 console.log("v8::Context::New called");
  219.             },
  220.             onLeave: function (retval) {
  221.                 console.log("v8::Context::New returned");
  222.                 context = retval;
  223.             }
  224.         });
  225.     }
  226. }
  227.  
  228. function waitForModule(moduleName, callback) {
  229.     var module = Process.findModuleByName(moduleName);
  230.     if (module !== null) {
  231.         console.log(moduleName + " module found");
  232.         callback();
  233.     } else {
  234.         console.log(moduleName + " module not found, waiting...");
  235.         setTimeout(function () {
  236.             waitForModule(moduleName, callback);
  237.         }, 10); // Check every 1 second
  238.     }
  239. }
  240.  
  241. // Wait for libmmv8.so to be loaded before initializing V8
  242. // waitForModule('libmmv8.so', interceptV8Initialize);
  243. // waitForModule('libmmv8.so', interceptV8Initialize);
  244.  
  245.  
  246.  
  247.  
  248. function CreateIsolate() {
  249. ////////////////// 4.5 ////////////////////////
  250. // if (v8Initialised && !haveIsolatePointer) {
  251.     console.log("_ZN2v87Isolate8AllocateEv")
  252.     const f45 = Module.getExportByName('libmmv8.so', '_ZN2v87Isolate8AllocateEv')
  253.     if(f45 == null){
  254.         console.log("Function not found");
  255.     }
  256.     console.log("Function found: " + f45);
  257.     try{
  258.         var isolatepointer = new NativeFunction(f45, 'pointer',[]);
  259.         console.log("isolatepointer called");
  260.         var isolatepointer = isolatepointer();
  261.         // haveIsolatePointer = true;
  262.         console.log("isolatepointer: "+ isolatepointer);
  263.         // CreateCpuProfile(isolatepointer);
  264.         initialiseParam(184);
  265.        
  266.        
  267.     }
  268.     catch(err){
  269.         console.log("Error: "+err.stack);
  270.     }
  271. // }
  272. }
  273.  
  274.  
  275. function getCurrentContext(isolatepointer){
  276.     console.log("_ZN2v87Isolate17GetCurrentContextEv")
  277.     const f = Module.getExportByName('libmmv8.so', '_ZN2v87Isolate17GetCurrentContextEv')
  278.     if(f == null){
  279.         console.log("Function not found");
  280.     }
  281.     else{
  282.         console.log("Function found: "+ f);
  283.         try{
  284.             var getCurrentContext = new NativeFunction(f, 'pointer',['pointer']);
  285.             console.log("getCurrentContext called");
  286.             var context = getCurrentContext(isolatepointer);
  287.             console.log("getCurrentContext: "+ context);
  288.         }
  289.         catch(err){
  290.             console.log("Error: "+err.stack);
  291.         }
  292.    
  293.     }
  294. }
  295.  
  296. function getCurrent(){
  297.     console.log("_ZN2v87Isolate10GetCurrentEv")
  298.     const f = Module.getExportByName('libmmv8.so', '_ZN2v87Isolate10GetCurrentEv')
  299.     if(f == null){
  300.         console.log("Function not found");
  301.     }
  302.     else{
  303.         console.log("Function found: "+ f);
  304.         try{
  305.             var getCurrent = new NativeFunction(f, 'pointer',[]);
  306.             console.log("getCurrent called");
  307.             var context = getCurrent();
  308.             console.log("getCurrent: "+ context);
  309.         }
  310.         catch(err){
  311.             console.log("Error: "+err.stack);
  312.         }
  313.     }
  314.    
  315.    
  316. }
  317.  
  318.  
  319. function initialiseParam(size){
  320.     // console.log("_ZN2v87Isolate12CreateParamsC2Ev")
  321.     const f = Module.getExportByName('libmmv8.so', '_ZN2v87Isolate12CreateParamsC2Ev')
  322.     if(f == null){
  323.         console.log("Function not found");
  324.     }
  325.     // console.log("Function found: "+ f);
  326.     try{
  327.         var createParams = new NativeFunction(f, 'void',['pointer']);
  328.         // console.log("createParams called");
  329.         // var createParamsSize =
  330.         // var paramsPointer = createParams();
  331.         // console.log("createParams = " + paramsPointer);
  332.         // console.log("param: "+ param);
  333.        
  334.         // const createParamsSize = 184; // Adjust this value if necessary
  335.         // const createParamsSize = 184;
  336.         const createParamsPtr = Memory.alloc(size);
  337.         console.log("createParamsPtr: "+ createParamsPtr);
  338.         // Call the constructor
  339.         createParams(createParamsPtr);
  340.        
  341.         // createParamsPtr now points to the initialized CreateParams object
  342.         console.log("CreateParams object pointer:", createParamsPtr);
  343.         console.log("worked with size:", size);
  344.         newIsolate(createParamsPtr);
  345.  
  346.     }
  347.     catch(err){
  348.         // console.log("Error: "+err.stack);
  349.         console.log(size)
  350.         console.log("Error: "+err);
  351.     }
  352. }
  353.  
  354.  
  355. function CreateCpuProfile(isolatepointer) {
  356. // if (haveIsolatePointer && !haveCpuProfilePointer){
  357.  
  358.     console.log("_ZN2v811CpuProfiler3NewEPNS_7IsolateENS_22CpuProfilingNamingModeENS_23CpuProfilingLoggingModeE")
  359.     const f47 = Module.getExportByName('libmmv8.so', '_ZN2v811CpuProfiler3NewEPNS_7IsolateENS_22CpuProfilingNamingModeENS_23CpuProfilingLoggingModeE')
  360.     if(f47 == null){
  361.         console.log("Function not found");
  362.     }
  363.     console.log("Function found: " + f47);
  364.     try{
  365.         var cpuProfilepointer = new NativeFunction(f47, 'pointer',['pointer','int','int']);
  366.         console.log("cpuProfilepointer called");
  367.         var cpuProfilerpointer = cpuProfilepointer(isolatepointer, 1, 1); // verbosenames, // eagerlogging
  368.         haveCpuProfilePointer = true;
  369.         console.log("cpuProfilepointer: "+ cpuProfilerpointer);
  370.     }
  371.     catch(err){
  372.         console.log("Error: "+err.stack);
  373.     }  
  374. // }
  375. }
  376.  
  377.  
  378. ////////////////// 5 ////////////////////////
  379.  
  380. // console.log("_ZN2v88internal11CpuProfiler16GetProfilesCountEv")
  381. // const f5 = Module.getExportByName('libmmv8.so', '_ZN2v88internal11CpuProfiler16GetProfilesCountEv')
  382. // if(f5 == null){
  383. //     console.log("Function not found");
  384. // }
  385. // console.log("Function found: "+ f5);
  386. // try{
  387. //     var getProfiles = new NativeFunction(f5, 'int',['pointer']);
  388. //     var para = createString8('');
  389. //     console.log("para: "+ para);
  390. //     var s = getProfiles(para);
  391. //     console.log("getProfiles called");
  392. //     console.log("getProfiles: "+ s);
  393. // }
  394. // catch(err){
  395. //     console.log("Error: "+err.stack);
  396. // }
  397.  
  398. ////////////////// 6 ////////////////////////
  399. // console.log("_ZN2v88internal11CpuProfiler10GetProfileEi")
  400. // const f6 = Module.getExportByName('libmmv8.so', '_ZN2v88internal11CpuProfiler10GetProfileEi')
  401. // if (f6 == null) {
  402. //     console.log("Function not found");
  403. // }
  404. // console.log("Function found: " + f6);
  405. // try {
  406. //     // var getProfile = new NativeFunction(f6, 'pointer', ['pointer', 'int']);
  407. //     // var para = createString8('');
  408. //     // var profilepointer = getProfile(para, 1);
  409. //     // console.log("getProfile called");
  410. //     // console.log("getProfile: " + profilepointer);
  411. //     console.log("_ZN2v88internal11CpuProfiler16GetProfilesCountEv")
  412. //     const f5 = Module.getExportByName('libmmv8.so', '_ZN2v88internal11CpuProfiler16GetProfilesCountEv')
  413. //     if (f5 == null) {
  414. //         console.log("Function not found");
  415. //     }
  416. //     console.log("Function found: " + f5);
  417. //     try {
  418. //         var getProfiles = new NativeFunction(f5, 'int', ['pointer']);
  419. //         // var para = createString8('');
  420. //         // console.log("para: " + para);
  421. //         var s = getProfiles(new NativePointer('0x75dc296ba0'));
  422. //         console.log("getProfiles called");
  423. //         console.log("getProfiles: " + s);
  424. //     }
  425. //     catch (err) {
  426. //         console.log("Error: " + err);
  427. //     }
  428. // }
  429. // catch (err) {
  430. //     console.log("Error1" + err);
  431. // }
  432.  
  433.  
  434.  
  435.  
  436.  
  437.  
  438.  
  439. // Java.perform(()=>{
  440. //     console.log("Hooking startProfiling");
  441. //     const activity = Java.use('android.app.Instrumentation');
  442. //     var original = activity.startProfiling.overload();
  443.  
  444. //     activity.startProfiling.implementation = function(){
  445. //         console.log("startProfiling called");
  446. //         return original.call(this);
  447. //     }
  448. // })
  449.  
  450. // Java.perform(() => {
  451. //     try {
  452. //         Java.choose('android.app.Instrumentation', {
  453. //             onMatch: function(instance) {
  454. //                 console.log('Found instance of android.app.Instrumentation');
  455. //                 instance.startProfiling();
  456. //                 console.log('startProfiling called');
  457.  
  458. //                 // Stop profiling after 5 seconds
  459. //                 setTimeout(() => {
  460. //                     instance.stopProfiling();
  461. //                     console.log('stopProfiling called');
  462. //                 }, 5000);
  463. //             },
  464. //             onComplete: function() {}
  465. //         });
  466. //     } catch (err) {
  467. //         console.log('Error: ' + err);
  468. //     }
  469. // });
  470.  
  471.  
  472. // working with string parameter
  473. // Java.perform(()=>{
  474. //     const f = Module.getExportByName('libmmv8.so', '_ZN12v8_inspector19V8ProfilerAgentImpl5startEv')
  475. //     if(f == null){
  476. //         console.log("Function not found");
  477. //         return;
  478. //     }
  479.  
  480.  
  481. //     var startProfiling = new NativeFunction(f, 'pointer',['pointer']);
  482. //     console.log("startProfiling: "+startProfiling);
  483. //     try{
  484. //         // var param1 = Memory.allocUtf8String('Haseeb');
  485.  
  486. //         // var para2 = createString16('Haseeb');
  487. //         // var somebool = 1;
  488. //         var s = startProfiling(createString16('Haseeb'));
  489. //         console.log("startProfiling called");
  490. //         console.log("startProfiling2: "+ s);
  491.  
  492. //     }catch(err){
  493. //         console.log("Error: "+err.stack);
  494. //     }
  495. // })
  496.  
  497.  
  498. function createString16(jsString) {
  499.     // Encode the JavaScript string as UTF-16
  500.     var utf16String = Memory.allocUtf16String(jsString);
  501.     var utf16Length = jsString.length;
  502.  
  503.     // Allocate memory for the String16 object
  504.     // Assuming the size of String16 is the same as the size of a pointer (this might not be accurate)
  505.     var string16Ptr = Memory.alloc(Process.pointerSize);
  506.  
  507.     // Write the pointer to the UTF-16 data and the length into the String16 object
  508.     // This assumes the layout of String16 is [pointer to data, length]
  509.     // You might need to adjust this based on the actual memory layout of String16
  510.     Memory.writePointer(string16Ptr, utf16String);
  511.     Memory.writeU64(string16Ptr.add(Process.pointerSize), utf16Length);
  512.  
  513.     return string16Ptr;
  514. }
  515.  
  516. function createString8(jsString) {
  517.     // Encode the JavaScript string as UTF-8
  518.     var utf8String = Memory.allocUtf8String(jsString);
  519.     var utf8Length = jsString.length;
  520.  
  521.     // Allocate memory for the String8 object
  522.     // Assuming the size of String8 is the same as the size of a pointer (this might not be accurate)
  523.     var string8Ptr = Memory.alloc(Process.pointerSize);
  524.  
  525.     // Write the pointer to the UTF-8 data and the length into the String8 object
  526.     // This assumes the layout of String8 is [pointer to data, length]
  527.     // You might need to adjust this based on the actual memory layout of String8
  528.     Memory.writePointer(string8Ptr, utf8String);
  529.     Memory.writeU64(string8Ptr.add(Process.pointerSize), utf8Length);
  530.  
  531.     return string8Ptr;
  532. }
  533.  
  534.  
  535.  
  536.  
  537.  
  538.  
  539.  
  540. // Java.perform(() => {
  541. //     const moduleName = 'libmmv8.so'; // Replace with the actual module name
  542. //     const functionName = '_ZN12v8_inspector19V8ProfilerAgentImpl4stopEPNSt6__ndk110unique_ptrINS_8protocol8Profiler7ProfileENS1_14default_deleteIS5_EEEE'; // Mangled name
  543. //     const functionAddress = Module.findExportByName(moduleName, functionName);
  544.  
  545. //     if (!functionAddress) {
  546. //         console.error(`Function ${functionName} not found.`);
  547. //         return;
  548. //     }
  549.  
  550. //     console.log(`Found function at address: ${functionAddress}`);
  551.  
  552. //     // Assuming you have an instance of V8ProfilerAgentImpl
  553. //     // const instance = /* code to obtain or create an instance of V8ProfilerAgentImpl */;
  554.  
  555. //     // Create a NativeFunction for the stop method
  556. //     const stopProfiling = new NativeFunction(functionAddress, 'void', [ 'pointer', 'pointer']);
  557.  
  558. //     // Prepare a unique_ptr for the Profile object
  559. //     const profilePtr = Memory.alloc(Process.pointerSize); // Allocate memory for the pointer
  560. //     // Memory.writePointer(profilePtr); // Initialize the unique_ptr to null
  561.  
  562. //     console.log("Calling stop function...");
  563. //     try {
  564. //         stopProfiling(createString16('Haseeb'),profilePtr);
  565. //         console.log("stopProfiling called");
  566.  
  567. //         // You might need to extract the Profile object from the unique_ptr here
  568. //         // and handle the profiling data as needed.
  569. //     } catch (err) {
  570. //         console.error(`Error calling function: ${err.stack}`);
  571. //     }
  572. // });
  573.  
  574.  
  575.  
  576.  
  577.  
  578.  
  579.  
  580.  
  581.  
  582.  
  583.  
  584.  
  585. // })

Reply to "Untitled"