dasemu/adif-api-reverse-engineering
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Agregados varios //TODO para revisar

Browse Source
This commit is contained in:
Dasemu
2025-12-04 21:22:05 +01:00
parent e0133d2ca2
commit ec57ac366d
9 changed files with 837 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
frida_scripts/frida_improved_capture.js Normal file
View File

@@ -0,0 +1,130 @@
/**
* Improved REQUEST BODY Capture
* Using correct method names discovered through inspection
*/
console.log("\n[*] Improved Request Body Capture\n");
Java.perform(function() {
try {
var AuthHeaderInterceptor = Java.use("com.adif.elcanomovil.serviceNetworking.interceptors.AuthHeaderInterceptor");
console.log("[+] Found AuthHeaderInterceptor");
AuthHeaderInterceptor.intercept.implementation = function(chain) {
console.log("\n" + "=".repeat(80));
console.log("[HTTP REQUEST]");
try {
// Cast chain
var ChainClass = Java.use("j3.g");
var chainObj = Java.cast(chain, ChainClass);
// Get request
var requestField = chainObj.getClass().getDeclaredField("e");
requestField.setAccessible(true);
var request = requestField.get(chainObj);
if (request) {
// Get URL
var urlField = request.getClass().getDeclaredField("a");
urlField.setAccessible(true);
var urlObj = urlField.get(request);
console.log("[URL] " + urlObj.toString());
// Get method
var methodField = request.getClass().getDeclaredField("b");
methodField.setAccessible(true);
var method = methodField.get(request);
console.log("[METHOD] " + method);
// Get request headers
try {
var headersField = request.getClass().getDeclaredField("c");
headersField.setAccessible(true);
var headers = headersField.get(request);
if (headers) {
console.log("\n[REQUEST HEADERS]");
var size = headers.size();
for (var i = 0; i < size; i++) {
var name = headers.c(i);
var value = headers.f(i);
console.log(" " + name + ": " + value);
}
}
} catch (e) {
console.log("[HEADERS ERROR] " + e);
}
// Get request body
var bodyField = request.getClass().getDeclaredField("d");
bodyField.setAccessible(true);
var reqBody = bodyField.get(request);
if (reqBody) {
try {
// Load Buffer class - we know it's r3.f from inspection
var Buffer = Java.use("r3.f");
var buffer = Buffer.$new();
// Call writeTo with the buffer (buffer implements BufferedSink)
reqBody.writeTo(buffer);
// Try to read using readUtf8
try {
var bodyContent = buffer.B0(); // readUtf8()
console.log("\n[REQUEST BODY]");
if (bodyContent && bodyContent.length > 0) {
if (bodyContent.length > 3000) {
console.log(bodyContent.substring(0, 3000));
console.log("\n... (truncated, total: " + bodyContent.length + " chars)");
} else {
console.log(bodyContent);
}
} else {
console.log("(empty)");
}
} catch (e) {
// If B0() doesn't work, try other common method names
console.log("[READ ERROR] " + e);
console.log("[DEBUG] Trying alternative methods...");
try {
// Try snapshot().utf8()
var snapshot = buffer.t0(); // snapshot()
if (snapshot) {
var bodyContent = snapshot.Y(); // utf8()
console.log("\n[REQUEST BODY]");
console.log(bodyContent);
}
} catch (e2) {
console.log("[ALT METHOD ERROR] " + e2);
}
}
} catch (e) {
console.log("[REQUEST BODY ERROR] " + e);
}
} else {
console.log("[REQUEST BODY] null");
}
}
} catch (e) {
console.log("[ERROR] " + e);
}
console.log("=".repeat(80) + "\n");
// Call original
return this.intercept(chain);
};
console.log("[*] Hook installed!\n");
} catch (e) {
console.log("[-] Failed: " + e);
}
});