RSA Key Protection Reverse Engineering
RSA Key reverseable? I got my answer after analyzing VPhoneOS 5.0.5. After modifying the APK, the application immediately detected the changes Then I started investigating the security mechanism. I found that the app uses RSA based integrity verification The APK contains an embedded RSA public key Protected data is signed by the developer using a private RSA key At runtime the app verifies the signature using the embedded public key If any protected file DEX resource, or library is modified the verification fails Once verification fails, the application knows the APK has been tampered
with That's exactly why my modified APK was detected.During analysis, I found classes such as These classes are commonly used for RSA signature verification and integrity checks Simple protection but still very effective against APK modification and repackaging
RSA Key reverseable? I got my answer after analyzing VPhoneOS 5.0.5. After modifying the APK, the application immediately detected the changes Then I started investigating the security mechanism. I found that the app uses RSA based integrity verification The APK contains an embedded RSA public key Protected data is signed by the developer using a private RSA key At runtime the app verifies the signature using the embedded public key If any protected file DEX resource, or library is modified the verification fails Once verification fails, the application knows the APK has been tampered
with That's exactly why my modified APK was detected.During analysis, I found classes such as These classes are commonly used for RSA signature verification and integrity checks Simple protection but still very effective against APK modification and repackaging
❤24😁8❤🔥1🥰1🤓1
4 telegram premium giveaway 😁
4k Community special
I randomly pick people using a Telegram bot and gift them telegram premium It's all based on luck 🤞
4k Community special
I randomly pick people using a Telegram bot and gift them telegram premium It's all based on luck 🤞
❤31😁1😍1🤓1🙈1
Forwarded from Mitzux
If you have a good idea & feel free to continue this project and submit a Pull Request. please keep your PR clean only include the changes related to your feature or bug fix. don't add unnecessary code formatting changes, extra spaces, or unrelated modifications keep the diff as small and readable as possible
thank you to everyone who contributes to this project ❤️
GitHub🐱 https://github.com/ispointer/RePairip.git
thank you to everyone who contributes to this project ❤️
GitHub
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - ispointer/RePairip
Contribute to ispointer/RePairip development by creating an account on GitHub.
❤6
Keystore Hardware Attestation.apk
4.9 MB
Keystore Hardware Attestation.apk
Free Key:
https://revdex.re/good/admin.php
Every low-level modder 😂 try to bypass the free key account premium video play limit Each free account has only 10 premium video plays. Can you bypass it?
I already have a bypass method, but it is much harder than normal patching because this system uses TEE / Hardware backed Key Attestation
Let’s see who can break it Unlimited Secure Login
Main challenge Try to Dump my video & Premium bypass
#1DRM
#RevDex
Free Key:
https://revdex.re/good/admin.php
Every low-level modder 😂 try to bypass the free key account premium video play limit Each free account has only 10 premium video plays. Can you bypass it?
I already have a bypass method, but it is much harder than normal patching because this system uses TEE / Hardware backed Key Attestation
Let’s see who can break it Unlimited Secure Login
Main challenge Try to Dump my video & Premium bypass
#1DRM
#RevDex
❤9👌1🤓1
Play Integrity Attestation Token Bypass is Back Again ( Non Root static mod )
✅ classic INTEGRITY_SERVICE
✅ express INTEGRITY_SERVICE
An app integrity token solver package is now ready for release🐱
The website is currently in the final development stage and will be available soon🪟
the service works on a credit based model similar to AI subscription services you can purchase token credits based on your needs.
The pricing list will be announced on the website very soon
An app integrity token solver package is now ready for release
The website is currently in the final development stage and will be available soon
the service works on a credit based model similar to AI subscription services you can purchase token credits based on your needs.
The pricing list will be announced on the website very soon
Please open Telegram to view this post
VIEW IN TELEGRAM
1❤14👀2
Magic Eraser_3.2.16_ Integrity token killed #2.apk
32.4 MB
Magic Eraser_3.2.16_ Integrity token killed.apk
Make sure Install Plugging - https://t.me/RevDex/631
Non Root only don't try in rooted device be careful
Make sure Install Plugging - https://t.me/RevDex/631
Non Root only don't try in rooted device be careful
3👀9❤5
Media is too big
VIEW IN TELEGRAM
Google Integrity Breakdown
Thanks for staying with the RevDex Security Researcher community I guess two apps are enough to understand
Play integrity token Bypass
#1
https://t.me/RevDex/632
#2
https://t.me/RevDex/633
F**k you google 🫵👉👌
God 🔌 Plugging - https://t.me/RevDex/631
Thanks for staying with the RevDex Security Researcher community I guess two apps are enough to understand
Play integrity token Bypass
#1
https://t.me/RevDex/632
#2
https://t.me/RevDex/633
F**k you google 🫵👉👌
God 🔌 Plugging - https://t.me/RevDex/631
6❤20❤🔥5😱3😁1🤯1
Google Login (Break Bug 🪲)
I recently bypassed the Google Login system in a modded app the bypass itself isn't very difficult but analyzing the new implementation was much more challenging
I'm planning to add this feature to my Play Integrity Service allowing Google account signin even on supported modded apps
I recently bypassed the Google Login system in a modded app the bypass itself isn't very difficult but analyzing the new implementation was much more challenging
I'm planning to add this feature to my Play Integrity Service allowing Google account signin even on supported modded apps
👌31❤6🤯5❤🔥3
bool bAutoSlice = false;
void *playerBladeOwner = NULL;
void (*Fruit_Slice)(void *instance,
int bladeId,
void *bladeOwner,
float bladePosX,
float bladePosY,
float sliceDirX,
float sliceDirY,
float sliceSpeed,
bool triggerModifers,
bool countTowardsAchievement,
bool sliceDiamondEnabled,
bool juiceEnabled,
bool splatsEnabled);
void (*old_Fruit_Update)(void *instance);
bool (*Fruit_get_IsBomb)(void *instance);
void* (*Blade_get_Owner)(void *instance);
void (*old_Blade_Update)(void *instance);
void hook_Blade_Update(void *instance)
{
if (instance != NULL)
{
if (Blade_get_Owner != NULL)
{
playerBladeOwner = Blade_get_Owner(instance);
}
}
return old_Blade_Update(instance);
}
void hook_Fruit_Update(void *instance)
{
if (instance != NULL && bAutoSlice)
{
if (Fruit_get_IsBomb != NULL && !Fruit_get_IsBomb(instance))
{
float bladePosX = 5.0f;
float bladePosY = 5.0f;
float sliceDirX = 5.0f;
float sliceDirY = 5.0f;
float sliceSpeed = 35.0f;
int targetBladeId = (playerBladeOwner != NULL) ? 0 : 1;
Fruit_Slice(
instance,
targetBladeId,
playerBladeOwner,
bladePosX, bladePosY,
sliceDirX, sliceDirY,
sliceSpeed,
true,
true,
true,
true,
true
);
}
}
return old_Fruit_Update(instance);
}
Fruit_Slice = (void (*)(void *, int, void *,
float, float, float, float, float,
bool, bool, bool, bool, bool))getAbsoluteAddress(targetLibName, 0x1C74C64);
Fruit_get_IsBomb = (bool (*)(void *))getAbsoluteAddress(targetLibName, 0x1C72234);
Blade_get_Owner = (void* (*)(void *))getAbsoluteAddress(targetLibName, 0x20748D8);
HOOK_LIB("libil2cpp.so", "0x1C730D8", hook_Fruit_Update, old_Fruit_Update);
HOOK_LIB("libil2cpp.so", "0x2075418", hook_Blade_Update, old_Blade_Update);
OBFUSCATE("1_Toggle_Auto Slice Fruits")
case 1:
bAutoSlice = boolean;
break;
Dev - @aantik_mods
Fruit Ninja 3.96.5 ( Auto Play )
🥰11❤4👌1
struct Vector3 {
float x, y, z;
};
bool bAutoSlice = false;
void *playerBladeOwner = NULL;
void *(*Fruit_Slice)(void *instance, int bladeId, int bladeOwner, float bladePosX, float bladePosY, float sliceDirX, float sliceDirY, float sliceSpeed, bool triggerModifers, bool countTowardsAchievement, bool sliceDiamondEnabled, bool juiceEnabled, bool splatsEnabled);
void (*old_Fruit_Update)(void *instance);
bool (*Fruit_get_IsBomb)(void *instance);
bool (*Fruit_get_IsMenuFruit)(void *instance);
bool (*Fruit_get_IsSliced)(void *instance);
bool (*Fruit_get_IsSliceable)(void *instance);
void (*old_Blade_Update)(void *instance);
int (*Blade_get_Id)(void *instance);
int (*Blade_get_Owner)(void *instance);
void *(*Blade_get_BladeSlicer)(void *instance);
void (*BladeSlicer_AddToCurrentCombo)(void *instance, void *sliceEvent, void *fruit);
void *(*Component_get_transform)(void *instance);
Vector3 (*Transform_get_position)(void *instance);
void *(*BladeManager_get_Instance)();
void *(*BladeManager_get_PlayerBlade)(void *instance);
void *(*ScoreCard_get_Instance)();
void (*ScoreCard_ModifyScore)(void *instance, int player, int delta);
/**
*
*
* @code with RevDex antik mods cxx
* @param instance
*/
void hook_Blade_Update(void *instance) {
if (instance != NULL && Blade_get_Owner != NULL) {
int owner = Blade_get_Owner(instance);
if (owner == 0) {
if (playerBladeOwner != instance) {
LOGI(OBFUSCATE("Player Blade Captured: %p"), instance);
playerBladeOwner = instance;
}
}
}
old_Blade_Update(instance);
}
void hook_Fruit_Update(void *instance)
{
if (instance != NULL && bAutoSlice)
{
if (Fruit_get_IsBomb && Fruit_get_IsBomb(instance)) return old_Fruit_Update(instance);
if (Fruit_get_IsMenuFruit && Fruit_get_IsMenuFruit(instance)) return old_Fruit_Update(instance);
if (Fruit_get_IsSliced && Fruit_get_IsSliced(instance)) return old_Fruit_Update(instance);
if (Fruit_get_IsSliceable && !Fruit_get_IsSliceable(instance)) return old_Fruit_Update(instance);
int bladeId = 0;
int bladeOwner = 0;
float posX = 0, posY = 0;
void *playerBlade = playerBladeOwner;
if (playerBlade == NULL && BladeManager_get_Instance && BladeManager_get_PlayerBlade) {
void *bm = BladeManager_get_Instance();
if (bm) {
playerBlade = BladeManager_get_PlayerBlade(bm);
if (playerBlade) {
LOGI(OBFUSCATE("Blade found via BladeManager: %p"), playerBlade);
}
}
}
if (playerBlade != NULL) {
if (Blade_get_Id) bladeId = Blade_get_Id(playerBlade);
if (Blade_get_Owner) bladeOwner = Blade_get_Owner(playerBlade);
}
if (Component_get_transform && Transform_get_position) {
void *transform = Component_get_transform(instance);
if (transform) {
Vector3 pos = Transform_get_position(transform);
posX = pos.x;
posY = pos.y;
}
}
void *sliceEvent = Fruit_Slice(
instance,
bladeId,
bladeOwner,
posX, posY,
5.0f, 5.0f,
35.0f,
true,
true,
true,
true,
true
);
if (sliceEvent) {
LOGI(OBFUSCATE("Fruit pointer --> %p"), sliceEvent, bladeOwner);
int points = *(int*)((uintptr_t)sliceEvent + 0x7C); // m_slicePoints offset
void *sc = ScoreCard_get_Instance();
if (sc && ScoreCard_ModifyScore) {
ScoreCard_ModifyScore(sc, 0, points > 0 ? points : 1);
LOGI(OBFUSCATE("m_slicePoints --> %d points"), points > 0 ? points : 1);
}
if (playerBlade && Blade_get_BladeSlicer && BladeSlicer_AddToCurrentCombo) {
void *slicer = Blade_get_BladeSlicer(playerBlade);
if (slicer) {
BladeSlicer_AddToCurrentCombo(slicer, sliceEvent, instance);
/**
*
* done add points same like normal environment
*
*/
LOGI(OBFUSCATE("_"));
}
}
}
}
return old_Fruit_Update(instance);
}Fruit_Slice = (void *(*)(void *, int, int, float, float, float, float, float, bool, bool, bool, bool, bool))getAbsoluteAddress(targetLibName, 0x1C74C64);
Fruit_get_IsBomb = (bool (*)(void *))getAbsoluteAddress(targetLibName, 0x1C72234);
Fruit_get_IsMenuFruit = (bool (*)(void *))getAbsoluteAddress(targetLibName, 0x1C72220);
Fruit_get_IsSliced = (bool (*)(void *))getAbsoluteAddress(targetLibName, 0x1C722F8);
Fruit_get_IsSliceable = (bool (*)(void *))getAbsoluteAddress(targetLibName, 0x1C7230C);
Blade_get_Id = (int (*)(void *))getAbsoluteAddress(targetLibName, 0x20748E8);
Blade_get_Owner = (int (*)(void *))getAbsoluteAddress(targetLibName, 0x20748D8);
Blade_get_BladeSlicer = (void *(*)(void *))getAbsoluteAddress(targetLibName, 0x20748D0);
BladeSlicer_AddToCurrentCombo = (void (*)(void *, void *, void *))getAbsoluteAddress(targetLibName, 0x1BEB09C);
Component_get_transform = (void *(*)(void *))getAbsoluteAddress(targetLibName, 0x3C67160);
Transform_get_position = (Vector3 (*)(void *))getAbsoluteAddress(targetLibName, 0x3C744DC);
BladeManager_get_Instance = (void *(*)())getAbsoluteAddress(targetLibName, 0x1BE1F04);
BladeManager_get_PlayerBlade = (void *(*)(void *))getAbsoluteAddress(targetLibName, 0x1BE1E7C);
ScoreCard_get_Instance = (void *(*)())getAbsoluteAddress(targetLibName, 0x1E6E018);
ScoreCard_ModifyScore = (void (*)(void *, int, int))getAbsoluteAddress(targetLibName, 0x1E6E48C);
HOOK_LIB("libil2cpp.so", "0x1C730D8", hook_Fruit_Update, old_Fruit_Update);
HOOK_LIB("libil2cpp.so", "0x2075418", hook_Blade_Update, old_Blade_Update);
OBFUSCATE("1_Toggle_Auto Play")
case 1:
bAutoSlice = boolean;
break;
Fruit Ninja 3.96.5 ( Auto Play )
❤7