lib.so obfuscation tools / tutorial

Api response hijack

🐛 watcher

🐛 overwriter

Tutorial soon 😁👍

Modded by @RevDex

Dev - @aantik_mods


https://www.youtube.com/watch?v=s3O8Ek50Bu0

Modded by @RevDex
Tutorial: https://www.youtube.com/watch?v=s3O8Ek50Bu0

This is a React Native app, but the OkHttp3 system says I don’t care, bro. 😁🤡🤦

When I checked the app, first I saw it was making a PHP request. But after that request finished, I noticed more PHP requests happening, like getaccount_V15.php. I searched the whole APK, every folder, every smali file, but I couldn’t find these PHP request URLs anywhere. Then I understood something was fishy in their main system.

So I tried index_v15.php. Inside that, I found a hidden schema which was connected with the app. I opened it using the browser developer tools, and then I was shocked— all the premium features, account login, account check, everything was fully controlled from one JavaScript file. At that moment, everything became clear to me.

After that, I opened Android Studio and loaded index_v15.php inside a WebView. I tried to hook the JavaScript and change some values to unlock premium. But then I understood the real problem: the JS was running inside an iframe. When JavaScript runs inside an iframe, you cannot directly hook or modify it using normal JS injection. So my injected noscript was not working.

Then, using a special technique, I bypassed the iframe restriction and successfully injected my own JavaScript.

free/431075/PIXTA FREE ACTIVE/false/
pro/431075/PIXTA PRO ACTIVE/true/

I changed

free → pro
false → true

And premium got fully unlocked. No ads, all pro features activated.

Finally, I created my own custom Android app, loaded their original WebView, injected custom JS, and completely bypassed their premium system

https://play.google.com/store/apps/details?id=com.pixta.thumbnailmaker 😐

Cooked 😐

@RevDexbot

Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
https://m4kr0x.medium.com/flutter-tls-bypass-how-to-intercept-https-traffic-when-all-other-frida-noscripts-fail-bd3d04489088

Emulator Bypass Free Fire ( Redirect Api)

Reverse Engineering ( Online Game)

adb push mitmproxy-ca-cert.crt /system/etc/security/cacerts/9a5ba575.0
adb shell chmod 644 /system/etc/security/cacerts/9a5ba575.0
settings get global http_proxy
settings put global http_proxy 127.0.0.1:20010
adb shell settings put global http_proxy ""

http://mitm.it

Must need adb enable BlueStacks or others emulator

https://github.com/mawo95/pairip
兄弟，你可以试试看这个项目吗😁

Mod Menu for Survival Simulator project
✔️ Aimbot
✔️ ESP
✔️ Telekill
✔️ Mask Kill
✔️ 360° Auto-Aim
✔️ Fly Mode
✔️KickPlayer
✔️KickRPC

no java fully imGUI ESP

C++ HOOK BY - @aantik_mods

Survival Simulator 0.2.3

YouTube SDK ( New ) Downloader

NP Manager ( VIP F**k) Random Signature Any Apk
Dev - @aantik_mods

GUI Memory Tracer is working in any non Unity OpenGL game [...]

1000% touch problem fixed , all andorid context touch simulation

ImGui RevDex Android 16 No Touch Problem

I will try to fix the touch issue.
I have successfully fixed it.

If you want better performance and compatibility, use a combo of EGL + Vulkan.

You will need to add Vulkan engine support yourself, okay

#nojava
#fullcppgui

Today, I spent a significant amount of time experimenting with and debugging the Android SDK, and during this process, I discovered a powerful exploit. This exploit makes it possible to bypass SSL pinning in any Android application, whether it is built with Flutter, React Native, or native Java.
The exploit operates at the Android SDK level, which means it is not limited to a specific framework or implementation. The next step is to transform this discovery into a practical and reliable hook.
I strongly believe that this work will be highly beneficial for the next generation of modders and security researchers, opening new possibilities for analysis, testing, and reverse engineering.

Exploit - Android SDK

Sigmaker Radare2.zip

Developed - @aantik_mods


///------ Sigmaker R2 ------///

Credit - https://github.com/radareorg/radare2

Credit - https://github.com/capstone-engine/capstone

Credit - https://github.com/Enlightenment/efl

Credit - https://github.com/cubicdaiya/dtl

-- how to use --

./Sigmaker libapp.so 0x1FD348 10

[*_*] ready


.. .. .. .. e1 03 16 aa .. .. .. .. .. .. .. .. .. .. .. .. 10 72 42 f9 10 f0 00 b8 a1 0b 40 f9 01 30 01 b8 e0 01 00 f9

#2

radare2 command

r2 -w libapp.so

[0x678333] > /x .. .. .. .. e1 03 16 aa .. .. .. .. .. .. .. .. .. .. .. .. 10 72 42 f9 10 f0 00 b8 a1 0b 40 f9 01 30 01 b8 e0 01 00 f9

0x0001FD348
hit0_0

210b0034e10316aa820080d2717e2294709f4091107242f910f000b8a10b40f9013001b8e00100f9

Final offset - 0x001FD348

With every update, just decrease it a little and you can find the same function without any problem

Pattern Signature Assembly

Chorki App Reverse Engineering & How to Create Assembly Signature Patterns for Flutter Apps


Stay on RevDex

In 80% of modder cases, it’s hard, and sometimes XML editing doesn’t work 🙂
But if you use the method shown in this video, it works 100% every time

https://youtube.com/shorts/eTV03aiRIhE?si=3J0SAF-81OsO-9P4