In Big Word - CHINA KMKB ( Indian guys understand it well )
In short word - we will try to inject fake data into app to get paid feature .
so we target a Good App named Ultima which give good Protection/Obfuscation/Dumping feature with paid price.
Requirements :
1. a free account
2. a paid account
lets dig into apk to search some common word - isvip , getvip, expiretime , getuserdata , setuserdata, setvip etc and we get few hit of *expiretime
armadillo.studio.model.sys.User$data
with trace script Trace.js and we get value like
(are you watching this Ultima , give me a ban you cheater )
now logout and login with paid account and repeat above step you get almost same output just value of .getToken is different . so this token authorize to use paid feature .
copy this token and paste in this script
Java.perform(function () {
var UD= Java.use("armadillo.studio.model.sys.User$data");
UD.getToken.overload().implementation = function()
{
return "sab0china1wale2chutiye3hote4hai5fuck6969";
}
})
Now login with free account and run this script with frida
./frida -f armadillo.studio -s hook.js
and enjoy all paid feature .
To Be Clear I lost my paid account due to some bad guys so share the hook privately so stay safe
Thanks
To Everyone who helped developer to ban my ID ☹️
