Frida : NP Signature Injection Bypass

Hi guys welcome back to the blog .

Today's Walkthrough is about finding a way for NP Signature Injection Bypass without too much worry of killing signature

 

 Lets take a small apk for testing purposes. I always use AntiSplitG2.apk becuase of small size.

Open NP Manager -> Locate the apk -> Click on AntiSplitG2 apk -> function -> INJECTION SIGNATURE 

Now after Injecting Signature Resign it and install and open 

You amazed to see it open fine 😀 Just joking , It stuck at black screen . 

Its Frida Time : To Find The Reason Of Black Screen . 

Get the StopExit.js script from StopExit.js

and run on this apk with

./frida -f com.tilks.arscmerge -s StopExit.js

So something calling 

java/lang/System;->exit(I)V at

com.tilks.arsc.main.MainActivity.onCreate

and finishing its activity .

lets patch it.

search

java/lang/System;->exit(I)V 

in MT Manager 

open any of them and see

 just above Exit there is a jump condition so we should make sure that the flow of program never reach to exit call anyhow so we patch it with 

goto :cond_e

so exit never call. we patched 1 result but still 2 more remaining as we get 3 result at starting . patch them also in same way with goto :condition

save the files and resign with any signature , install and try to run and Boom it run fine without any need of kill signature 

Thanks to myself

for creating that script🤗 (Nice Joke😂)