TheNightlyGod/x-signaturebypass
1
0
Fork 0
Code Activity
Files
main
x-signaturebypass/README.md
Luki 5faf981da1 Upload files to "/"
2025-06-13 01:06:53 +00:00

95 lines
3.7 KiB
Markdown
Raw Permalink Blame History

# Alcove Script README
## Overview
This script is designed to bypass a verification function in an Alcove application by replacing it with a custom function that always returns `1` (true). The script uses Frida to hook into the application's main module and apply a "Total Replacement" patch to the verification function located at a specific offset.
Additionally, for the script to work fully, the HTTP response from the `/trial` endpoint must be manually spoofed to return a specific JSON payload.
## Prerequisites
- **Frida**: Ensure Frida is installed and configured on your system.
- **Alcove Application**: The target application must be running and accessible.
- **HTTP Proxy Tool**: A tool like Burp Suite, Charles Proxy, or mitmproxy to intercept and modify HTTP requests/responses.
## Script Details
The script performs the following actions:
1. Identifies the main module of the Alcove application and its base address.
2. Locates the verification function at offset `0x197f0` from the base address.
3. Uses Frida's `Interceptor.replace` to hook the verification function and replace it with a custom `NativeCallback` that logs the call and returns `1` (true).
## Manual HTTP Response Spoofing
For the script to work fully, you must manually spoof the HTTP response from the `/trial` endpoint. The application sends an HTTP request to `/trial` and expects a specific JSON response.
### Expected HTTP Request
The application sends a request to:
```
POST /trial
```
### Expected HTTP Response
The response must be a JSON object with the following structure:
```json
{
"uuid": "<your-uuid>",
"started_at": "9999-12-31T23:59:59+00:00",
"active": true
}
```
### Steps to Spoof the HTTP Response
1. **Set Up an HTTP Proxy**:
- Use a tool like Burp Suite, Charles Proxy, or mitmproxy to intercept HTTP traffic from the Alcove application.
- Configure your device or emulator to route traffic through the proxy.
2. **Intercept the** `/trial` **Request**:
- Identify the `POST /trial` request in your proxy tool.
3. **Modify the Response**:
- Replace the server's response with the JSON payload shown above.
- Ensure the HTTP status code is `200 OK` and the `Content-Type` header is `application/json`.
4. **Test the Application**:
- Run the application with the Frida script injected and the HTTP response spoofed.
- Verify that the verification function is bypassed and the application behaves as expected.
## Usage
1. Save the script as `frida.js`.
2. Run the script using Frida:
```bash
frida -f <path-to-app> -l frida.js
```
Replace `<path-to-app>` with the actual path of the Alcove application.
3. Set up your HTTP proxy tool to spoof the `/trial` endpoint response as described above.
4. Monitor the console output for logs indicating the patch status and verification function calls.
## Notes
- The offset `0x197f0` is specific to the target application version. If the application is updated, this offset may change, requiring you to update the script.
- Spoofing HTTP responses may require additional configuration depending on the application's network setup (e.g., SSL pinning bypass).
- Ensure you have legal permission to modify and analyze the application, as unauthorized tampering may violate terms of service or local laws.
## Troubleshooting
- **Function Replacement Fails**: Verify the offset `0x197f0` is correct for your application version. Use a disassembler like Ghidra or IDA to find the correct offset.
- **HTTP Spoofing Fails**: Ensure your proxy tool is correctly intercepting traffic and that the response matches the expected JSON format exactly.
- **Frida Errors**: Ensure Frida is properly installed and that the target application is running on a compatible device or emulator.
View Git Blame Copy Permalink