篇幅有限

完整内容及源码关注公众号：ReverseCode，发送 冲

md5校验：CertUtil -hashfile ide-eval-resetter-2.1.13.jar MD5

apt install neofetch 显示系统信息

echo $SHELL 查看终端

pyenv versions

pyenv install –list

htop jnettop iotop

010 Editor-Template Repository-Executable 选择指定文件格式解析

无限续期：

先关闭软件：
rm -rf ~/.config/SweetScape/
rm -rf ~/.local/share/SweetScape/

8.1.0_r1 对应代号 OPM1.171019.011

wget https://dl.google.com/dl/android/aosp/bullhead-opm1.171019.011-factory-3be6fd1c.zip

./flush-all.sh 如报错替换fastboot,which fastboot

adb push n5x_nethunter /sdcard/

adb reboot bootloader

fastboot flash recovery nex_nethunter/twrp-3.3.0-0-bullhead.img 刷入SR5-SuperSU和nethunter-2020.3-bullhead-oreo-kalifs-full.zip

adb push /root/Android/Sdk/ndk/22.1.7171670/prebuilt/android-arm /data/local/tmp

./fs14248arm74

objection -g com.roysue.easyso1 explore

memory list modules

memory list exports libroysue.so 查看so的导出符号

./gdbserver 0.0.0.0:23946 –attach pid

hyper

gdb-multiarch

set arch arm
set arm fallback-mode thumb

target remote192.168.0.10:23946

info shared libroysue.so

b *0xcc7143f5

info break 打断点

c 执行下一个断点

nexti 汇编级别下一步F8

n 源码级别下一步

ctrl+shift+pageup 选寄存器状态

`ctrl+shift+pagedown 选寄存器状态

Nethunter 刷机