forked from WithSecureLabs/android-keystore-audit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkeyguard-credential-intent.js
73 lines (65 loc) · 2.39 KB
/
keyguard-credential-intent.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
/*
KeyGuard script which can send a 'createConfirmDeviceCredentialIntent' for invoking a device unlock screen
Can be used to manually unlock keys which do not have a setUserAuthenticationValidityDurationSeconds set to -1
*/
console.log("Keyguard Script Loaded");
var activitiesList = [];
Java.perform(function () {
var activityCls = Java.use("android.app.Activity");
activityCls['onCreate'].overload('android.os.Bundle').implementation = function(a1) {
activitiesList.push(this);
console.log("Acitivity: "+ this);
return this.onCreate(a1);
}
});
function showKeyguard()
{
Java.perform(function () {
var ActivityThread = Java.use("android.app.ActivityThread");
var application = ActivityThread.currentApplication().getApplicationContext();
var REQUEST_CODE_CONFIRM_DEVICE_CREDENTIALS = 1;
var KEYGUARD_SERVICE = "keyguard";
var mKeyguardManagerCls = Java.use("android.app.KeyguardManager");
var mKeyguardManager = application.getSystemService(KEYGUARD_SERVICE)
var intent = mKeyguardManagerCls['createConfirmDeviceCredentialIntent'].call(mKeyguardManager,null, null);
console.log("HERE " + activitiesList[0]);
activitiesList[0].startActivityForResult(null,intent,REQUEST_CODE_CONFIRM_DEVICE_CREDENTIALS,null);
});
}
/*
* List Activity instances collected in activitiesList
*/
function ListActivities()
{
Java.perform(function () {
for(i=0; i < activitiesList.length; i++)
{
console.log( "["+i+"] "+activitiesList[i]);
}
});
return "[done]";
}
function back(idx)
{
Java.perform(function () {
console.log("HERE " + activitiesList[idx]);
var Runnable = Java.use('java.lang.Runnable');
var Runner = Java.registerClass({
name: 'com.MWR.Runner',
implements: [Runnable],
methods: {
run: function ()
{
activityCls = Java.use("android.app.Activity");
activityCls['onBackPressed'].call(activitiesList[idx]);
//activitiesList[idx].this$0.value.onBackPressed();
}
}
});
var Handler = Java.use('android.os.Handler');
var Looper = Java.use('android.os.Looper');
var loop = Looper.getMainLooper();
var handler = Handler.$new(loop);
handler.post(Runner.$new());
});
}