cust0m · June 29, 2020 14:21 · cust0m · Jul 22, 2020
diff --git a/insecure.js b/insecure.js
 var encoded_priv_key =
 hexToBytes("308204a30201000282vb56ab5106685aedas12123ebd577ec1e6f3648c11b7dd03eba10756ca");
 var encoded_public_key =
 hexToBytes("30820122300d312312306092a86483123128dba6dd8311150203010001");

 function inJava() {
 var MAGHttpClient = Java.use("com.ca.mas.core.http.MAGHttpClient");
 MAGHttpClient.execute.overload('com.ca.mas.foundation.MASRequest',
 'javax.net.ssl.SSLSocketFactory').implementation = function (a,b) {
     var SSLSocketFactory = Java.use("android.net.SSLCertificateSocketFactory");
     var insecure = SSLSocketFactory.getInsecure(0, null);
     return this.execute(a, insecure);
 };

 var KeyUtilsAsymmetric = Java.use("com.ca.mas.core.util.KeyUtilsAsymmetric");

 var PKCS8EncodedKeySpec = Java.use("java.security.spec.PKCS8EncodedKeySpec");
 var KeyFactory = Java.use("java.security.KeyFactory");

 KeyUtilsAsymmetric.getRsaPrivateKey.implementation = function(a) {
 var buffer = Java.array('byte', encoded_priv_key);
 var keySpecPKCS8 = PKCS8EncodedKeySpec.$new(buffer);
 var kf = KeyFactory.getInstance("RSA");
 var privKey = kf.generatePrivate(keySpecPKCS8);
 return privKey;
 };

 var X509EncodedKeySpec = Java.use("java.security.spec.X509EncodedKeySpec");

 KeyUtilsAsymmetric.getRsaPublicKey.implementation = function(a) {
 if(a=="com.ca.mas.foundation.msso.DEVICE_IDENTIFIER"){
 console.log("JUMP JEY");
 return this.getRsaPublicKey(a);
 }
 var buffer = Java.array('byte', encoded_public_key);
 var keySpecX509 = X509EncodedKeySpec.$new(buffer);
 var kf = KeyFactory.getInstance("RSA");
 var pubKey = kf.generatePublic(keySpecX509);
 return pubKey;
 };
 }

 function hexToBytes(hex) {
        for (var bytes = [], c = 0; c < hex.length; c += 2)
        bytes.push(parseInt(hex.substr(c, 2), 16));
        return bytes;
 }

 Java.perform(inJava);
	var encoded_priv_key =
	hexToBytes("308204a30201000282vb56ab5106685aedas12123ebd577ec1e6f3648c11b7dd03eba10756ca");
	var encoded_public_key =
	hexToBytes("30820122300d312312306092a86483123128dba6dd8311150203010001");

	function inJava() {
	var MAGHttpClient = Java.use("com.ca.mas.core.http.MAGHttpClient");
	MAGHttpClient.execute.overload('com.ca.mas.foundation.MASRequest',
	'javax.net.ssl.SSLSocketFactory').implementation = function (a,b) {
	var SSLSocketFactory = Java.use("android.net.SSLCertificateSocketFactory");
	var insecure = SSLSocketFactory.getInsecure(0, null);
	return this.execute(a, insecure);
	};

	var KeyUtilsAsymmetric = Java.use("com.ca.mas.core.util.KeyUtilsAsymmetric");

	var PKCS8EncodedKeySpec = Java.use("java.security.spec.PKCS8EncodedKeySpec");
	var KeyFactory = Java.use("java.security.KeyFactory");

	KeyUtilsAsymmetric.getRsaPrivateKey.implementation = function(a) {
	var buffer = Java.array('byte', encoded_priv_key);
	var keySpecPKCS8 = PKCS8EncodedKeySpec.$new(buffer);
	var kf = KeyFactory.getInstance("RSA");
	var privKey = kf.generatePrivate(keySpecPKCS8);
	return privKey;
	};

	var X509EncodedKeySpec = Java.use("java.security.spec.X509EncodedKeySpec");

	KeyUtilsAsymmetric.getRsaPublicKey.implementation = function(a) {
	if(a=="com.ca.mas.foundation.msso.DEVICE_IDENTIFIER"){
	console.log("JUMP JEY");
	return this.getRsaPublicKey(a);
	}
	var buffer = Java.array('byte', encoded_public_key);
	var keySpecX509 = X509EncodedKeySpec.$new(buffer);
	var kf = KeyFactory.getInstance("RSA");
	var pubKey = kf.generatePublic(keySpecX509);
	return pubKey;
	};
	}

	function hexToBytes(hex) {
	for (var bytes = [], c = 0; c < hex.length; c += 2)
	bytes.push(parseInt(hex.substr(c, 2), 16));
	return bytes;
	}

	Java.perform(inJava);