From d2c52a1dbd392eb03d216b40adb12c2b0d16f289 Mon Sep 17 00:00:00 2001
From: iddoeldor <iddo.eldor.work@gmail.com>
Date: Thu, 12 Sep 2019 13:07:45 +0300
Subject: [PATCH] unpack dex 64bit version

---
 scripts/WIP_unpack_64.js | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 scripts/WIP_unpack_64.js

diff --git a/scripts/WIP_unpack_64.js b/scripts/WIP_unpack_64.js
new file mode 100644
index 0000000..7b5fb69
--- /dev/null
+++ b/scripts/WIP_unpack_64.js
@@ -0,0 +1,21 @@
+var art_DexFile_OpenMemory = Module.findExportByName('libart.so','_ZN3art7DexFile10OpenMemoryEPKhmRKNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEjPNS_6MemMapEPKNS_10OatDexFileEPS9_'); // art::DexFile::OpenMemory > 64bit version
+console.log(art_DexFile_OpenMemory);
+Interceptor.attach(art_DexFile_OpenMemory, { 
+  onEnter: function (_args) {     
+    var begin = this.context.x0;
+    this.o = {};
+    this.o.begin = begin;
+    this.o.magic = Memory.readUtf8String(begin);
+    var address = parseInt(begin, 16) + 0x20;
+    var dexSize = Memory.readInt(ptr(address));
+    this.o.dexSize = dexSize;
+    var file = new File('/sdcard/unpack/' + dexSize + '.dex', 'wb');
+    file.write(Memory.readByteArray(begin, dexSize));
+    file.flush();
+    file.close();
+  },
+  onLeave: function (retval) {
+    this.o.retval = retval;
+    console.log(JSON.stringify(this.o, null, 2));
+  }
+});