Translated ['src/mobile-pentesting/android-app-pentesting/frida-tutorial

src/mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md

@@ -12,7 +12,7 @@
 
 Kulingana na [https://joshspicer.com/android-frida-1](https://joshspicer.com/android-frida-1)
 
-**Hook the \_exit()**\_ function na **decrypt function** ili ipige flag kwenye frida console unapobonyeza verify:
+**Hook the _exit()**_ function na **decrypt function** ili iweze kuchapisha bendera kwenye frida console unapobofya verify:
 ```javascript
 Java.perform(function () {
 send("Starting hooks OWASP uncrackable1...")
@@ -51,9 +51,9 @@ send("java.lang.System.exit(I)V  // We avoid exiting the application  :)")
 send("Hooks installed.")
 })
 ```
-## Suluhisho 2
+## Solution 2
 
-Kulingana na [https://joshspicer.com/android-frida-1](https://joshspicer.com/android-frida-1)
+Based in [https://joshspicer.com/android-frida-1](https://joshspicer.com/android-frida-1)
 
 **Hook rootchecks** na decrypt function ili iweze kuchapisha bendera kwenye frida console unapobofya verify:
 ```javascript
@@ -115,4 +115,52 @@ return false
 send("Hooks installed.")
 })
 ```
+---
+
+## Solution 3 – `frida-trace` (Frida ≥ 16)
+
+Ikiwa hutaki kuandika mikono, unaweza kuruhusu **Frida** izalishe stubs za Java kwako na kisha uzihariri:
+```bash
+# Spawn the application and automatically trace the Java method we care about
+aadb shell "am force-stop owasp.mstg.uncrackable1"
+frida-trace -U -f owasp.mstg.uncrackable1 \
+-j 'sg.vantagepoint.a.a.a("[B","[B")[B' \
+-j 'sg.vantagepoint.a.c!*' \
+--output ./trace
+
+# The first run will create ./trace/scripts/sg/vantagepoint/a/a/a__B_B_B.js
+# Edit that file and add the logic that prints the decrypted flag or
+# returns a constant for the root-checks, then:
+frida -U -f owasp.mstg.uncrackable1 -l ./trace/_loader.js --no-pause
+```
+Na Frida 16+ stub iliyoundwa tayari inatumia sintaksia ya kisasa ya **ES6** na itakusanywa na *QuickJS* runtime iliyo ndani – hauhitaji tena `frida-compile`.
+
+---
+
+## Suluhisho 4 – Mstari mmoja na Objection (2024)
+
+Ikiwa una **Objection >1.12** iliyosakinishwa unaweza kutupa bendera kwa amri moja (Objection inazunguka Frida ndani):
+```bash
+objection -g owasp.mstg.uncrackable1 explore \
+--startup-command "android hooking watch class sg.vantagepoint.a.a method a \n  && android hooking set return_value false sg.vantagepoint.a.c * \n  && android hooking invoke sg.vantagepoint.a.a a '[B' '[B'"
+```
+* `watch class` inachapisha maandiko ya wazi yanayorejeshwa na utaratibu wa AES
+* `set return_value false` inalazimisha kila ukaguzi wa root / debugger kuripoti *false*
+* `invoke` inakuwezesha kuita njia moja kwa moja bila kubonyeza **Verify**.
+
+> KUMBUKA: Kwenye Android 14 (API 34) lazima uendeshe Objection/Frida katika *spawn* mode (`-f`) kwa sababu *attach* imezuiwa na vizuizi vya **seccomp-bpf** vilivyoanzishwa mnamo Oktoba 2024.
+
+---
+
+## Maelezo ya kisasa ya Android (2023 - 2025)
+
+* **libsu 5.x** na **Zygisk** huficha *su* vizuri; hata hivyo, ukaguzi wa msingi wa Java katika Kiwango cha 1 bado unashindwa ikiwa faili `/system/bin/su` ipo. Hakikisha unawasha **denylist** au tu ung'anishe `java.io.File.exists()` na Frida.
+* Frida 16.1 ilirekebisha ajali kwenye **Android 12/13** iliyosababishwa na *Scudo* allocator ya Google. Ikiwa unaona `Abort message: 'missing SHADOW_OFFSET'`, sasisha Frida (au tumia toleo la usiku la 17.0 lililotengenezwa mapema).
+* Kwa sababu Play Integrity ilichukua nafasi ya SafetyNet mnamo 2023, baadhi ya programu mpya zinaita API ya **com.google.android.gms.tasks.Task**. Kiwango cha 1 HAKIFANYI hivyo, lakini mkakati sawa wa ung'aniko ulioonyeshwa hapa unafanya kazi – ung'anisha `com.google.android.gms.safetynet.SafetyNetClient` na urudishe *EvaluationType* iliyotengenezwa.
+
+## Marejeleo
+
+* Tangazo la toleo la Frida – "Frida 16.0 (2023-04-02): Marekebisho ya kuaminika ya Android 12/13 & marekebisho ya API ya spawn"
+* Objection 1.12 – "Hali ya spawn pekee kwa Android 14" (Slides za mazungumzo ya BlackHat USA 2024)
+
 {{#include ../../../banners/hacktricks-training.md}}