diff --git a/thai_camera/LICENSE b/thai_camera/LICENSE
new file mode 100644
index 0000000..09ff986
--- /dev/null
+++ b/thai_camera/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Timothy Bollé
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/thai_camera/README.md b/thai_camera/README.md
new file mode 100644
index 0000000..b99b933
--- /dev/null
+++ b/thai_camera/README.md
@@ -0,0 +1,2 @@
+# ReverseBootcamp
+Scripts for the UNIL reverseBootcamp
diff --git a/thai_camera/frida_script.py b/thai_camera/frida_script.py
new file mode 100644
index 0000000..5bc1329
--- /dev/null
+++ b/thai_camera/frida_script.py
@@ -0,0 +1,17 @@
+import frida
+
+# Attach to device and start app process
+device = frida.get_usb_device()
+pid = device.spawn(["com.cp.camera"])
+
+# Attach to the app process
+session = device.attach(pid)
+
+# Open the JS script and load it inside the process
+script = session.create_script(open("script_hook_final.js").read())
+script.load()
+device.resume(pid) # Resume a process from the attachable state
+
+# Allow the script to run until the user press Enter
+input()
+device.kill("com.cp.camera") # stop the app process
diff --git a/thai_camera/script_hook_basic.js b/thai_camera/script_hook_basic.js
new file mode 100644
index 0000000..f5a0125
--- /dev/null
+++ b/thai_camera/script_hook_basic.js
@@ -0,0 +1,21 @@
+console.log("Script loaded successfully!");
+
+// Ensure the current thread is attached to the java VM and call the function
+Java.perform(function x(){
+  console.log("Inside java perform function");
+
+  // Select the class in which the function to hook is
+  var my_class = Java.use("com.cp.camera.Loading");
+
+  // Reimplement the function we want to hook
+  my_class.loginByPost.implementation = function(code){
+    console.log("+++ Inside loginByPost function");
+
+    // Output the parameters
+    console.log("The hooked argument is " + code);
+
+    // Call normally the function and return the value
+    return this.loginByPost(code)
+  };
+
+});
diff --git a/thai_camera/script_hook_final.js b/thai_camera/script_hook_final.js
new file mode 100644
index 0000000..29008f9
--- /dev/null
+++ b/thai_camera/script_hook_final.js
@@ -0,0 +1,72 @@
+console.log("Script loaded successfully!");
+
+// Ensure the current thread is attached to the java VM and call the function
+Java.perform(function x(){
+  console.log("Inside java perform function");
+
+  // Select the class in which the function to hook is
+  var my_class = Java.use("com.cp.camera.Loading");
+  // Select class contaning the EVENT_PARAM_VALUE_NO
+  var app_constant = Java.use("com.facebook.appevents.AppEventsConstants");
+
+  // Reimplement the function we want to hook
+  my_class.loginByPost.implementation = function(code){
+    console.log("\n+++ Inside loginByPost function");
+
+    // Output the parameters
+    console.log("The hooked argument is " + code);
+
+    // Create a correct output and return it
+    var response = {
+      content: "content",
+      rule: "rule",
+      service: "service",
+      code: "code",
+      button: "button",
+      imei: "imei",
+      imeicontent: code+":+41799163273:CONTENU"
+    };
+    console.log("I'm returning "+ JSON.stringify(response));
+    return JSON.stringify(response)
+  };
+
+
+  my_class.sendMessage.implementation = function(mobile, content2){
+    console.log("\n+++ Inside sendMessage function");
+    console.log("The hooked arguments are " + mobile + " and " + content2);
+    return this.sendMessage(mobile, content2);
+  };
+
+  my_class.onRequestPermissionsResult.implementation = function(requestCode, permissions, grantResults){
+    console.log("\n+++ Inside onRequestPermissionsResult function");
+    return this.onRequestPermissionsResult(requestCode, permissions, grantResults);
+  };
+
+  my_class.startActivity.implementation = function(id){
+    console.log("\n+++ Inside startActivity function");
+    return this.startActivity(id);
+  };
+
+
+
+  // We change some value in the onCreate function
+  my_class.onCreate.implementation = function(arg){
+    console.log("\n+++ Inside onCreate function");
+    console.log("shareSend = " + this.shareSend.value);
+    console.log("videoShare = " + this.getSharedPreferences("videoLibrary", 0).getString("videoShare", ""));
+
+    //We change the values as needed
+    //this.shareSend.value = 1;
+    var editor = this.getSharedPreferences("videoLibrary", 0).edit();
+    editor.putString("videoShare", app_constant.EVENT_PARAM_VALUE_NO.value);
+    editor.apply();
+
+    var videoShare = this.getSharedPreferences("videoLibrary", 0).getString("videoShare", "");
+    console.log("shareSend = " + this.shareSend.value);
+    console.log("videoShare = " + videoShare + " AND " + app_constant.EVENT_PARAM_VALUE_YES.value);
+
+    //We return the value of the normal execution
+    return this.onCreate(arg);
+  };
+
+});
diff --git a/thai_camera/script_hook_intermediate.js b/thai_camera/script_hook_intermediate.js
new file mode 100644
index 0000000..137ae9b
--- /dev/null
+++ b/thai_camera/script_hook_intermediate.js
@@ -0,0 +1,57 @@
+console.log("Script loaded successfully!");
+
+// Ensure the current thread is attached to the java VM and call the function
+Java.perform(function x(){
+  console.log("Inside java perform function");
+
+  // Select the class in which the function to hook is
+  var my_class = Java.use("com.cp.camera.Loading");
+  // Select class contaning the EVENT_PARAM_VALUE_NO
+  var app_constant = Java.use("com.facebook.appevents.AppEventsConstants");
+
+  // Reimplement the function we want to hook
+  my_class.loginByPost.implementation = function(code){
+    console.log("\n+++ Inside loginByPost function");
+
+    // Output the parameters
+    console.log("The hooked argument is " + code);
+
+    // Create a correct output and return it
+    var response = {
+      content: "content",
+      rule: "rule",
+      service: "service",
+      code: "code",
+      button: "button",
+      imei: "imei",
+      imeicontent: code+":+41216924620:CONTENU"
+    };
+    console.log("I'm returning "+ JSON.stringify(response));
+    return JSON.stringify(response)
+  };
+
+
+  my_class.sendMessage.implementation = function(mobile, content2){
+    console.log("\n+++ Inside sendMessage function");
+    console.log("The hooked arguments are " + mobile + " and " + content2);
+    return this.sendMessage(mobile, content2);
+  };
+
+  my_class.onRequestPermissionsResult.implementation = function(requestCode, permissions, grantResults){
+    console.log("\n+++ Inside onRequestPermissionsResult function");
+    return this.onRequestPermissionsResult(requestCode, permissions, grantResults);
+  };
+
+  my_class.startActivity.implementation = function(id){
+    console.log("\n+++ Inside startActivity function");
+    return this.startActivity(id);
+  };
+
+  // We change some value in the onCreate function
+  my_class.onCreate.implementation = function(arg){
+    console.log("\n+++ Inside onCreate function");
+    //We return the value of the normal execution
+    return this.onCreate(arg);
+  };
+
+});