evlon 发表于 2022-10-7 20:26

FRIDA-JS-DEXDump 基于Frida的内存脱壳工具(学习frida-dexdump的成果)

本帖最后由 evlon 于 2022-10-7 20:29 编辑


# FRIDA-JS-DEXDump

`frida-js-dexdump` is a copy of frida-dexdump writed by ts.
It is a frida tool to find and dump dex in memory to support security engineers in analyzing malware.




## Features

1. Support fuzzy search broken header dex(deep search mode).
2. Compatible with all android version(frida supported).
3. One click installation, without modifying the system, easy to deploy and use.

## Require

1. Node.jsVersion > 14.16 , my dev node is 16.13.2
```
$ node -v
v16.13.2
```

2. Python3 3.10.7
   
```
$ python -V
Python 3.10.7

```

## Installation



```
pip3 install frida frida-tools
npm install -g frida-fs-dexdump
```

## Usage

CLI arguments base on (https://github.com/frida/frida-tools), you can quickly dump the foreground application like this:

```
frida-js-dexdump -FU
```

Or use select to choice app like this:

```
frida-js-dexdump -U

? What app? (Use arrow keys)
❯ 2328:bin.mt.plus-MT管理器
2492:com.android.flysilkworm-雷电游戏中心
4171:com.xiaojianbang.app-HookTestDemo
12477:com.android.settings-设置
14633:com.android.documentsui-文件
```

Or specify and spawn app like this:

```
frida-js-dexdump -U -f com.app.pkgname
```

Or select install app andspawn app like this:

```
frida-js-dexdump -U -f


? What app? (Use arrow keys)
❯ bin.mt.plus(MT管理器)
com.v2ray.ang(v2rayNG)
com.xiaojianbang.app(HookTestDemo)
com.yssenlin.app(影视森林)
lnes.ef(一起设置)
magisk.term(Magisk Terminal Emulator)
player.normal.np(NP管理器)
```


Additionally, you can see in `-h` that the new options provided by frida-dexdump are:

```
-o OUTPUT, --output OUTPUTOutput folder path, default is './<appname>/'.
-d, --deep-search         Enable deep search mode.
--sleep SLEEP               Waiting times for start, spawn mode default is 5s.
```

When using, I suggest using the `-d, --deep-search` option, which may take more time, but the results will be more complete.

## Build and develop

```
yarn install
yarn run watch-agent
yarn run watch
```

## 截图
!(https://github.com/evlon/frida-js-dexdump/raw/main/doc/useage.gif)

### 参考和致谢

See (https://github.com/hluwa/FRIDA-DEXDump/)
[《深入 FRIDA-DEXDump 中的矛与盾》](https://mp.weixin.qq.com/s/n2XHGhshTmvt2FhxyFfoMA)





feiyu361 发表于 2022-10-9 10:07

谢谢分享啊,学东了

风雨3137 发表于 2022-10-9 16:38

re手学习学习

excllent123 发表于 2022-10-11 20:28

谢谢分享

浅唱悲歌 发表于 2022-10-23 18:16

请问下这个可以过最新的360加固吗
页: [1]
查看完整版本: FRIDA-JS-DEXDump 基于Frida的内存脱壳工具(学习frida-dexdump的成果)


免责声明:
吾爱破解所发布的一切破解补丁、注册机和注册信息及软件的解密分析文章仅限用于学习和研究目的;不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。本站信息来自网络,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑中彻底删除上述内容。如果您喜欢该程序,请支持正版软件,购买注册,得到更好的正版服务。如有侵权请邮件与我们联系处理。

Mail To:Service@52pojie.cn