吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 3735|回复: 4
收起左侧

[Android Tools] FRIDA-JS-DEXDump 基于Frida的内存脱壳工具(学习frida-dexdump的成果)

  [复制链接]
evlon 发表于 2022-10-7 20:26
本帖最后由 evlon 于 2022-10-7 20:29 编辑

FRIDA-JS-DEXDump

frida-js-dexdump is a copy of frida-dexdump writed by ts.
It is a frida tool to find and dump dex in memory to support security engineers in analyzing malware.

Features

  1. Support fuzzy search broken header dex(deep search mode).
  2. Compatible with all android version(frida supported).
  3. One click installation, without modifying the system, easy to deploy and use.

Require

  1. Node.js  Version > 14.16 , my dev node is 16.13.2

    $ node -v
    v16.13.2
  2. Python3 3.10.7

    $ python -V
    Python 3.10.7
    

Installation

pip3 install frida frida-tools
npm install -g frida-fs-dexdump

Usage

CLI arguments base on frida-tools, you can quickly dump the foreground application like this:

frida-js-dexdump -FU

Or use select to choice app like this:

frida-js-dexdump -U

? What app? (Use arrow keys)
❯ 2328:bin.mt.plus-MT管理器
  2492:com.android.flysilkworm-雷电游戏中心
  4171:com.xiaojianbang.app-HookTestDemo
  12477:com.android.settings-设置
  14633:com.android.documentsui-文件

Or specify and spawn app like this:

frida-js-dexdump -U -f com.app.pkgname

Or select install app and  spawn app like this:

frida-js-dexdump -U -f 

? What app? (Use arrow keys)
❯ bin.mt.plus(MT管理器)
  com.v2ray.ang(v2rayNG)
  com.xiaojianbang.app(HookTestDemo)
  com.yssenlin.app(影视森林)
  lnes.ef(一起设置)
  magisk.term(Magisk Terminal Emulator)
  player.normal.np(NP管理器)

Additionally, you can see in -h that the new options provided by frida-dexdump are:

-o OUTPUT, --output OUTPUT  Output folder path, default is './<appname>/'.
-d, --deep-search           Enable deep search mode.
--sleep SLEEP               Waiting times for start, spawn mode default is 5s.

When using, I suggest using the -d, --deep-search option, which may take more time, but the results will be more complete.

Build and develop

yarn install
yarn run watch-agent
yarn run watch

截图

screenshot

参考和致谢

See hluwa
《深入 FRIDA-DEXDump 中的矛与盾》


yidongbangong20221007194546.PNG
yidongbangong20221007202635.PNG
QQ截图20221007202504.png

免费评分

参与人数 6吾爱币 +6 热心值 +4 收起 理由
笙若 + 1 + 1 谢谢@Thanks!
ddddhm + 1 + 1 我很赞同!
小k666 + 1 + 1 用心讨论,共获提升!
hehehero + 1 + 1 用心讨论,共获提升!
zhczf + 1 我很赞同!
Tonyha7 + 1 用心讨论,共获提升!

查看全部评分

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

feiyu361 发表于 2022-10-9 10:07
谢谢分享啊,学东了
风雨3137 发表于 2022-10-9 16:38
excllent123 发表于 2022-10-11 20:28
浅唱悲歌 发表于 2022-10-23 18:16
请问下这个可以过最新的360加固吗
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-12-23 00:48

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表