-
-
[原创]Frida-Android-unpack
-
发表于: 2019-6-3 17:17
-
Frida-Android-unpack
this script for Android O and Android P.After Android 7.X,we cann't get OpenMemory function in libart.so,so the old script failed.we find the OpenCommon function to replace it.we can get dex file from this func,its parameters contain the memory address and size of dex.
Runtime environment
u need a root mobile and installed Frida
ro.debuggable = true
How to use this script?
frida -U -f com.xxx.xxx.xxx -l dupDex.js --no-pause
Function
art::DexFile::OpenCommon(unsigned char const*, unsigned long, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, unsigned int, art::OatDexFile const*, bool, bool, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*, art::DexFile::VerifyResult*)
Test
Tencent
360
others
Before unpacking
Runtime
After unpacking
GitHub:https://github.com/xiaokanghub/Frida-Android-unpack
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
most of the time, I use mobile instead of an emulator, so future it will support that  ,if u can improve this script to support that, thank you for your contribution
|
|
|
hi, bro, I find the same function in emulator, but I wasn't test it, if u have emulator, u can have a try and tell me the result |
|
|
|
|
|
|
|
|
|
|
|
我还以为你娃不会说国语 
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 star,thanks
|
|
|
应该是可以的 你可以试试 有问题反馈 |
|
|
不需要呢 JS 文件放在本地就好了 关于Frida 您可以通过https://www.frida.re/docs/android/这个了解 |
|
|
|
|
|
|
|
|
亲 请把问题提交上来 |
|
|
实测Android7.1.2不行,git 下来的代码,啥也没改
 |
|
|
兄dei啊,你看看说明的撒,适用于Android 8.0以上,那么大的字提醒你函数不存在,Android 7.X 去HOOK OpenMemory |
|
|
请教下OpenMemory的导出符是什么,我用readelf看好像只显示了一部分,这个我枚举下导出符看看吧 还有我看代码Android O 和Android P都用的Android O的导出符,是没写判断还是通用呢 |
|
|
|
|
|
是的 无法准确还原 |
|
|
|
|
|
第一个参数好像是this指针 |
zckuna
