-
-
[原创] [原创工具] FRIDA-JS-DEXDump 基于Frida的内存脱壳工具(学习frida-dexdump的成果)
-
发表于: 2022-10-7 21:38
-
frida-js-dexdump is a copy of frida-dexdump writed by ts.
It is a frida tool to find and dump dex in memory to support security engineers in analyzing malware.
Node.js Version > 14.16 , my dev node is 16.13.2
Python3 3.10.7
CLI arguments base on frida-tools, you can quickly dump the foreground application like this:
Or use select to choice app like this:
Or specify and spawn app like this:
Or select install app and spawn app like this:
Additionally, you can see in -h that the new options provided by frida-dexdump are:
When using, I suggest using the -d, --deep-search option, which may take more time, but the results will be more complete.
See hluwa
《深入 FRIDA-DEXDump 中的矛与盾》
$ node -v
v16.13.2
$ node -v
v16.13.2
$ python -V
Python 3.10.7
$ python -V
Python 3.10.7
pip3 install frida frida-tools
npm install -g frida-fs-dexdump
pip3 install frida frida-tools
npm install -g frida-fs-dexdump
frida-js-dexdump -FU
frida-js-dexdump -FU
frida-js-dexdump -U
? What app? (Use arrow keys)❯ 2328:bin.mt.plus-MT管理器
2492:com.android.flysilkworm-雷电游戏中心
4171:com.xiaojianbang.app-HookTestDemo
12477:com.android.settings-设置
14633:com.android.documentsui-文件
frida-js-dexdump -U
? What app? (Use arrow keys)❯ 2328:bin.mt.plus-MT管理器
2492:com.android.flysilkworm-雷电游戏中心
4171:com.xiaojianbang.app-HookTestDemo
12477:com.android.settings-设置
14633:com.android.documentsui-文件
frida-js-dexdump -U -f com.app.pkgname
frida-js-dexdump -U -f com.app.pkgname
frida-js-dexdump -U -f
? What app? (Use arrow keys)❯ bin.mt.plus(MT管理器)
com.v2ray.ang(v2rayNG)
com.xiaojianbang.app(HookTestDemo)
com.yssenlin.app(影视森林)
lnes.ef(一起设置)
magisk.term(Magisk Terminal Emulator)
player.normal.np(NP管理器)
frida-js-dexdump -U -f
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
