-
-
[原创] [原创工具] FRIDA-JS-DEXDump 基于Frida的内存脱壳工具(学习frida-dexdump的成果)
-
2022-10-7 21:38
-
FRIDA-JS-DEXDump
frida-js-dexdump is a copy of frida-dexdump writed by ts.
It is a frida tool to find and dump dex in memory to support security engineers in analyzing malware.
Features
- Support fuzzy search broken header dex(deep search mode).
- Compatible with all android version(frida supported).
- One click installation, without modifying the system, easy to deploy and use.
Require
Node.js Version > 14.16 , my dev node is 16.13.2
12$ node-vv16.13.2Python3 3.10.7
12$ python-VPython3.10.7
Installation
1 2 | pip3 install frida frida-toolsnpm install -g frida-fs-dexdump |
Usage
CLI arguments base on frida-tools, you can quickly dump the foreground application like this:
1 | frida-js-dexdump -FU |
Or use select to choice app like this:
1 2 3 4 5 6 7 8 | frida-js-dexdump -U? What app? (Use arrow keys)❯ 2328:bin.mt.plus-MT管理器 2492:com.android.flysilkworm-雷电游戏中心 4171:com.xiaojianbang.app-HookTestDemo 12477:com.android.settings-设置 14633:com.android.documentsui-文件 |
Or specify and spawn app like this:
1 | frida-js-dexdump -U -f com.app.pkgname |
Or select install app and spawn app like this:
1 2 3 4 5 6 7 8 9 10 11 | frida-js-dexdump -U -f ? What app? (Use arrow keys)❯ bin.mt.plus(MT管理器) com.v2ray.ang(v2rayNG) com.xiaojianbang.app(HookTestDemo) com.yssenlin.app(影视森林) lnes.ef(一起设置) magisk.term(Magisk Terminal Emulator) player.normal.np(NP管理器) |
Additionally, you can see in -h that the new options provided by frida-dexdump are:
1 2 3 | -o OUTPUT, --output OUTPUT Output folder path, default is './<appname>/'.-d, --deep-search Enable deep search mode.--sleep SLEEP Waiting times for start, spawn mode default is 5s. |
When using, I suggest using the -d, --deep-search option, which may take more time, but the results will be more complete.
Build and develop
1 2 3 | yarn installyarn run watch-agentyarn run watch |
截图
参考和致谢
See hluwa
《深入 FRIDA-DEXDump 中的矛与盾》
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
