frida安装以及脱壳

frida的安装

公司网络无法使用pip的官方源,将官方源换成清华源

pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple

pip安装frida

pip install frida

安装frida-tools

pip install frida-tools

手机中安装frida服务端

查看Android手机设备

getprop ro.product.cpu.abi

根据cpu版本去https://github.com/frida/frida/releases下载相应frida-server,手机是arm64-v8a的,找到相应的服务器server

image-20201119110940552

下载后将解压的文件push进手机

adb push frida-server-14.0.8-android-arm64 /data/local/tmp

查看文件权限

ls -l

给Frida问件加权限

chmod 777 frida-server-14.0.8-android-arm64

运行文件

image-20201119111940258

再打开个cmd窗口,输入命令frida-ps -U

image-20201119112209545

脱壳工具的使用

工具来源https://github.com/hluwa/FRIDA-DEXDump

从pip安装frida-dexdump

pip3 install frida-dexdump

查看是否安装成功

frida-dexdump -h

出现如下页面安装成功

image-20201119105602502

使用参数

1
2
3
4
5
6
-n: [Optional] Specify target process name, when spawn mode, it requires an application package name. If not specified, use frontmost application.
-p: [Optional] Specify pid when multiprocess. If not specified, dump all.
-f: [Optional] Use spawn mode, default is disable.
-s: [Optional] When spawn mode, start dump work after sleep few seconds. default is 10s.
-d: [Optional] Enable deep search maybe detected more dex, but speed will be slower.
-h: show help.

脱壳命令

frida-dexdump -n 包名

image-20201119112705032

默认保存在用户文件夹下

image-20201119112815476