Frida-Android-unpack

本帖最后由 旧年白白白 于 2019-6-3 19:48 编辑

FrIDA-Android-unpack
this script for Android O and Android P.After Android 7.X,we cann't get OpenMemory function in libart.so,so the old script failed.we find the OpenCommon function to replace it.we can get dex file from this func,its parameters contain the memory address and size of dex.
Runtime environment
u need a root mobile and installed Frida
ro.debuggable = true
How to use this script?
frida -U -f com.xxx.xxx.xxx -l dupDex.js --no-pause
Function
art::DexFile::OpenCommon(unsigned char const*, unsigned long, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, unsigned int, art::OatDexFile const*, bool, bool, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*, art::DexFile::VerifyResult*)Test
Tencent
360
others

GitHub:https://github.com/xiaokanghub/Frida-Android-unpack

After unpacking

Runtime

Before unpacking

THE END
喜欢就支持以下吧
点赞0
分享
评论 抢沙发
  • 管埋员

    昵称

  • 取消

    请填写用户信息: