This repository has been archived by the owner on Jul 11, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 903
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
19 changed files
with
4,276 additions
and
619 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,73 +1,62 @@ | ||
# FRIDA-DEXDump | ||
|
||
![screenshot](screenshot.png) | ||
`frida-dexdump` is a frida tool to find and dump dex in memory to support security engineers in analyzing malware. | ||
|
||
## Make JetBrains Great Again | ||
## Make Jetbrains Great Again | ||
|
||
<p align="center"> | ||
<img src = "https://resources.jetbrains.com/storage/products/company/brand/logos/jb_beam.png" width = 150> | ||
<img src = "https://resources.jetbrains.com/storage/products/company/brand/logos/PyCharm.png" width = 500> | ||
</p> | ||
|
||
## Features | ||
1. support fuzzy search broken header dex. | ||
2. fix struct data of dex-header. | ||
3. compatible with all android version(frida supported). | ||
4. support loading as objection plugin ~ | ||
5. pypi package has been released ~ | ||
|
||
## Requires | ||
|
||
- [frida](https://www.github.com/frida/frida): `pip install frida` | ||
- [optional] [click](https://pypi.org/project/click/) `pip install click` | ||
1. Support fuzzy search broken header dex(deep search mode). | ||
2. Compatible with all android version(frida supported). | ||
3. One click installation, without modifying the system, easy to deploy and use. | ||
|
||
## Installation | ||
|
||
### From pypi | ||
``` | ||
pip3 install frida-dexdump | ||
``` | ||
|
||
## Usage | ||
|
||
pip3 install frida-dexdump | ||
frida-dexdump -h | ||
CLI arguments base on [frida-tools](https://github.com/frida/frida-tools), you can quickly dump the foreground application like this: | ||
|
||
### From source | ||
``` | ||
frida-dexdump -FU | ||
``` | ||
|
||
git clone https://github.com/hluwa/FRIDA-DEXDump | ||
cd FRIDA-DEXDump/frida-dexdump | ||
python3 main.py -h | ||
Or specify and spawn app like this: | ||
|
||
## Usage | ||
``` | ||
frida-dexdump -U -f com.app.pkgname | ||
``` | ||
|
||
- Run `frida-dexdump` or `python3 main.py` to attach current frontmost application and dump dexs. | ||
Additionally, you can see in `-h` that the new options provided by frida-dexdump are: | ||
|
||
- Or, use command arguments: | ||
``` | ||
-n: [Optional] Specify target process name, when spawn mode, it requires an application package name. If not specified, use frontmost application. | ||
-p: [Optional] Specify pid when multiprocess. If not specified, dump all. | ||
-f: [Optional] Use spawn mode, default is disable. | ||
-s: [Optional] When spawn mode, start dump work after sleep few seconds. default is 10s. | ||
-d: [Optional] Enable deep search maybe detected more dex, but speed will be slower. | ||
-h: show help. | ||
``` | ||
|
||
- Or, loading as objection plugin | ||
``` | ||
-o OUTPUT, --output OUTPUT Output folder path, default is './<appname>/'. | ||
-d, --deep-search Enable deep search mode. | ||
--sleep SLEEP Waiting times for start, spawn mode default is 5s. | ||
``` | ||
|
||
1. clone this repo and move `frida_dexdump` into your plugins folder, eg: | ||
When using, I suggest using the `-d, --deep-search` option, which may take more time, but the results will be more complete. | ||
|
||
``` | ||
git clone https://github.com/hluwa/FRIDA-DEXDump ~/Downloads/FRIDA-DEXDump; | ||
mv ~/Downloads/FRIDA-DEXDump/frida_dexdump ~/.objection/plugins/dexdump | ||
``` | ||
![screenshot](screenshot.png) | ||
|
||
2. start objection with `-P` or `--plugin-folder` your plugins folder, eg: | ||
## Build and develop | ||
|
||
``` | ||
objection -g com.app.name explore -P ~/.objection/plugins | ||
``` | ||
``` | ||
make | ||
``` | ||
|
||
3. run command: | ||
### Requires | ||
|
||
1. ` plugin dexdump search ` to search and print all dex | ||
2. ` plugin dexdump dump ` to dump all found dex. | ||
See [requirements.txt](https://github.com/hluwa/FRIDA-DEXDump/blob/master/requirements.txt) | ||
|
||
## Internals | ||
|
||
[《深入 FRIDA-DEXDump 中的矛与盾》](https://mp.weixin.qq.com/s/n2XHGhshTmvt2FhxyFfoMA) | ||
[《深入 FRIDA-DEXDump 中的矛与盾》](https://mp.weixin.qq.com/s/n2XHGhshTmvt2FhxyFfoMA) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
/node_modules |
Oops, something went wrong.