FRIDA-JS-DEXDump

frida-js-dexdump is a copy of frida-dexdump writed by ts.
It is a frida tool to find and dump dex in memory to support security engineers in analyzing malware.

Features

Support fuzzy search broken header dex(deep search mode).
Compatible with all android version(frida supported).
One click installation, without modifying the system, easy to deploy and use.

Require

Node.js Version > 14.16 , my dev node is 16.13.2

1 2	`$ node` `-` `v` `v16.` `13.2`

Python3 3.10.7

1 2	`$ python` `-` `V` `Python` `3.10` `.` `7`

Installation

1 2	`pip3 install frida frida` `-` `tools` `npm install` `-` `g frida` `-` `fs` `-` `dexdump`

Usage

CLI arguments base on , you can quickly dump the foreground application like this:

1	`frida` `-` `js` `-` `dexdump` `-` `FU`

       frida
       -
       js
       -
       dexdump 
       -
       U
      

        
      

       ? What app? (Use arrow keys)
      

       ❯ 
       2328
       :
       bin
       .mt.plus
       -
       MT管理器
      

         
       2492
       :com.android.flysilkworm
       -
       雷电游戏中心
      

         
       4171
       :com.xiaojianbang.app
       -
       HookTestDemo
      

         
       12477
       :com.android.settings
       -
       设置
      

         
       14633
       :com.android.documentsui
       -
       文件
      

Or specify and spawn app like this:

1	`frida` `-` `js` `-` `dexdump` `-` `U` `-` `f com.app.pkgname`

Or select install app and spawn app like this:

       frida
       -
       js
       -
       dexdump 
       -
       U 
       -
       f 
      
       ? What app? (Use arrow keys)
      
       ❯ 
       bin
       .mt.plus(MT管理器)
      
       com.v2ray.ang(v2rayNG)
      
       com.xiaojianbang.app(HookTestDemo)
      
       com.yssenlin.app(影视森林)
      
       lnes.ef(一起设置)
      
       magisk.term(Magisk Terminal Emulator)
      
       player.normal.np(NP管理器)

Additionally, you can see in -h that the new options provided by frida-dexdump are:

       -
       o OUTPUT, 
       -
       -
       output OUTPUT  Output folder path, default 
       is 
       './<appname>/'
       .
      

       -
       d, 
       -
       -
       deep
       -
       search           Enable deep search mode.
      

       -
       -
       sleep SLEEP               Waiting times 
       for 
       start, spawn mode default 
       is 
       5s
       .
      

When using, I suggest using the -d, --deep-search option, which may take more time, but the results will be more complete.

Build and develop

       yarn install
      
       yarn run watch
       -
       agent
      
       yarn run watch

截图

screenshot

参考和致谢

See

更多【 [原创工具] FRIDA-JS-DEXDump 基于Frida的内存脱壳工具（学习frida-dexdump的成果）】相关视频教程：www.yxfzedu.com

加壳脱壳- [原创工具] FRIDA-JS-DEXDump 基于Frida的内存脱壳工具（学习frida-dexdump的成果）

FRIDA-JS-DEXDump

Features

Require

Installation

Usage

Build and develop

截图

参考和致谢

相关文章推荐

友情链接

课程目录

技术交流QQ群