deathmemory / fridacontainer Goto Github PK

View Code? Open in Web Editor NEW

924.0 27.0 215.0 4.62 MB

FridaContainer 整合了网上流行的和自己编写的常用的 frida 脚本，为逆向工作提效之用。 frida 脚本模块化，Java & Jni Trace。

Home Page: https://bbs.pediy.com/thread-265160.htm

TypeScript 55.26% Python 9.08% JavaScript 35.65%

fridacontainer hook ios trace frida android

fridacontainer's Introduction

FridaContainer

FridaContainer 整合了网上流行的和自己编写的常用的 frida 脚本，为逆向工作提效之用。

npm build 后，用 Pycharm 打开编辑，可以看到 frida api 代码补全提示。

1. 编译和使用

1.1 源码直接使用【推荐】

需要根据自己的需求修改 index.ts，编写实际操作内容。使用 index.ts 入口方式可以按照以下方式编译和调用。

$ git clone https://github.com/deathmemory/FridaContainer.git
$ cd FridaContainer/
$ npm install
## after edit index.ts
$ npm run build
$ frida -U -f com.example.android --no-pause -l _fcagent.js

开发实时编译

$ npm run watch

Setup for android

为 Andriod 手机初始化环境以应用第三方库(gson)

$ python setupAndroid.py

1.2 作为 npm node 模块使用

支持作为 npm node 模拟直接嵌入 typescript 项目中。

详细引入方式请看这里

1.3 赘述几句我当前的使用习惯

使用 pycharm 做开发（其他 IDE 也一样）
clone 仓库后，在项目根目录创建 agent 目录（已加入 gitignore）在这里开发业务脚本
修改 index.ts 引入 agent 目录下的类
单开一个 shell 跑 npm run watch 实时编译脚本
不断修改 index 或 agent 的脚本，注入、测试，达到目的。

2. 功能简介

本仓库会持续补充更新。

2.1 Android

Android 详细文档

一键去常规反调试
打印堆栈
通用的 Dump dex 方法
过 ssl pinning （新增 cronet bypass）
Hook JNI
Java methods trace
JNI trace
frida multi dex hook(java use)
......

2.2 iOS

iOS 详细文档

便捷的获取函数地址
模糊查找函数地址
打印堆栈
dump ui 结构
常见数据类型转换及打印
......

2.3 FCCommon 跨平台通用方法

方法	说明
showStacksModInfo	打印指定层数的 sp，并输出 module 信息 (如果有）
getModuleByAddr	根据地址获取模块信息
getLR	获取 LR 寄存器值
dump_module	dump 指定模块并存储到指定目录

3. 感谢

[todo 引用参考]

由于引用较多，且时间比较久了，也很难都列出来，以后慢慢列举吧。感谢无私的代码分享者们。

感谢参考与引用

fridacontainer's People

Contributors

Stargazers

Watchers

Forkers

kingking888 aihacker zblin spiderhacker965 yuknight gojerry wudidalaofei shuixi2013 fengyuhetao jitcor shuyabin vyuezhengling fishso breagitt kiwi-bo bill-bil qaqql selfprivilegemailbox y9y2x8sz moyvting xiajun325 cronos996 jindameias szllzs st4kc ldzspace ygage737 wyhuan xiamulo minghaolin2000 yemingyu sumerzhang sry309 gyyfifafans pythonname troublesunyc notify-bibi sung3r datougui2020 jwjjgs hrandroid yzhbeihai lgq2015 loy2000 leiyugithub hqwander9527 crackercat bjzz dongwl luyu344 anylayer fo-000 cxapython georgejzzz dddddz crewcutbro lyong2022 kingsun0 kong6001 brinedfish afeindsc wangcheng711 errno7 piowind akvsdk csyjyy shophelper biaolv allanp0e zhouxinfei mr00ff huaerxiela q447552640 sw1ng19 oujunke eatmoremeat amoryan trad957 parad0cx willbars konwa printf172 keroushe 2018383414 thanatos518 freeloop4032 ondreji danny-design zbx911 ndministrator lanbaicode anxianglemon huanzhiyi wuzhipeng7cc big1moster iamfaith magicjva tjp40922 dream0407 vo1d

fridacontainer's Issues

默认的例子下出现报错 Error: unable to resolve

一种 workaround 在这里提到了：frida/frida-compile#59 降低 frida-compile 的版本

是否应该在项目中上传 package-lock.json 以防止每个人 npm i 得到的版本不同导致的问题？

同时也可能需要修改一下脚本适配新版本的 frida-compile

clone项目下来没做任何改动，出现这个错误但是307行什么都没有重新build还是307行有问题，懵圈了

Error: unable to resolve:

您好，请问这个报错的原因是什么呢

Error TS2571: Object is of type 'unknown'.

clone下来之后，执行npm run build，错误如下：

@dmemory/[email protected] build /Users/xinglizhen/Frida/FridaContainer
frida-compile index.ts -o _fcagent.js

[TypeScript error: /Users/xinglizhen/Frida/FridaContainer/utils/FCAnd.ts(401,112): Error TS2571: Object is of type 'unknown'.] {
fileName: '/Users/xinglizhen/Frida/FridaContainer/utils/FCAnd.ts',
line: 401,
column: 112,
inputs: Set(105) {
'/Users/xinglizhen/Frida/FridaContainer/index.ts',
'/Users/xinglizhen/Frida/FridaContainer/utils/FCAnd.ts',
'/Users/xinglizhen/Frida/FridaContainer/utils/FCCommon.ts',
'/Users/xinglizhen/Frida/FridaContainer/utils/FCiOS.ts',
'/Users/xinglizhen/Frida/FridaContainer/utils/dmlog.ts',
'/Users/xinglizhen/Frida/FridaContainer/utils/repinning_test.js',
'/Users/xinglizhen/Frida/FridaContainer/utils/android/Anti.ts',
'/Users/xinglizhen/Frida/FridaContainer/utils/android/UnpinningPlus.js',
'/Users/xinglizhen/Frida/FridaContainer/utils/android/jnimgr.ts',
'/Users/xinglizhen/Frida/FridaContainer/utils/android/multi_unpinning.js',
'/Users/xinglizhen/Frida/FridaContainer/utils/android/repinning.js',
'/Users/xinglizhen/Frida/FridaContainer/utils/android/jni/method_data.ts',
'/Users/xinglizhen/Frida/FridaContainer/utils/android/unpack/fridaUnpack.js',
'/Users/xinglizhen/Frida/FridaContainer/utils/android/unpack/fridaUnpackSimply.js',
'/Users/xinglizhen/Frida/FridaContainer/utils/common/StringUtils.ts',
'/Users/xinglizhen/Frida/FridaContainer/utils/android/jni/jni_env.json',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/frida-gum/index.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/index.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/assert.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/globals.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/async_hooks.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/buffer.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/child_process.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/cluster.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/console.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/constants.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/crypto.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/dgram.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/dns.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/domain.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/events.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/fs.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/fs/promises.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/http.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/http2.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/https.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/inspector.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/module.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/net.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/os.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/path.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/perf_hooks.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/process.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/punycode.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/querystring.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/readline.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/repl.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/stream.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/string_decoder.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/timers.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/tls.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/trace_events.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/tty.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/url.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/util.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/v8.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/vm.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/wasi.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/worker_threads.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/zlib.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/@types/node/globals.global.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2018.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2017.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2016.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2015.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es5.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2015.core.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2015.collection.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2015.iterable.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2015.symbol.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2015.generator.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2015.promise.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2015.proxy.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2015.reflect.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2015.symbol.wellknown.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2016.array.include.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2017.object.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2017.sharedmemory.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2017.string.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2017.intl.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2017.typedarrays.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2018.asynciterable.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2018.asyncgenerator.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2018.promise.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2018.regexp.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2018.intl.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.esnext.intl.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2020.bigint.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.esnext.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2021.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2020.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2019.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2019.array.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2019.object.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2019.string.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2019.symbol.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2020.promise.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2020.sharedmemory.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2020.string.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2020.symbol.wellknown.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2020.intl.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2021.promise.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2021.string.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2021.weakref.d.ts',
'/Users/xinglizhen/Frida/FridaContainer/node_modules/typescript/lib/lib.es2021.intl.d.ts'
}
}
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! @dmemory/[email protected] build: frida-compile index.ts -o _fcagent.js
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the @dmemory/[email protected] build script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

请问这个怎么回事呢

gson加载异常

现象是提示

ERROR Error: java.lang.ClassNotFoundException: Didn't find class "com.google.gson.GsonBuilder" on path: DexPathList[[zip file "/data/data/com.mary.love/cache/gson.jar"],nativeLibraryDirectories=[/system/lib64]]

gson.jar 确实写入了目标位置

-rw-------  1 u0_a126 u0_a126_cache 240255 2021-04-07 20:38 gson.jar

怀疑gson.jar有误，尝试拖出来反编译，结果jar是正常的。
此时修改代码，

    const x =Java.openClassFile(dexpath); 
    x.load();
    console.log(x.getClassNames());

则直接提示异常

ERROR Error: java.io.IOException: No original dex files found for dex location /data/data/com.mary.love/cache/gson.jar

安卓版本8.1。
不知道大佬可遇到此问题否？

Possibility to merge with frida-afterburner

That's a very helpful project and I'd like to propose some kind of united front in the frida-script scene.
I've created a similar project, frida-afterburner which adds a lot of quality of life improvements. It's still in development and life hasn't allowed me time to work as much as I'd like

Maybe we merge the projects? Or we add some kind of add-ons? Or we just keep it as a library? I'm open to discussion :)

【解决】Error: unable to resolve

是 frida-compile 版本的问题。已经暂时回滚的版本号，可以重新拉一下新的代码。

之前编译成功过的可以执行下面的命令修正。

/usr/local/bin/node /usr/local/lib/node_modules/npm/bin/npm-cli.js install --scripts-prepend-node-path=auto

来修复

Originally posted by @deathmemory in #10 (comment)

Failed to bundle: Error: unable to resolve:

修改 index.ts 引入 agent 目录下的类

不知道如何修改 index.ts 来实时引入agent 目录写的frida脚本

你好，刚刚用了traceArtMethods这方法，发现不太对，求指导下

FCAnd.traceArtMethods(
['M:java.net.Socket'],
{'java.net.Socket': {white: true, methods:['<init>']}},
    "match_str_show_stacks");

我想hook socket里面的初始化函数，打印出来的log很奇怪
message: {'type': 'send', 'payload': '{"tid":29116,"status":"entry","tname":"spdy-0","classname":"java.lang.String","method":"public java.lang.String java.lang.String.toString()","method_":"toString","args":{}}'} data: None

感觉hook是java.lang.String tostring方法

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.