Closed CEV-Code closed 4 years ago
Modify the on message callback problem to resolve the thanks :)
The js code of dump dex is unstable😢
Is the script working via FRIDA cli?
Is the script working via FRIDA cli?
https://github.com/FuzzySecurity/Fermion This tool works fine!Hope to improve it! 😘
Hey @CEV-Code, I finally found the time to try your script. I confirm that it is working via FRIDA cli but it is not working if executed via RMS.
Did you find the issue? It breaks immediately after step 1. I have no time to work on this specific and not common case but please if you find the issue let me know!
Hi guys! I run the following js code every time I go to "step 4" of dumpdex function and I don't continue. Why? ///////////////////////////////////////////////////////////////////////////////////////////////////
// js code begin
function LogPrint(log) { var theDate = new Date(); var hour = theDate.getHours(); var minute = theDate.getMinutes(); var second = theDate.getSeconds(); var mSecond = theDate.getMilliseconds()
}
function getAndroidVersion(){ var version = 0;
}
function getFunctionName(){ var i = 0; var functionName = "";
}
function getProcessName(){ var processName = "";
}
function arraybuffer2hexstr(buffer) { var hexArr = Array.prototype.map.call( new Uint8Array(buffer), function (bit) { return ('00' + bit.toString(16)).slice(-2) } ); return hexArr.join(' '); }
function checkDexMagic(dataAddr){ var magicMatch = true; var magicFlagHex = [0x64, 0x65, 0x78, 0x0a, 0x30, 0x33, 0x35, 0x00];
}
function checkOdexMagic(dataAddr){ var magicMatch = true; var magicFlagHex = [0x64, 0x65, 0x79, 0x0a, 0x30, 0x33, 0x36, 0x00];
}
function dumpDex(moduleFuncName, processName){ if(moduleFuncName !== ""){ var hookFunction; if(getAndroidVersion() > 4){ // android 5 and later version hookFunction = Module.findExportByName("libart.so", moduleFuncName); LogPrint("step 1" + hookFunction); }else{ // android 4 hookFunction = Module.findExportByName("libdvm.so", moduleFuncName); // check libdvm.so first LogPrint("step 2" + hookFunction); if(hookFunction == null) { hookFunction = Module.findExportByName("libart.so", moduleFuncName); //// if not load libdvm.so, check libart.so LogPrint("step 3" + hookFunction); } } Interceptor.attach(hookFunction,{ onEnter: function(args){ LogPrint("step 4");
}
//start dump dex file var moduleFucntionName = getFunctionName(); var processName = getProcessName(); if(moduleFucntionName !== "" && processName !== ""){ dumpDex(moduleFucntionName, processName); }
// js code end