search

suifei / fridare

强大的 Frida 重打包工具,用于 iOS 和 Android。轻松修改 Frida 特征,增强隐蔽性,绕过检测。简化逆向工程和安全测试。Powerful Frida repackaging tool for iOS and Android. Easily modify Frida servers to enhance stealth and bypass detection. Streamlines reverse engineering and security testing.
MIT License
258 stars 60 forks source link

无根越狱有效果吗? #1

Closed ZFYy1x closed 4 months ago

suifei commented 4 months ago

虽然无根越狱排除了对OS/root卷的访问,但仍然可以作为 root 用户并通过 SSH 连接到您的设备,但是我并没有测试过这种设备;所以有一个保守可行的办法就是对ipa重打包,将frida-agent.dylib魔改后的文件集成进去即可。

mirsvip commented 4 months ago

期待安卓

ZFYy1x commented 4 months ago

虽然无根越狱排除了对OS/root卷的访问,但仍然可以作为 root 用户并通过 SSH 连接到您的设备,但是我并没有测试过这种设备;所以有一个保守可行的办法就是对ipa重打包,将frida-agent.dylib魔改后的文件集成进去即可。

你可以帮我构建一个16.X版本的frida deb文件吗?我没有mac构建不了,我想通过其他方法把它应用到无根越狱中

suifei commented 4 months ago

好的,没问题。

文件在: https://github.com/suifei/fridare/releases/tag/v3.0.1

frida_16.4.2_iphoneos-arm64_rtnos_tcp.deb frida_16.4.2_iphoneos-arm_rtnos_tcp.deb

_frida.abi3.so ,请放入 frida-tools的目录内,查询目录位置可以用:python -c 'import os; import frida; print(os.path.dirname(frida.__file__))'

用最新版本的脚本,运行日志:

$ ./fridare.sh build -latest -y
环境信息:
  使用系统 Python 环境
  Python 路径: python3
  Python 版本: Python 3.12.1
  Frida 版本: 16.4.2
  Frida 路径: /Users/suifei/Library/Python/3.12/lib/python/site-packages/frida
  Golang 版本: go version go1.22.3 darwin/arm64
  GOPATH: /Users/suifei/works/go
  操作系统: Darwin
  系统版本: 23.5.0

Password:
[INFO] 使用最新的 Frida 版本: 16.4.2
[INFO] 使用 Frida 服务器端口: 8899
[INFO] 自动确认:已启用
[WARN] 期间可能会要求输入 sudo 密码,用于修改文件权限
[INFO] 开始构建 Frida...
[SUCC] xcode-select 已安装
[SUCC] brew 已安装
[SUCC] git 已安装
[SUCC] jq 已安装
[SUCC] dpkg-deb 已安装
[SUCC] go 已安装
[SUCC] python3 已安装
[SUCC] 7z 已安装
[SUCC] curl 已安装
[SUCC] xz 已安装
[SUCC] gzip 已安装
[SUCC] frida-tools 已安装
[SUCC] 所有依赖已安装
[WARN] 本地存在 frida_16.4.2_iphoneos-arm.deb
[SUCC] 下载 frida_16.4.2_iphoneos-arm.deb 完成
[INFO] 正在修改 Frida 16.4.2 版本 (arm)
[SUCC] 正在修改 plist 文件: frida_16.4.2_iphoneos-arm/Library/LaunchDaemons/re.frida.server.plist
[INFO] FRIDA_NAME: rtnos
[INFO] FRIDA_SERVER_PORT: 8899
[SUCC] plist 文件修改完成
[SUCC] plist 文件已重命名为: frida_16.4.2_iphoneos-arm/Library/LaunchDaemons/re.rtnos.server.plist
[SUCC] 正在修改 DEBIAN 文件夹中的文件: frida_16.4.2_iphoneos-arm/DEBIAN
[INFO] FRIDA_NAME: rtnos
[INFO] 修改 control 文件
[INFO] 修改 extrainst_ 文件
[INFO] 修改 prerm 文件
[SUCC] DEBIAN 文件夹中的文件修改完成
[SUCC] 正在修改二进制文件: frida_16.4.2_iphoneos-arm/usr/sbin/frida-server
Successfully patched __cstring section in architecture: CPU: ARM64, Subtype: All, Byte Order: Little Endian, File Type: Exec
Successfully patched __const section in architecture: CPU: ARM64, Subtype: All, Byte Order: Little Endian, File Type: Exec
Successfully patched __cstring section in architecture: CPU: ARM64, Subtype: E_pauth0, Byte Order: Little Endian, File Type: Exec
Successfully patched __const section in architecture: CPU: ARM64, Subtype: E_pauth0, Byte Order: Little Endian, File Type: Exec
Patch success
Successfully patched __cstring section in architecture: CPU: ARM64, Subtype: All, Byte Order: Little Endian, File Type: Dylib
Successfully patched __const section in architecture: CPU: ARM64, Subtype: All, Byte Order: Little Endian, File Type: Dylib
Successfully patched __cstring section in architecture: CPU: ARM64, Subtype: E_pauth0, Byte Order: Little Endian, File Type: Dylib
Successfully patched __const section in architecture: CPU: ARM64, Subtype: E_pauth0, Byte Order: Little Endian, File Type: Dylib
Patch success
[SUCC] 二进制文件修改完成
[SUCC] 正在删除 frida_16.4.2_iphoneos-arm 中的 .DS_Store 文件...
[INFO] .DS_Store 文件删除完成
dpkg-deb: 正在 'frida_16.4.2_iphoneos-arm_rtnos_tcp.deb' 中构建软件包 're.rtnos.server'。
[SUCC] 重新打包 frida_16.4.2_iphoneos-arm_rtnos_tcp.deb 完成
[SUCC] Frida 16.4.2 版本 (arm) 修改完成
[INFO] 新版本名:rtnos
[INFO] 请使用新版本名:rtnos 进行调试
[INFO] 请使用端口:8899 进行调试
[INFO] 新版本 deb 文件:../dist/frida_16.4.2_iphoneos-arm_rtnos_tcp.deb
[INFO] -------------------------------------------------
[INFO] iPhone 安装:
[INFO] scp dist/frida_16.4.2_iphoneos-arm_rtnos_tcp.deb root@<iPhone-IP>:/var/root
[INFO] ssh root@<iPhone-IP>
[INFO] dpkg -i /var/root/frida_16.4.2_iphoneos-arm_rtnos_tcp.deb
[INFO] PC 连接:
[INFO] frida -U -f com.xxx.xxx -l
[INFO] frida -H <iPhone-IP>:8899 -f com.xxx.xxx --no-pause
[INFO] -------------------------------------------------
[WARN] 本地存在 frida_16.4.2_iphoneos-arm64.deb
[SUCC] 下载 frida_16.4.2_iphoneos-arm64.deb 完成
[INFO] 正在修改 Frida 16.4.2 版本 (arm64)
[SUCC] 正在修改 plist 文件: frida_16.4.2_iphoneos-arm64/var/jb/Library/LaunchDaemons/re.frida.server.plist
[INFO] FRIDA_NAME: rtnos
[INFO] FRIDA_SERVER_PORT: 8899
[SUCC] plist 文件修改完成
[SUCC] plist 文件已重命名为: frida_16.4.2_iphoneos-arm64/var/jb/Library/LaunchDaemons/re.rtnos.server.plist
[SUCC] 正在修改 DEBIAN 文件夹中的文件: frida_16.4.2_iphoneos-arm64/DEBIAN
[INFO] FRIDA_NAME: rtnos
[INFO] 修改 control 文件
[INFO] 修改 extrainst_ 文件
[INFO] 修改 prerm 文件
[SUCC] DEBIAN 文件夹中的文件修改完成
[SUCC] 正在修改二进制文件: frida_16.4.2_iphoneos-arm64/var/jb/usr/sbin/frida-server
Successfully patched __cstring section in architecture: CPU: ARM64, Subtype: All, Byte Order: Little Endian, File Type: Exec
Successfully patched __const section in architecture: CPU: ARM64, Subtype: All, Byte Order: Little Endian, File Type: Exec
Successfully patched __cstring section in architecture: CPU: ARM64, Subtype: E_pauth0, Byte Order: Little Endian, File Type: Exec
Successfully patched __const section in architecture: CPU: ARM64, Subtype: E_pauth0, Byte Order: Little Endian, File Type: Exec
Patch success
Successfully patched __cstring section in architecture: CPU: ARM64, Subtype: All, Byte Order: Little Endian, File Type: Dylib
Successfully patched __const section in architecture: CPU: ARM64, Subtype: All, Byte Order: Little Endian, File Type: Dylib
Successfully patched __cstring section in architecture: CPU: ARM64, Subtype: E_pauth0, Byte Order: Little Endian, File Type: Dylib
Successfully patched __const section in architecture: CPU: ARM64, Subtype: E_pauth0, Byte Order: Little Endian, File Type: Dylib
Patch success
[SUCC] 二进制文件修改完成
[SUCC] 正在删除 frida_16.4.2_iphoneos-arm64 中的 .DS_Store 文件...
[INFO] .DS_Store 文件删除完成
dpkg-deb: 正在 'frida_16.4.2_iphoneos-arm64_rtnos_tcp.deb' 中构建软件包 're.rtnos.server'。
[SUCC] 重新打包 frida_16.4.2_iphoneos-arm64_rtnos_tcp.deb 完成
[SUCC] Frida 16.4.2 版本 (arm64) 修改完成
[INFO] 新版本名:rtnos
[INFO] 请使用新版本名:rtnos 进行调试
[INFO] 请使用端口:8899 进行调试
[INFO] 新版本 deb 文件:../dist/frida_16.4.2_iphoneos-arm64_rtnos_tcp.deb
[INFO] -------------------------------------------------
[INFO] iPhone 安装:
[INFO] scp dist/frida_16.4.2_iphoneos-arm64_rtnos_tcp.deb root@<iPhone-IP>:/var/root
[INFO] ssh root@<iPhone-IP>
[INFO] dpkg -i /var/root/frida_16.4.2_iphoneos-arm64_rtnos_tcp.deb
[INFO] PC 连接:
[INFO] frida -U -f com.xxx.xxx -l
[INFO] frida -H <iPhone-IP>:8899 -f com.xxx.xxx --no-pause
[INFO] -------------------------------------------------
[INFO] 备份已存在: /Users/suifei/Library/Python/3.12/lib/python/site-packages/frida/_frida.abi3.so.fridare
[INFO] Python 库文件: /Users/suifei/Library/Python/3.12/lib/python/site-packages/frida/_frida.abi3.so
[INFO] Frida 名称: rtnos
Open Fat error: not a fat Mach-O file in record at byte 0x0
Successfully patched __cstring section in architecture: CPU: ARM64, Subtype: All, Byte Order: Little Endian, File Type: Bundle
Successfully patched __const section in architecture: CPU: ARM64, Subtype: All, Byte Order: Little Endian, File Type: Bundle
Patch success
Backup already exists: /Users/suifei/Library/Python/3.12/lib/python/site-packages/frida/core.py.fridare
Line 511: Replaced "ixtfg:rpc" with "rtnos:rpc"
Line 554: Replaced "ixtfg:rpc" with "rtnos:rpc"
Replacement complete
[SUCC] frida-tools 修改完成
suifei commented 4 months ago

抱歉,补充一下解包过的 dylib

arm-dylib.zip

arm64-dylib.zip

ZFYy1x commented 4 months ago

抱歉,补充一下解包过的 dylib

arm-dylib.zip

arm64-dylib.zip

可以留个微信吗?方便沟通一下

suifei commented 4 months ago

弄了个QQ群, QQ 555354813 555354813