frida的几个常用工具

1、hook native so的工具:frida_hook_libart

https://github.com/lasting-yang/frida_hook_libart

(1) hook native so

frida -U --no-pause -f package_name -l hook_RegisterNatives.js

(2) hook_art

frida -U --no-pause -f package_name -l hook_art.js

运行显示的结果类似于jnitrace

2、跟踪JNI API调用的工具: jnitrace,可以指定跟踪哪个so的JNI调用

https://github.com/chame1eon/jnitrace

使用方法:

jnitrace -l libnative-lib.so com.example.myapplication

或者,以spawn’或attach方式启动app

jnitrace -l libnative-lib.so -m spawn com.example.myapplication

jnitrace -l libnative-lib.so -m attach com.example.myapplication

从上可以看到,输出基于API调用线程进行着色。

3、插件FRIDA-DEXDump可以用来脱壳

https://github.com/hluwa/FRIDA-DEXDump

plugin load /root/Desktop/FRIDA-DEXDump

plugin dexdump search

plugin dexdump dump

然后到dex所在目录搜索相关Activity

grep -ril “MainActivity” *