简单反调试

• 修改frida-server默认名称
  • 直接重命名即可，如bba

• 修改frida-server默认端口27042
  • 启动时./bba -l 0.0.0.0:5550
  • 端口转发到本地adb forward tcp:5550 tcp:5550
  • frida-ps连接 frida-ps -H 127.0.0.1:5550
  • objection连接 objection -N -h 127.0.0.1 -p 5550 -g <packagename> explore
• 注：如果通过python连接的话，必须adb forward tcp:27042 tcp:6666，因为默认连这个端口

中文参数

如果支持性不好，可以send发送到PC控制端进行处理。

延时Hook

用setTimeout()方法

setTimeout(function (){
  Java.perform(function (){
    Java.enumerateLoadedClasses({
      onMatch: function(_className){
        // _className为string类型
        console.log("[*] found instance of " + _className);
      },
      onComplete: function(){
        console.log("[*] class enuemration complete");
      }
    });
  });
}, 0);

相关学习资料

• https://github.com/r0ysue/AndroidSecurityStudy
• https://frida.re/docs/javascript-api/
• https://github.com/hookmaster/frida-all-in-one
• https://blog.csdn.net/freeking101/article/details/107438271

相关脚本地址

脱壳

• https://github.com/hluwa/frida-dexdump.git
• https://github.com/lasting-yang/frida_dump

其他反调试

• https://codeshare.frida.re/@enovella/anti-frida-bypass/

• https://github.com/apkunpacker/AntiFrida_Bypass

汇总

• https://github.com/m0bilesecurity/Frida-Mobile-Scripts/tree/master
• https://codeshare.frida.re/browse site:codeshare.frida.re root 可以直接从frida远程调用