-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdumper.py
61 lines (52 loc) · 2.04 KB
/
dumper.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
import frida
import sys
import os
# setting
identifier = ""
lib_name = ""
def get_script():
# read javascript code
with open("dumper.js", "r") as f:
return f.read()
def fix_lib(arch, base):
# fix dumped library
dump_name = "dump_" + lib_name
# send so fixer
if arch == "arm":
os.system("adb push android/SoFixer32 /data/local/tmp/SoFixer")
elif arch == "arm64":
os.system("adb push android/SoFixer64 /data/local/tmp/SoFixer")
os.system("adb shell chmod +x /data/local/tmp/SoFixer")
# move dump
os.system(f"adb shell su -c 'chmod 777 /data/data/{identifier}/files/{dump_name}'")
os.system(f"adb shell su -c 'cp /data/data/{identifier}/files/{dump_name} /data/local/tmp/'")
# run so fixer
os.system(f"adb shell /data/local/tmp/SoFixer -m {base} -s /data/local/tmp/{dump_name} -o /data/local/tmp/{dump_name}.fix.so")
# pull lib
os.system(f"adb pull /data/local/tmp/{dump_name}.fix.so {lib_name}")
# remove files
os.system(f"adb shell rm /data/local/tmp/{dump_name}")
os.system(f"adb shell rm /data/local/tmp/{dump_name}.fix.so")
os.system("adb shell rm /data/local/tmp/SoFixer")
os.system(f"adb shell su -c 'rm /data/data/{identifier}/files/{dump_name}'")
def on_message(message, data):
# frida message handler
if "payload" in message: # dumped
print("[o] Fix dumped lib")
info = message["payload"]
print("----------------------------------------------------")
fix_lib(info[1], info[0]["base"])
print("----------------------------------------------------")
print(f"[o] Successfully dumped {lib_name}")
else: # error
print(message)
if __name__ == "__main__":
device: frida.core.Device = frida.get_usb_device()
target = device.spawn(identifier)
session: frida.core.Session = device.attach(target)
script = session.create_script(get_script())
script.on('message', on_message)
script.load()
script.exports.libinfo(lib_name, identifier)
device.resume(target)
sys.stdin.read()