1、优点: 1、对FART的退出能力增强,对主动调用的dex (无初始函数)退出function fartwithClassloader ) (Java.perform(function ) ) Java.perform try { Java.use (Android.app.activity thread ) }.fartwithclassloader(instance ); }catch(e ) console.log ) e; },onComplete: function () (console.log ) ) HEAPsearchcomplete; (); (}//hook DexClassLoader主动调用FARTwithClassloader以跳过主动调用的类2、根据需要修复类或函数1、主动只调用某个类的加载等
//cn.cn TV.ui.activity.springplayeractivityfunctionloadoneclass (class name ) )Java.perform ) function )/PP String eachclassname,methoddumpmethodcode _ method//publicstaticclassloadergetclassloader (varappclassloader=Java.USS ) //dumpmethodcode//privatestaticnativevoiddumpmethodcode (objectm; vardexfile=Java.use (dal vik.system.de xfile ); var object=Java.use (Java.lang.object ); var array=Java.array (' Java.lang.class ',[Object.class] ); vardumpmethodcode=de xfile.class.getdeclaredmethod (' dumpmethodcode ',array ); dumpmethodcode.set accessible (true; //私有函数不能直接调用,必须设置console.log(dumpMethodCode-)、dumpmethodcode。 Java.use (Android.app.activity thread ).loadclassandinvoke (app class loader,classname,dumpMethodCode ); ) 2、编译时不主动加载fart,使用frida主动调用脱发线程
functionjustfart((Java.perform ) function ) (Java.use ) Android.app.activitythread ).fartthread ); } rpc远程调用
RPC.exports=(load class list : function ) classname ) loadoneclass ) classname; (); importfridaimportsysdefon _ message (message, DATA(3360ifmessage('type ' )='send':print ) ([*]{0} . format ) message('payload”) ) else 3360 PPO rmat if _ _ name _=' _ _ main _ ' : try 3360 sion=device.) withopen(fart_Frida.js ) ) as f: jscode=f.read ) ) script=session.create_script ) jscode ) script.on onon content=' ' withopen (' 8848960 _ class list _ execute.txt ',' r ' ) as f: content=f.read ) f.close ) arra as ai '.') print('classname-'I ) #script.exports.loadclasslist ) # I ) #script.exports.loadclasslist ) sys.stdistts