{"id":13843599,"url":"https://github.com/dstmath/frida-unpack","last_synced_at":"2025-07-11T19:32:26.709Z","repository":{"id":45154955,"uuid":"139793534","full_name":"dstmath/frida-unpack","owner":"dstmath","description":"基于Frida的脱壳工具","archived":false,"fork":false,"pushed_at":"2021-03-08T09:50:48.000Z","size":7,"stargazers_count":1334,"open_issues_count":11,"forks_count":321,"subscribers_count":37,"default_branch":"master","last_synced_at":"2024-08-05T17:38:20.316Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dstmath.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-07-05T04:09:05.000Z","updated_at":"2024-08-03T19:45:32.000Z","dependencies_parsed_at":"2022-07-13T18:19:52.776Z","dependency_job_id":null,"html_url":"https://github.com/dstmath/frida-unpack","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dstmath%2Ffrida-unpack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dstmath%2Ffrida-unpack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dstmath%2Ffrida-unpack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dstmath%2Ffrida-unpack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dstmath","download_url":"https://codeload.github.com/dstmath/frida-unpack/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225755037,"owners_count":17519190,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:02:19.497Z","updated_at":"2025-07-11T19:32:26.697Z","avatar_url":"https://github.com/dstmath.png","language":"Python","funding_links":[],"categories":["Python (1887)","Python","\u003ca id=\"f24f1235fd45a1aa8d280eff1f03af7e\"\u003e\u003c/a\u003eFrida"],"sub_categories":["\u003ca id=\"a5336a0f9e8e55111bda45c8d74924c1\"\u003e\u003c/a\u003e工具"],"readme":"# frida-unpack\n基于Frida的脱壳工具\n## 0x0 frida环境搭建\nfrida环境搭建，参考frida官网：[frida](https://www.frida.re)。\n\n## 0x2 原理说明\n利用frida hook libart.so中的OpenMemory方法，拿到内存中dex的地址，计算出dex文件的大小，从内存中将dex导出。\nps：查看OpenMemory的导出名称，可以将手机中的libart.so通过adb pull命令导出到电脑，然后利用：\n`nm libart.so |grep OpenMemory`命令来查看到出名。\n其中android 10为`/apex/com.android.runtime/lib/libdexfile.so`方法为`OpenCommon`。\n\n## 0x3 脚本用法\n- 在手机上启动frida server端\n- 执行脱壳脚本 \n```\n    执行./inject.sh 要脱壳的应用的包名 OpenMemory.js\n```\n- 脱壳后的dex保存在`/data/data/应用包名/`目录下\n\n## 0x4 脚本测试环境\n此脚本在以下环境测试通过\n * android os: 7.1.2 32bit  (64位可能要改OpenMemory的签名)\n * legu: libshella-2.8.so\n * 360: libjiagu.so\n\n## 0x5 参考链接\n- [frida](https://www.frida.re)\n\n## 0x06 python脚本支持\n`python frida_unpack.py 应用包名`\n\n## 0x07 相关技巧\n- 利用`c++filt`命令还原C++ name managling之后的函数名\n\n    ```\n    c++filt _ZN3art7DexFile10OpenMemoryEPKhjRKNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEjPNS_6MemMapEPKNS_10OatDexFileEPS9_\n\n    输出：\n    art::DexFile::OpenMemory(unsigned char const*, unsigned int, std::__1::basic_string\u003cchar, std::__1::char_traits\u003cchar\u003e, std::__1::allocator\u003cchar\u003e \u003e const\u0026, unsigned int, art::MemMap*, art::OatDexFile const*, std::__1::basic_string\u003cchar, std::__1::char_traits\u003cchar\u003e, std::__1::allocator\u003cchar\u003e \u003e*)\n    ```\n[![Powered by DartNode](https://dartnode.com/branding/DN-Open-Source-sm.png)](https://dartnode.com \"Powered by DartNode - Free VPS for Open Source\")\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdstmath%2Ffrida-unpack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdstmath%2Ffrida-unpack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdstmath%2Ffrida-unpack/lists"}