https://github.com/Mufanc/DexHunter
基于内存探测的简易脱壳小工具
https://github.com/Mufanc/DexHunter
android dex dump
Last synced: about 1 year ago
JSON representation
基于内存探测的简易脱壳小工具
- Host: GitHub
- URL: https://github.com/Mufanc/DexHunter
- Owner: Mufanc
- Created: 2022-10-14T22:38:25.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2025-03-27T12:15:37.000Z (about 1 year ago)
- Last Synced: 2025-03-27T13:26:02.355Z (about 1 year ago)
- Topics: android, dex, dump
- Language: Rust
- Homepage:
- Size: 42 KB
- Stars: 151
- Watchers: 3
- Forks: 60
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# DexHunter
* 简易脱壳小工具,参考葫芦娃大佬的 [`frida-dexdump`](https://github.com/hluwa/frida-dexdump),但是由 Rust 编写
## 优势
* 轻量、便捷:只有单一可执行文件,体积不过几 MB
* 非侵入性:无需附加到目标进程,有效规避了某些壳父子进程相互 ptrace 的问题
## 使用
### 下载预编译版本
[](https://github.com/Mufanc/DexHunter/actions)
* 部署至 Android 设备
```shell
adb push dexhunter /data/local/tmp
adb shell chmod +x /data/local/tmp/dexhunter
```
* 运行
```shell
adb shell
su
cd /data/local/tmp
./hunter --pid '$(pidof com.example.app)' -o
```
### 手动编译
* 克隆项目
* 配置环境变量
```shell
# replace with your ndk path
export ANDROID_NDK_ROOT="/home/mufanc/Android/Sdk/ndk/25.1.8937393"
```
* 编译 & 运行
```shell
# 基本使用
cargo make run --pid '$(pidof com.example.app)' -o
# 「仅扫描」模式,不会提取 dex 文件
cargo make run --pid '$(pidof com.example.app)'
# 自动获取顶层 activity 的 pid (依赖 dumpsys)
cargo make run -o
```
* 暂**不支持**对抹头 dex 文件的搜索