Frida 使用
1:安装
查看安装版本
frida --version
16.0.2(这是我自己安装的版本,目前最新是16.1.17)
安装
pip install frida
pip install frida-tools
2:frida-server
https://github.com/frida/frida/releases
下载相对应的server版本:(注意要跟第一步的版本一致)
可以先确认下自己设备是32还是64
adb shell getprop ro.product.cpu.abi
我自己的设备是:
arm64-v8a
这块我下载的是:
frida-server-16.0.2-android-arm64.xz。
解压到frida-server后执行以下操作。
adb push '/home/zh/下载/frida-server' /data/local/tmp/
cd /data/local/tmp
su
cd frida-server
chmod +777 data
./data 连接成功
3:开始工作
frida-ps -U
结果如下:PID Name
----- ---------------------------------------------------2357 .dataservices 3635 .dataservices 2499 .qtidataservices 1001 ATFWD-daemon 3666 AudioFX 3719 MT管理器 5960 Magisk 5942 Official TWRP App 5860 WhatsApp 740 adb_root 3502 adbd 731 adsprpcd 2650 android.ext.services 577 android.hardware.audio@2.0-service 1043 android.hardware.biometrics.fingerprint@2.1-service578 android.hardware.bluetooth@1.0-service-qti 579 android.hardware.camera.provider@2.4-service 580 android.hardware.cas@1.1-service 581 android.hardware.configstore@1.1-service 582 android.hardware.drm@1.0-service 583 android.hardware.drm@1.2-service.clearkey 584 android.hardware.drm@1.2-service.widevine 585 android.hardware.gatekeeper@1.0-service 586 android.hardware.gnss@2.0-service-qti 587 android.hardware.graphics.allocator@2.0-service 589 android.hardware.graphics.composer@2.1-service 590 android.hardware.health@2.0-service.leeco_8996 573 android.hardware.ir@1.0-service.leeco_8996 478 android.hardware.keymaster@3.0-service 594 android.hardware.light@2.0-service.leeco_8996 595 android.hardware.memtrack@1.0-service 597 android.hardware.power@1.2-service-qti 598 android.hardware.sensors@1.0-service 599 android.hardware.thermal@1.0-service 600 android.hardware.usb@1.0-service.basic 613 android.hardware.vibrator@1.0-service 614 android.hardware.vr@1.0-service 618 android.hardware.wifi@1.0-service 574 android.hidl.allocator@1.0-service 3762 android.process.media 477 android.system.suspend@1.0-service 487 apexd 648 ashmemd 651 audioserver 744 cameraserver 892 cnd 995 cnss-daemon 6145 com.android.cellbroadcastreceiver 5379 com.android.exchange 7572 com.android.inputmethod.latin 2612 com.android.launcher3 2305 com.android.networkstack 2523 com.android.phone 5649 com.android.providers.calendar 3621 com.android.se 3736 com.android.smspush 2191 com.android.systemui 5720 com.android.traceur 7637 com.android.webview:webview_service 2825 com.qualcomm.qcrilmsgtunnel 5753 com.qualcomm.qti.biometrics.fingerprint.service 2448 com.qualcomm.qti.telephonyservice 3859 com.quark.browser 7407 com.ss.android.ugc.aweme:push 8948 com.ss.android.ugc.aweme:sandboxed_process1 6037 com.tencent.mm:push 3541 com.uei.quicksetsdk.letv 6645 data 895 dpmQmiMgr 1037 dpmd 1080 dpmd 746 drmserver 6663 frida-helper-32 1023 gatekeeperd 670 gpuservice 576 healthd 739 hvdcp_opti 438 hwservicemanager 1680 ims_rtp_daemon 1095 imsdatadaemon 902 imsqmidaemon 903 imsrcsd 779 incidentd 1 init 427 init 428 init 784 installd 767 ip6tables-restore 1045 ipacm 766 iptables-restore 825 keystore 671 lmkd 999 loc_launcher 4121 logcat 6647 logcat 436 logd 1074 lowi-server 522 lspd 496 magiskd 891 media.codec 859 media.extractor 867 media.metrics 969 media.swcodec 845 mediadrmserver 875 mediaserver 726 mm-pp-dpps 992 mm-qcamera-daemon 647 msm_irqbalance 541 netd 918 netmgrd 2469 org.lineageos.consumerirtransmitter 5790 org.lineageos.lineageparts 3699 org.lineageos.settings.device 3585 org.lineageos.settings.doze 5825 org.lineageos.updater 715 pm-proxy 637 pm-service 933 port-bridge 1018 qfp-daemon 440 qseecomd 528 qti 736 rild 954 rild 517 rirud 673 rmt_storage 641 sensors.qti 437 servicemanager 4919 sh 5909 sh 878 statsd 886 storaged 5905 su 672 surfaceflinger 1098 system_server 676 tftp_server 729 thermal-engine 904 time_daemon 1025 tombstoned 429 ueventd 622 vendor.display.color@1.0-service 1047 vendor.lineage.livedisplay@2.0-service-sdm 625 vendor.lineage.touch@1.0-service.leeco_8996 626 vendor.lineage.trust@1.0-service 628 vendor.qti.hardware.alarm@1.0-service 479 vendor.qti.hardware.cryptfshw@1.0-service-qti.qsee 629 vendor.qti.hardware.perf@2.0-service 634 vendor.qti.hardware.qdutils_disp@1.0-service-qti 439 vndservicemanager 447 vold 2416 webview_zygote 890 wificond 894 wifidisplayhalservice 2232 wpa_supplicant 1077 xtra-daemon 544 zygote 542 zygote64
12744 企业微信 4729 夸克 5041 安全证书 4207 微信 6794 抖音 4474 搜狗输入法 5329 电子邮件 5458 短信 5687 设置
这里我测试下微信:
frida -U com.tencent.mm
____/ _ | Frida 16.0.2 - A world-class dynamic instrumentation toolkit| (_| |> _ | Commands:/_/ |_| help -> Displays the help system. . . . object? -> Display information about 'object'. . . . exit/quit -> Exit. . . .. . . . More info at https://frida.re/docs/home/. . . .. . . . Connected to LEX820 (id=6b4a96b2)
Failed to spawn: unable to find process with name 'com.tencent.mm'
这里出错了,会提示不能找到process.
注意这里需要根据上述获取到的名称来使用:
frida -U 微信(并不是包名)____/ _ | Frida 16.0.2 - A world-class dynamic instrumentation toolkit| (_| |> _ | Commands:/_/ |_| help -> Displays the help system. . . . object? -> Display information about 'object'. . . . exit/quit -> Exit. . . .. . . . More info at https://frida.re/docs/home/. . . .. . . . Connected to LEX820 (id=6b4a96b2)[LEX820::微信 ]->可以看到这时候,连接成功了。
估计,对比三种不同的方法。)
)
)
技术)
)
