我实在是太无聊了,又实现了一个纯 frida 的砸壳


#1

为什么说是纯 frida 呢,因为连 SSH 都没有用到,完全拿到 js 去做实现了。

依赖项有且只有 pip install frida,其他真的没了

感觉自己实在是无聊到无药可救


#2

@AloneMonkey 那个汗这个有神恶魔区别吗


#3

前排仰慕大神


#4

提个Bug!测试了下砸微信

 python3 dump.py WeChat
app "WeChat" not found
installed app:
通讯录 (com.apple.MobileAddressBook)
音乐 (com.apple.Music)
照片 (com.apple.mobileslideshow)
yalu102 (kim.cracksby.yalu102)
App Store (com.apple.AppStore)
时钟 (com.apple.mobiletimer)
设置 (com.apple.Preferences)
iFile (eu.heinelt.ifile)
HookZzIOSDemoTemplate (com.spiderzz.HookZzIOSDemoTemplate)
查找朋友 (com.apple.mobileme.fmf1)
QQ (com.tencent.mqq)
语音备忘录 (com.apple.VoiceMemos)
电话 (com.apple.mobilephone)
邮件 (com.apple.mobilemail)
Terminal (com.officialscheduler.mterminal)
指南针 (com.apple.compass)
提示 (com.apple.tips)
健康 (com.apple.Health)
iBooks (com.apple.iBooks)
信息 (com.apple.MobileSMS)
TestHook (com.yuzhouheike.cn.TestHook)
查找 iPhone (com.apple.mobileme.fmip1)
TestHookZZ (com.yuzhouheike.cn.TestHookZZ)
Filza (com.tigisoftware.Filza)
日历 (com.apple.mobilecal)
Potatso Lite (com.touchingapp.potatsolite)
Cydia (com.saurik.Cydia)
HookZzIOSDemoTemplate (com.spiderzz.spiderzz)
Wallet (com.apple.Passbook)
Safari (com.apple.mobilesafari)
微信 (com.tencent.xin)
相机 (com.apple.camera)
MT·Box (com.mtbox.shenni)
备忘录 (com.apple.mobilenotes)

Hades:frida-ipa-dump-master Hades$ python3 dump.py com.tencent.xin
[info] attaching to target
[info] decrypting module WeChat
[info] decrypting module TXLiteAVSDK_Smart_No_VOD
[info] decrypting module WCDB
[info] decrypting module MMCommon
[info] decrypting module MultiMedia
[info] decrypting module QMapKit
[info] decrypting module mars
Traceback (most recent call last):
  File "dump.py", line 175, in <module>
    main()
  File "dump.py", line 172, in main
    dump(args.app, args.device, args.verbose)
  File "dump.py", line 43, in dump
    task.run()
  File "dump.py", line 158, in run
    self.inject()
  File "dump.py", line 153, in inject
    script.exports.dump()
  File "/usr/local/lib/python3.6/site-packages/frida/core.py", line 442, in method
    return script._rpc_request('call', js_name, args)
  File "/usr/local/lib/python3.6/site-packages/frida/core.py", line 372, in _rpc_request
    raise result[2]
frida.InvalidOperationError: script is destroyed

#5

进程不稳定崩掉了,遇到这种情况可以先启动 App 再执行


#7

高产!

紫薯布丁


#9

贴这个界面明显不是我这个版本啊

再说这个错误应该你两个设备 CPU 不同(32 位和 64 位)


#11

你用庆神的为什么跑来我这问


#12

对不起,伤害到你了。我以为类似来问问。我收回,抱歉


#14

。。。我只是表达一下你走错片场了


#15

纯洁癖,不想依赖太多不必要的三方库,包括 scp


#16

请问下 我下载了 frida-ipa-dump-master,怎么来砸壳呢 , 求指导下


#17

README 不是都写了?

(sudo) pip install frida
./dump.py WeChat

没了


#18

前提得要配置环境 配置了一下午 卡住了


#19

我运行 sudo pip install frida --ignore-installed six 后报错
Command “/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/P… -u -c “import setuptools, tokenize;file=’/private/tmp/pip-install-poceb8/frida/setup.py’;f=getattr(tokenize, ‘open’, open)(file);code=f.read().replace(’\r\n’, ‘\n’);f.close();exec(compile(code, file, ‘exec’))” install --record /private/tmp/pip-record-W8jlLC/install-record.txt --single-version-externally-managed --compile” failed with error code 1 in /private/tmp/pip-install-poceb8/frida/


#20

–verbose 一下看看是什么原因


#21

对了,安装时下载 prebuild 包会去 pypi 下,需要挂代理


#22

确实会有 querying pypi for available prebuilds 。
报错应该就在这 但是 挂代理是啥意思呢,是ssh手机么


#23

还是说需要用小飞机翻墙访问?


#24

querying pypi for available prebuilds
network query failed
looking for prebuilt extension in home directory, i.e. /Users/joe/frida-11.0.12-py2.7-macosx-10.11-intel.egg
no prebuilt extension found in home directory
error: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)>
我看 querying pypi for available prebuilds后 又在目录找frida-11.0.12-py2.7-macosx-10.11-intel.egg这个文件,然后我去https://pypi.org/project/frida/,下载了 再安装。安装成功