Differences

This shows you the differences between two versions of the page.

--- android:fridump [2019/04/29 14:14] – percy
+++ android:fridump [2019/05/06 17:54] (current) – [Install android server] percy
@@ Line 3: / Line 3: @@
   * https://github.com/Nightbringer21/fridump
   * https://www.frida.re/docs/android/
+  * http://pentestcorner.com/introduction-to-fridump/
+====== Install ======
-===== Download android =====
+  pip install frida
+  pip install frida-tools
+  git clone https://github.com/Nightbringer21/fridump.git
+  python fridump.py -h
+===== Install android server =====
 Download Android server
   * https://github.com/frida/frida/releases
+Find the frida server android
+  * https://github.com/frida/frida/releases/download/12.4.8/frida-server-12.4.8-android-x86_64.xz
 ==== Start android server ====
+  adb root
   adb push frida-server-12.4.8-android-x86_64 /data/local/frida-server
   adb shell chmod +x /data/local/frida-server
   adb shell /data/local/frida-server
+Or just one put it one line:
+  adb root && adb push frida-server-12.4.8-android-x86_64 /data/local/frida-server && adb shell chmod +x /data/local/frida-server && adb shell /data/local/frida-server
+==== Start dump ====
+Then you can use the script to dump the App you want
+  python fridump.py --max-size 2097152 -U -s com.xxxx.android
+Then it will generate the "dump/", and you can check dump/strings.txt
+  grep "string2find" dump/*
+Also the memory dump files are binary, you can convert to hex by `xxd`
+  xxd dump/0x12c00000_dump.data >xxd.hex
+==== frida commands ====
+  frida-ps -U
+  frida-trace -U -i "open*" com.xxx.android
+==== frida scripts ====
+  * https://github.com/0xdea/frida-scripts
+Update raptor_frida_android_trace.js, and then run
+  frida -l raptor_frida_android_trace.js -U -f com.xxxx.android --no-pause