Differences

This shows you the differences between two versions of the page.

--- android:fridump [2019/04/29 14:31] – percy
+++ android:fridump [2019/04/29 17:03] – [Start dump] percy
@@ Line 3: / Line 3: @@
   * https://github.com/Nightbringer21/fridump
   * https://www.frida.re/docs/android/
+  * http://pentestcorner.com/introduction-to-fridump/
 ====== Install ======
@@ Line 20: / Line 21: @@
 ==== Start android server ====
+  adb root
   adb push frida-server-12.4.8-android-x86_64 /data/local/frida-server
   adb shell chmod +x /data/local/frida-server
   adb shell /data/local/frida-server
+Or just one put it one line:
+  adb root && adb push frida-server-12.4.8-android-x86_64 /data/local/frida-server && adb shell chmod +x /data/local/frida-server && adb shell /data/local/frida-server
 ==== Start dump ====
 Then you can use the script to dump the App you want
-  python fridump.py -U -s com.xxxx.android
+  python fridump.py --max-size 2097152 -U -s com.xxxx.android
+Then it will generate the "dump/", and you can check dump/strings.txt
+  grep "string2find" dump/*
+Also the memory dump files are binary, you can convert to hex by `xxd`
+  xxd dump/0x12c00000_dump.data >xxd.hex
+==== frida commands ====
+  frida-ps -U
+  frida-trace -U -i "open*" com.xxx.android
+==== frida scripts ====
+  * https://github.com/0xdea/frida-scripts
+Update raptor_frida_android_trace.js, and then run
+  frida -l raptor_frida_android_trace.js -U -f com.xxxx.android --no-pause