• This repository has been archived on 11/Jul/2023
  • Stars
    star
    3,338
  • Rank 13,416 (Top 0.3 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created almost 5 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A frida tool to dump dex in memory to support security engineers analyzing malware.

FRIDA-DEXDump

frida-dexdump is a frida tool to find and dump dex in memory to support security engineers in analyzing malware.

Make Jetbrains Great Again

Features

  1. Support fuzzy search broken header dex(deep search mode).
  2. Compatible with all android version(frida supported).
  3. One click installation, without modifying the system, easy to deploy and use.

Installation

pip3 install frida-dexdump

Usage

CLI arguments base on frida-tools, you can quickly dump the foreground application like this:

frida-dexdump -FU

Or specify and spawn app like this:

frida-dexdump -U -f com.app.pkgname

Additionally, you can see in -h that the new options provided by frida-dexdump are:

-o OUTPUT, --output OUTPUT  Output folder path, default is './<appname>/'.
-d, --deep-search           Enable deep search mode.
--sleep SLEEP               Waiting times for start, spawn mode default is 5s.

When using, I suggest using the -d, --deep-search option, which may take more time, but the results will be more complete.

screenshot

Build and develop

make

Requires

See requirements.txt

Internals

《深入 FRIDA-DEXDump 中的矛与盾》