一个magisk 的模块,简化版,依赖 riru,能够简单的hook,并且加载动态库,目前用来加载 frida 的gadget 库,从而使hook脱离命令行和server,并且能够在多进程中加载

Related tags

Miscellaneous Riru-ModuleFridaGadget
Overview

1、说明

firda gadget 模式支持如下四种模式:

  • Listen
  • Connect
  • Script
  • ScriptDirectory

我没有全部测试,根据使用目的不同,我现在只需要最后一种,主要用于大规模手机部署hook功能,为了把 libgadget.so 注入到进程,所以选择了 magisk + riru 的模式,通过自定义riru模块在riru的回调里面加载 libgadget.so

Riru-ModuleTemplate

2、 目的 & 功能

  • frida 持久化
  • frida 代码能够hook同一个应用的不同进程
  • 应用白名单(避免和其他hook框架冲突)
  • 为了用于生产环境而不是调试环境

3、适配Android版本

Android 9,Android 10

4、安装

  • 通过 twrp 刷入 magisk v22.1
  • 通过 magisk 刷入 riru ,目前测试过 v23.9 ~ v25.4.4
  • 通过 magisk 刷入 riru-FridaGadgetRiruMoudle-v14.2.12.8.zip

5、编译

gradle assembleRelease

6、配置

6.1、白名单

主要控制某个进程是不是要加载 libgadget.so ,防止和其他hook框架冲突

/data/local/tmp/_white_list.config

com.github.testapp1,com.github.testapp2
6.2、gadget scriptdirectory 配置

https://frida.re/docs/gadget/#scriptdirectory

/data/local/tmp/frida_scripts

twitter.js
twitter.config

twitter.config 配置文件的目的是为了指定是否应该为某个 app 加载 twitter.js hook 脚本

7、构建用于调试的工具

开发一个图形界面用于配置配置文件和传输js脚本

图形界面控制gadget的动态库可选

You might also like...
Comments
  • 加载之后,进程一直在重启

    加载之后,进程一直在重启

    uid=10235, isApp= 1 2021-12-06 20:01:12.166 22805-22805/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-> com.ct.client 加载 ' /system/lib/libgadget.so ' 成功 2021-12-06 20:01:12.999 22830-22830/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 白名单:com.ct.client 2021-12-06 20:01:12.999 22830-22830/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx nice_process_name=com.ct.client, pkg=com.ct.client,uid=10235, isApp= 1 2021-12-06 20:01:13.150 22830-22830/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-> com.ct.client 加载 ' /system/lib/libgadget.so ' 成功 2021-12-06 20:01:14.006 22857-22857/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 白名单:com.ct.client 2021-12-06 20:01:14.006 22857-22857/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx nice_process_name=com.ct.client, pkg=com.ct.client,uid=10235, isApp= 1 2021-12-06 20:01:14.164 22857-22857/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-> com.ct.client 加载 ' /system/lib/libgadget.so ' 成功 2021-12-06 20:01:50.705 22940-22940/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 白名单:com.ct.client 2021-12-06 20:01:50.705 22940-22940/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx nice_process_name=com.ct.client, pkg=com.ct.client,uid=10235, isApp= 1 2021-12-06 20:01:50.868 22940-22940/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-> com.ct.client 加载 ' /system/lib/libgadget.so ' 成功 2021-12-06 20:01:51.731 22964-22964/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 白名单:com.ct.client 2021-12-06 20:01:51.731 22964-22964/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx nice_process_name=com.ct.client, pkg=com.ct.client,uid=10235, isApp= 1 2021-12-06 20:01:51.887 22964-22964/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-> com.ct.client 加载 ' /system/lib/libgadget.so ' 成功 2021-12-06 20:01:52.745 22989-22989/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 白名单:com.ct.client 2021-12-06 20:01:52.745 22989-22989/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx nice_process_name=com.ct.client, pkg=com.ct.client,uid=10235, isApp= 1 2021-12-06 20:01:52.907 22989-22989/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-> com.ct.client 加载 ' /system/lib/libgadget.so ' 成功 2021-12-06 20:01:53.756 23015-23015/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 白名单:com.ct.client 2021-12-06 20:01:53.756 23015-23015/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx nice_process_name=com.ct.client, pkg=com.ct.client,uid=10235, isApp= 1 2021-12-06 20:01:53.914 23015-23015/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-> com.ct.client 加载 ' /system/lib/libgadget.so ' 成功 2021-12-06 20:01:54.766 23040-23040/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 白名单:com.ct.client 2021-12-06 20:01:54.766 23040-23040/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx nice_process_name=com.ct.client, pkg=com.ct.client,uid=10235, isApp= 1 2021-12-06 20:01:54.924 23040-23040/? I/Riru-ModuleFridaGadget: Q_M xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-> com.ct.client 加载 ' /system/lib/libgadget.so ' 成

    opened by junges521 2
Owner
Qiang
Qiang
GitHub
[WIP] A Riru module tries to enable Magisk hide for isolated processes.

Riru-IsolatedMagiskHider Background Many applications now detect Magisk for security, Magisk provided "Magisk Hide" to prevent detection, but isolated

残页 562 Jan 3, 2023
Code profiler based on Frida

Code Profiler Based on Frida This repository contains the code to profile LIEF functions with Frida. Get Started Make sure to download the right versi

LIEF 26 Sep 12, 2022
fpicker is a Frida-based fuzzing suite supporting various modes (including AFL++ in-process fuzzing)

fpicker fpicker is a Frida-based fuzzing suite that offers a variety of fuzzing modes for in-process fuzzing, such as an AFL++ mode or a passive traci

Dennis Heinze 184 Dec 30, 2022
A Riru module tries to make Magisk more hidden.

Riru - MomoHider (aka IsolatedMagiskHider) Background Many applications now detect Magisk for security, Magisk provided "Magisk Hide" to hide the modi

残页 560 Dec 27, 2022