|
|
@@ -4,4 +4,37 @@ Frida 通过修改程序加载动态库而实现HOOK
|
|
|
|
|
|
* frida插件分享:
|
|
|
|
|
|
-https://codeshare.frida.re/
|
|
|
+https://codeshare.frida.re/
|
|
|
+
|
|
|
+
|
|
|
+## FridaGadget
|
|
|
+FridaGadget是一种免ROOT的注入方式,通过修改程序加载动态库而实现HOOK
|
|
|
+
|
|
|
+1. main.apk 改 main.apk.zip
|
|
|
+
|
|
|
+复制一个lib/xx.so出来,比如libflutter.so
|
|
|
+
|
|
|
+2. 下载 frida-gadget-16.0.2-android-arm.so 改名 libfrida-gadget.so
|
|
|
+
|
|
|
+3. 执行如下命令:
|
|
|
+
|
|
|
+
|
|
|
+```
|
|
|
+
|
|
|
+import lief
|
|
|
+
|
|
|
+libnative = lief.parse("libflutter.so")
|
|
|
+# libnative.add_library("libs/libfrida-gadget.so") # Injection!
|
|
|
+libnative.add_library("libfrida-gadget.so")
|
|
|
+libnative.write("libflutter.so")
|
|
|
+
|
|
|
+
|
|
|
+```
|
|
|
+
|
|
|
+将 libfrida-gadget.so 注入 libflutter.so
|
|
|
+
|
|
|
+4. 复制 libflutter.so,libfrida-gadget.so 两个到 main.apk.zip 压缩包覆盖
|
|
|
+
|
|
|
+5. main.apk.zip,改为 main.apk 并重新签名
|
|
|
+
|
|
|
+
|
