Frida 服务器应用程序在连接 Android 设备时崩溃
Frida Server Application Crashed while hooking with Android Device
我正在尝试使用 frida 渗透测试和 Hook 我的 android 应用程序方法。但是当我在 windows 中从命令提示符执行命令时,我的应用程序崩溃了,并且没有从 apk 执行预期的方法。
我想通过从 frida 脚本返回 true 来开始我的第二个 activity。请帮助我更正我的代码或有效的解决方案更正。
我的应用代码:
package com.g.fridaplay;
public class MainActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
if(check())
startActivity(new Intent(MainActivity.this,VaultActivity.class));
else Toast.makeText(MainActivity.this,"Failed access",Toast.LENGTH_LONG).show();
}
boolean check(){
String pass="asdf@123";
if(pass.equals("asdf"))
return true;
else return false;
}
}
弗里达java脚本:vault.js
Java.perform(function() {
var theClass = Java.use("com.g.fridaplay.MainActivity");
theClass.check.implementation = function(v) {
console.log("In function check() ");
return true;
}
console.log("Exploit Completed.. finished");
})
使用了 Frida 脚本命令
//adb
./frida-server-15.1.3-android-x86 &
//python>script
frida -U --no-pause -l vault.js -f com.g.fridaplay
命令输出
C:\Python39\Scripts>frida -U --no-pause -l vault.js -f com.g.fridaplay
____
/ _ | Frida 15.1.3 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
Spawned `com.g.fridaplay`. Resuming main thread!
[Android::com.g.fridaplay]-> Exploit Completed.. finished
Process crashed: Bad access due to invalid address
***
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'Android/vbox86p/vbox86p:7.1.1/NMF26Q/76:userdebug/test-keys'
Revision: '0'
ABI: 'x86'
pid: 1657, tid: 1657, name: re-initialized> >>> <pre-initialized> <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x80000000
eax 00000000 ebx 00000679 ecx 00000679 edx 0000000b
esi ffdea80c edi ffdea5a0
xcs 00000023 xds 0000002b xes 0000002b xfs 0000006b xss 0000002b
eip f49ecbb9 ebp ffdea620 esp ffdea538 flags 00000296
backtrace:
#00 pc 00000bb9 [vdso:f49ec000] (__kernel_vsyscall+9)
#01 pc 0007f9d8 /system/bin/linker (__dl_syscall+40)
#02 pc 000046a1 /system/bin/linker (__dl__ZL24debuggerd_signal_handleriP7siginfoPv+1201)
#03 pc 0000b7fd /system/bin/app_process32_xposed (InvokeUserSignalHandler+317)
#04 pc 000ff441 /system/lib/libart.so (offset 0x10a000)
***
[Android::com.g.fridaplay]->
Thank you for using Frida!
我的设置:
- 模拟器:genymotion android 7.1 (x86)
- frida 版本 15.1.3
- 平台:windows10
- 制作的 apk:北极狐 2021
我找到了解决办法。问题出在模拟器上。我刚从 android 7.1 设备切换到 android 10 genymotion 设备。
我正在尝试使用 frida 渗透测试和 Hook 我的 android 应用程序方法。但是当我在 windows 中从命令提示符执行命令时,我的应用程序崩溃了,并且没有从 apk 执行预期的方法。
我想通过从 frida 脚本返回 true 来开始我的第二个 activity。请帮助我更正我的代码或有效的解决方案更正。
我的应用代码:
package com.g.fridaplay;
public class MainActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
if(check())
startActivity(new Intent(MainActivity.this,VaultActivity.class));
else Toast.makeText(MainActivity.this,"Failed access",Toast.LENGTH_LONG).show();
}
boolean check(){
String pass="asdf@123";
if(pass.equals("asdf"))
return true;
else return false;
}
}
弗里达java脚本:vault.js
Java.perform(function() {
var theClass = Java.use("com.g.fridaplay.MainActivity");
theClass.check.implementation = function(v) {
console.log("In function check() ");
return true;
}
console.log("Exploit Completed.. finished");
})
使用了 Frida 脚本命令
//adb
./frida-server-15.1.3-android-x86 &
//python>script
frida -U --no-pause -l vault.js -f com.g.fridaplay
命令输出
C:\Python39\Scripts>frida -U --no-pause -l vault.js -f com.g.fridaplay
____
/ _ | Frida 15.1.3 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
Spawned `com.g.fridaplay`. Resuming main thread!
[Android::com.g.fridaplay]-> Exploit Completed.. finished
Process crashed: Bad access due to invalid address
***
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'Android/vbox86p/vbox86p:7.1.1/NMF26Q/76:userdebug/test-keys'
Revision: '0'
ABI: 'x86'
pid: 1657, tid: 1657, name: re-initialized> >>> <pre-initialized> <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x80000000
eax 00000000 ebx 00000679 ecx 00000679 edx 0000000b
esi ffdea80c edi ffdea5a0
xcs 00000023 xds 0000002b xes 0000002b xfs 0000006b xss 0000002b
eip f49ecbb9 ebp ffdea620 esp ffdea538 flags 00000296
backtrace:
#00 pc 00000bb9 [vdso:f49ec000] (__kernel_vsyscall+9)
#01 pc 0007f9d8 /system/bin/linker (__dl_syscall+40)
#02 pc 000046a1 /system/bin/linker (__dl__ZL24debuggerd_signal_handleriP7siginfoPv+1201)
#03 pc 0000b7fd /system/bin/app_process32_xposed (InvokeUserSignalHandler+317)
#04 pc 000ff441 /system/lib/libart.so (offset 0x10a000)
***
[Android::com.g.fridaplay]->
Thank you for using Frida!
我的设置:
- 模拟器:genymotion android 7.1 (x86)
- frida 版本 15.1.3
- 平台:windows10
- 制作的 apk:北极狐 2021
我找到了解决办法。问题出在模拟器上。我刚从 android 7.1 设备切换到 android 10 genymotion 设备。