├── README.md └── frida-core └── 0001-patch.patch /README.md: -------------------------------------------------------------------------------- 1 | # Frida-Patchs 2 | 3 | Simple frida anti-detection patch -------------------------------------------------------------------------------- /frida-core/0001-patch.patch: -------------------------------------------------------------------------------- 1 | From 7da9178568507c234b0028a4c4dbdb2323cf3702 Mon Sep 17 00:00:00 2001 2 | From: etjson 3 | Date: Mon, 27 Jan 2025 16:46:00 +0800 4 | Subject: [PATCH] patch 5 | 6 | --- 7 | inject/inject.vala | 2 +- 8 | lib/base/rpc.vala | 6 +++--- 9 | lib/base/socket.vala | 4 ++-- 10 | server/server.vala | 3 ++- 11 | src/agent-container.vala | 2 +- 12 | src/darwin/darwin-host-session.vala | 2 +- 13 | src/droidy/droidy-client.vala | 2 +- 14 | src/freebsd/binjector-glue.c | 2 +- 15 | src/freebsd/freebsd-host-session.vala | 2 +- 16 | src/linux/frida-helper-backend.vala | 2 +- 17 | src/linux/linux-host-session.vala | 9 +++++---- 18 | src/qnx/qnx-host-session.vala | 2 +- 19 | src/windows/windows-host-session.vala | 2 +- 20 | tests/test-agent.vala | 2 +- 21 | tests/test-injector.vala | 2 +- 22 | 15 files changed, 23 insertions(+), 21 deletions(-) 23 | 24 | diff --git a/inject/inject.vala b/inject/inject.vala 25 | index 84042dda..a0f03ec8 100644 26 | --- a/inject/inject.vala 27 | +++ b/inject/inject.vala 28 | @@ -48,7 +48,7 @@ namespace Frida.Inject { 29 | return 0; 30 | } 31 | } catch (OptionError e) { 32 | - printerr ("%s\n", e.message); 33 | + printerr ("%s\nBuild From https://jshook.org\n", e.message); 34 | printerr ("Run '%s --help' to see a full list of available command line options.\n", args[0]); 35 | return 1; 36 | } 37 | diff --git a/lib/base/rpc.vala b/lib/base/rpc.vala 38 | index 3695ba8c..02602abf 100644 39 | --- a/lib/base/rpc.vala 40 | +++ b/lib/base/rpc.vala 41 | @@ -17,7 +17,7 @@ namespace Frida { 42 | var request = new Json.Builder (); 43 | request 44 | .begin_array () 45 | - .add_string_value ("frida:rpc") 46 | + .add_string_value ((string) GLib.Base64.decode("ZnJpZGE6cnBj=")) 47 | .add_string_value (request_id) 48 | .add_string_value ("call") 49 | .add_string_value (method) 50 | @@ -70,7 +70,7 @@ namespace Frida { 51 | } 52 | 53 | public bool try_handle_message (string json) { 54 | - if (json.index_of ("\"frida:rpc\"") == -1) 55 | + if (json.index_of ((string) GLib.Base64.decode("ImZyaWRhOnJwYyI=")) == -1) 56 | return false; 57 | 58 | var parser = new Json.Parser (); 59 | @@ -99,7 +99,7 @@ namespace Frida { 60 | return false; 61 | 62 | string? type = rpc_message.get_element (0).get_string (); 63 | - if (type == null || type != "frida:rpc") 64 | + if (type == null || type != (string) GLib.Base64.decode("ZnJpZGE6cnBj=")) 65 | return false; 66 | 67 | var request_id_value = rpc_message.get_element (1); 68 | diff --git a/lib/base/socket.vala b/lib/base/socket.vala 69 | index d2f4e8bd..5cd1099f 100644 70 | --- a/lib/base/socket.vala 71 | +++ b/lib/base/socket.vala 72 | @@ -1,6 +1,6 @@ 73 | namespace Frida { 74 | - public const uint16 DEFAULT_CONTROL_PORT = 27042; 75 | - public const uint16 DEFAULT_CLUSTER_PORT = 27052; 76 | + public const uint16 DEFAULT_CONTROL_PORT = 28042; 77 | + public const uint16 DEFAULT_CLUSTER_PORT = 28052; 78 | 79 | public SocketConnectable parse_control_address (string? address, uint16 port = 0) throws Error { 80 | return parse_socket_address (address, port, "127.0.0.1", DEFAULT_CONTROL_PORT); 81 | diff --git a/server/server.vala b/server/server.vala 82 | index 525c145e..6a0590c2 100644 83 | --- a/server/server.vala 84 | +++ b/server/server.vala 85 | @@ -1,7 +1,7 @@ 86 | namespace Frida.Server { 87 | private static Application application; 88 | 89 | - private const string DEFAULT_DIRECTORY = "re.frida.server"; 90 | + private static string? DEFAULT_DIRECTORY = null; 91 | private static bool output_version = false; 92 | private static string? listen_address = null; 93 | private static string? certpath = null; 94 | @@ -50,6 +50,7 @@ namespace Frida.Server { 95 | }; 96 | 97 | private static int main (string[] args) { 98 | + DEFAULT_DIRECTORY = GLib.Uuid.string_random(); 99 | Environment.init (); 100 | 101 | #if DARWIN 102 | diff --git a/src/agent-container.vala b/src/agent-container.vala 103 | index 73e0c017..fa4fb431 100644 104 | --- a/src/agent-container.vala 105 | +++ b/src/agent-container.vala 106 | @@ -28,7 +28,7 @@ namespace Frida { 107 | } 108 | 109 | void * main_func_symbol; 110 | - var main_func_found = container.module.symbol ("frida_agent_main", out main_func_symbol); 111 | + var main_func_found = container.module.symbol ("PkFiCs", out main_func_symbol); 112 | assert (main_func_found); 113 | container.main_impl = (AgentMainFunc) main_func_symbol; 114 | 115 | diff --git a/src/darwin/darwin-host-session.vala b/src/darwin/darwin-host-session.vala 116 | index ab9b2900..bc69dbff 100644 117 | --- a/src/darwin/darwin-host-session.vala 118 | +++ b/src/darwin/darwin-host-session.vala 119 | @@ -381,7 +381,7 @@ namespace Frida { 120 | private async uint inject_agent (uint pid, string agent_parameters, Cancellable? cancellable) throws Error, IOError { 121 | uint id; 122 | 123 | - unowned string entrypoint = "frida_agent_main"; 124 | + unowned string entrypoint = "PkFiCs"; 125 | #if HAVE_EMBEDDED_ASSETS 126 | id = yield fruitjector.inject_library_resource (pid, agent, entrypoint, agent_parameters, cancellable); 127 | #else 128 | diff --git a/src/droidy/droidy-client.vala b/src/droidy/droidy-client.vala 129 | index ddc56ccc..8b9e9c4c 100644 130 | --- a/src/droidy/droidy-client.vala 131 | +++ b/src/droidy/droidy-client.vala 132 | @@ -1015,7 +1015,7 @@ namespace Frida.Droidy { 133 | case "OPEN": 134 | case "CLSE": 135 | case "WRTE": 136 | - throw new Error.PROTOCOL ("Unexpected command"); 137 | + break; 138 | 139 | default: 140 | var length = parse_length (command_or_length); 141 | diff --git a/src/freebsd/binjector-glue.c b/src/freebsd/binjector-glue.c 142 | index 2bdce0ae..16a304ff 100644 143 | --- a/src/freebsd/binjector-glue.c 144 | +++ b/src/freebsd/binjector-glue.c 145 | @@ -805,7 +805,7 @@ frida_inject_instance_init_fifo (FridaInjectInstance * self) 146 | { 147 | const int mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; 148 | 149 | - self->fifo_path = g_strdup_printf ("%s/binjector-%u", self->temp_path, self->id); 150 | + self->fifo_path = g_strdup_printf ("%s/%u", self->temp_path, self->id); 151 | 152 | mkfifo (self->fifo_path, mode); 153 | chmod (self->fifo_path, mode); 154 | diff --git a/src/freebsd/freebsd-host-session.vala b/src/freebsd/freebsd-host-session.vala 155 | index a2204a4e..8b336a30 100644 156 | --- a/src/freebsd/freebsd-host-session.vala 157 | +++ b/src/freebsd/freebsd-host-session.vala 158 | @@ -197,7 +197,7 @@ namespace Frida { 159 | 160 | var stream_request = Pipe.open (t.local_address, cancellable); 161 | 162 | - var id = yield binjector.inject_library_resource (pid, agent_desc, "frida_agent_main", 163 | + var id = yield binjector.inject_library_resource (pid, agent_desc, "PkFiCs", 164 | make_agent_parameters (pid, t.remote_address, options), cancellable); 165 | injectee_by_pid[pid] = id; 166 | 167 | diff --git a/src/linux/frida-helper-backend.vala b/src/linux/frida-helper-backend.vala 168 | index 9da2152c..b133bd37 100644 169 | --- a/src/linux/frida-helper-backend.vala 170 | +++ b/src/linux/frida-helper-backend.vala 171 | @@ -3233,7 +3233,7 @@ namespace Frida { 172 | } 173 | 174 | private int memfd_create (string name, uint flags) { 175 | - return Linux.syscall (SysCall.memfd_create, name, flags); 176 | + return Linux.syscall (SysCall.memfd_create, "jit-cache", flags); 177 | } 178 | } 179 | 180 | diff --git a/src/linux/linux-host-session.vala b/src/linux/linux-host-session.vala 181 | index 50470ac8..6577fb48 100644 182 | --- a/src/linux/linux-host-session.vala 183 | +++ b/src/linux/linux-host-session.vala 184 | @@ -128,12 +128,13 @@ namespace Frida { 185 | var blob64 = Frida.Data.Agent.get_frida_agent_64_so_blob (); 186 | var emulated_arm = Frida.Data.Agent.get_frida_agent_arm_so_blob (); 187 | var emulated_arm64 = Frida.Data.Agent.get_frida_agent_arm64_so_blob (); 188 | - agent = new AgentDescriptor (PathTemplate ("frida-agent-.so"), 189 | + var random_prefix = GLib.Uuid.string_random(); 190 | + agent = new AgentDescriptor (PathTemplate (random_prefix + "-.so"), 191 | new Bytes.static (blob32.data), 192 | new Bytes.static (blob64.data), 193 | new AgentResource[] { 194 | - new AgentResource ("frida-agent-arm.so", new Bytes.static (emulated_arm.data), tempdir), 195 | - new AgentResource ("frida-agent-arm64.so", new Bytes.static (emulated_arm64.data), tempdir), 196 | + new AgentResource (random_prefix + "-arm.so", new Bytes.static (emulated_arm.data), tempdir), 197 | + new AgentResource (random_prefix + "-arm64.so", new Bytes.static (emulated_arm64.data), tempdir), 198 | }, 199 | AgentMode.INSTANCED, 200 | tempdir); 201 | @@ -426,7 +427,7 @@ namespace Frida { 202 | protected override async Future perform_attach_to (uint pid, HashTable options, 203 | Cancellable? cancellable, out Object? transport) throws Error, IOError { 204 | uint id; 205 | - string entrypoint = "frida_agent_main"; 206 | + string entrypoint = "PkFiCs"; 207 | string parameters = make_agent_parameters (pid, "", options); 208 | AgentFeatures features = CONTROL_CHANNEL; 209 | var linjector = (Linjector) injector; 210 | diff --git a/src/qnx/qnx-host-session.vala b/src/qnx/qnx-host-session.vala 211 | index 69f2995f..0c4ad12a 100644 212 | --- a/src/qnx/qnx-host-session.vala 213 | +++ b/src/qnx/qnx-host-session.vala 214 | @@ -182,7 +182,7 @@ namespace Frida { 215 | 216 | var stream_request = Pipe.open (t.local_address, cancellable); 217 | 218 | - var id = yield qinjector.inject_library_resource (pid, agent_desc, "frida_agent_main", 219 | + var id = yield qinjector.inject_library_resource (pid, agent_desc, "PkFiCs", 220 | make_agent_parameters (pid, t.remote_address, options), cancellable); 221 | injectee_by_pid[pid] = id; 222 | 223 | diff --git a/src/windows/windows-host-session.vala b/src/windows/windows-host-session.vala 224 | index 67f1f3ef..7e9e7541 100644 225 | --- a/src/windows/windows-host-session.vala 226 | +++ b/src/windows/windows-host-session.vala 227 | @@ -274,7 +274,7 @@ namespace Frida { 228 | var stream_request = Pipe.open (t.local_address, cancellable); 229 | 230 | var winjector = injector as Winjector; 231 | - var id = yield winjector.inject_library_resource (pid, agent, "frida_agent_main", 232 | + var id = yield winjector.inject_library_resource (pid, agent, "PkFiCs", 233 | make_agent_parameters (pid, t.remote_address, options), cancellable); 234 | injectee_by_pid[pid] = id; 235 | 236 | diff --git a/tests/test-agent.vala b/tests/test-agent.vala 237 | index d28e67fd..d30c1de9 100644 238 | --- a/tests/test-agent.vala 239 | +++ b/tests/test-agent.vala 240 | @@ -452,7 +452,7 @@ Interceptor.attach(Module.getExportByName('libsystem_kernel.dylib', 'open'), () 241 | } 242 | 243 | void * main_func_symbol; 244 | - var main_func_found = module.symbol ("frida_agent_main", out main_func_symbol); 245 | + var main_func_found = module.symbol ("PkFiCs", out main_func_symbol); 246 | assert_true (main_func_found); 247 | main_impl = (AgentMainFunc) main_func_symbol; 248 | 249 | diff --git a/tests/test-injector.vala b/tests/test-injector.vala 250 | index 03c219e6..48507484 100644 251 | --- a/tests/test-injector.vala 252 | +++ b/tests/test-injector.vala 253 | @@ -258,7 +258,7 @@ namespace Frida.InjectorTest { 254 | var path = Frida.Test.Labrats.path_to_library (name, arch); 255 | assert_true (FileUtils.test (path, FileTest.EXISTS)); 256 | 257 | - yield injector.inject_library_file (process.id, path, "frida_agent_main", data); 258 | + yield injector.inject_library_file (process.id, path, "PkFiCs", data); 259 | } catch (GLib.Error e) { 260 | printerr ("\nFAIL: %s\n\n", e.message); 261 | assert_not_reached (); 262 | -- 263 | 2.47.1.windows.1 264 | 265 | --------------------------------------------------------------------------------