├── README.md ├── frida-core ├── agent-container.vala.patch ├── darwin-host-session.vala.patch ├── droidy-client.vala.patch ├── embed-agent.sh.patch ├── freebsd-host-session.vala.patch ├── frida-glue.c.patch ├── frida-helper-backend.vala.patch ├── linux-host-session.vala.patch ├── qnx-host-session.vala.patch ├── rpc.vala.patch ├── server.vala.patch ├── src │ └── topatch.py ├── test-agent.vala.patch ├── test-injector.vala.patch └── windows-host-session.vala.patch ├── frida-gum ├── gum.c.patch └── mapper.c.patch └── images ├── 2024-12-09-23-42-57-image.png ├── 2024-12-10-00-56-07-image.png └── 2024-12-10-01-06-20-image.png /README.md: -------------------------------------------------------------------------------- 1 | # 0x1 frida 编译流程 2 | 3 | > 建立一个项目目录并拉下frida源码,并进入项目目录 4 | 5 | ```shell 6 | git clone --recurse-submodules -b 16.2.1 https://github.com/frida/frida 7 | cd frida 8 | ``` 9 | 10 | 此时执行ls ,看到的文件应当是如此 11 | 12 | ```log 13 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ ls 14 | BSDmakefile COPYING frida-gum frida.sln Makefile.freebsd.mk Makefile.toolchain.mk 15 | build frida-clr frida-node frida-swift Makefile.linux.mk README.md 16 | config.mk frida-core frida-python frida-tools Makefile.macos.mk releng 17 | CONTRIBUTING.md frida-go frida-qml Makefile Makefile.sdk.mk 18 | ``` 19 | 20 | > 一键 安装nodejs22 21 | 22 | ```shell 23 | # 构造下载 URL 24 | NODE_TAR_URL="https://nodejs.org/dist/v22.12.0/node-v22.12.0-linux-x64.tar.xz" 25 | wget $NODE_TAR_URL 26 | # 解压 Node.js 安装包到用户目录 27 | tar -xf node-v22.12.0-linux-x64.tar.xz -C $HOME/bin 28 | rm -r node-v22.12.0-linux-x64.tar.xz 29 | # 设置 NODE_HOME 和 PATH 30 | export NODE_HOME=$HOME/bin/node-v22.12.0-linux-x64 31 | export PATH=${NODE_HOME}/bin:$PATH 32 | # 打印 Node.js 版本以确认安装成功 33 | node -v 34 | ``` 35 | 36 | ```log 37 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ # 构造下载 URL 38 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ NODE_TAR_URL="https://nodejs.org/dist/v22.12.0/node-v22.12.0-linux-x64.tar.xz" 39 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ wget $NODE_TAR_URL 40 | --2024-12-09 23:31:18-- https://nodejs.org/dist/v22.12.0/node-v22.12.0-linux-x64.tar.xz 41 | 正在解析主机 nodejs.org (nodejs.org)... 198.18.1.205 42 | 正在连接 nodejs.org (nodejs.org)|198.18.1.205|:443... 已连接。 43 | 已发出 HTTP 请求,正在等待回应... 200 OK 44 | 长度: 29734248 (28M) [application/x-xz] 45 | 正在保存至: “node-v22.12.0-linux-x64.tar.xz” 46 | 47 | node-v22.12.0-linux-x64.tar.xz 100%[============================================================================>] 28.36M 8.89MB/s 用时 3.2s 48 | 49 | 2024-12-09 23:31:21 (8.89 MB/s) - 已保存 “node-v22.12.0-linux-x64.tar.xz” [29734248/29734248]) 50 | 51 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ # 解压 Node.js 安装包到用户目录 52 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ tar -xf node-v22.12.0-linux-x64.tar.xz -C $HOME/bin 53 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ # 设置 NODE_HOME 和 PATH 54 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ export NODE_HOME=$HOME/bin/node-v22.12.0-linux-x64 55 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ export PATH=${NODE_HOME}/bin:$PATH 56 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ # 打印 Node.js 版本以确认安装成功 57 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ node -v 58 | v22.12.0 59 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ ls 60 | BSDmakefile COPYING frida-go frida-python frida-swift Makefile.freebsd.mk Makefile.sdk.mk README.md 61 | config.mk frida-clr frida-gum frida-qml frida-tools Makefile.linux.mk Makefile.toolchain.mk releng 62 | CONTRIBUTING.md frida-core frida-node frida.sln Makefile Makefile.macos.mk node-v22.12.0-linux-x64.tar.xz 63 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ rm -r node-v22.12.0-linux-x64.tar.xz 64 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ 65 | ``` 66 | 67 | > 再make一下 68 | 69 | ```shell 70 | make 71 | ``` 72 | 73 | > 安装ndk 74 | 75 | 执行以下命令,查看所需要的ndk版本,得到以下输出 76 | 77 | ```shell 78 | cat releng/setup-env.sh |grep "ndk_required=" 79 | ``` 80 | 81 | ```log 82 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ cat releng/setup-env.sh |grep "ndk_required=" 83 | ndk_required=25 84 | ``` 85 | 86 | 一键安装ndk25 87 | 88 | ```shell 89 | wget https://dl.google.com/android/repository/android-ndk-r25c-linux.zip 90 | unzip android-ndk-r25c-linux.zip $HOME/bin/ 91 | rm -r android-ndk-r25c-linux.zip 92 | export ANDROID_NDK_ROOT=$HOME/bin/android-ndk-r25c 93 | export PATH=$ANDROID_NDK_ROOT:$PATH 94 | ndk-build -v 95 | ``` 96 | 97 | > 安装依赖 98 | 99 | ```shell 100 | sudo apt update 101 | sudo apt-get install build-essential git lib32stdc++-9-dev libc6-dev-i386 102 | ``` 103 | 104 | ```shell 105 | pip3 install lief 106 | ``` 107 | 108 | > 编译 109 | 110 | 查看编译选项 111 | 112 | ```shell 113 | (frida-compile) r@ubuntu20:~/Documents/FRIDA/frida$ make 114 | make[1]: 进入目录“/home/r/Documents/FRIDA/frida” 115 | 116 | Usage: make TARGET [VARIABLE=value] 117 | 118 | Where TARGET specifies one or more of: 119 | 120 | /* gum */ 121 | gum-linux-x86 Build for Linux/x86 122 | gum-linux-x86_64 Build for Linux/x86-64 123 | gum-linux-x86-thin Build for Linux/x86 without cross-arch support 124 | gum-linux-x86_64-thin Build for Linux/x86-64 without cross-arch support 125 | gum-linux-x86_64-gir Build for Linux/x86-64 with shared GLib and GIR 126 | gum-linux-arm Build for Linux/arm 127 | gum-linux-armbe8 Build for Linux/armbe8 128 | gum-linux-armhf Build for Linux/armhf 129 | ......等等 130 | ``` 131 | 132 | 编译安卓arm64的frida 133 | 134 | ```shell 135 | make core-android-arm64 136 | ``` 137 | 138 | 编译完成 139 | 140 | ```log 141 | Installing lib/base/libfrida-base-1.0.a to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/lib 142 | Installing lib/base/frida-base.h to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/include/frida-1.0 143 | Installing lib/base/frida-base-1.0.vapi to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/share/vala/vapi 144 | Installing lib/payload/libfrida-payload-1.0.a to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/lib 145 | Installing lib/payload/frida-payload.h to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/include/frida-1.0 146 | Installing lib/payload/frida-payload-1.0.vapi to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/share/vala/vapi 147 | Installing lib/gadget/frida-gadget.so to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/lib/frida/64 148 | Installing src/api/frida-core.h to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/include/frida-1.0 149 | Installing src/api/frida-core-1.0.vapi to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/share/vala/vapi 150 | Installing src/api/frida-core-1.0.deps to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/share/vala/vapi 151 | Installing src/api/libfrida-core-1.0.a to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/lib 152 | Installing server/frida-server to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/bin 153 | Installing portal/frida-portal to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/bin 154 | Installing inject/frida-inject to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/bin 155 | Installing /home/r/Documents/FRIDA/frida/frida-core/lib/selinux/frida-selinux.h to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/include/frida-1.0 156 | Installing /home/r/Documents/FRIDA/frida/build/tmp-android-arm64/frida-core/meson-private/frida-base-1.0.pc to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/lib/pkgconfig 157 | Installing /home/r/Documents/FRIDA/frida/build/tmp-android-arm64/frida-core/meson-private/frida-payload-1.0.pc to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/lib/pkgconfig 158 | Installing /home/r/Documents/FRIDA/frida/build/tmp-android-arm64/frida-core/meson-private/frida-core-1.0.pc to /home/r/Documents/FRIDA/frida/build/frida-android-arm64/lib/pkgconfig 159 | make[1]: 离开目录“/home/r/Documents/FRIDA/frida” 160 | ``` 161 | 162 | 查看编译后的文件 163 | 164 | ```shell 165 | cd build/frida-android-arm64/bin && ls 166 | ``` 167 | 168 | ```log 169 | (frida-compile) r@ubuntu20:~/Documents/FRIDA/frida$ cd build/frida-android-arm64/bin && ls 170 | frida-inject frida-portal frida-server gum-graft 171 | (frida-compile) r@ubuntu20:~/Documents/FRIDA/frida/build/frida-android-arm64/bin$ 172 | ``` 173 | 174 | # 0x2 修改frida 175 | 176 | > 先把所有的 "frida_agent_main" 换成"main" 177 | > 178 | > ![](images/2024-12-09-23-42-57-image.png) 179 | 180 | > 然后打上patch, 如果不会打的话其实一个个改也不费事,字符串的话可以直接替换,我这里把frida改成了rusda,你也可以改成其他的 181 | > 182 | > ![](images/2024-12-10-00-56-07-image.png) 183 | 184 | github: [GitHub - taisuii/rusda: 对frida 16.2.1的patch](https://github.com/taisuii/rusda) 185 | 186 | > python脚本新建在frida-core/src目录下 187 | 188 | 如果你提示No module named 'lief' 说明Python模块没有装好 pip3 install lief 189 | 190 | > 然后编译,这里可以过滤日志编译,如果编译成功还是有很多特征大部分原因是python脚本没有打上patch 191 | 192 | ```shell 193 | make core-android-arm64 | grep Patch 194 | ``` 195 | 196 | ```log 197 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ make core-android-arm64 | grep Patch 198 | [*] Patch frida-agent: /home/r/Documents/FRIDA/frida/build/tmp-android-arm64/frida-core/src/frida-agent@emb/frida-agent-64.so 199 | [*] Patch `frida` to `rusda` 200 | [*] Patching section name=.rodata offset=0x1c4a26 orig:FridaScriptEngine new:enignEtpircSadirF 201 | [*] Patching section name=.rodata offset=0x1d24db orig:FridaScriptEngine new:enignEtpircSadirF 202 | [*] Patching section name=.rodata offset=0x1d9472 orig:GLib-GIO new:OIG-biLG 203 | [*] Patching section name=.rodata offset=0x1959df orig:GDBusProxy new:yxorPsuBDG 204 | [*] Patching section name=.rodata offset=0x1c4b31 orig:GDBusProxy new:yxorPsuBDG 205 | [*] Patching section name=.rodata offset=0x1b1746 orig:GumScript new:tpircSmuG 206 | [*] Patching section name=.rodata offset=0x210bed orig:GumScript new:tpircSmuG 207 | [*] Patching section name=.rodata offset=0x238393 orig:GumScript new:tpircSmuG 208 | [*] Patching section name=.rodata offset=0x246184 orig:GumScript new:tpircSmuG 209 | [*] Patch `gum-js-loop` to `russellloop` 210 | [*] Patch `gmain` to `rmain` 211 | [*] Patch `gdbus` to `rubus` 212 | [*] Patch Finish 213 | [*] Patch frida-agent: /home/r/Documents/FRIDA/frida/build/tmp-android-arm64/frida-core/src/frida-agent@emb/frida-agent-32.so 214 | [*] Patch `frida` to `rusda` 215 | [*] Patching section name=.rodata offset=0xcc3a3 orig:FridaScriptEngine new:enignEtpircSadirF 216 | [*] Patching section name=.rodata offset=0xd984c orig:FridaScriptEngine new:enignEtpircSadirF 217 | [*] Patching section name=.rodata offset=0xe066f orig:GLib-GIO new:OIG-biLG 218 | [*] Patching section name=.rodata offset=0x9e15e orig:GDBusProxy new:yxorPsuBDG 219 | [*] Patching section name=.rodata offset=0xcc4ae orig:GDBusProxy new:yxorPsuBDG 220 | [*] Patching section name=.rodata offset=0xb96c5 orig:GumScript new:tpircSmuG 221 | [*] Patching section name=.rodata offset=0x115e26 orig:GumScript new:tpircSmuG 222 | [*] Patching section name=.rodata offset=0x13d0a3 orig:GumScript new:tpircSmuG 223 | [*] Patching section name=.rodata offset=0x14aa2d orig:GumScript new:tpircSmuG 224 | [*] Patch `gum-js-loop` to `russellloop` 225 | [*] Patch `gmain` to `rmain` 226 | [*] Patch `gdbus` to `rubus` 227 | [*] Patch Finish 228 | [*] Patch frida-agent: /home/r/Documents/FRIDA/frida/build/tmp-android-arm64/frida-core/src/frida-agent@emb/frida-agent-arm64.so 229 | [*] Patch `frida` to `rusda` 230 | [*] Patch frida-agent: /home/r/Documents/FRIDA/frida/build/tmp-android-arm64/frida-core/src/frida-agent@emb/frida-agent-arm.so 231 | [*] Patch `frida` to `rusda` 232 | (base) r@ubuntu20:~/Documents/FRIDA/frida$ ls 233 | ``` 234 | 235 | # 0x3 运行测试 236 | 237 | > 这里换个端口,就是全绿 238 | 239 | ```shell 240 | cd build/frida-android-arm64/bin 241 | adb push frida-server /data/local/tmp 242 | adb shell 243 | chmod +x frida-server 244 | ./frida-server -l 127.0.0.1:12345 245 | ``` 246 | 247 | ```shell 248 | frida -H 127.0.0.1:12345 -f com.yimian.envcheck 249 | ``` 250 | 251 | ![](images/2024-12-10-01-06-20-image.png) 252 | 253 | # 0x4 参考 254 | 255 | > [GitHub - Ylarod/Florida: 基础反检测 frida-server / Basic anti-detection frida-server](https://github.com/Ylarod/Florida/tree/main) 256 | > 257 | > [GitHub - hluwa/Patchs: strongR-frida](https://github.com/hluwa/Patchs) 258 | > 259 | > [[原创]FRIDA 最新版编译 | 16.0.9-Android安全-看雪-安全社区|安全招聘|kanxue.com](https://bbs.kanxue.com/thread-276076.htm) 260 | -------------------------------------------------------------------------------- /frida-core/agent-container.vala.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/agent-container.vala b/src/agent-container.vala 2 | index a8db6b29..afe514cb 100644 3 | --- a/src/agent-container.vala 4 | +++ b/src/agent-container.vala 5 | @@ -25,7 +25,7 @@ namespace Frida { 6 | assert (container.module != null); 7 | 8 | void * main_func_symbol; 9 | - var main_func_found = container.module.symbol ("frida_agent_main", out main_func_symbol); 10 | + var main_func_found = container.module.symbol ("main", out main_func_symbol); 11 | assert (main_func_found); 12 | container.main_impl = (AgentMainFunc) main_func_symbol; 13 | 14 | -------------------------------------------------------------------------------- /frida-core/darwin-host-session.vala.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/darwin/darwin-host-session.vala b/src/darwin/darwin-host-session.vala 2 | index ab9b2900..4369922d 100644 3 | --- a/src/darwin/darwin-host-session.vala 4 | +++ b/src/darwin/darwin-host-session.vala 5 | @@ -381,7 +381,7 @@ namespace Frida { 6 | private async uint inject_agent (uint pid, string agent_parameters, Cancellable? cancellable) throws Error, IOError { 7 | uint id; 8 | 9 | - unowned string entrypoint = "frida_agent_main"; 10 | + unowned string entrypoint = "main"; 11 | #if HAVE_EMBEDDED_ASSETS 12 | id = yield fruitjector.inject_library_resource (pid, agent, entrypoint, agent_parameters, cancellable); 13 | #else 14 | -------------------------------------------------------------------------------- /frida-core/droidy-client.vala.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/droidy/droidy-client.vala b/src/droidy/droidy-client.vala 2 | index 0ed2edeb..9de04b54 100644 3 | --- a/src/droidy/droidy-client.vala 4 | +++ b/src/droidy/droidy-client.vala 5 | @@ -1013,7 +1013,7 @@ namespace Frida.Droidy { 6 | case "OPEN": 7 | case "CLSE": 8 | case "WRTE": 9 | - throw new Error.PROTOCOL ("Unexpected command"); 10 | + break; // throw new Error.PROTOCOL ("Unexpected command"); 11 | 12 | default: 13 | var length = parse_length (command_or_length); 14 | -------------------------------------------------------------------------------- /frida-core/embed-agent.sh.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/embed-agent.sh b/src/embed-agent.sh 2 | index 6a3bf9ed..360e5d21 100755 3 | --- a/src/embed-agent.sh 4 | +++ b/src/embed-agent.sh 5 | @@ -13,7 +13,7 @@ agent_dbghelp_prefix=${10} 6 | agent_symsrv_prefix=${11} 7 | 8 | priv_dir="$output_dir/frida-agent@emb" 9 | - 10 | +custom_script="$output_dir/../../../../frida-core/src/topatch.py" 11 | mkdir -p "$priv_dir" 12 | 13 | collect_windows_agent () 14 | @@ -41,6 +41,9 @@ collect_unix_agent () 15 | else 16 | touch "$embedded_agent" 17 | fi 18 | + if [ -f "$custom_script" ]; then 19 | + python3 "$custom_script" "$embedded_agent" 20 | + fi 21 | embedded_assets+=("$embedded_agent") 22 | } 23 | 24 | @@ -80,7 +83,9 @@ case $host_os in 25 | echo "An agent must be provided" 26 | exit 1 27 | fi 28 | - 29 | + if [ -f "$custom_script" ]; then 30 | + python3 "$custom_script" "$embedded_agent" 31 | + fi 32 | exec "$resource_compiler" --toolchain=gnu -c "$resource_config" -o "$output_dir/frida-data-agent" "$embedded_agent" 33 | ;; 34 | *) 35 | -------------------------------------------------------------------------------- /frida-core/freebsd-host-session.vala.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/freebsd/freebsd-host-session.vala b/src/freebsd/freebsd-host-session.vala 2 | index a2204a4e..eac16116 100644 3 | --- a/src/freebsd/freebsd-host-session.vala 4 | +++ b/src/freebsd/freebsd-host-session.vala 5 | @@ -197,7 +197,7 @@ namespace Frida { 6 | 7 | var stream_request = Pipe.open (t.local_address, cancellable); 8 | 9 | - var id = yield binjector.inject_library_resource (pid, agent_desc, "frida_agent_main", 10 | + var id = yield binjector.inject_library_resource (pid, agent_desc, "main", 11 | make_agent_parameters (pid, t.remote_address, options), cancellable); 12 | injectee_by_pid[pid] = id; 13 | 14 | -------------------------------------------------------------------------------- /frida-core/frida-glue.c.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/frida-glue.c b/src/frida-glue.c 2 | index ee8f0737..dced8119 100644 3 | --- a/src/frida-glue.c 4 | +++ b/src/frida-glue.c 5 | @@ -39,12 +39,12 @@ frida_init_with_runtime (FridaRuntime rt) 6 | #ifdef HAVE_GIOOPENSSL 7 | g_io_module_openssl_register (); 8 | #endif 9 | - 10 | + g_set_prgname ("russell"); 11 | if (runtime == FRIDA_RUNTIME_OTHER) 12 | { 13 | main_context = g_main_context_ref (g_main_context_default ()); 14 | main_loop = g_main_loop_new (main_context, FALSE); 15 | - main_thread = g_thread_new ("frida-main-loop", run_main_loop, NULL); 16 | + main_thread = g_thread_new ("rusda-main-loop", run_main_loop, NULL); 17 | } 18 | 19 | g_once_init_leave (&frida_initialized, TRUE); 20 | -------------------------------------------------------------------------------- /frida-core/frida-helper-backend.vala.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/linux/frida-helper-backend.vala b/src/linux/frida-helper-backend.vala 2 | index a4be8c42..ac844d82 100644 3 | --- a/src/linux/frida-helper-backend.vala 4 | +++ b/src/linux/frida-helper-backend.vala 5 | @@ -3202,7 +3202,7 @@ namespace Frida { 6 | } 7 | 8 | private int memfd_create (string name, uint flags) { 9 | - return Linux.syscall (SysCall.memfd_create, name, flags); 10 | + return Linux.syscall (SysCall.memfd_create, "jit-cache", flags); 11 | } 12 | } 13 | 14 | -------------------------------------------------------------------------------- /frida-core/linux-host-session.vala.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/linux/linux-host-session.vala b/src/linux/linux-host-session.vala 2 | index 50470ac8..6105c9b4 100644 3 | --- a/src/linux/linux-host-session.vala 4 | +++ b/src/linux/linux-host-session.vala 5 | @@ -128,12 +128,12 @@ namespace Frida { 6 | var blob64 = Frida.Data.Agent.get_frida_agent_64_so_blob (); 7 | var emulated_arm = Frida.Data.Agent.get_frida_agent_arm_so_blob (); 8 | var emulated_arm64 = Frida.Data.Agent.get_frida_agent_arm64_so_blob (); 9 | - agent = new AgentDescriptor (PathTemplate ("frida-agent-.so"), 10 | + agent = new AgentDescriptor (PathTemplate ("rusda-agent-.so"), 11 | new Bytes.static (blob32.data), 12 | new Bytes.static (blob64.data), 13 | new AgentResource[] { 14 | - new AgentResource ("frida-agent-arm.so", new Bytes.static (emulated_arm.data), tempdir), 15 | - new AgentResource ("frida-agent-arm64.so", new Bytes.static (emulated_arm64.data), tempdir), 16 | + new AgentResource ("rusda-agent-arm.so", new Bytes.static (emulated_arm.data), tempdir), 17 | + new AgentResource ("rusda-agent-arm64.so", new Bytes.static (emulated_arm64.data), tempdir), 18 | }, 19 | AgentMode.INSTANCED, 20 | tempdir); 21 | @@ -426,7 +426,7 @@ namespace Frida { 22 | protected override async Future perform_attach_to (uint pid, HashTable options, 23 | Cancellable? cancellable, out Object? transport) throws Error, IOError { 24 | uint id; 25 | - string entrypoint = "frida_agent_main"; 26 | + string entrypoint = "main"; 27 | string parameters = make_agent_parameters (pid, "", options); 28 | AgentFeatures features = CONTROL_CHANNEL; 29 | var linjector = (Linjector) injector; 30 | -------------------------------------------------------------------------------- /frida-core/qnx-host-session.vala.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/qnx/qnx-host-session.vala b/src/qnx/qnx-host-session.vala 2 | index 69f2995f..a4e59ab2 100644 3 | --- a/src/qnx/qnx-host-session.vala 4 | +++ b/src/qnx/qnx-host-session.vala 5 | @@ -182,7 +182,7 @@ namespace Frida { 6 | 7 | var stream_request = Pipe.open (t.local_address, cancellable); 8 | 9 | - var id = yield qinjector.inject_library_resource (pid, agent_desc, "frida_agent_main", 10 | + var id = yield qinjector.inject_library_resource (pid, agent_desc, "main", 11 | make_agent_parameters (pid, t.remote_address, options), cancellable); 12 | injectee_by_pid[pid] = id; 13 | 14 | -------------------------------------------------------------------------------- /frida-core/rpc.vala.patch: -------------------------------------------------------------------------------- 1 | diff --git a/lib/base/rpc.vala b/lib/base/rpc.vala 2 | index 3695ba8c..1c4bf202 100644 3 | --- a/lib/base/rpc.vala 4 | +++ b/lib/base/rpc.vala 5 | @@ -10,14 +10,21 @@ namespace Frida { 6 | public RpcClient (RpcPeer peer) { 7 | Object (peer: peer); 8 | } 9 | - 10 | + public string getRpcStr(bool quote){ 11 | + string result = (string) GLib.Base64.decode((string) GLib.Base64.decode("Wm5KcFpHRTZjbkJq")); 12 | + if(quote){ 13 | + return "\"" + result + "\""; 14 | + }else{ 15 | + return result; 16 | + } 17 | + } 18 | public async Json.Node call (string method, Json.Node[] args, Cancellable? cancellable) throws Error, IOError { 19 | string request_id = Uuid.string_random (); 20 | 21 | var request = new Json.Builder (); 22 | request 23 | .begin_array () 24 | - .add_string_value ("frida:rpc") 25 | + .add_string_value (getRpcStr(false)) 26 | .add_string_value (request_id) 27 | .add_string_value ("call") 28 | .add_string_value (method) 29 | @@ -70,7 +77,7 @@ namespace Frida { 30 | } 31 | 32 | public bool try_handle_message (string json) { 33 | - if (json.index_of ("\"frida:rpc\"") == -1) 34 | + if (json.index_of (getRpcStr(true)) == -1) 35 | return false; 36 | 37 | var parser = new Json.Parser (); 38 | @@ -99,7 +106,7 @@ namespace Frida { 39 | return false; 40 | 41 | string? type = rpc_message.get_element (0).get_string (); 42 | - if (type == null || type != "frida:rpc") 43 | + if (type == null || type != getRpcStr(false)) 44 | return false; 45 | 46 | var request_id_value = rpc_message.get_element (1); 47 | -------------------------------------------------------------------------------- /frida-core/server.vala.patch: -------------------------------------------------------------------------------- 1 | diff --git a/server/server.vala b/server/server.vala 2 | index 525c145e..374a5609 100644 3 | --- a/server/server.vala 4 | +++ b/server/server.vala 5 | @@ -1,7 +1,7 @@ 6 | namespace Frida.Server { 7 | private static Application application; 8 | 9 | - private const string DEFAULT_DIRECTORY = "re.frida.server"; 10 | + private const string DEFAULT_DIRECTORY = "re.rusda.server"; 11 | private static bool output_version = false; 12 | private static string? listen_address = null; 13 | private static string? certpath = null; 14 | -------------------------------------------------------------------------------- /frida-core/src/topatch.py: -------------------------------------------------------------------------------- 1 | import lief 2 | import sys 3 | import random 4 | import os 5 | 6 | 7 | def log_color(msg): 8 | print(f"\033[1;31;40m{msg}\033[0m") 9 | 10 | 11 | if __name__ == "__main__": 12 | input_file = sys.argv[1] 13 | 14 | log_color(f"[*] Patch frida-agent: {input_file}") 15 | binary = lief.parse(input_file) 16 | 17 | random_name = "rusda" 18 | log_color(f"[*] Patch `frida` to `{random_name}`") 19 | 20 | if not binary: 21 | log_color(f"[*] Not ELF, exit") 22 | sys.exit(1) 23 | else: 24 | for symbol in binary.symbols: 25 | if symbol.name == "frida_agent_main": 26 | symbol.name = "main" 27 | if "frida" in symbol.name: 28 | symbol.name = symbol.name.replace("frida", random_name) 29 | if "FRIDA" in symbol.name: 30 | symbol.name = symbol.name.replace("FRIDA", random_name) 31 | 32 | all_patch_string = ["FridaScriptEngine", "GLib-GIO", "GDBusProxy", "GumScript"] # 字符串特征修改 尽量与源字符一样 33 | 34 | for section in binary.sections: 35 | if section.name != ".rodata": 36 | continue 37 | for patch_str in all_patch_string: 38 | addr_all = section.search_all(patch_str) # Patch 内存字符串 39 | 40 | for addr in addr_all: 41 | patch = [ord(n) for n in list(patch_str)[::-1]] 42 | log_color( 43 | f"[*] Patching section name={section.name} offset={hex(section.file_offset + addr)} orig:{patch_str} new:{''.join(list(patch_str)[::-1])}") 44 | binary.patch_address(section.file_offset + addr, patch) 45 | 46 | binary.write(input_file) 47 | 48 | # thread_gum_js_loop 49 | random_name = "russellloop" 50 | log_color(f"[*] Patch `gum-js-loop` to `{random_name}`") 51 | os.system(f"sed -b -i s/gum-js-loop/{random_name}/g {input_file}") 52 | 53 | random_name = "rmain" 54 | log_color(f"[*] Patch `gmain` to `{random_name}`") 55 | os.system(f"sed -b -i s/gmain/{random_name}/g {input_file}") 56 | 57 | random_name = "rubus" 58 | log_color(f"[*] Patch `gdbus` to `{random_name}`") 59 | os.system(f"sed -b -i s/gdbus/{random_name}/g {input_file}") 60 | 61 | log_color(f"[*] Patch Finish") 62 | -------------------------------------------------------------------------------- /frida-core/test-agent.vala.patch: -------------------------------------------------------------------------------- 1 | diff --git a/tests/test-agent.vala b/tests/test-agent.vala 2 | index 62fb8260..6e5eba51 100644 3 | --- a/tests/test-agent.vala 4 | +++ b/tests/test-agent.vala 5 | @@ -449,7 +449,7 @@ Interceptor.attach(Module.getExportByName('libsystem_kernel.dylib', 'open'), () 6 | assert_nonnull (module); 7 | 8 | void * main_func_symbol; 9 | - var main_func_found = module.symbol ("frida_agent_main", out main_func_symbol); 10 | + var main_func_found = module.symbol ("main", out main_func_symbol); 11 | assert_true (main_func_found); 12 | main_impl = (AgentMainFunc) main_func_symbol; 13 | 14 | -------------------------------------------------------------------------------- /frida-core/test-injector.vala.patch: -------------------------------------------------------------------------------- 1 | diff --git a/tests/test-injector.vala b/tests/test-injector.vala 2 | index f4a321c4..448bddf3 100644 3 | --- a/tests/test-injector.vala 4 | +++ b/tests/test-injector.vala 5 | @@ -258,7 +258,7 @@ namespace Frida.InjectorTest { 6 | var path = Frida.Test.Labrats.path_to_library (name, arch); 7 | assert_true (FileUtils.test (path, FileTest.EXISTS)); 8 | 9 | - yield injector.inject_library_file (process.id, path, "frida_agent_main", data); 10 | + yield injector.inject_library_file (process.id, path, "main", data); 11 | } catch (GLib.Error e) { 12 | printerr ("\nFAIL: %s\n\n", e.message); 13 | assert_not_reached (); 14 | -------------------------------------------------------------------------------- /frida-core/windows-host-session.vala.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/windows/windows-host-session.vala b/src/windows/windows-host-session.vala 2 | index 67f1f3ef..518cd256 100644 3 | --- a/src/windows/windows-host-session.vala 4 | +++ b/src/windows/windows-host-session.vala 5 | @@ -274,7 +274,7 @@ namespace Frida { 6 | var stream_request = Pipe.open (t.local_address, cancellable); 7 | 8 | var winjector = injector as Winjector; 9 | - var id = yield winjector.inject_library_resource (pid, agent, "frida_agent_main", 10 | + var id = yield winjector.inject_library_resource (pid, agent, "main", 11 | make_agent_parameters (pid, t.remote_address, options), cancellable); 12 | injectee_by_pid[pid] = id; 13 | 14 | -------------------------------------------------------------------------------- /frida-gum/gum.c.patch: -------------------------------------------------------------------------------- 1 | diff --git a/gum/gum.c b/gum/gum.c 2 | index 2b36ac54..e4168a80 100644 3 | --- a/gum/gum.c 4 | +++ b/gum/gum.c 5 | @@ -305,7 +305,7 @@ gum_init_embedded (void) 6 | g_log_set_default_handler (gum_on_log_message, NULL); 7 | gum_do_init (); 8 | 9 | - g_set_prgname ("frida"); 10 | + g_set_prgname ("russell"); 11 | 12 | #if defined (HAVE_LINUX) && defined (HAVE_GLIBC) 13 | gum_libdl_prevent_unload (); 14 | -------------------------------------------------------------------------------- /frida-gum/mapper.c.patch: -------------------------------------------------------------------------------- 1 | diff --git a/tests/core/mapper.c b/tests/core/mapper.c 2 | index 13d4f967..5849ef0d 100644 3 | --- a/tests/core/mapper.c 4 | +++ b/tests/core/mapper.c 5 | @@ -110,7 +110,7 @@ main (gint argc, 6 | destructor = 7 | GSIZE_TO_POINTER (gum_darwin_mapper_destructor (mapper)); 8 | entrypoint = 9 | - GSIZE_TO_POINTER (gum_darwin_mapper_resolve (mapper, "frida_agent_main")); 10 | + GSIZE_TO_POINTER (gum_darwin_mapper_resolve (mapper, "main")); 11 | 12 | g_timer_start (timer); 13 | constructor (); 14 | -------------------------------------------------------------------------------- /images/2024-12-09-23-42-57-image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/taisuii/rusda/d2bd48cbae8dfc47d1c507047dcc7007651d8fa3/images/2024-12-09-23-42-57-image.png -------------------------------------------------------------------------------- /images/2024-12-10-00-56-07-image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/taisuii/rusda/d2bd48cbae8dfc47d1c507047dcc7007651d8fa3/images/2024-12-10-00-56-07-image.png -------------------------------------------------------------------------------- /images/2024-12-10-01-06-20-image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/taisuii/rusda/d2bd48cbae8dfc47d1c507047dcc7007651d8fa3/images/2024-12-10-01-06-20-image.png --------------------------------------------------------------------------------