├── thau0x01-patches ├── 0014-fix-bug-on-server.vala.patch ├── 0012-strongR-frida-protocol_unexpected_command.patch ├── 0010-strongR-frida-thread_gum_js_loop.patch ├── 0011-strongR-frida-thread_gmain.patch ├── 0003-strongR-frida-pipe_linjector.patch ├── 0006-teste.patch ├── 0002-strongR-frida-io_re_frida_server.patch ├── 0008-strongR-frida-io_re_frida_server.patch ├── 0013-fix-identation.patch ├── 0001-strongR-frida-string_frida_rpc.patch ├── 0004-strongR-frida-io_frida_agent_so.patch ├── 0007-strongR-frida-string_frida_rpc.patch ├── 0005-try-fix-patch.patch ├── 0015-fix-frida-port.patch └── 0009-strongR-frida-symbol_frida_agent_main.patch ├── strongR-frida └── frida-core │ ├── 0008-strongR-frida-protocol_unexpected_command.patch │ ├── 0006-strongR-frida-thread_gum_js_loop.patch │ ├── 0007-strongR-frida-thread_gmain.patch │ ├── 0003-strongR-frida-pipe_linjector.patch │ ├── 0002-strongR-frida-io_re_frida_server.patch │ ├── 0001-strongR-frida-string_frida_rpc.patch │ ├── 0004-strongR-frida-io_frida_agent_so.patch │ └── 0005-strongR-frida-symbol_frida_agent_main.patch └── README.md /thau0x01-patches/0014-fix-bug-on-server.vala.patch: -------------------------------------------------------------------------------- 1 | From e09ef25a7e18f6ddf078bbd419327a06deb3dd5d Mon Sep 17 00:00:00 2001 2 | From: thau0x01 3 | Date: Tue, 17 Jan 2023 17:36:04 -0300 4 | Subject: [PATCH 14/15] fix bug on server.vala 5 | 6 | --- 7 | server/server.vala | 2 +- 8 | 1 file changed, 1 insertion(+), 1 deletion(-) 9 | 10 | diff --git a/server/server.vala b/server/server.vala 11 | index b758be07..84ac86c8 100644 12 | --- a/server/server.vala 13 | +++ b/server/server.vala 14 | @@ -1,7 +1,7 @@ 15 | namespace Frida.Server { 16 | private static Application application; 17 | 18 | - private const string DEFAULT_DIRECTORY = "re.frida.server"; 19 | + private const string DEFAULT_DIRECTORY = ""; 20 | private static bool output_version = false; 21 | private static string? listen_address = null; 22 | private static string? certpath = null; 23 | -- 24 | 2.39.0 25 | 26 | -------------------------------------------------------------------------------- /thau0x01-patches/0012-strongR-frida-protocol_unexpected_command.patch: -------------------------------------------------------------------------------- 1 | From 7b7b805750c4414410a4f82db5bd47d5b59d2733 Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 12/15] strongR-frida: protocol_unexpected_command 5 | 6 | --- 7 | src/droidy/droidy-client.vala | 2 +- 8 | 1 file changed, 1 insertion(+), 1 deletion(-) 9 | 10 | diff --git a/src/droidy/droidy-client.vala b/src/droidy/droidy-client.vala 11 | index 0ed2edeb..7fc220b9 100644 12 | --- a/src/droidy/droidy-client.vala 13 | +++ b/src/droidy/droidy-client.vala 14 | @@ -1013,7 +1013,7 @@ namespace Frida.Droidy { 15 | case "OPEN": 16 | case "CLSE": 17 | case "WRTE": 18 | - throw new Error.PROTOCOL ("Unexpected command"); 19 | + break; //throw new Error.PROTOCOL ("Unexpected command"); 20 | 21 | default: 22 | var length = parse_length (command_or_length); 23 | -- 24 | 2.39.0 25 | 26 | -------------------------------------------------------------------------------- /strongR-frida/frida-core/0008-strongR-frida-protocol_unexpected_command.patch: -------------------------------------------------------------------------------- 1 | From 1c19492c453426c6b9f7af868e9b24b0734d9617 Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 8/8] strongR-frida: protocol_unexpected_command 5 | 6 | --- 7 | src/droidy/droidy-client.vala | 2 +- 8 | 1 file changed, 1 insertion(+), 1 deletion(-) 9 | 10 | diff --git a/src/droidy/droidy-client.vala b/src/droidy/droidy-client.vala 11 | index e784e0d1..95ca0deb 100644 12 | --- a/src/droidy/droidy-client.vala 13 | +++ b/src/droidy/droidy-client.vala 14 | @@ -974,7 +974,7 @@ namespace Frida.Droidy { 15 | case "OPEN": 16 | case "CLSE": 17 | case "WRTE": 18 | - throw new Error.PROTOCOL ("Unexpected command"); 19 | + break; //throw new Error.PROTOCOL ("Unexpected command"); 20 | 21 | default: 22 | var length = parse_length (command_or_length); 23 | -- 24 | 2.30.2 25 | 26 | -------------------------------------------------------------------------------- /thau0x01-patches/0010-strongR-frida-thread_gum_js_loop.patch: -------------------------------------------------------------------------------- 1 | From 9bcc49153e55282b74b89b298fd17762afee4727 Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 10/15] strongR-frida: thread_gum_js_loop 5 | 6 | --- 7 | src/anti-anti-frida.py | 5 +++++ 8 | 1 file changed, 5 insertions(+) 9 | 10 | diff --git a/src/anti-anti-frida.py b/src/anti-anti-frida.py 11 | index d30168d6..b6a8e1aa 100644 12 | --- a/src/anti-anti-frida.py 13 | +++ b/src/anti-anti-frida.py 14 | @@ -25,3 +25,8 @@ if __name__ == "__main__": 15 | symbol.name = symbol.name.replace("FRIDA", random_name) 16 | 17 | binary.write(input_file) 18 | + 19 | + # gum-js-loop thread 20 | + random_name = "".join(random.sample("abcdefghijklmn", 11)) 21 | + print(f"[*] Patch `gum-js-loop` to `{random_name}`") 22 | + os.system(f"sed -b -i s/gum-js-loop/{random_name}/g {input_file}") 23 | -- 24 | 2.39.0 25 | 26 | -------------------------------------------------------------------------------- /strongR-frida/frida-core/0006-strongR-frida-thread_gum_js_loop.patch: -------------------------------------------------------------------------------- 1 | From 3f729d795063022a7136139c78fc3788d091c158 Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 6/8] strongR-frida: thread_gum_js_loop 5 | 6 | --- 7 | src/anti-anti-frida.py | 5 +++++ 8 | 1 file changed, 5 insertions(+) 9 | 10 | diff --git a/src/anti-anti-frida.py b/src/anti-anti-frida.py 11 | index d30168d6..b6a8e1aa 100644 12 | --- a/src/anti-anti-frida.py 13 | +++ b/src/anti-anti-frida.py 14 | @@ -25,3 +25,8 @@ if __name__ == "__main__": 15 | symbol.name = symbol.name.replace("FRIDA", random_name) 16 | 17 | binary.write(input_file) 18 | + 19 | + # gum-js-loop thread 20 | + random_name = "".join(random.sample("abcdefghijklmn", 11)) 21 | + print(f"[*] Patch `gum-js-loop` to `{random_name}`") 22 | + os.system(f"sed -b -i s/gum-js-loop/{random_name}/g {input_file}") 23 | -- 24 | 2.30.2 25 | 26 | -------------------------------------------------------------------------------- /thau0x01-patches/0011-strongR-frida-thread_gmain.patch: -------------------------------------------------------------------------------- 1 | From 157a2826cbabc5b0967eab32cf4c2419a64d9529 Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 11/15] strongR-frida: thread_gmain 5 | 6 | --- 7 | src/anti-anti-frida.py | 6 ++++++ 8 | 1 file changed, 6 insertions(+) 9 | 10 | diff --git a/src/anti-anti-frida.py b/src/anti-anti-frida.py 11 | index b6a8e1aa..bd67c606 100644 12 | --- a/src/anti-anti-frida.py 13 | +++ b/src/anti-anti-frida.py 14 | @@ -30,3 +30,9 @@ if __name__ == "__main__": 15 | random_name = "".join(random.sample("abcdefghijklmn", 11)) 16 | print(f"[*] Patch `gum-js-loop` to `{random_name}`") 17 | os.system(f"sed -b -i s/gum-js-loop/{random_name}/g {input_file}") 18 | + 19 | + 20 | + # gmain thread 21 | + random_name = "".join(random.sample("abcdefghijklmn", 5)) 22 | + print(f"[*] Patch `gmain` to `{random_name}`") 23 | + os.system(f"sed -b -i s/gmain/{random_name}/g {input_file}") 24 | -- 25 | 2.39.0 26 | 27 | -------------------------------------------------------------------------------- /strongR-frida/frida-core/0007-strongR-frida-thread_gmain.patch: -------------------------------------------------------------------------------- 1 | From 2d63299647f698b0c8d5c165c08edf1edf57b9dc Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 7/8] strongR-frida: thread_gmain 5 | 6 | --- 7 | src/anti-anti-frida.py | 6 ++++++ 8 | 1 file changed, 6 insertions(+) 9 | 10 | diff --git a/src/anti-anti-frida.py b/src/anti-anti-frida.py 11 | index b6a8e1aa..bd67c606 100644 12 | --- a/src/anti-anti-frida.py 13 | +++ b/src/anti-anti-frida.py 14 | @@ -30,3 +30,9 @@ if __name__ == "__main__": 15 | random_name = "".join(random.sample("abcdefghijklmn", 11)) 16 | print(f"[*] Patch `gum-js-loop` to `{random_name}`") 17 | os.system(f"sed -b -i s/gum-js-loop/{random_name}/g {input_file}") 18 | + 19 | + 20 | + # gmain thread 21 | + random_name = "".join(random.sample("abcdefghijklmn", 5)) 22 | + print(f"[*] Patch `gmain` to `{random_name}`") 23 | + os.system(f"sed -b -i s/gmain/{random_name}/g {input_file}") 24 | -- 25 | 2.30.2 26 | 27 | -------------------------------------------------------------------------------- /thau0x01-patches/0003-strongR-frida-pipe_linjector.patch: -------------------------------------------------------------------------------- 1 | From 2080fdd8375ffc34afcceeba3898b7016f81e483 Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 03/15] strongR-frida: pipe_linjector 5 | 6 | --- 7 | src/linux/frida-helper-backend-glue.c | 2 +- 8 | 1 file changed, 1 insertion(+), 1 deletion(-) 9 | 10 | diff --git a/src/linux/frida-helper-backend-glue.c b/src/linux/frida-helper-backend-glue.c 11 | index 89c90fda..30e138dc 100644 12 | --- a/src/linux/frida-helper-backend-glue.c 13 | +++ b/src/linux/frida-helper-backend-glue.c 14 | @@ -1241,7 +1241,7 @@ frida_inject_instance_init_fifo (FridaInjectInstance * self) 15 | { 16 | const int mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; 17 | 18 | - self->fifo_path = g_strdup_printf ("%s/linjector-%u", self->temp_path, self->id); 19 | + self->fifo_path = g_strdup_printf ("%s/%p%u", self->temp_path, self ,self->id); 20 | 21 | mkfifo (self->fifo_path, mode); 22 | chmod (self->fifo_path, mode); 23 | -- 24 | 2.39.0 25 | 26 | -------------------------------------------------------------------------------- /strongR-frida/frida-core/0003-strongR-frida-pipe_linjector.patch: -------------------------------------------------------------------------------- 1 | From 7a036bdfb159ad73bb208647555e2c632760e743 Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 3/8] strongR-frida: pipe_linjector 5 | 6 | --- 7 | src/linux/frida-helper-backend-glue.c | 2 +- 8 | 1 file changed, 1 insertion(+), 1 deletion(-) 9 | 10 | diff --git a/src/linux/frida-helper-backend-glue.c b/src/linux/frida-helper-backend-glue.c 11 | index b99963a1..3a8dbfa2 100644 12 | --- a/src/linux/frida-helper-backend-glue.c 13 | +++ b/src/linux/frida-helper-backend-glue.c 14 | @@ -947,7 +947,7 @@ frida_inject_instance_init_fifo (FridaInjectInstance * self) 15 | { 16 | const int mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; 17 | 18 | - self->fifo_path = g_strdup_printf ("%s/linjector-%u", self->temp_path, self->id); 19 | + self->fifo_path = g_strdup_printf ("%s/%p%u", self->temp_path, self ,self->id); 20 | 21 | mkfifo (self->fifo_path, mode); 22 | chmod (self->fifo_path, mode); 23 | -- 24 | 2.30.2 25 | 26 | -------------------------------------------------------------------------------- /thau0x01-patches/0006-teste.patch: -------------------------------------------------------------------------------- 1 | From 546bdce8be0eda13e960d4aad9e2ed4cc7c5bccc Mon Sep 17 00:00:00 2001 2 | From: thau0x01 3 | Date: Tue, 10 Jan 2023 17:29:39 -0300 4 | Subject: [PATCH 06/15] teste 5 | 6 | --- 7 | lib/base/rpc.vala | 10 +++++----- 8 | 1 file changed, 5 insertions(+), 5 deletions(-) 9 | 10 | diff --git a/lib/base/rpc.vala b/lib/base/rpc.vala 11 | index e09e745c..28eede6a 100644 12 | --- a/lib/base/rpc.vala 13 | +++ b/lib/base/rpc.vala 14 | @@ -16,11 +16,11 @@ namespace Frida { 15 | 16 | var request = new Json.Builder (); 17 | request 18 | - .begin_array () 19 | - .add_string_value ("frida:rpc") 20 | - .add_string_value (request_id) 21 | - .add_string_value ("call") 22 | - .add_string_value (method) 23 | + .begin_array () 24 | + .add_string_value ("frida:rpc") 25 | + .add_string_value (request_id) 26 | + .add_string_value ("call") 27 | + .add_string_value (method) 28 | .begin_array (); 29 | foreach (var arg in args) 30 | request.add_value (arg); 31 | -- 32 | 2.39.0 33 | 34 | -------------------------------------------------------------------------------- /thau0x01-patches/0002-strongR-frida-io_re_frida_server.patch: -------------------------------------------------------------------------------- 1 | From 21e5b2dd620c9e8f5b473e43e9f97af682b2f569 Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 02/15] strongR-frida: io_re_frida_server 5 | 6 | --- 7 | server/server.vala | 3 ++- 8 | 1 file changed, 2 insertions(+), 1 deletion(-) 9 | 10 | diff --git a/server/server.vala b/server/server.vala 11 | index b758be07..bcef2ce9 100644 12 | --- a/server/server.vala 13 | +++ b/server/server.vala 14 | @@ -1,7 +1,7 @@ 15 | namespace Frida.Server { 16 | private static Application application; 17 | 18 | - private const string DEFAULT_DIRECTORY = "re.frida.server"; 19 | + private static string DEFAULT_DIRECTORY = null; 20 | private static bool output_version = false; 21 | private static string? listen_address = null; 22 | private static string? certpath = null; 23 | @@ -50,6 +50,7 @@ namespace Frida.Server { 24 | }; 25 | 26 | private static int main (string[] args) { 27 | + DEFAULT_DIRECTORY = GLib.Uuid.string_random(); 28 | Environment.init (); 29 | 30 | #if DARWIN 31 | -- 32 | 2.39.0 33 | 34 | -------------------------------------------------------------------------------- /thau0x01-patches/0008-strongR-frida-io_re_frida_server.patch: -------------------------------------------------------------------------------- 1 | From f39cefe86a4d0a0ba48c10731471a7bd05d32df7 Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 08/15] strongR-frida: io_re_frida_server 5 | 6 | --- 7 | server/server.vala | 3 +-- 8 | 1 file changed, 1 insertion(+), 2 deletions(-) 9 | 10 | diff --git a/server/server.vala b/server/server.vala 11 | index bcef2ce9..b758be07 100644 12 | --- a/server/server.vala 13 | +++ b/server/server.vala 14 | @@ -1,7 +1,7 @@ 15 | namespace Frida.Server { 16 | private static Application application; 17 | 18 | - private static string DEFAULT_DIRECTORY = null; 19 | + private const string DEFAULT_DIRECTORY = "re.frida.server"; 20 | private static bool output_version = false; 21 | private static string? listen_address = null; 22 | private static string? certpath = null; 23 | @@ -50,7 +50,6 @@ namespace Frida.Server { 24 | }; 25 | 26 | private static int main (string[] args) { 27 | - DEFAULT_DIRECTORY = GLib.Uuid.string_random(); 28 | Environment.init (); 29 | 30 | #if DARWIN 31 | -- 32 | 2.39.0 33 | 34 | -------------------------------------------------------------------------------- /strongR-frida/frida-core/0002-strongR-frida-io_re_frida_server.patch: -------------------------------------------------------------------------------- 1 | From aafd3e9f938e6e94d6b181718b0c2d85192168b4 Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 2/8] strongR-frida: io_re_frida_server 5 | 6 | --- 7 | server/server.vala | 3 ++- 8 | 1 file changed, 2 insertions(+), 1 deletion(-) 9 | 10 | diff --git a/server/server.vala b/server/server.vala 11 | index e2d1b66d..42c86739 100644 12 | --- a/server/server.vala 13 | +++ b/server/server.vala 14 | @@ -1,7 +1,7 @@ 15 | namespace Frida.Server { 16 | private static Application application; 17 | 18 | - private const string DEFAULT_DIRECTORY = "re.frida.server"; 19 | + private static string DEFAULT_DIRECTORY = null; 20 | private static bool output_version = false; 21 | private static string? listen_address = null; 22 | private static string? certpath = null; 23 | @@ -50,6 +50,7 @@ namespace Frida.Server { 24 | }; 25 | 26 | private static int main (string[] args) { 27 | + DEFAULT_DIRECTORY = GLib.Uuid.string_random(); 28 | Environment.init (); 29 | 30 | #if DARWIN 31 | -- 32 | 2.30.2 33 | 34 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Patches for Stronger Frida 2 | Build stealth frida binaries without any "frida" keyword strings. 3 | 4 | # Setup 5 | ```bash 6 | # install build dependencies 7 | sudo apt-get update && DEBIAN_FRONTEND=noninteractive sudo apt-get install build-essential tree ninja-build gcc-multilib g++-multilib lib32stdc++-9-dev flex bison xz-utils ruby ruby-dev python3-requests python3-setuptools python3-dev python3-pip libc6-dev libc6-dev-i386 -y 8 | sudo gem install fpm -v 1.11.0 --no-document 9 | python3 -m pip install lief 10 | 11 | # clone repositories 12 | git clone https://github.com/thau0x01/frida-patches.git 13 | git clone --recurse-submodules https://github.com/frida/frida.git 14 | 15 | # apply patch 16 | cd frida/frida-core 17 | git am ../../frida-patches/thau0x01-patches/*.patch 18 | cd .. 19 | make core-android-x86_64 20 | make core-android-arm 21 | make core-android-arm64 22 | ``` 23 | 24 | ## Note 25 | You also need Android Studio's NDK installed and `$ANDROID_NDK_ROOT` envvar set (ex: `/home/user/Android/Sdk/ndk/25.1.8937393`). 26 | 27 | # Thanks 28 | This repository is based on @hluwa's ["Patchs" repository](https://github.com/hluwa/Patchs). 29 | -------------------------------------------------------------------------------- /thau0x01-patches/0013-fix-identation.patch: -------------------------------------------------------------------------------- 1 | From 529172d3637cab7e6a2170caea5b8f69b4a6a6a3 Mon Sep 17 00:00:00 2001 2 | From: thau0x01 3 | Date: Tue, 10 Jan 2023 18:11:29 -0300 4 | Subject: [PATCH 13/15] fix identation 5 | 6 | --- 7 | lib/base/rpc.vala | 12 ++++++------ 8 | 1 file changed, 6 insertions(+), 6 deletions(-) 9 | 10 | diff --git a/lib/base/rpc.vala b/lib/base/rpc.vala 11 | index 542fe7cb..02602abf 100644 12 | --- a/lib/base/rpc.vala 13 | +++ b/lib/base/rpc.vala 14 | @@ -15,12 +15,12 @@ namespace Frida { 15 | string request_id = Uuid.string_random (); 16 | 17 | var request = new Json.Builder (); 18 | - request 19 | - .begin_array () 20 | - .add_string_value ((string) GLib.Base64.decode("ZnJpZGE6cnBj=")) 21 | - .add_string_value (request_id) 22 | - .add_string_value ("call") 23 | - .add_string_value (method) 24 | + request 25 | + .begin_array () 26 | + .add_string_value ((string) GLib.Base64.decode("ZnJpZGE6cnBj=")) 27 | + .add_string_value (request_id) 28 | + .add_string_value ("call") 29 | + .add_string_value (method) 30 | .begin_array (); 31 | foreach (var arg in args) 32 | request.add_value (arg); 33 | -- 34 | 2.39.0 35 | 36 | -------------------------------------------------------------------------------- /thau0x01-patches/0001-strongR-frida-string_frida_rpc.patch: -------------------------------------------------------------------------------- 1 | From 8d6a427042b36301ba742b2c643bbb498b8aceb9 Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 01/15] strongR-frida: string_frida_rpc 5 | 6 | --- 7 | lib/base/rpc.vala | 6 +++--- 8 | 1 file changed, 3 insertions(+), 3 deletions(-) 9 | 10 | diff --git a/lib/base/rpc.vala b/lib/base/rpc.vala 11 | index 3695ba8c..02602abf 100644 12 | --- a/lib/base/rpc.vala 13 | +++ b/lib/base/rpc.vala 14 | @@ -17,7 +17,7 @@ namespace Frida { 15 | var request = new Json.Builder (); 16 | request 17 | .begin_array () 18 | - .add_string_value ("frida:rpc") 19 | + .add_string_value ((string) GLib.Base64.decode("ZnJpZGE6cnBj=")) 20 | .add_string_value (request_id) 21 | .add_string_value ("call") 22 | .add_string_value (method) 23 | @@ -70,7 +70,7 @@ namespace Frida { 24 | } 25 | 26 | public bool try_handle_message (string json) { 27 | - if (json.index_of ("\"frida:rpc\"") == -1) 28 | + if (json.index_of ((string) GLib.Base64.decode("ImZyaWRhOnJwYyI=")) == -1) 29 | return false; 30 | 31 | var parser = new Json.Parser (); 32 | @@ -99,7 +99,7 @@ namespace Frida { 33 | return false; 34 | 35 | string? type = rpc_message.get_element (0).get_string (); 36 | - if (type == null || type != "frida:rpc") 37 | + if (type == null || type != (string) GLib.Base64.decode("ZnJpZGE6cnBj=")) 38 | return false; 39 | 40 | var request_id_value = rpc_message.get_element (1); 41 | -- 42 | 2.39.0 43 | 44 | -------------------------------------------------------------------------------- /strongR-frida/frida-core/0001-strongR-frida-string_frida_rpc.patch: -------------------------------------------------------------------------------- 1 | From 0874adb5e0e53d90da56e542053b9f14adccfb1a Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 1/8] strongR-frida: string_frida_rpc 5 | 6 | --- 7 | lib/base/rpc.vala | 6 +++--- 8 | 1 file changed, 3 insertions(+), 3 deletions(-) 9 | 10 | diff --git a/lib/base/rpc.vala b/lib/base/rpc.vala 11 | index 3695ba8c..02602abf 100644 12 | --- a/lib/base/rpc.vala 13 | +++ b/lib/base/rpc.vala 14 | @@ -17,7 +17,7 @@ namespace Frida { 15 | var request = new Json.Builder (); 16 | request 17 | .begin_array () 18 | - .add_string_value ("frida:rpc") 19 | + .add_string_value ((string) GLib.Base64.decode("ZnJpZGE6cnBj=")) 20 | .add_string_value (request_id) 21 | .add_string_value ("call") 22 | .add_string_value (method) 23 | @@ -70,7 +70,7 @@ namespace Frida { 24 | } 25 | 26 | public bool try_handle_message (string json) { 27 | - if (json.index_of ("\"frida:rpc\"") == -1) 28 | + if (json.index_of ((string) GLib.Base64.decode("ImZyaWRhOnJwYyI=")) == -1) 29 | return false; 30 | 31 | var parser = new Json.Parser (); 32 | @@ -99,7 +99,7 @@ namespace Frida { 33 | return false; 34 | 35 | string? type = rpc_message.get_element (0).get_string (); 36 | - if (type == null || type != "frida:rpc") 37 | + if (type == null || type != (string) GLib.Base64.decode("ZnJpZGE6cnBj=")) 38 | return false; 39 | 40 | var request_id_value = rpc_message.get_element (1); 41 | -- 42 | 2.30.2 43 | 44 | -------------------------------------------------------------------------------- /thau0x01-patches/0004-strongR-frida-io_frida_agent_so.patch: -------------------------------------------------------------------------------- 1 | From e9f522b38d037b55a938a278afcf6ae2e513a584 Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 04/15] strongR-frida: io_frida_agent_so 5 | 6 | --- 7 | src/linux/linux-host-session.vala | 7 ++++--- 8 | 1 file changed, 4 insertions(+), 3 deletions(-) 9 | 10 | diff --git a/src/linux/linux-host-session.vala b/src/linux/linux-host-session.vala 11 | index 7434eadd..cf539ad7 100644 12 | --- a/src/linux/linux-host-session.vala 13 | +++ b/src/linux/linux-host-session.vala 14 | @@ -128,12 +128,13 @@ namespace Frida { 15 | var blob64 = Frida.Data.Agent.get_frida_agent_64_so_blob (); 16 | var emulated_arm = Frida.Data.Agent.get_frida_agent_arm_so_blob (); 17 | var emulated_arm64 = Frida.Data.Agent.get_frida_agent_arm64_so_blob (); 18 | - agent = new AgentDescriptor (PathTemplate ("frida-agent-.so"), 19 | + var random_prefix = GLib.Uuid.string_random(); 20 | + agent = new AgentDescriptor (PathTemplate (random_prefix + "-.so"), 21 | new Bytes.static (blob32.data), 22 | new Bytes.static (blob64.data), 23 | new AgentResource[] { 24 | - new AgentResource ("frida-agent-arm.so", new Bytes.static (emulated_arm.data), tempdir), 25 | - new AgentResource ("frida-agent-arm64.so", new Bytes.static (emulated_arm64.data), tempdir), 26 | + new AgentResource (random_prefix + "-arm.so", new Bytes.static (emulated_arm.data), tempdir), 27 | + new AgentResource (random_prefix + "-arm64.so", new Bytes.static (emulated_arm64.data), tempdir), 28 | }, 29 | AgentMode.INSTANCED, 30 | tempdir); 31 | -- 32 | 2.39.0 33 | 34 | -------------------------------------------------------------------------------- /strongR-frida/frida-core/0004-strongR-frida-io_frida_agent_so.patch: -------------------------------------------------------------------------------- 1 | From 6fdcb5ae0b7f398e0eb2b23f22f9ab01ae2e09bf Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 4/8] strongR-frida: io_frida_agent_so 5 | 6 | --- 7 | src/linux/linux-host-session.vala | 7 ++++--- 8 | 1 file changed, 4 insertions(+), 3 deletions(-) 9 | 10 | diff --git a/src/linux/linux-host-session.vala b/src/linux/linux-host-session.vala 11 | index 301799ed..059e75a9 100644 12 | --- a/src/linux/linux-host-session.vala 13 | +++ b/src/linux/linux-host-session.vala 14 | @@ -128,12 +128,13 @@ namespace Frida { 15 | var blob64 = Frida.Data.Agent.get_frida_agent_64_so_blob (); 16 | var emulated_arm = Frida.Data.Agent.get_frida_agent_arm_so_blob (); 17 | var emulated_arm64 = Frida.Data.Agent.get_frida_agent_arm64_so_blob (); 18 | - agent = new AgentDescriptor (PathTemplate ("frida-agent-.so"), 19 | + var random_prefix = GLib.Uuid.string_random(); 20 | + agent = new AgentDescriptor (PathTemplate (random_prefix + "-.so"), 21 | new Bytes.static (blob32.data), 22 | new Bytes.static (blob64.data), 23 | new AgentResource[] { 24 | - new AgentResource ("frida-agent-arm.so", new Bytes.static (emulated_arm.data), tempdir), 25 | - new AgentResource ("frida-agent-arm64.so", new Bytes.static (emulated_arm64.data), tempdir), 26 | + new AgentResource (random_prefix + "-arm.so", new Bytes.static (emulated_arm.data), tempdir), 27 | + new AgentResource (random_prefix + "-arm64.so", new Bytes.static (emulated_arm64.data), tempdir), 28 | }, 29 | AgentMode.INSTANCED, 30 | tempdir); 31 | -- 32 | 2.30.2 33 | 34 | -------------------------------------------------------------------------------- /thau0x01-patches/0007-strongR-frida-string_frida_rpc.patch: -------------------------------------------------------------------------------- 1 | From 25cbf2c8312bf1704b04afb2977c9bb31aae993e Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 07/15] strongR-frida: string_frida_rpc 5 | 6 | --- 7 | lib/base/rpc.vala | 14 +++++++------- 8 | 1 file changed, 7 insertions(+), 7 deletions(-) 9 | 10 | diff --git a/lib/base/rpc.vala b/lib/base/rpc.vala 11 | index 28eede6a..542fe7cb 100644 12 | --- a/lib/base/rpc.vala 13 | +++ b/lib/base/rpc.vala 14 | @@ -16,11 +16,11 @@ namespace Frida { 15 | 16 | var request = new Json.Builder (); 17 | request 18 | - .begin_array () 19 | - .add_string_value ("frida:rpc") 20 | - .add_string_value (request_id) 21 | - .add_string_value ("call") 22 | - .add_string_value (method) 23 | + .begin_array () 24 | + .add_string_value ((string) GLib.Base64.decode("ZnJpZGE6cnBj=")) 25 | + .add_string_value (request_id) 26 | + .add_string_value ("call") 27 | + .add_string_value (method) 28 | .begin_array (); 29 | foreach (var arg in args) 30 | request.add_value (arg); 31 | @@ -70,7 +70,7 @@ namespace Frida { 32 | } 33 | 34 | public bool try_handle_message (string json) { 35 | - if (json.index_of ("\"frida:rpc\"") == -1) 36 | + if (json.index_of ((string) GLib.Base64.decode("ImZyaWRhOnJwYyI=")) == -1) 37 | return false; 38 | 39 | var parser = new Json.Parser (); 40 | @@ -99,7 +99,7 @@ namespace Frida { 41 | return false; 42 | 43 | string? type = rpc_message.get_element (0).get_string (); 44 | - if (type == null || type != "frida:rpc") 45 | + if (type == null || type != (string) GLib.Base64.decode("ZnJpZGE6cnBj=")) 46 | return false; 47 | 48 | var request_id_value = rpc_message.get_element (1); 49 | -- 50 | 2.39.0 51 | 52 | -------------------------------------------------------------------------------- /thau0x01-patches/0005-try-fix-patch.patch: -------------------------------------------------------------------------------- 1 | From 4794ccc075de763f0c1aa6157158510f820ead7b Mon Sep 17 00:00:00 2001 2 | From: thau0x01 3 | Date: Tue, 10 Jan 2023 17:27:05 -0300 4 | Subject: [PATCH 05/15] try fix patch 5 | 6 | --- 7 | lib/base/rpc.vala | 16 ++++++++-------- 8 | 1 file changed, 8 insertions(+), 8 deletions(-) 9 | 10 | diff --git a/lib/base/rpc.vala b/lib/base/rpc.vala 11 | index 02602abf..e09e745c 100644 12 | --- a/lib/base/rpc.vala 13 | +++ b/lib/base/rpc.vala 14 | @@ -15,12 +15,12 @@ namespace Frida { 15 | string request_id = Uuid.string_random (); 16 | 17 | var request = new Json.Builder (); 18 | - request 19 | - .begin_array () 20 | - .add_string_value ((string) GLib.Base64.decode("ZnJpZGE6cnBj=")) 21 | - .add_string_value (request_id) 22 | - .add_string_value ("call") 23 | - .add_string_value (method) 24 | + request 25 | + .begin_array () 26 | + .add_string_value ("frida:rpc") 27 | + .add_string_value (request_id) 28 | + .add_string_value ("call") 29 | + .add_string_value (method) 30 | .begin_array (); 31 | foreach (var arg in args) 32 | request.add_value (arg); 33 | @@ -70,7 +70,7 @@ namespace Frida { 34 | } 35 | 36 | public bool try_handle_message (string json) { 37 | - if (json.index_of ((string) GLib.Base64.decode("ImZyaWRhOnJwYyI=")) == -1) 38 | + if (json.index_of ("\"frida:rpc\"") == -1) 39 | return false; 40 | 41 | var parser = new Json.Parser (); 42 | @@ -99,7 +99,7 @@ namespace Frida { 43 | return false; 44 | 45 | string? type = rpc_message.get_element (0).get_string (); 46 | - if (type == null || type != (string) GLib.Base64.decode("ZnJpZGE6cnBj=")) 47 | + if (type == null || type != "frida:rpc") 48 | return false; 49 | 50 | var request_id_value = rpc_message.get_element (1); 51 | -- 52 | 2.39.0 53 | 54 | -------------------------------------------------------------------------------- /thau0x01-patches/0015-fix-frida-port.patch: -------------------------------------------------------------------------------- 1 | From 6e66231d3213ee1bf73bdba56ae0a0113a571ea1 Mon Sep 17 00:00:00 2001 2 | From: thau0x01 3 | Date: Tue, 17 Jan 2023 19:00:24 -0300 4 | Subject: [PATCH 15/15] fix frida-port 5 | 6 | --- 7 | lib/base/socket.vala | 4 ++-- 8 | tests/test-host-session.vala | 4 ++-- 9 | 2 files changed, 4 insertions(+), 4 deletions(-) 10 | 11 | diff --git a/lib/base/socket.vala b/lib/base/socket.vala 12 | index 54fd477b..feac05da 100644 13 | --- a/lib/base/socket.vala 14 | +++ b/lib/base/socket.vala 15 | @@ -1,6 +1,6 @@ 16 | namespace Frida { 17 | - public const uint16 DEFAULT_CONTROL_PORT = 27042; 18 | - public const uint16 DEFAULT_CLUSTER_PORT = 27052; 19 | + public const uint16 DEFAULT_CONTROL_PORT = 8443; 20 | + public const uint16 DEFAULT_CLUSTER_PORT = 8444; 21 | 22 | public SocketConnectable parse_control_address (string? address, uint16 port = 0) throws Error { 23 | return parse_socket_address (address, port, "127.0.0.1", DEFAULT_CONTROL_PORT); 24 | diff --git a/tests/test-host-session.vala b/tests/test-host-session.vala 25 | index 227611f0..c73b5661 100644 26 | --- a/tests/test-host-session.vala 27 | +++ b/tests/test-host-session.vala 28 | @@ -1059,7 +1059,7 @@ namespace Frida.HostSessionTest { 29 | bool waiting = false; 30 | 31 | ControlService control_service; 32 | - uint16 control_port = 27042; 33 | + uint16 control_port = 8443; 34 | while (true) { 35 | var ep = new EndpointParameters ("127.0.0.1", control_port); 36 | control_service = new ControlService (ep); 37 | @@ -1357,7 +1357,7 @@ namespace Frida.HostSessionTest { 38 | 39 | try { 40 | ControlService control_service; 41 | - uint16 control_port = 27042; 42 | + uint16 control_port = 8443; 43 | while (true) { 44 | var ep = new EndpointParameters ("127.0.0.1", control_port); 45 | control_service = new ControlService (ep); 46 | -- 47 | 2.39.0 48 | 49 | -------------------------------------------------------------------------------- /thau0x01-patches/0009-strongR-frida-symbol_frida_agent_main.patch: -------------------------------------------------------------------------------- 1 | From 2ca9c0ea07a3b15a8dfd66b91cbc0407831fcc65 Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 09/15] strongR-frida: symbol_frida_agent_main 5 | 6 | --- 7 | src/agent-container.vala | 2 +- 8 | src/anti-anti-frida.py | 27 +++++++++++++++++++++++++++ 9 | src/darwin/darwin-host-session.vala | 2 +- 10 | src/embed-agent.sh | 9 +++++++++ 11 | src/linux/linux-host-session.vala | 2 +- 12 | src/qnx/qnx-host-session.vala | 2 +- 13 | src/windows/windows-host-session.vala | 2 +- 14 | tests/test-agent.vala | 2 +- 15 | tests/test-injector.vala | 2 +- 16 | 9 files changed, 43 insertions(+), 7 deletions(-) 17 | create mode 100644 src/anti-anti-frida.py 18 | 19 | diff --git a/src/agent-container.vala b/src/agent-container.vala 20 | index 14acb16e..93c7cc3d 100644 21 | --- a/src/agent-container.vala 22 | +++ b/src/agent-container.vala 23 | @@ -20,7 +20,7 @@ namespace Frida { 24 | assert (container.module != null); 25 | 26 | void * main_func_symbol; 27 | - var main_func_found = container.module.symbol ("frida_agent_main", out main_func_symbol); 28 | + var main_func_found = container.module.symbol ("main", out main_func_symbol); 29 | assert (main_func_found); 30 | container.main_impl = (AgentMainFunc) main_func_symbol; 31 | 32 | diff --git a/src/anti-anti-frida.py b/src/anti-anti-frida.py 33 | new file mode 100644 34 | index 00000000..d30168d6 35 | --- /dev/null 36 | +++ b/src/anti-anti-frida.py 37 | @@ -0,0 +1,27 @@ 38 | +import lief 39 | +import sys 40 | +import random 41 | +import os 42 | + 43 | +if __name__ == "__main__": 44 | + input_file = sys.argv[1] 45 | + print(f"[*] Patch frida-agent: {input_file}") 46 | + random_name = "".join(random.sample("ABCDEFGHIJKLMNO", 5)) 47 | + print(f"[*] Patch `frida` to `{random_name}``") 48 | + 49 | + binary = lief.parse(input_file) 50 | + 51 | + if not binary: 52 | + exit() 53 | + 54 | + for symbol in binary.symbols: 55 | + if symbol.name == "frida_agent_main": 56 | + symbol.name = "main" 57 | + 58 | + if "frida" in symbol.name: 59 | + symbol.name = symbol.name.replace("frida", random_name) 60 | + 61 | + if "FRIDA" in symbol.name: 62 | + symbol.name = symbol.name.replace("FRIDA", random_name) 63 | + 64 | + binary.write(input_file) 65 | diff --git a/src/darwin/darwin-host-session.vala b/src/darwin/darwin-host-session.vala 66 | index 2e9c010b..a4a6d197 100644 67 | --- a/src/darwin/darwin-host-session.vala 68 | +++ b/src/darwin/darwin-host-session.vala 69 | @@ -354,7 +354,7 @@ namespace Frida { 70 | private async uint inject_agent (uint pid, string agent_parameters, Cancellable? cancellable) throws Error, IOError { 71 | uint id; 72 | 73 | - unowned string entrypoint = "frida_agent_main"; 74 | + unowned string entrypoint = "main"; 75 | #if HAVE_EMBEDDED_ASSETS 76 | id = yield fruitjector.inject_library_resource (pid, agent, entrypoint, agent_parameters, cancellable); 77 | #else 78 | diff --git a/src/embed-agent.sh b/src/embed-agent.sh 79 | index 6119b5e1..6c692087 100755 80 | --- a/src/embed-agent.sh 81 | +++ b/src/embed-agent.sh 82 | @@ -10,6 +10,7 @@ resource_compiler=$7 83 | resource_config=$8 84 | lipo=$9 85 | 86 | +custom_script="$output_dir/../../../../frida-core/src/anti-anti-frida.py" 87 | priv_dir="$output_dir/frida-agent@emb" 88 | 89 | mkdir -p "$priv_dir" 90 | @@ -22,6 +23,10 @@ collect_generic_agent () 91 | else 92 | touch "$embedded_agent" 93 | fi 94 | + if [ -f "$custom_script" ]; then 95 | + python3 "$custom_script" "$embedded_agent" 96 | + fi 97 | + 98 | embedded_agents+=("$embedded_agent") 99 | } 100 | 101 | @@ -54,6 +59,10 @@ case $host_os in 102 | exit 1 103 | fi 104 | 105 | + if [ -f "$custom_script" ]; then 106 | + python3 "$custom_script" "$embedded_agent" 107 | + fi 108 | + 109 | exec "$resource_compiler" --toolchain=gnu -c "$resource_config" -o "$output_dir/frida-data-agent" "$embedded_agent" 110 | ;; 111 | *) 112 | diff --git a/src/linux/linux-host-session.vala b/src/linux/linux-host-session.vala 113 | index cf539ad7..37a3ceed 100644 114 | --- a/src/linux/linux-host-session.vala 115 | +++ b/src/linux/linux-host-session.vala 116 | @@ -424,7 +424,7 @@ namespace Frida { 117 | var stream_request = Pipe.open (t.local_address, cancellable); 118 | 119 | uint id; 120 | - string entrypoint = "frida_agent_main"; 121 | + string entrypoint = "main"; 122 | string agent_parameters = make_agent_parameters (pid, t.remote_address, options); 123 | var linjector = injector as Linjector; 124 | #if HAVE_EMBEDDED_ASSETS 125 | diff --git a/src/qnx/qnx-host-session.vala b/src/qnx/qnx-host-session.vala 126 | index 69f2995f..a4e59ab2 100644 127 | --- a/src/qnx/qnx-host-session.vala 128 | +++ b/src/qnx/qnx-host-session.vala 129 | @@ -182,7 +182,7 @@ namespace Frida { 130 | 131 | var stream_request = Pipe.open (t.local_address, cancellable); 132 | 133 | - var id = yield qinjector.inject_library_resource (pid, agent_desc, "frida_agent_main", 134 | + var id = yield qinjector.inject_library_resource (pid, agent_desc, "main", 135 | make_agent_parameters (pid, t.remote_address, options), cancellable); 136 | injectee_by_pid[pid] = id; 137 | 138 | diff --git a/src/windows/windows-host-session.vala b/src/windows/windows-host-session.vala 139 | index 67f1f3ef..518cd256 100644 140 | --- a/src/windows/windows-host-session.vala 141 | +++ b/src/windows/windows-host-session.vala 142 | @@ -274,7 +274,7 @@ namespace Frida { 143 | var stream_request = Pipe.open (t.local_address, cancellable); 144 | 145 | var winjector = injector as Winjector; 146 | - var id = yield winjector.inject_library_resource (pid, agent, "frida_agent_main", 147 | + var id = yield winjector.inject_library_resource (pid, agent, "main", 148 | make_agent_parameters (pid, t.remote_address, options), cancellable); 149 | injectee_by_pid[pid] = id; 150 | 151 | diff --git a/tests/test-agent.vala b/tests/test-agent.vala 152 | index 7482ff7b..22fbc62c 100644 153 | --- a/tests/test-agent.vala 154 | +++ b/tests/test-agent.vala 155 | @@ -444,7 +444,7 @@ Interceptor.attach(Module.getExportByName('libsystem_kernel.dylib', 'open'), () 156 | assert_nonnull (module); 157 | 158 | void * main_func_symbol; 159 | - var main_func_found = module.symbol ("frida_agent_main", out main_func_symbol); 160 | + var main_func_found = module.symbol ("main", out main_func_symbol); 161 | assert_true (main_func_found); 162 | main_impl = (AgentMainFunc) main_func_symbol; 163 | 164 | diff --git a/tests/test-injector.vala b/tests/test-injector.vala 165 | index 87e435ef..79df38ff 100644 166 | --- a/tests/test-injector.vala 167 | +++ b/tests/test-injector.vala 168 | @@ -255,7 +255,7 @@ namespace Frida.InjectorTest { 169 | var path = Frida.Test.Labrats.path_to_library (name, arch); 170 | assert_true (FileUtils.test (path, FileTest.EXISTS)); 171 | 172 | - yield injector.inject_library_file (process.id, path, "frida_agent_main", data); 173 | + yield injector.inject_library_file (process.id, path, "main", data); 174 | } catch (GLib.Error e) { 175 | printerr ("\nFAIL: %s\n\n", e.message); 176 | assert_not_reached (); 177 | -- 178 | 2.39.0 179 | 180 | -------------------------------------------------------------------------------- /strongR-frida/frida-core/0005-strongR-frida-symbol_frida_agent_main.patch: -------------------------------------------------------------------------------- 1 | From 2ca848b58ebcf36fda34c5eaba4fa85d2ad438c6 Mon Sep 17 00:00:00 2001 2 | From: hluwa 3 | Date: Mon, 16 Aug 2021 10:55:11 +0800 4 | Subject: [PATCH 5/8] strongR-frida: symbol_frida_agent_main 5 | 6 | --- 7 | src/agent-container.vala | 2 +- 8 | src/anti-anti-frida.py | 27 +++++++++++++++++++++++++++ 9 | src/darwin/darwin-host-session.vala | 2 +- 10 | src/embed-agent.sh | 9 +++++++++ 11 | src/linux/linux-host-session.vala | 2 +- 12 | src/qnx/qnx-host-session.vala | 2 +- 13 | src/windows/windows-host-session.vala | 2 +- 14 | tests/test-agent.vala | 2 +- 15 | tests/test-injector.vala | 2 +- 16 | 9 files changed, 43 insertions(+), 7 deletions(-) 17 | create mode 100644 src/anti-anti-frida.py 18 | 19 | diff --git a/src/agent-container.vala b/src/agent-container.vala 20 | index 256e5ed7..83f6a3e8 100644 21 | --- a/src/agent-container.vala 22 | +++ b/src/agent-container.vala 23 | @@ -20,7 +20,7 @@ namespace Frida { 24 | assert (container.module != null); 25 | 26 | void * main_func_symbol; 27 | - var main_func_found = container.module.symbol ("frida_agent_main", out main_func_symbol); 28 | + var main_func_found = container.module.symbol ("main", out main_func_symbol); 29 | assert (main_func_found); 30 | container.main_impl = (AgentMainFunc) main_func_symbol; 31 | 32 | diff --git a/src/anti-anti-frida.py b/src/anti-anti-frida.py 33 | new file mode 100644 34 | index 00000000..d30168d6 35 | --- /dev/null 36 | +++ b/src/anti-anti-frida.py 37 | @@ -0,0 +1,27 @@ 38 | +import lief 39 | +import sys 40 | +import random 41 | +import os 42 | + 43 | +if __name__ == "__main__": 44 | + input_file = sys.argv[1] 45 | + print(f"[*] Patch frida-agent: {input_file}") 46 | + random_name = "".join(random.sample("ABCDEFGHIJKLMNO", 5)) 47 | + print(f"[*] Patch `frida` to `{random_name}``") 48 | + 49 | + binary = lief.parse(input_file) 50 | + 51 | + if not binary: 52 | + exit() 53 | + 54 | + for symbol in binary.symbols: 55 | + if symbol.name == "frida_agent_main": 56 | + symbol.name = "main" 57 | + 58 | + if "frida" in symbol.name: 59 | + symbol.name = symbol.name.replace("frida", random_name) 60 | + 61 | + if "FRIDA" in symbol.name: 62 | + symbol.name = symbol.name.replace("FRIDA", random_name) 63 | + 64 | + binary.write(input_file) 65 | diff --git a/src/darwin/darwin-host-session.vala b/src/darwin/darwin-host-session.vala 66 | index 8f1336c5..0f6fae59 100644 67 | --- a/src/darwin/darwin-host-session.vala 68 | +++ b/src/darwin/darwin-host-session.vala 69 | @@ -332,7 +332,7 @@ namespace Frida { 70 | private async uint inject_agent (uint pid, string agent_parameters, Cancellable? cancellable) throws Error, IOError { 71 | uint id; 72 | 73 | - unowned string entrypoint = "frida_agent_main"; 74 | + unowned string entrypoint = "main"; 75 | #if HAVE_EMBEDDED_ASSETS 76 | id = yield fruitjector.inject_library_resource (pid, agent, entrypoint, agent_parameters, cancellable); 77 | #else 78 | diff --git a/src/embed-agent.sh b/src/embed-agent.sh 79 | index 380e8a32..d07f4588 100755 80 | --- a/src/embed-agent.sh 81 | +++ b/src/embed-agent.sh 82 | @@ -9,7 +9,8 @@ host_os="$6" 83 | resource_compiler="$7" 84 | resource_config="$8" 85 | lipo=$9 86 | 87 | +custom_script="$output_dir/../../../../frida-core/src/anti-anti-frida.py" 88 | priv_dir="$output_dir/frida-agent@emb" 89 | 90 | case $host_os in 91 | @@ -30,6 +31,10 @@ collect_generic_agent () 92 | else 93 | touch "$embedded_agent" 94 | fi 95 | + if [ -f "$custom_script" ]; then 96 | + python3 "$custom_script" "$embedded_agent" 97 | + fi 98 | + 99 | embedded_agents+=("$embedded_agent") 100 | } 101 | 102 | @@ -62,6 +67,10 @@ case $host_os in 103 | exit 1 104 | fi 105 | 106 | + if [ -f "$custom_script" ]; then 107 | + python3 "$custom_script" "$embedded_agent" 108 | + fi 109 | + 110 | exec "$resource_compiler" --toolchain=gnu -c "$resource_config" -o "$output_dir/frida-data-agent" "$embedded_agent" 111 | ;; 112 | *) 113 | diff --git a/src/linux/linux-host-session.vala b/src/linux/linux-host-session.vala 114 | index 059e75a9..1221de64 100644 115 | --- a/src/linux/linux-host-session.vala 116 | +++ b/src/linux/linux-host-session.vala 117 | @@ -422,7 +422,7 @@ namespace Frida { 118 | var stream_request = Pipe.open (t.local_address, cancellable); 119 | 120 | uint id; 121 | - string entrypoint = "frida_agent_main"; 122 | + string entrypoint = "main"; 123 | string agent_parameters = make_agent_parameters (t.remote_address, options); 124 | var linjector = injector as Linjector; 125 | #if HAVE_EMBEDDED_ASSETS 126 | diff --git a/src/qnx/qnx-host-session.vala b/src/qnx/qnx-host-session.vala 127 | index a7e5f51d..24b1f518 100644 128 | --- a/src/qnx/qnx-host-session.vala 129 | +++ b/src/qnx/qnx-host-session.vala 130 | @@ -182,7 +182,7 @@ namespace Frida { 131 | 132 | var stream_request = Pipe.open (t.local_address, cancellable); 133 | 134 | - var id = yield qinjector.inject_library_resource (pid, agent_desc, "frida_agent_main", 135 | + var id = yield qinjector.inject_library_resource (pid, agent_desc, "main", 136 | make_agent_parameters (t.remote_address, options), cancellable); 137 | injectee_by_pid[pid] = id; 138 | 139 | diff --git a/src/windows/windows-host-session.vala b/src/windows/windows-host-session.vala 140 | index bae0f6be..630d0bb0 100644 141 | --- a/src/windows/windows-host-session.vala 142 | +++ b/src/windows/windows-host-session.vala 143 | @@ -274,7 +274,7 @@ namespace Frida { 144 | var stream_request = Pipe.open (t.local_address, cancellable); 145 | 146 | var winjector = injector as Winjector; 147 | - var id = yield winjector.inject_library_resource (pid, agent, "frida_agent_main", 148 | + var id = yield winjector.inject_library_resource (pid, agent, "main", 149 | make_agent_parameters (t.remote_address, options), cancellable); 150 | injectee_by_pid[pid] = id; 151 | 152 | diff --git a/tests/test-agent.vala b/tests/test-agent.vala 153 | index cb666dbb..66c407f8 100644 154 | --- a/tests/test-agent.vala 155 | +++ b/tests/test-agent.vala 156 | @@ -444,7 +444,7 @@ Interceptor.attach(Module.getExportByName('libsystem_kernel.dylib', 'open'), () 157 | assert_nonnull (module); 158 | 159 | void * main_func_symbol; 160 | - var main_func_found = module.symbol ("frida_agent_main", out main_func_symbol); 161 | + var main_func_found = module.symbol ("main", out main_func_symbol); 162 | assert_true (main_func_found); 163 | main_impl = (AgentMainFunc) main_func_symbol; 164 | 165 | diff --git a/tests/test-injector.vala b/tests/test-injector.vala 166 | index 81df3e16..e4fb6730 100644 167 | --- a/tests/test-injector.vala 168 | +++ b/tests/test-injector.vala 169 | @@ -250,7 +250,7 @@ namespace Frida.InjectorTest { 170 | var path = Frida.Test.Labrats.path_to_library (name, arch); 171 | assert_true (FileUtils.test (path, FileTest.EXISTS)); 172 | 173 | - yield injector.inject_library_file (process.id, path, "frida_agent_main", data); 174 | + yield injector.inject_library_file (process.id, path, "main", data); 175 | } catch (GLib.Error e) { 176 | printerr ("\nFAIL: %s\n\n", e.message); 177 | assert_not_reached (); 178 | -- 179 | 2.30.2 180 | 181 | --------------------------------------------------------------------------------