FRIDA-DEXDump : Fast Search And Dump Dex On Memory

FRIDA-DEXDump is a tool for Fast Search And Dump Dex On Memory.

Features

• support fuzzy search broken header dex.
• fix struct data of dex-header.
• compatible with all android version(frida supported).
• support loading as objection plugin ~
• pypi package has been released ~

Requires

• frida: pip install frida
• [optional] click pip install click

Installation

From pypi

pip3 install frida-dexdump
frida-dexdump -h

From source

git clone https://github.com/hluwa/FRIDA-DEXDump
cd FRIDA-DEXDump/frida-dexdump
python3 main.py -h

Usage

• Run frida-dexdump or python3 main.py to attach current front most application and dump dexs.
• Or, use command arguments:

-n: [Optional] Specify target process name, when spawn mode, it requires an application package name. If not specified, use frontmost application.
-p: [Optional] Specify pid when multiprocess. If not specified, dump all.
-f: [Optional] Use spawn mode, default is disable.
-s: [Optional] When spawn mode, start dump work after sleep few seconds. default is 10s.
-d: [Optional] Enable deep search maybe detected more dex, but speed will be slower.
-h: show help.

Or, loading as objection plugin

• clone this repo and move frida_dexdump into your plugins folder, eg:

git clone https://github.com/hluwa/FRIDA-DEXDump ~/Downloads/FRIDA-DEXDump;
mv ~/Downloads/FRIDA-DEXDump/frida_dexdump ~/.objection/plugins/dexdump

start objection with -P or --plugin-folder your plugins folder, eg:

objection -g com.app.name explore -P ~/.objection/plugins

run command:

• plugin dexdump search to search and print all dex
• plugin dexdump dump to dump all found dex.