FRIDA-DEXDump : Fast Search And Dump Dex On Memory

FRIDA-DEXDump is a tool for Fast Search And Dump Dex On Memory.

Features

  • support fuzzy search broken header dex.
  • fix struct data of dex-header.
  • compatible with all android version(frida supported).
  • support loading as objection plugin ~
  • pypi package has been released ~

Requires

  • frida: pip install frida
  • [optional] click pip install click

Installation

From pypi

pip3 install frida-dexdump
frida-dexdump -h

From source

git clone https://github.com/hluwa/FRIDA-DEXDump
cd FRIDA-DEXDump/frida-dexdump
python3 main.py -h

Usage

  • Run frida-dexdump or python3 main.py to attach current front most application and dump dexs.
  • Or, use command arguments:

-n: [Optional] Specify target process name, when spawn mode, it requires an application package name. If not specified, use frontmost application.
-p: [Optional] Specify pid when multiprocess. If not specified, dump all.
-f: [Optional] Use spawn mode, default is disable.
-s: [Optional] When spawn mode, start dump work after sleep few seconds. default is 10s.
-d: [Optional] Enable deep search maybe detected more dex, but speed will be slower.
-h: show help.

Or, loading as objection plugin

  • clone this repo and move frida_dexdump into your plugins folder, eg:

git clone https://github.com/hluwa/FRIDA-DEXDump ~/Downloads/FRIDA-DEXDump;
mv ~/Downloads/FRIDA-DEXDump/frida_dexdump ~/.objection/plugins/dexdump

start objection with -P or --plugin-folder your plugins folder, eg:

objection -g com.app.name explore -P ~/.objection/plugins

run command:

  • plugin dexdump search to search and print all dex
  • plugin dexdump dump to dump all found dex.
R K

Recent Posts

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

15 hours ago

MODeflattener – Miasm’s OLLVM Deflattener

MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…

15 hours ago

My Awesome List : Tools And Their Functions

"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…

15 hours ago

Chrome Browser Exploitation, Part 3 : Analyzing And Exploiting CVE-2018-17463

CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…

15 hours ago

Chrome Browser Exploitation, Part 1 : Introduction To V8 And JavaScript Internals

The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…

16 hours ago

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

18 hours ago