frida安装及配置

翛云
1,825 阅读2分钟

一. 安装frida

pip install frida
pip install frida-tools

查看版本

frida --version

报错

ImportError: cannot import name 'NotRequired' from 'typing_extensions' (C:\Python38\lib\site-packages\typing_extensions.py)

解决 安装升级typing-extensions

pip install typing-extensions --upgrade

二. 手机连接到电脑usb

有root权限或安装Magisk的可以用WiFi ADB无线连接,或直接连线

三. 安装frida-server

  1. 查看手机cpu信息
    adb shell getprop ro.product.cpu.abi 根据cpu信息下载对应的frida-server
C:\Users\lisa>adb shell getprop ro.product.cpu.abi
arm64-v8a
  1. 下载frida-server并推送到手机
    下载链接https://github.com/frida/frida/releases

POPO-20231120-143618.jpg 解压后,推送到手机

adb push C:\Users\lisa\Desktop\frida-server-16.1.7-android-arm\frida-server-16.1.7-android-arm /data/local/tmp

重命名下(防检测)

adb shell
cd /data/local/tmp
mv frida-server-16.1.7-android-arm fsaa

修改文件权限

adb shell
cd /data/local/tmp
chmod +x fsaa

退出adb shell, 使用命令 exit 或 crtl+d

运行frida-server(为了避免被检测到,换个端口启动)

adb shell
cd /data/local/tmp
./fsaa -l 0.0.0.0:9012

报错

Unable to load SELinux policy from the kernel: Failed to open file ?/sys/fs/selinux/policy?: Permission denied

如果遇到上面这个问题,在进入adb shell命令行后,执行su命令,然后在手机上弹出框中点击允许即可

报错

{"type":"error","description":"Error: invalid address","stack":"Error: invalid address\n    at Object.value [as patchCode] (frida/runtime/core.js:207:1)\n    at ln (frida/node_modules/frida-java-bridge/lib/android.js:1209:1)\n    at pn.activate (frida/node_modules/frida-java-bridge/lib/android.js:1275:1)\n    at mn.replace (frida/node_modules/frida-java-bridge/lib/android.js:1323:1)\n    at Function.set [as implementation] (frida/node_modules/frida-java-bridge/lib/class-factory.js:1185:1)\n    at Function.set [as implementation] (frida/node_modules/frida-java-bridge/lib/class-factory.js:1099:1)\n    at installLaunchTimeoutRemovalInstrumentation (/internal-agent.js:435:37)\n    at init (/internal-agent.js:51:3)\n    at c.perform (frida/node_modules/frida-java-bridge/lib/vm.js:12:1)\n    at _performPendingVmOps (frida/node_modules/frida-java-bridge/index.js:250:1)","fileName":"frida/runtime/core.js","lineNumber":207,"columnNumber":1}

解决

adb shell
setenforce 0
  1. 设置frida端口转发监听(新开窗口)

9012端口用于frida-server通信的默认端口号,主要用于客户端连接服务端。

adb forward tcp:9012 tcp:9012
  • 查看手机进程信息 frida-ps -U
  • 查看包名,找到需要抓包的目标包名:adb shell pm list packages -3
  1. 查看手机上的包名
frida-ps -Uai
  1. 通过python脚本链接(或终端命令)
  • 在frida命令行执行脚本\
# 具体手机设备IP 通过如下命令查看:adb shell netcfg
frida -H 127.0.0.1:9012 packageName(包名) -l script.js
avatar
文章
阅读
粉丝