Defeat Java packers via Frida instrumentation
Use the method OpenMemory
or OpenCommon
(after Android N) in libart.so
/libdexfile.so
to get the address of the dex in memory, calculate the size of the dex file, and dump the dex from memory.
$ frida -U -f com.package.target -l dexDump.js --no-pause
- https://www.frida.re/docs/home/
- frida-unpack (dstmath) https://github.com/dstmath/frida-unpack
- Frida-Android-unpack (xiaokanghub) https://github.com/xiaokanghub/Frida-Android-unpack
Supported OS: Android 4.4 - Android 11
- Jiagu
- DexProtector
- DexGuard
- Yidun
- Tencent Legu
- Mobile Tencent Protect