小贝子编程

Frida服务器应用程序在连接Android设备时崩溃



我正在尝试使用frida测试和Hook我的android应用程序方法。但是当我在windows中从命令提示符执行命令时,我的应用程序崩溃了,并且没有从apk中执行预期的方法。

我想通过钩子从frida脚本返回true来启动我的第二个活动。请帮我纠正我的代码或用有效的解决方案纠正。

我的应用代码: 

package com.g.fridaplay;
public class MainActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
if(check())
startActivity(new Intent(MainActivity.this,VaultActivity.class));
else Toast.makeText(MainActivity.this,"Failed access",Toast.LENGTH_LONG).show();
}
boolean check(){
String pass="asdf@123";
if(pass.equals("asdf"))
return true;
else return false;
}
}

Frida java script: vault.js

Java.perform(function() {
var theClass = Java.use("com.g.fridaplay.MainActivity");
theClass.check.implementation = function(v) {
console.log("In function check() ");
return true;
}
console.log("Exploit Completed.. finished");
})

Frida脚本使用的命令

//adb
./frida-server-15.1.3-android-x86 &
//python>script
frida -U --no-pause -l vault.js -f com.g.fridaplay

命令输出

C:Python39Scripts>frida -U --no-pause -l vault.js -f com.g.fridaplay
____
/ _  |   Frida 15.1.3 - A world-class dynamic instrumentation toolkit
| (_| |
> _  |   Commands:
/_/ |_|       help      -> Displays the help system
. . . .       object?   -> Display information about 'object'
. . . .       exit/quit -> Exit
. . . .
. . . .   More info at https://frida.re/docs/home/
Spawned `com.g.fridaplay`. Resuming main thread!
[Android::com.g.fridaplay]-> Exploit Completed.. finished
Process crashed: Bad access due to invalid address
***
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'Android/vbox86p/vbox86p:7.1.1/NMF26Q/76:userdebug/test-keys'
Revision: '0'
ABI: 'x86'
pid: 1657, tid: 1657, name: re-initialized>  >>> <pre-initialized> <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x80000000
eax 00000000  ebx 00000679  ecx 00000679  edx 0000000b
esi ffdea80c  edi ffdea5a0
xcs 00000023  xds 0000002b  xes 0000002b  xfs 0000006b  xss 0000002b
eip f49ecbb9  ebp ffdea620  esp ffdea538  flags 00000296
backtrace:
#00 pc 00000bb9  [vdso:f49ec000] (__kernel_vsyscall+9)
#01 pc 0007f9d8  /system/bin/linker (__dl_syscall+40)
#02 pc 000046a1  /system/bin/linker (__dl__ZL24debuggerd_signal_handleriP7siginfoPv+1201)
#03 pc 0000b7fd  /system/bin/app_process32_xposed (InvokeUserSignalHandler+317)
#04 pc 000ff441  /system/lib/libart.so (offset 0x10a000)
***
[Android::com.g.fridaplay]->
Thank you for using Frida!

我设置:

  • 模拟器:genymotion android 7.1 (x86)
  • frida version 15.1.3
  • 平台:windows 10
  • apk made: arctic fox 2021

我找到了一个解决方案。问题出在模拟器上。我刚从android 7.1设备切换到android 10 genymotion设备。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium