frida开发和调试环境搭建
Ubuntu 20.04更新源
deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal-security main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal-proposed main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal-proposed main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal-backports main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
安装实用小用具
sudo apt-get install openjdk-8-jdk
sudo apt install -y htop jnettop
frida脚本编写环境搭建
curl -sL https://deb.nodesource.com/setup_10.x
sudo -E bash
sudo apt-get install -y nodejs
curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt-get update && sudo apt-get install yarn
git clone https://github.com/oleavr/frida-agent-example.git
cd frida-agent-example/
npm install
之后使用VsCode打开此项目,在agent目录下编写typescript时会有智能提示
nmp run watch会监控代码修改,自动编译生成js文件
frida -U -f com.example.android --no-pause -l _agent.js
安装pyenv
sudo apt-get install -y build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev xz-utils tk-dev libffi-dev liblzma-dev python-openssl git vim libedit-dev
curl https://pyenv.run | bash
将如下三行的内容添加到 ~.bashrc 中
export PATH="/home/你的家目录/.pyenv/bin:$PATH"
eval "$(pyenv init -)"
eval "$(pyenv virtualenv-init -)"
# 查看可下载版本
pyenv install -l
# 通过pyenv安装特定版本的python
pyenv install 3.8.0
# 设置当前系统python未哪一种版本(切换版本)
pyenv local 3.8.0
#查看系统当前使用的python版本
python -V
#查看系统当前的pip版本
pip -V
#先确定python的版本和下载特定的frida的版本,然后安装顺序进行下面的安装,否咋frida-tools会安装成最新的版本(不是期望的版本)
pip install frida==12.8.0
pip install frida-tools==5.3.0
pip install objection==1.8.4 # 选择什么版本的objection,如果frida用的是12.8.0,则objection选择12.8.0发行版之后时间段的一个版本
下载与frida同一版本的frida server https://github.com/frida/frida/releases/tag/12.8.0
# 在macos上,安装好之后需要在.bash中配置
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.zshrc
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.zshrc
echo 'eval "$(pyenv init -)"' >> ~/.zshrc
export PYENV_ROOT="$HOME/.pyenv"
export PATH="$PYENV_ROOT/bin:$PATH"
eval "$(pyenv init -)"
刷机
手机完全关机之后,长按电源键和音量-键,进入fastboot模式
进入网站下载刷机包 https://developers.google.com/android/images
下载适合自己机型的Factory Images镜像
下载完之后进行解压,执行./flash-all.sh 脚本,自动刷机
安装twrp
进入该目录下选择自己的机型
https://twrp.me/Devices/Google/
1、手机正常开机,将zip后缀的文件上传到手机的/sdcard目录下
2、手机关机,然后在长按开机键+音量下键,进入fastboot模式
3、执行命令 fastboot boot twrp.img
4、之后手机会进入到recovory模式(twrp下)
5、然后安装sdcard下的twrp的zip文件
twrp就是替换手机原先的recovey模式,其中通过img的方式进入twrp的recovery模式,是临时性的,
通过安装twrp的zip文件,是永久性的修改手机的recovery模式
安装magisk
进入到 github https://github.com/topjohnwu/Magisk/releases
下载 apk文件和zip文件
下载完毕之后将apk安装到手机中,然后将zip文件上传到手机的sdcard目录下
手机进入到twrp的recovery模式下,安装magisk的zip文件
Android 9 : 直接 twrp 和Magisk
Android 10 : https://forum.xda-developers.com/pixel-2-xl/how-to/guide-unlock-flash-root-pixel-2-xl-t3702418
先安装magisk.apk,然后手机翻墙,安装magisk manager,之后再将原始安装包中的boot.image进行修补
anddroid 11
adb的wifi连接设置
adb shell setprop service.adb.tcp.port 6666
adb connect 手机ip地址:6666
fridaserver非标准端口的连接问题
./fridaserver -l 0.0.0.0:6666
frida-ps -H 手机的ip:frida监听的端口
objection -N -h 手机的ip -p frida监听的端口 -g 安卓应用 explore
电脑连接不上手机
解决方案:https://blog.csdn.net/Chenftli/article/details/92413683