You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
var FLUTTER_MEM_START = 0x7c00000000
var FLUTTER_MEM_END = 0x7d00000000
var FLUTTER_MEM_MASK = 0xff00000000
var MY_FUNCTION_OFFSET = 0x0000000000151904
var APP_DATA_DIR = "/data/data/com.example.flutter_demo/"
function dump_memory(start_address, end_address, dump_directory){
let modules = Process.enumerateRanges("r--");
let i, module;
let module_file;
module_file = new File(dump_directory + "ranges.json", "wb");
module_file.write(JSON.stringify(modules, null, 2));
module_file.close();
for (i = 0; i < modules.length; i++) {
try {
module = modules[i];
if ((module.base.compare(start_address) >= 0) && (module.base.compare(end_address) <= 0)) {
console.log(`Dumping memory into ${dump_directory + module.base}`);
module_file = new File(dump_directory + module.base, "wb");
module_file.write(module.base.readByteArray(module.size));
module_file.close();
}
} catch (ex) {
console.log(ex);
console.log(JSON.stringify(module, null, 2));
}
}
}
function hook_libapp() {
var base_address = Module.findBaseAddress("libapp.so");
console.log(`\nHooking libapp base_address: ${base_address} `);
let kDartIsolateSnapshotInstructions = Module.findExportByName("libapp.so", "_kDartIsolateSnapshotInstructions")
console.log('kDartIsolateSnapshotInstructions:', kDartIsolateSnapshotInstructions);
var my_function = kDartIsolateSnapshotInstructions.add(MY_FUNCTION_OFFSET);
console.log(`my_function: ${my_function} `);
// var getInstance = base_address.add(SHARED_PREF_GET_INSTANCE_OFFSET)
// console.log(`getInstance: ${getInstance} `);
Interceptor.attach(my_function, {
onEnter: function (args) {
console.log(`SharedPreferences::getInstance() `);
console.log(` X27: ${this.context.x27}`)
if (this.context.x27.and(FLUTTER_MEM_MASK) == FLUTTER_MEM_START){
dump_memory(FLUTTER_MEM_START, FLUTTER_MEM_END, APP_DATA_DIR)
}else{
console.error(`Default flutter memory ${ptr(FLUTTER_MEM_START)} seems incoherent with X27 ${this.context.x27}`)
console.error(`Please modify FLUTTER_MEM_START, FLUTTER_MEM_END`)
}
console.log('done!')
}
});
}
var already_hooked = false;
function hook_dlopen(target_lib_name, lib_hook_callbacks) {
Interceptor.attach(Module.findExportByName(null, "dlopen"), {
onEnter: function (args) {
let lib_name = args[0].readCString();
this.do_hook = false;
if (lib_name == target_lib_name) {
if (!already_hooked) {
this.do_hook = true;
already_hooked = true;
}
}
},
onLeave: function (retval) {
if (this.do_hook) {
lib_hook_callbacks()
}
}
});
}
hook_dlopen("libapp.so", hook_libapp)
// frida -U -f fr.carameldunes.nyanyarocket -l dump_flutter_memory.js --no-pause
=============================
console output:
Hooking libapp base_address: 0x7cf7e96000
kDartIsolateSnapshotInstructions: 0x7cf7ea5000
my_function: 0x7cf7ff6904
SharedPreferences::getInstance()
X27: 0x7ced4ab540
Dumping memory into /data/data/com.example.flutter_demo/0x7ce5e00000
Dumping memory into /data/data/com.example.flutter_demo/0x7ce6652000
Dumping memory into /data/data/com.example.flutter_demo/0x7ce76aa000
Dumping memory into /data/data/com.example.flutter_demo/0x7ce809c000
Dumping memory into /data/data/com.example.flutter_demo/0x7cea396000
Dumping memory into /data/data/com.example.flutter_demo/0x7cead84000
Dumping memory into /data/data/com.example.flutter_demo/0x7cec0e0000
Dumping memory into /data/data/com.example.flutter_demo/0x7cec400000
Dumping memory into /data/data/com.example.flutter_demo/0x7cec905000
Dumping memory into /data/data/com.example.flutter_demo/0x7ceca00000
Dumping memory into /data/data/com.example.flutter_demo/0x7cecc00000
Dumping memory into /data/data/com.example.flutter_demo/0x7ceccfc000
Dumping memory into /data/data/com.example.flutter_demo/0x7cece00000
Dumping memory into /data/data/com.example.flutter_demo/0x7ced07c000
Dumping memory into /data/data/com.example.flutter_demo/0x7ced185000
Dumping memory into /data/data/com.example.flutter_demo/0x7ced300000
Dumping memory into /data/data/com.example.flutter_demo/0x7ced400000
Dumping memory into /data/data/com.example.flutter_demo/0x7ced705000
Dumping memory into /data/data/com.example.flutter_demo/0x7ced800000
Dumping memory into /data/data/com.example.flutter_demo/0x7cede80000
Dumping memory into /data/data/com.example.flutter_demo/0x7cedf85000
Error: access violation accessing 0x7cedf86000
{
"base": "0x7cedf85000",
"size": 1040384,
"protection": "r--",
"file": {
"path": "/dev/hwbinder",
"offset": 0,
"size": 0
}
}
Dumping memory into /data/data/com.example.flutter_demo/0x7cee083000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee086000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee08a000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee08b000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee08c000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee08f000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee090000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee0da000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee0e3000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee0e4000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee0e5000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee100000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee1cb000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee246000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee417000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee419000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee41e000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee4f6000
Dumping memory into /data/data/com.example.flutter_demo/0x7cee4f7000
Dumping memory into /data/data/com.example.flutter_demo/0x7cef38c000
Dumping memory into /data/data/com.example.flutter_demo/0x7cefa8c000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf0532000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf0d24000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf1720000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf33f0000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf3637000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf3734000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf3e08000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf4e8e000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf5831000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf5e52000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf692e000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf705c000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf7a2b000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf7b28000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf7c25000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf7d22000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf7e1e000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf7e96000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf7e98000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf7e9d000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf7ea5000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf7ff6000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf7ff7000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf80a3000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf826a000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf8296000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf82a7000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf82e7000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf82e8000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf82e9000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf82ea000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf82eb000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf8e8c000
Dumping memory into /data/data/com.example.flutter_demo/0x7cf930b000
Dumping memory into /data/data/com.example.flutter_demo/0x7cfa196000
Dumping memory into /data/data/com.example.flutter_demo/0x7cfa408000
Dumping memory into /data/data/com.example.flutter_demo/0x7cfa7ec000
Dumping memory into /data/data/com.example.flutter_demo/0x7cfb505000
Dumping memory into /data/data/com.example.flutter_demo/0x7cfc70a000
Dumping memory into /data/data/com.example.flutter_demo/0x7cfc9b7000
Dumping memory into /data/data/com.example.flutter_demo/0x7cfce88000
Dumping memory into /data/data/com.example.flutter_demo/0x7cfced5000
Dumping memory into /data/data/com.example.flutter_demo/0x7cfcfa3000
Dumping memory into /data/data/com.example.flutter_demo/0x7cfe870000
Dumping memory into /data/data/com.example.flutter_demo/0x7cff100000
Dumping memory into /data/data/com.example.flutter_demo/0x7cff566000
done!
The text was updated successfully, but these errors were encountered:
frida script:
=============================
console output:
The text was updated successfully, but these errors were encountered: