Fridare 是一个用于修改和定制 Frida-server 的魔改工具,专为 iOS 越狱设备设计。它允许用户更改名称和端口,以增强安全性和灵活性。免除了很多越狱检测frida的情况。 CHANGELOG
- 自动下载并修改指定版本的 frida-server
- 随机生成新的 frida-server 名称
- 自定义 frida-server 端口
- 支持 arm 和 arm64 架构
- 二进制替换修改
- frida-server
- frida-agent.dylib
- frida-tools
- 生成可直接安装的修改版 .deb 包
- 新增加 frida-tools 补丁,适配
frida:rpc
特征魔改- 解决 Android 内存扫描该字符串问题
- 自动扫描本地 pip 安装 frida-tools 的位置,对
core.py
文件进行魔改,对_frida.abi3.so
文件进行魔改
- 新增加 frida-agent.dylib 魔改,从文件名称,加载位置进行隐藏
- 解决 agent 加载未隐藏问题
- 引入
autoinstall.sh
脚本,实现 Frida 插件的自动部署。 - 引入
Makefile
,简化项目的构建和部署流程。 - 运行之前请确保本机已经安装了 issh 命令。并配置好了 ssh 的免密登录。
配置 issh 的 ssh 免密登陆
# 生成 keygen 密钥,如果已生成可以跳过 ssh-keygen -t rsa -b 4096 -C "<EMAIL>" # 配置手机IP,如果USB连接可以不配置 issh ip set <iPhone-IP> # 拷贝公钥到手机 /var/root ,需要 root 密码 alpine issh scp ~/.ssh/id_rsa.pub # 远程服务器添加公钥到 authorized_keys 文件 issh run "mkdir -p ~/.ssh && cat /var/root/id_rsa.pub >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && chmod 700 ~/.ssh"
- macOS 操作系统(用于运行构建脚本)
- Homebrew
- dpkg(将通过 Homebrew 自动安装,如果尚未安装)
- 越狱的 iOS 设备
- 在 iOS 设备上安装 OpenSSH
- 克隆此仓库:
git clone https://github.com/suifei/fridare.git
cd fridare
- 使用 Makefile 构建和部署:
make build # 构建项目
make deploy # 部署项目
- 运行构建脚本:
./build.sh [FRIDA_VERSION] [FRIDA_SERVER_PORT] [CURL_PROXY]
例如:
./build.sh 16.3.3 8899 http://127.0.0.1:1081
如果不指定参数,脚本将使用默认值(Frida 版本 16.3.3,端口 8899)。 CURL_PROXY 为可以访问github的代理地址,如果不需要代理,可以不传递。
- 脚本将下载指定版本的 Frida,修改它,并在
dist
目录中生成新的 .deb 包。
$ ./build.sh 16.3.1 8888 http://127.0.0.1:1081
- 将生成的 .deb 包传输到您的 iOS 设备:
scp ./dist/frida_16.3.3_iphoneos-arm_tcp.deb root@<iPhone-IP>:/var/root/
- SSH 进入您的 iOS 设备并安装修改后的包:
ssh root@<iPhone-IP>
dpkg -i /var/root/frida_16.3.3_iphoneos-arm_tcp.deb
为确保兼容性,请安装与修改后的服务器版本相匹配的 Frida 工具:
pip install frida-tools==12.4.3
对于 Node.js 用户:
npm install frida@16.3.3
如果不使用usb数据线时,可以使用以下命令连接到远程 frida-server :
frida -H <iPhone-IP>:8899 -U
frida-trace -H <iPhone-IP>:8899 ...
frida-ps -H <iPhone-IP>:8899
frida-inject -H <iPhone-IP>:8899 ...
Fridare 项目的核心原理:
Fridare 的核心**是修改 frida-server ,使其更难被检测。这主要通过以下几个方面实现:
-
重命名服务器文件: 将
frida-server
重命名为随机生成的名称(如abcde
),这样可以避免简单的名称检测。 -
修改启动配置: 更新 LaunchDaemons plist 文件,使其使用新的服务器名称和自定义端口。这样可以改变服务器的启动方式和监听端口。
-
二进制文件修改: 使用二进制替换技术,将服务器二进制文件中的 "frida" 相关字符串替换为自定义字符串。这可以避免通过扫描二进制文件来检测 Frida。
项目使用 dpkg-deb 工具解包和重新打包 deb 文件。这允许我们修改包的内容,包括:
- 更新 DEBIAN/control 文件中的包名
- 修改 DEBIAN/extrainst_ 和 DEBIAN/prerm 脚本以使用新的服务器名称
- 替换和重命名实际的服务器二进制文件
build.sh 脚本自动化了整个过程:
- 下载指定版本的 frida-server
- 生成随机名称
- 修改所有必要的文件
- 重新打包 deb 文件
脚本同时处理 arm 和 arm64 架构的包,确保在不同的 iOS 设备上的兼容性。
通过更改服务器名称、端口和内部字符串,这个项目使得通过常规方法检测 Frida 的存在变得更加困难。这对于在某些可能会主动检测和阻止 Frida 的应用中使用 Frida 非常有用。
通过允许用户指定 Frida 版本和端口,该工具提供了很大的灵活性,可以适应不同的需求和环境。
使用 hexreplace 来执行二进制替换,在不重新编译 Frida 的情况下修改二进制文件。这种方法虽然有效,但也有局限性,因为它只能替换固定长度的字符串。
- 默认的 root 用户密码为 "alpine"。出于安全考虑,强烈建议更改此密码。
- 请确保您的 iOS 设备已越狱并安装了 OpenSSH。
- 此工具仅用于教育和研究目的。请遵守所有适用的法律和条款。
欢迎提交问题和拉取请求。对于重大更改,请先开issue讨论您想要更改的内容。
- Automatically download and modify specified versions of frida-server
- Randomly generate new frida-server names
- Customize frida-server ports
- Support for arm and arm64 architectures
- Binary replacement modification
- frida-server
- frida-agent.dylib
- frida-tools
- Generate modified .deb packages ready for direct installation
- Added frida-tools patch, adapting to the
frida:rpc
characteristic modification- Resolves the issue of Android memory scanning for this string
- Automatically scans the local pip installation location of frida-tools, modifies the
core.py
file, and modifies the_frida.abi3.so
file
- Added frida-agent.dylib modification, hiding from filename and load location
- Resolves the issue of unhidden agent loading
- Introduced
autoinstall.sh
script for automatic deployment of Frida plugins. - Introduced
Makefile
to simplify the project build and deployment process. - Before running, please ensure that the issh command is installed on your machine. And configure password-free SSH login.
Configure password-free SSH login for issh
# Generate keygen, skip if already generated ssh-keygen -t rsa -b 4096 -C "<EMAIL>" # Configure iPhone IP, can be skipped if using USB connection issh ip set <iPhone-IP> # Copy public key to /var/root on the phone, requires root password alpine issh scp ~/.ssh/id_rsa.pub # Add public key to authorized_keys file on remote server issh run "mkdir -p ~/.ssh && cat /var/root/id_rsa.pub >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && chmod 700 ~/.ssh"
- macOS operating system (for running build scripts)
- Homebrew
- dpkg (will be automatically installed via Homebrew if not already installed)
- Jailbroken iOS device
- OpenSSH installed on iOS device
- Clone this repository:
git clone https://github.com/suifei/fridare.git
cd fridare
- Use Makefile to build and deploy:
make build # Build the project
make deploy # Deploy the project
- Run the build script:
./build.sh [FRIDA_VERSION] [FRIDA_SERVER_PORT] [CURL_PROXY]
For example:
./build.sh 16.3.3 8899 http://127.0.0.1:1081
If no parameters are specified, the script will use default values (Frida version 16.3.3, port 8899). CURL_PROXY is the proxy address that can access GitHub. If no proxy is needed, it can be omitted.
- The script will download the specified version of Frida, modify it, and generate a new .deb package in the
dist
directory.
$ ./build.sh 16.3.1 8888 http://127.0.0.1:1081
- Transfer the generated .deb package to your iOS device:
scp ./dist/frida_16.3.3_iphoneos-arm_tcp.deb root@<iPhone-IP>:/var/root/
- SSH into your iOS device and install the modified package:
ssh root@<iPhone-IP>
dpkg -i /var/root/frida_16.3.3_iphoneos-arm_tcp.deb
To ensure compatibility, install Frida tools that match the modified server version:
pip install frida-tools==12.4.3
For Node.js users:
npm install frida@16.3.3
If not using a USB data cable, you can use the following commands to connect to the remote frida-server:
frida -H <iPhone-IP>:8899 -U
frida-trace -H <iPhone-IP>:8899 ...
frida-ps -H <iPhone-IP>:8899
frida-inject -H <iPhone-IP>:8899 ...
Core principles of the Fridare project:
The core idea of Fridare is to modify frida-server to make it harder to detect. This is mainly achieved through the following aspects:
-
Renaming the server file: Rename
frida-server
to a randomly generated name (e.g.,abcde
), which avoids simple name detection. -
Modifying startup configuration: Update the LaunchDaemons plist file to use the new server name and custom port. This changes the way the server starts and the port it listens on.
-
Binary file modification: Use binary replacement techniques to replace "frida" related strings in the server binary file with custom strings. This can avoid detection of Frida by scanning the binary file.
The project uses the dpkg-deb tool to unpack and repack deb files. This allows us to modify the contents of the package, including:
- Updating the package name in the DEBIAN/control file
- Modifying DEBIAN/extrainst_ and DEBIAN/prerm scripts to use the new server name
- Replacing and renaming the actual server binary file
The build.sh script automates the entire process:
- Downloading the specified version of frida-server
- Generating random names
- Modifying all necessary files
- Repacking the deb file
The script handles packages for both arm and arm64 architectures, ensuring compatibility on different iOS devices.
By changing the server name, port, and internal strings, this project makes it more difficult to detect the presence of Frida through conventional methods. This is particularly useful for using Frida in applications that might actively detect and block Frida.
By allowing users to specify the Frida version and port, the tool provides great flexibility to adapt to different needs and environments.
Using hexreplace to perform binary replacements, modifying binary files without recompiling Frida. While effective, this method has limitations as it can only replace fixed-length strings.
- The default root user password is "alpine". For security reasons, it is strongly recommended to change this password.
- Please ensure your iOS device is jailbroken and has OpenSSH installed.
- This tool is for educational and research purposes only. Please comply with all applicable laws and terms.
Issues and pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.