Defeat Java packers via Frida instrumentation
Use the method OpenMemory or OpenCommon (after Android N) in libart.so/libdexfile.so to get the address of the dex in memory, calculate the size of the dex file, and dump the dex from memory.
$ frida -U -f com.package.target -l dexDump.js --no-pause- https://www.frida.re/docs/home/
- frida-unpack (dstmath) https://github.com/dstmath/frida-unpack
- Frida-Android-unpack (xiaokanghub) https://github.com/xiaokanghub/Frida-Android-unpack
Supported OS: Android 4.4 - Android 11
- Jiagu
- DexProtector
- DexGuard
- Yidun
- Tencent Legu
- Mobile Tencent Protect