Areizen/dump_hprof.py

## dump_hprof.py
#!/usr/bin/python3
from subprocess import Popen
import frida
import time
import sys

dumped = False

def get_script(package_name):
    jscode = """
    Java.perform(function(){
        send("Attached !")
        const Debug = Java.use("android.os.Debug")
        Debug.dumpHprofData("/data/data/"""+package_name+"""/dump.hprof");
        send("Done !")


        /*
            Hook logs
        */
        const Log = Java.use("android.util.Log")
        Log.i.overload("java.lang.String", "java.lang.String").implementation = function(x,y)
        {
            console.log("Log from application : [" + x + "] : " + y)
        }


            /*
                Hook logs
            */
        const Log = Java.use("android.util.Log")
        Log.d.overload("java.lang.String", "java.lang.String").implementation = function(x,y)
        {
            console.log("Log from application : [" + x + "] : " + y)
        }


            /*
                Hook logs
            */
        const Log = Java.use("android.util.Log")
        Log.e.overload("java.lang.String", "java.lang.String").implementation = function(x,y)
        {
            console.log("Log from application : [" + x + "] : " + y)
        }
    })
    """
    return jscode


def on_message(message, data):
    if message['type'] == 'send':
        if("Done" in message['payload']):
            dumped = True
        print("[*] {0}".format(message['payload']))
    else:
        print(message)

def dump(package_name):
    '''
    Dump process java heap
    '''
    process = frida.get_usb_device().attach(package_name)
    script = get_script(package_name)
    script = process.create_script(script)
    print(f'[*] Dumping memory from apk: {package_name} to file : /data/data/{package_name}/dump.hprof')
    script.on('message', on_message)
    script.load()

def pull(package_name):
    '''
    Pull hprof file
    '''

    pid = Popen(f"adb pull /data/data/{package_name}/dump.hprof".split(' '))
    pid.wait()

    pid = Popen(f"adb shell rm /data/data/{package_name}/dump.hprof".split(' '))
    pid.wait()

    print("[*] Pulled dump.hprof (still need to be converted with hprof-conv)")
    return

def main(package_name):
    dump(package_name)
    pull(package_name)


if __name__ == '__main__':
    if(len(sys.argv) != 2):
        print(f"Usage: {sys.argv[0]} <package_name>")
        sys.exit(-1)
    main(package_name = sys.argv[1])
	#!/usr/bin/python3
	from subprocess import Popen
	import frida
	import time
	import sys

	dumped = False

	def get_script(package_name):
	jscode = """
	Java.perform(function(){
	send("Attached !")
	const Debug = Java.use("android.os.Debug")
	Debug.dumpHprofData("/data/data/"""+package_name+"""/dump.hprof");
	send("Done !")



	/*
	Hook logs
	*/
	const Log = Java.use("android.util.Log")
	Log.i.overload("java.lang.String", "java.lang.String").implementation = function(x,y)
	{
	console.log("Log from application : [" + x + "] : " + y)
	}


	/*
	Hook logs
	*/
	const Log = Java.use("android.util.Log")
	Log.d.overload("java.lang.String", "java.lang.String").implementation = function(x,y)
	{
	console.log("Log from application : [" + x + "] : " + y)
	}


	/*
	Hook logs
	*/
	const Log = Java.use("android.util.Log")
	Log.e.overload("java.lang.String", "java.lang.String").implementation = function(x,y)
	{
	console.log("Log from application : [" + x + "] : " + y)
	}
	})
	"""
	return jscode


	def on_message(message, data):
	if message['type'] == 'send':
	if("Done" in message['payload']):
	dumped = True
	print("[*] {0}".format(message['payload']))
	else:
	print(message)

	def dump(package_name):
	'''
	Dump process java heap
	'''
	process = frida.get_usb_device().attach(package_name)
	script = get_script(package_name)
	script = process.create_script(script)
	print(f'[*] Dumping memory from apk: {package_name} to file : /data/data/{package_name}/dump.hprof')
	script.on('message', on_message)
	script.load()

	def pull(package_name):
	'''
	Pull hprof file
	'''

	pid = Popen(f"adb pull /data/data/{package_name}/dump.hprof".split(' '))
	pid.wait()

	pid = Popen(f"adb shell rm /data/data/{package_name}/dump.hprof".split(' '))
	pid.wait()

	print("[*] Pulled dump.hprof (still need to be converted with hprof-conv)")
	return

	def main(package_name):
	dump(package_name)
	pull(package_name)


	if __name__ == '__main__':
	if(len(sys.argv) != 2):
	print(f"Usage: {sys.argv[0]} <package_name>")
	sys.exit(-1)
	main(package_name = sys.argv[1])