Last active
March 24, 2024 08:32
-
-
Save leonjza/a5c6fe7238250ec2c584348e4075b9e0 to your computer and use it in GitHub Desktop.
frida-server remove frida references from /proc/<pid>/maps | apply to frida-core
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/server/server.vala b/server/server.vala | |
index d3fc39f9..3e4d11b3 100644 | |
--- a/server/server.vala | |
+++ b/server/server.vala | |
@@ -3,7 +3,7 @@ namespace Frida.Server { | |
private const string DEFAULT_LISTEN_ADDRESS = "127.0.0.1"; | |
private const uint16 DEFAULT_LISTEN_PORT = 27042; | |
- private const string DEFAULT_DIRECTORY = "re.frida.server"; | |
+ private const string DEFAULT_DIRECTORY = "re.freeda.server"; | |
private static bool output_version = false; | |
private static string? listen_address = null; | |
private static string? directory = null; | |
diff --git a/src/embed-agent.sh b/src/embed-agent.sh | |
index d455fd8b..9de3bc09 100755 | |
--- a/src/embed-agent.sh | |
+++ b/src/embed-agent.sh | |
@@ -92,7 +92,7 @@ case $host_os in | |
*) | |
embedded_agents=() | |
- embedded_agent="$priv_dir/frida-agent-64.so" | |
+ embedded_agent="$priv_dir/freeda-agent-64.so" | |
if [ -f "$agent_modern" ]; then | |
cp "$agent_modern" "$embedded_agent" || exit 1 | |
diff --git a/src/linux/linux-host-session.vala b/src/linux/linux-host-session.vala | |
index 4e57e001..c9f06a19 100644 | |
--- a/src/linux/linux-host-session.vala | |
+++ b/src/linux/linux-host-session.vala | |
@@ -333,8 +333,8 @@ namespace Frida { | |
private AgentResource get_agent_resource () throws Error { | |
if (agent_resource == null) { | |
var blob32 = Frida.Data.Agent.get_frida_agent_32_so_blob (); | |
- var blob64 = Frida.Data.Agent.get_frida_agent_64_so_blob (); | |
- agent_resource = new AgentResource ("frida-agent-%u.so", | |
+ var blob64 = Frida.Data.Agent.get_freeda_agent_64_so_blob (); | |
+ agent_resource = new AgentResource ("freeda-agent-%u.so", | |
new MemoryInputStream.from_data (blob32.data, null), | |
new MemoryInputStream.from_data (blob64.data, null), | |
AgentMode.INSTANCED, |
In a more recent case on Android, yes.
very good information.
It helped bypass an advanced anti frida system.
I didn't waste time recompiling.
I just patched the frida-android-server file with ghidra.
how to apply this patch in my frida server?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey @leonjza! Have you successfully bypassed frida-detection tools using this rename patch?