Frida with patches that definitively fix basic detection points on Android and iOS.
Unfortunately, I discovered that the patches in several custom Frida builds for bypassing detections are incomplete and still detectable.
For example, frida_agent_main in memory and the gum-js-loop thread name.
Therefore, I created a Python build script to address these issues.
Since this is a manual patch that doesn't automatically follow the Frida upstream,
I will occasionally build it, verify that the patch works properly, and then release it.
-
Android
-
No
frida_agent_mainin memory -
No
gum-js-loop, gmain, gdbus, frida-gadgetthread name in/proc/<pid>/task/<thread_id>/status -
No
libfrida-agent-raw.soin linker's so list -
No libc hooking
-
iOS
-
No
frida_agent_mainin memory -
No
gum-js-loop, gmain, gdbus, pool-frida, pool-spawnerthread name -
No
/usr/lib/frida/ -
No
exit, abort, task_threadshooking
-
MacOS
Output: server, gadget (Android, iOS)
python3 main_macos.py -
Ubuntu 22.04
Output: server, gagdet (Android)
python3 main_ubuntu.py
- A magisk module that automatically runs ajeossida-server on boot.
- To run it in remote mode, use the following command. It will listen on
0.0.0.0:45678.
adb shell "su -c sed -i 's/REMOTE=0/REMOTE=1/' /data/adb/modules/magisk_ajeossida/service.sh" - You can attach Frida to a pairipcore protected app using this module.
However, the app will crash after a few seconds. Bypassing the crash is up to you. (Spawning the app also causes it to crash 57DE )
- Channel: https://t.me/hackcatml1
- Chat: https://t.me/hackcatmlchat