!AEatyzGubGqsvtlrKC:matrix.org

frida

52 Members
1 Servers

Load older messages


Timestamp Message
15 Nov 2019
20:01:25@freenode_fridatg:matrix.orgfridatg <esauvisky> always sounded a bit naive to me that just replacing its name all over the project would make such a difference (assuming of course, you're trying to hide it from detection).
21:08:46@freenode_Manouchehri:matrix.orgManouchehri joined the room.
21:08:53@freenode_Manouchehri:matrix.orgManouchehri timwr: woot woot, I see you're finally using Frida more :p
21:36:49@freenode_fridatg:matrix.orgfridatg <gil> Yes I am against an “anti-Frida” tool that doesn’t look very sophisticated, I have changed the default port and IMHO I have also intercepted all the syscalls that checks files and processes containing “frida” , however it is still able to detect Frida, this doesn’t come from anti-tamper/crc checks on code as I have been able to isolate those ones
21:36:51@freenode_fridatg:matrix.orgfridatg <gil> I don’t say that replacing its names will be sufficient but at least if I replace it, I don’t need to worry anymore about this in case I have missed one syscall I’m not aware of
21:39:04@freenode_fridatg:matrix.orgfridatg <dave0x1337> @mishmish123 Could you just search through memory for anything with the string “frida” in it, and modify it to like “fxxxx”?😛
21:43:25@freenode_fridatg:matrix.orgfridatg <gil> I don’t necessary expect to bypass this anti-Frida with this trick, just to isolate this parameter in case I have missed a syscall I’m not aware of (but IMHO I have intercepted all those that check for “frida”)
21:49:15@freenode_fridatg:matrix.orgfridatg <gil> Hehe yes, sometimes there are so many prerequesite: scripting for anti-root, anti-debug... if you can get rid of some them it’s easier 😛 anyway I will investigate, if ever it is an unusual technique to detect Frida, I’ll let you know (but it doesn’t look like)
21:50:12@freenode_fridatg:matrix.orgfridatg <gil> @dave0x1337 I’m not @mishmish123 you typed wrong name )
21:50:20@freenode_fridatg:matrix.orgfridatg <dave0x1337> oops
22:11:26@freenode_fridatg:matrix.orgfridatg <dave0x1337> Telegram's handling of usernames<->names is terrible.
22:16:18@freenode_fridatg:matrix.orgfridatg <yyxzs> mmh
22:21:41@freenode_fridatg:matrix.orgfridatg <gilus123> I just changed my username but still seems to be unchanged^^
16 Nov 2019
06:29:59@freenode_fridatg:matrix.orgfridatg <pilferz> > )
06:30:00@freenode_fridatg:matrix.orgfridatg <pilferz>
06:30:01@freenode_fridatg:matrix.orgfridatg <pilferz> gil verified russian
14:24:22@freenode_fridatg:matrix.orgfridatg <Anymy> Frida don't work with java if java not in android. On pc you can use decompilers or java agent.
16:41:41@freenode_fridatg:matrix.orgfridatg <dave0x1337> @oleavr oh nice, afl! https://github.com/andreafioraldi/frida-js-afl-instr
16:52:15@freenode_fridatg:matrix.orgfridatg <proggy> Ok, thanks!
17:20:08@freenode_K_3_:matrix.orgK_3_ left the room.
17 Nov 2019
04:46:03@freenode_Burgundy:matrix.orgBurgundy left the room.
11:49:31@freenode_fridatg:matrix.orgfridatg <2h0Ng> I have an idea. There is an instance of the map object params in the program, in memory, can I use its address to call the object method with the address?
11:49:35@freenode_fridatg:matrix.orgfridatg <2h0Ng> In native. For example, the address of the map object instance is 0xabcd0001, and the address of the operator++ method of this object is 0xabcd0101. Can I call this method?
20:06:14@freenode_fridatg:matrix.orgfridatg <_dark_knight_> In addition to frida scripts, you can use filemon at http://newosxbook.com/tools/filemon.html. You will need to sign the binary with the correct entitlements tho
21:22:06@freenode_fridatg:matrix.orgfridatg <kliuz> When I am doing an execution trace for an application, why does the tracing just stop after a bit a hang for certain applications? For other applications it seems like the tracing just continues on infinitely. This is all very new to me, so if anyone could point me to resources to learn about this I'd appreciate it. Thanks!
23:45:05@freenode_K_3_:matrix.orgK_3_ joined the room.
23:47:36@freenode_K_3:matrix.orgK_3 left the room.
18 Nov 2019
01:10:42@freenode_fridatg:matrix.orgfridatg <Terry> @kliuz could it be continuing execution in another process or thread? Frida’s Stalker doesn’t track those, you’ll have to implement that logic yourself.
01:30:44@freenode_i336_:matrix.orgi336_ joined the room.
03:43:17@freenode_fridatg:matrix.orgfridatg <xorxorx> Hello. Who try bypass cert pinning in kotlin app?

There are no newer messages yet.


Back to Room List