Frida检测___对待武沛奇老师的课程需怀有敬畏的心态.
- iOS破解
- 2025-01-25
- 44热度
- 0评论
proc检测
.../local/tmp # ps -ef | grep che168
u0_a205 16928 12075 6 18:16 ? 00:00:04 com.che168.autotradercloud
u0_a205 17051 12075 0 18:16 ? 00:00:00 com.che168.autotradercloud:ipc
u0_a205 17118 12075 2 18:16 ? 00:00:01 com.che168.autotradercloud:pushservice
root 17804 17584 2 18:17 pts/1 00:00:00 grep che168
.../local/tmp # ps -A | grep com.che168.autotradercloud
16928 ? 00:00:05 com.che168.autotradercloud
17051 ? 00:00:00 com.che168.autotradercloud:ipc
17118 ? 00:00:01 com.che168.autotradercloud:pushservice
.../local/tmp # cd /pro
bash: cd: /pro: No such file or directory
.../local/tmp # cd /pro
proc/ product/ product_services
.../local/tmp # cd /proc
/proc # cd 16928
/proc/16928 # ls
attr/ comm fd/ mem oom_adj root@ smaps syscall
autogroup coredump_filter fdinfo/ mountinfo oom_score sched smaps_rollup task/
auxv cpuset io mounts oom_score_adj sched_group_id stack time_in_state
cgroup cwd@ limits mountstats pagemap sched_init_task_load stat timerslack_ns
clear_refs environ map_files/ net/ personality sched_wake_up_idle statm top_app
cmdline exe@ maps ns/ reclaim schedstat status wchan
/proc/16928 #
maps文件 , 记录了当前app运行时候, 加载的依赖. 全部都存储到了文件中.
车智赢 所有加载的app的so文件,都会在map中存在的.
这里面就有一些 libnative.so 这样的文件. 所以存在于maps文件中.
/proc/16928 # cat maps | grep libnative
78f6b5b000-78f6c1b000 r-xp 00000000 103:05 5431580 /data/app/com.che168.autotradercloud-LTGEbEGKyOrdPogMOL27SQ==/lib/arm64/libnative-lib.so
78f6c1c000-78f6c23000 r--p 000c0000 103:05 5431580 /data/app/com.che168.autotradercloud-LTGEbEGKyOrdPogMOL27SQ==/lib/arm64/libnative-lib.so
78f6c23000-78f6c24000 rw-p 000c7000 103:05 5431580 /data/app/com.che168.autotradercloud-LTGEbEGKyOrdPogMOL27SQ==/lib/arm64/libnative-lib.so
79f840f000-79f8412000 r--p 00000000 fd:00 340 /apex/com.android.runtime/lib64/libnativehelper.so
79f8412000-79f8415000 r-xp 00003000 fd:00 340 /apex/com.android.runtime/lib64/libnativehelper.so
79f8415000-79f8416000 rw-p 00006000 fd:00 340 /apex/com.android.runtime/lib64/libnativehelper.so
79f8416000-79f8417000 r--p 00007000 fd:00 340 /apex/com.android.runtime/lib64/libnativehelper.so
79f8ec3000-79f8ec4000 r--p 00000000 fd:00 3469 /system/lib64/libnativebridge_lazy.so
79f8ec4000-79f8ec6000 r-xp 00001000 fd:00 3469 /system/lib64/libnativebridge_lazy.so
79f8ec6000-79f8ec7000 rw-p 00003000 fd:00 3469 /system/lib64/libnativebridge_lazy.so
79f8ec7000-79f8ec8000 r--p 00004000 fd:00 3469 /system/lib64/libnativebridge_lazy.so
79f98bb000-79f98bc000 r--p 00000000 fd:00 3471 /system/lib64/libnativeloader_lazy.so
79f98bc000-79f98bd000 r-xp 00001000 fd:00 3471 /system/lib64/libnativeloader_lazy.so
79f98bd000-79f98be000 rw-p 00002000 fd:00 3471 /system/lib64/libnativeloader_lazy.so
79f98be000-79f98bf000 r--p 00003000 fd:00 3471 /system/lib64/libnativeloader_lazy.so
79f98cf000-79f98d2000 r--p 00000000 fd:00 3472 /system/lib64/libnativewindow.so
79f98d2000-79f98d4000 r-xp 00003000 fd:00 3472 /system/lib64/libnativewindow.so
79f98d4000-79f98d5000 rw-p 00005000 fd:00 3472 /system/lib64/libnativewindow.so
79f98d5000-79f98d6000 r--p 00006000 fd:00 3472 /system/lib64/libnativewindow.so
79fb296000-79fb29c000 r--p 00000000 fd:00 341 /apex/com.android.runtime/lib64/libnativeloader.so
79fb29c000-79fb2ac000 r-xp 00006000 fd:00 341 /apex/com.android.runtime/lib64/libnativeloader.so
79fb2ac000-79fb2ad000 rw-p 00016000 fd:00 341 /apex/com.android.runtime/lib64/libnativeloader.so
79fb2ad000-79fb2ae000 r--p 00017000 fd:00 341 /apex/com.android.runtime/lib64/libnativeloader.so
79fb2c4000-79fb2c6000 r--p 00000000 fd:00 339 /apex/com.android.runtime/lib64/libnativebridge.so
79fb2c6000-79fb2c8000 r-xp 00002000 fd:00 339 /apex/com.android.runtime/lib64/libnativebridge.so
79fb2c8000-79fb2c9000 rw-p 00004000 fd:00 339 /apex/com.android.runtime/lib64/libnativebridge.so
79fb2c9000-79fb2ca000 r--p 00005000 fd:00 339 /apex/com.android.runtime/lib64/libnativebridge.so
maps中, frida如果不注入的话,是没有相关的字眼的.
附加frida后
frida -D 10.10.10.200:5555 -f com.che168.autotradercloud -l '/home/calleng/p9/Mikrom2.0/JS_editor/com_che168_autotradercloud_hook_获取设备注册.js'
/proc/16928 # cat maps | grep frida
cat: maps: No such process
/proc/16928 # ps -ef | grep che168
u0_a205 18899 12075 4 18:35 ? 00:00:04 com.che168.autotradercloud
u0_a205 19129 12075 0 18:35 ? 00:00:00 com.che168.autotradercloud:ipc
u0_a205 19204 12075 4 18:35 ? 00:00:04 com.che168.autotradercloud:pushservice
root 19585 17584 2 18:36 pts/1 00:00:00 grep che168
/proc/16928 # cd /proc/18899/
/proc/18899 # cat maps | grep frida
7919646000-791a03e000 r--p 00000000 00:05 1112660 /memfd:frida-agent-64.so (deleted)
791a03f000-791ad5e000 r-xp 009f8000 00:05 1112660 /memfd:frida-agent-64.so (deleted)
791ad5e000-791ae2e000 r--p 01716000 00:05 1112660 /memfd:frida-agent-64.so (deleted)
791ae2f000-791ae4b000 rw-p 017e6000 00:05 1112660 /memfd:frida-agent-64.so (deleted)
以上就是检测的特征.
或者说,只要打开了, data/local/tmp 这个目录, 下面的这些文件之后, 就是 有了 frida 的这个特征.
如何绕过, 本质,还是hook 关键字. strstr 或者 strcmp 函数. [做任何事情都要虚怀若谷的空杯心态.]
只要比较,就免不了使用这样的函数. 如果出现 frida 或者 frida-agent 这个字眼, 或者 tmp
5. tasks目录
当前app运行在手机, '/proc/进程ID/..... 就会生成一系列文件, 都是关于当前app 运行的信息.
task目录. 这里面其实都是文件夹. 也就是当前app 运行的线程 ID ,就是在这个线程中,存储的这个线程的ID.
如果运行 Frida 就会出现几个线程. 如果是不运行,那么就不会出现那么几个线程.
/proc/18899 # ls
attr/ clear_refs cpuset fd/ map_files/ mounts oom_adj personality sched_group_id smaps statm time_in_state
autogroup cmdline cwd@ fdinfo/ maps mountstats oom_score reclaim sched_init_task_load smaps_rollup status timerslack_ns
auxv comm environ io mem net/ oom_score_adj root@ sched_wake_up_idle stack syscall top_app
cgroup coredump_filter exe@ limits mountinfo ns/ pagemap sched schedstat stat task/ wchan
/proc/18899 # cd task
.../18899/task # ls
18899/ 18920/ 18924/ 18963/ 19011/ 19028/ 19034/ 19046/ 19102/ 19109/ 19116/ 19133/ 19140/ 19145/ 19154/ 19181/ 19225/ 19422/ 19446/ 19487/
18912/ 18921/ 18925/ 18965/ 19024/ 19029/ 19035/ 19053/ 19104/ 19110/ 19121/ 19135/ 19141/ 19146/ 19155/ 19197/ 19227/ 19425/ 19469/
18917/ 18922/ 18929/ 18980/ 19026/ 19030/ 19041/ 19066/ 19105/ 19112/ 19124/ 19136/ 19142/ 19147/ 19176/ 19198/ 19264/ 19435/ 19474/
18919/ 18923/ 18962/ 19008/ 19027/ 19032/ 19042/ 19070/ 19106/ 19115/ 19126/ 19139/ 19144/ 19148/ 19179/ 19202/ 19420/ 19436/ 19475/
.../18899/task #
# 如果我现在退出 Frida ,那么 线程的 ID 是不是会减少了呢?
.../18899/task # ls
18899/ 18920/ 18963/ 19011/ 19028/ 19034/ 19046/ 19102/ 19109/ 19116/ 19133/ 19140/ 19145/ 19154/ 19181/ 19225/ 19422/ 19446/ 19487/
18912/ 18921/ 18965/ 19024/ 19029/ 19035/ 19053/ 19104/ 19110/ 19121/ 19135/ 19141/ 19146/ 19155/ 19197/ 19227/ 19425/ 19469/
18917/ 18922/ 18980/ 19026/ 19030/ 19041/ 19066/ 19105/ 19112/ 19124/ 19136/ 19142/ 19147/ 19176/ 19198/ 19264/ 19435/ 19474/
18919/ 18962/ 19008/ 19027/ 19032/ 19042/ 19070/ 19106/ 19115/ 19126/ 19139/ 19144/ 19148/ 19179/ 19202/ 19420/ 19436/ 19475/
# 确实,我的线程 ID 减少了.
# 其实多了,就是有 Frida的那些字眼,或者一些相关的关键字. 出现了一些线程.如果ok 那么就会有那个字眼.
# 那么, 让 Frida 再次附加, 会出现什么情况?
# 那么通过 Frida 附加后, 又多了几个线程.
.../18899/task # ls
18899/ 18920/ 18963/ 19011/ 19028/ 19034/ 19046/ 19102/ 19109/ 19116/ 19133/ 19140/ 19145/ 19154/ 19181/ 19225/ 19422/ 19446/ 19487/ 22923/
18912/ 18921/ 18965/ 19024/ 19029/ 19035/ 19053/ 19104/ 19110/ 19121/ 19135/ 19141/ 19146/ 19155/ 19197/ 19227/ 19425/ 19469/ 22920/ 22924/
18917/ 18922/ 18980/ 19026/ 19030/ 19041/ 19066/ 19105/ 19112/ 19124/ 19136/ 19142/ 19147/ 19176/ 19198/ 19264/ 19435/ 19474/ 22921/
18919/ 18962/ 19008/ 19027/ 19032/ 19042/ 19070/ 19106/ 19115/ 19126/ 19139/ 19144/ 19148/ 19179/ 19202/ 19420/ 19436/ 19475/ 22922/
# 多了这些线程, 22920,22921,22922, 22923,22924
# 进入线程进行查看, 通过他目录下的stat 文件进行查看,就可以找到相关的字眼.
.../task/22921 # ls
attr/ clear_refs cpuset environ fdinfo/ maps mounts oom_adj pagemap sched smaps_rollup statm time_in_state
auxv cmdline cwd@ exe@ io mem net/ oom_score personality schedstat stack status wchan
cgroup comm delay fd/ limits mountinfo ns/ oom_score_adj root@ smaps stat syscall
.../task/22921 #
# 所以切换,返回目录, 遍历所有查找对应的特征.
.../18899/task # cat 22920
cat: 22920: Is a directory
.../18899/task # cat 22920/stat
22920 (autotradercloud) S 12075 12075 0 0 -1 4210752 655 1560 0 0 3 3 4 2 10 -10 77 0 9710395 7282544640 74540 18446744073709551615 376346554368 376346579184 548907557200
0 0 0 4608 1 1073798398 1 0 0 -1 1 0 0 0 0 0 376346583040 376346584472 376483962880 548907558587 548907558686 548907558686 548907560926 0
.../18899/task # cat 22921/stat
22921 (gmain) S 12075 12075 0 0 -1 4210752 3 1560 0 0 0 0 4 2 10 -10 77 0 9710399 7282544640 74540 18446744073709551615 376346554368 376346579184 548907557200 0 0 0 21472
20223 1 1073798398 1 0 0 -1 0 0 0 0 0 0 376346583040 376346584472 376483962880 548907558587 548907558686 548907558686 548907560926 0
.../18899/task # cat 22922/stat
cat: 22922/stat: No such file or directory
.../18899/task # cat 22923/stat
22923 (gdbus) S 12075 12075 0 0 -1 4210752 12 1560 0 0 0 0 4 2 10 -10 77 0 9710401 7282544640 74540 18446744073709551615 376346554368 376346579184 548907557200 0 0 0 4608
1 1073798398 1 0 0 -1 5 0 0 0 0 0 376346583040 376346584472 376483962880 548907558587 548907558686 548907558686 548907560926 0
.../18899/task # cat 22924/stat
22924 (Thread-28) S 12075 12075 0 0 -1 4210752 1524 1560 0 0 16 1 4 2 10 -10 77 0 9710401 7282544640 74540 18446744073709551615 376346554368 376346579184 548907557200 0 0
0 4608 1 1073798398 1 0 0 -1 5 0 0 0 0 0 376346583040 376346584472 376483962880 548907558587 548907558686 548907558686 548907560926 0
.../18899/task # cat 22925/stat
cat: 22925/stat: No such file or directory
.../18899/task #
# 通过阅读 , 知道了, gmain, gdbus 等等特征.
# 找到了, gmain, gdbus 这些都是 frida 的关键字和特征,.
如果新开的线程中,存在这些东西,那么就让我们终止掉进程.
如果想要进行此类的检测, 绕过方法.
直接, hook 相关的字眼, 让他们直接返回false 即可.
那么, 直接把 关键字直接,放到 或者的位置, 添加其他的判断条件.
6, FD,目录.
fd目录在运行时候, 你打开了哪些文件,
# 这是 Frida 注入后的特征
.../18899/fd # ll
total 0
lrwx------ 1 root root 64 Jan 25 02:35 0 -> /dev/null
lrwx------ 1 root root 64 Jan 25 02:35 1 -> /dev/null
lr-x------ 1 root root 64 Jan 25 02:35 10 -> /apex/com.android.runtime/javalib/core-libart.jar
lr-x------ 1 root root 64 Jan 25 03:22 100 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 101 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 102 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 103 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 104 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 105 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 106 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 107 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 108 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 109 -> /dev/null
lr-x------ 1 root root 64 Jan 25 02:35 11 -> /apex/com.android.runtime/javalib/okhttp.jar
lr-x------ 1 root root 64 Jan 25 03:22 110 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 111 -> /dev/null
lrwx------ 1 root root 64 Jan 25 03:22 112 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 113 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 114 -> /data/data/com.che168.autotradercloud/shared_prefs/paconfig.sp
lrwx------ 1 root root 64 Jan 25 03:22 115 -> 'anon_inode:[eventpoll]'
l-wx------ 1 root root 64 Jan 25 02:35 116 -> /data/data/com.che168.autotradercloud/app_UApm/sendlock
lr-x------ 1 root root 64 Jan 25 02:35 117 -> anon_inode:sync_file
lrwx------ 1 root root 64 Jan 25 03:22 118 -> /dev/ashmem
lrwx------ 1 root root 64 Jan 25 03:22 119 -> /data/data/com.che168.autotradercloud/shared_prefs/Y29uZmlnXzVhY2IwMzQwZjI5ZDk4MDY0OTAwMDA1MA.sp
lr-x------ 1 root root 64 Jan 25 02:35 12 -> /apex/com.android.runtime/javalib/bouncycastle.jar
lrwx------ 1 root root 64 Jan 25 03:22 121 -> 'socket:[1207193]'=
lrwx------ 1 root root 64 Jan 25 03:22 122 -> anon_inode:dmabuf
lrwx------ 1 root root 64 Jan 25 03:22 123 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 124 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 125 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 127 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 128 -> /dev/ashmem
l-wx------ 1 root root 64 Jan 25 03:22 129 -> /sys/kernel/debug/tracing/trace_marker
lr-x------ 1 root root 64 Jan 25 02:35 13 -> /apex/com.android.runtime/javalib/apache-xml.jar
lr-x------ 1 root root 64 Jan 25 03:22 130 -> /system/product/app/WebViewGoogle/WebViewGoogle.apk
lrwx------ 1 root root 64 Jan 25 03:22 133 -> anon_inode:dmabuf
lrwx------ 1 root root 64 Jan 25 03:22 134 -> 'socket:[1226366]'=
lrwx------ 1 root root 64 Jan 25 02:35 137 -> anon_inode:dmabuf
lrwx------ 1 root root 64 Jan 25 03:22 138 -> anon_inode:dmabuf
lr-x------ 1 root root 64 Jan 25 03:22 139 -> /system/product/app/TrichromeLibrary/TrichromeLibrary.apk
lr-x------ 1 root root 64 Jan 25 02:35 14 -> /system/framework/com.nxp.nfc.nq.jar
lr-x------ 1 root root 64 Jan 25 03:22 140 -> /system/product/app/WebViewGoogle/WebViewGoogle.apk
lr-x------ 1 root root 64 Jan 25 03:22 143 -> /system/product/app/TrichromeLibrary/TrichromeLibrary.apk
lr-x------ 1 root root 64 Jan 25 02:35 144 -> /system/product/app/WebViewGoogle/WebViewGoogle.apk
lrwx------ 1 root root 64 Jan 25 02:35 145 -> /data/data/com.che168.autotradercloud/app_webview/Default/Cookies
lrwx------ 1 root root 64 Jan 25 03:22 146 -> anon_inode:dmabuf
lrwx------ 1 root root 64 Jan 25 03:22 147 -> 'socket:[1228943]'=
lrwx------ 1 root root 64 Jan 25 03:22 148 -> anon_inode:dmabuf
lrwx------ 1 root root 64 Jan 25 03:22 149 -> 'socket:[1201824]'=
lr-x------ 1 root root 64 Jan 25 02:35 15 -> /system/framework/framework.jar
lrwx------ 1 root root 64 Jan 25 03:22 151 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 152 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 153 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 154 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 156 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 157 -> 'anon_inode:[eventpoll]'
lr-x------ 1 root root 64 Jan 25 02:35 16 -> /system/framework/ext.jar
lrwx------ 1 root root 64 Jan 25 03:22 161 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 162 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 163 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 165 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 169 -> 'socket:[1225810]'=
lr-x------ 1 root root 64 Jan 25 02:35 17 -> /system/framework/telephony-common.jar
lrwx------ 1 root root 64 Jan 25 03:22 170 -> /dev/ashmem
lrwx------ 1 root root 64 Jan 25 03:22 172 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 173 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 175 -> 'anon_inode:[timerfd]'
lrwx------ 1 root root 64 Jan 25 03:22 176 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 177 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 178 -> 'anon_inode:[timerfd]'
lr-x------ 1 root root 64 Jan 25 02:35 18 -> /system/framework/voip-common.jar
lr-x------ 1 root root 64 Jan 25 02:35 181 -> 'pipe:[1201535]'|
lrwx------ 1 root root 64 Jan 25 03:22 182 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 183 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 184 -> 'anon_inode:[timerfd]'
lrwx------ 1 root root 64 Jan 25 03:22 185 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 186 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 187 -> 'anon_inode:[timerfd]'
l-wx------ 1 root root 64 Jan 25 03:22 189 -> 'pipe:[1201535]'|
lrwx------ 1 root root 64 Jan 25 02:35 19 -> /dev/null
lrwx------ 1 root root 64 Jan 25 03:22 190 -> 'anon_inode:[eventpoll]'
lr-x------ 1 root root 64 Jan 25 02:35 191 -> /dev/ion
lrwx------ 1 root root 64 Jan 25 03:22 194 -> /dev/kgsl-3d0
lr-x------ 1 root root 64 Jan 25 03:22 195 -> /dev/ion
lrwx------ 1 root root 64 Jan 25 03:22 197 -> /dev/hwbinder
lrwx------ 1 root root 64 Jan 25 02:35 2 -> /dev/null
lrwx------ 1 root root 64 Jan 25 02:35 20 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 206 -> /data/data/com.che168.autotradercloud/code_cache/flutter_engine/e1e6ced81d029258d449bdec2ba3cddca9c2ca0c/skia/a640745ce52ea6ac9c1b958f40c1d28c98ad16fc/
lr-x------ 1 root root 64 Jan 25 03:22 208 -> /data/data/com.che168.autotradercloud/code_cache/flutter_engine/e1e6ced81d029258d449bdec2ba3cddca9c2ca0c/skia/a640745ce52ea6ac9c1b958f40c1d28c98ad16fc/sksl/
lr-x------ 1 root root 64 Jan 25 02:35 21 -> /system/framework/ims-common.jar
lrwx------ 1 root root 64 Jan 25 03:22 212 -> /data/data/com.che168.autotradercloud/files/log/liteav/LiteAV_C.mmap2*
lrwx------ 1 root root 64 Jan 25 03:22 215 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 216 -> 'anon_inode:[eventpoll]'
lr-x------ 1 root root 64 Jan 25 02:35 22 -> '/system/framework/miuisdk@boot.jar'
lr-x------ 1 root root 64 Jan 25 02:35 23 -> '/system/framework/miuisystemsdk@boot.jar'
l-wx------ 1 root root 64 Jan 25 03:22 235 -> /data/data/com.che168.autotradercloud/crashsdk/tags/DUOLCREDARTOTUA0861EHC0MOC.ss
lr-x------ 1 root root 64 Jan 25 02:35 24 -> /system/framework/android.test.base.jar
lrwx------ 1 root root 64 Jan 25 03:22 242 -> 'socket:[1201564]'=
lrwx------ 1 root root 64 Jan 25 03:22 243 -> 'socket:[1201566]'=
lr-x------ 1 root root 64 Jan 25 02:35 25 -> /system/framework/telephony-ext.jar
lr-x------ 1 root root 64 Jan 25 02:35 26 -> /system/framework/tcmiface.jar
lr-x------ 1 root root 64 Jan 25 02:35 27 -> /system/framework/QPerformance.jar
lr-x------ 1 root root 64 Jan 25 02:35 28 -> /system/framework/UxPerformance.jar
lr-x------ 1 root root 64 Jan 25 02:35 29 -> /system/framework/WfdCommon.jar
lrwx------ 1 root root 64 Jan 25 02:35 3 -> 'anon_inode:[eventfd]'
lr-x------ 1 root root 64 Jan 25 02:35 30 -> /apex/com.android.conscrypt/javalib/conscrypt.jar
lr-x------ 1 root root 64 Jan 25 02:35 31 -> /apex/com.android.media/javalib/updatable-media.jar
lr-x------ 1 root root 64 Jan 25 02:35 32 -> /system/framework/framework-res.apk
lr-x------ 1 root root 64 Jan 25 02:35 33 -> /vendor/overlay/FrameworksResCommon.apk
lr-x------ 1 root root 64 Jan 25 02:35 34 -> /vendor/overlay/DevicesAndroidOverlay.apk
lr-x------ 1 root root 64 Jan 25 02:35 35 -> /system/framework/framework-ext-res/framework-ext-res.apk
lr-x------ 1 root root 64 Jan 25 02:35 36 -> /system/app/miuisystem/miuisystem.apk
lr-x------ 1 root root 64 Jan 25 02:35 37 -> /system/app/miui/miui.apk
lrwx------ 1 root root 64 Jan 25 02:35 38 -> /dev/null
lrwx------ 1 root root 64 Jan 25 02:35 39 -> 'socket:[1276486]'=
lrwx------ 1 root root 64 Jan 25 02:35 4 -> 'socket:[1175500]'=
l-wx------ 1 root root 64 Jan 25 02:35 40 -> /dev/pmsg0
lrwx------ 1 root root 64 Jan 25 02:35 41 -> 'socket:[1246749]'=
lrwx------ 1 root root 64 Jan 25 02:35 43 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 02:35 44 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 02:35 45 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 46 -> /dev/binder
lrwx------ 1 root root 64 Jan 25 02:35 47 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 48 -> 'anon_inode:[eventfd]'
lr-x------ 1 root root 64 Jan 25 02:35 49 -> /proc/18899/task/18899/delay
l-wx------ 1 root root 64 Jan 25 02:35 5 -> /sys/kernel/debug/tracing/trace_marker
lr-x------ 1 root root 64 Jan 25 03:22 50 -> /system/media/theme/default/icons
lr-x------ 1 root root 64 Jan 25 02:35 51 -> '/data/app/com.che168.autotradercloud-LTGEbEGKyOrdPogMOL27SQ==/base.apk'
lr-x------ 1 root root 64 Jan 25 02:35 52 -> /vendor/overlay/GestureLineOverlay.apk
lrwx------ 1 root root 64 Jan 25 02:35 53 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 54 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 55 -> /dev/ashmem
lrwx------ 1 root root 64 Jan 25 03:22 57 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 58 -> 'anon_inode:[eventpoll]'
lr-x------ 1 root root 64 Jan 25 03:22 59 -> anon_inode:inotify
lrwx------ 1 root root 64 Jan 25 02:35 6 -> /dev/null
lrwx------ 1 root root 64 Jan 25 03:22 60 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 61 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 62 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 63 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 64 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 65 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 66 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 67 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 68 -> /data/data/com.che168.autotradercloud/shared_prefs/sp_replace_flag.sp
lrwx------ 1 root root 64 Jan 25 03:22 69 -> /data/data/com.che168.autotradercloud/shared_prefs/itconfig.sp
lrwx------ 1 root root 64 Jan 25 02:35 7 -> /dev/null
lrwx------ 1 root root 64 Jan 25 03:22 70 -> 'anon_inode:[eventfd]'
lr-x------ 1 root root 64 Jan 25 03:22 71 -> /dev/null
lrwx------ 1 root root 64 Jan 25 03:22 72 -> 'anon_inode:[eventpoll]'
lr-x------ 1 root root 64 Jan 25 03:22 73 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 74 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 75 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 76 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 77 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 78 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 79 -> /dev/null
lrwx------ 1 root root 64 Jan 25 02:35 8 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 80 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 81 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 82 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 83 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 84 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 85 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 86 -> /dev/null
lrwx------ 1 root root 64 Jan 25 03:22 87 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 88 -> 'anon_inode:[eventpoll]'
lr-x------ 1 root root 64 Jan 25 02:35 89 -> 'pipe:[1201495]'|
lr-x------ 1 root root 64 Jan 25 02:35 9 -> /apex/com.android.runtime/javalib/core-oj.jar
l-wx------ 1 root root 64 Jan 25 03:22 90 -> 'pipe:[1201495]'|
lr-x------ 1 root root 64 Jan 25 03:22 91 -> 'pipe:[1201496]'|
l-wx------ 1 root root 64 Jan 25 03:22 92 -> 'pipe:[1201496]'|
lrwx------ 1 root root 64 Jan 25 03:22 93 -> 'socket:[1273638]'=
lrwx------ 1 root root 64 Jan 25 03:22 94 -> 'socket:[1233410]'=
lr-x------ 1 root root 64 Jan 25 03:22 95 -> /dev/null
lrwx------ 1 root root 64 Jan 25 03:22 96 -> 'anon_inode:[eventfd]'
lr-x------ 1 root root 64 Jan 25 03:22 97 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 98 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 99 -> /dev/null
# 这是 frida 退出后的特征
lrwx------ 1 root root 64 Jan 25 02:35 0 -> /dev/null
lrwx------ 1 root root 64 Jan 25 02:35 1 -> /dev/null
lr-x------ 1 root root 64 Jan 25 02:35 10 -> /apex/com.android.runtime/javalib/core-libart.jar
lr-x------ 1 root root 64 Jan 25 03:22 100 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 101 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 102 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 103 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 104 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 105 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 106 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 107 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 108 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 109 -> /dev/null
lr-x------ 1 root root 64 Jan 25 02:35 11 -> /apex/com.android.runtime/javalib/okhttp.jar
lr-x------ 1 root root 64 Jan 25 03:22 110 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 111 -> /dev/null
lrwx------ 1 root root 64 Jan 25 03:22 112 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 113 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 114 -> /data/data/com.che168.autotradercloud/shared_prefs/paconfig.sp
lrwx------ 1 root root 64 Jan 25 03:22 115 -> 'anon_inode:[eventpoll]'
l-wx------ 1 root root 64 Jan 25 02:35 116 -> /data/data/com.che168.autotradercloud/app_UApm/sendlock
lr-x------ 1 root root 64 Jan 25 02:35 117 -> anon_inode:sync_file
lrwx------ 1 root root 64 Jan 25 03:22 118 -> /dev/ashmem
lrwx------ 1 root root 64 Jan 25 03:22 119 -> /data/data/com.che168.autotradercloud/shared_prefs/Y29uZmlnXzVhY2IwMzQwZjI5ZDk4MDY0OTAwMDA1MA.sp
lr-x------ 1 root root 64 Jan 25 02:35 12 -> /apex/com.android.runtime/javalib/bouncycastle.jar
lrwx------ 1 root root 64 Jan 25 03:22 121 -> 'socket:[1207193]'=
lrwx------ 1 root root 64 Jan 25 03:22 122 -> anon_inode:dmabuf
lrwx------ 1 root root 64 Jan 25 03:22 123 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 124 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 125 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 127 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 128 -> /dev/ashmem
l-wx------ 1 root root 64 Jan 25 03:22 129 -> /sys/kernel/debug/tracing/trace_marker
lr-x------ 1 root root 64 Jan 25 02:35 13 -> /apex/com.android.runtime/javalib/apache-xml.jar
lr-x------ 1 root root 64 Jan 25 03:22 130 -> /system/product/app/WebViewGoogle/WebViewGoogle.apk
lrwx------ 1 root root 64 Jan 25 03:22 133 -> anon_inode:dmabuf
lrwx------ 1 root root 64 Jan 25 03:22 134 -> 'socket:[1226366]'=
lrwx------ 1 root root 64 Jan 25 02:35 137 -> anon_inode:dmabuf
lrwx------ 1 root root 64 Jan 25 03:22 138 -> anon_inode:dmabuf
lr-x------ 1 root root 64 Jan 25 03:22 139 -> /system/product/app/TrichromeLibrary/TrichromeLibrary.apk
lr-x------ 1 root root 64 Jan 25 02:35 14 -> /system/framework/com.nxp.nfc.nq.jar
lr-x------ 1 root root 64 Jan 25 03:22 140 -> /system/product/app/WebViewGoogle/WebViewGoogle.apk
lr-x------ 1 root root 64 Jan 25 03:22 143 -> /system/product/app/TrichromeLibrary/TrichromeLibrary.apk
lr-x------ 1 root root 64 Jan 25 02:35 144 -> /system/product/app/WebViewGoogle/WebViewGoogle.apk
lrwx------ 1 root root 64 Jan 25 02:35 145 -> /data/data/com.che168.autotradercloud/app_webview/Default/Cookies
lrwx------ 1 root root 64 Jan 25 03:22 146 -> anon_inode:dmabuf
lrwx------ 1 root root 64 Jan 25 03:22 147 -> 'socket:[1228943]'=
lrwx------ 1 root root 64 Jan 25 03:22 148 -> anon_inode:dmabuf
lrwx------ 1 root root 64 Jan 25 03:22 149 -> 'socket:[1201824]'=
lr-x------ 1 root root 64 Jan 25 02:35 15 -> /system/framework/framework.jar
lrwx------ 1 root root 64 Jan 25 03:22 151 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 152 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 153 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 154 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 156 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 157 -> 'anon_inode:[eventpoll]'
lr-x------ 1 root root 64 Jan 25 02:35 16 -> /system/framework/ext.jar
lrwx------ 1 root root 64 Jan 25 03:22 161 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 162 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 163 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 165 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 169 -> 'socket:[1225810]'=
lr-x------ 1 root root 64 Jan 25 02:35 17 -> /system/framework/telephony-common.jar
lrwx------ 1 root root 64 Jan 25 03:22 170 -> /dev/ashmem
lrwx------ 1 root root 64 Jan 25 03:22 172 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 173 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 175 -> 'anon_inode:[timerfd]'
lrwx------ 1 root root 64 Jan 25 03:22 176 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 177 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 178 -> 'anon_inode:[timerfd]'
lr-x------ 1 root root 64 Jan 25 02:35 18 -> /system/framework/voip-common.jar
lr-x------ 1 root root 64 Jan 25 02:35 181 -> 'pipe:[1201535]'|
lrwx------ 1 root root 64 Jan 25 03:22 182 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 183 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 184 -> 'anon_inode:[timerfd]'
lrwx------ 1 root root 64 Jan 25 03:22 185 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 186 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 187 -> 'anon_inode:[timerfd]'
l-wx------ 1 root root 64 Jan 25 03:22 189 -> 'pipe:[1201535]'|
lrwx------ 1 root root 64 Jan 25 02:35 19 -> /dev/null
lrwx------ 1 root root 64 Jan 25 03:22 190 -> 'anon_inode:[eventpoll]'
lr-x------ 1 root root 64 Jan 25 02:35 191 -> /dev/ion
lrwx------ 1 root root 64 Jan 25 03:22 194 -> /dev/kgsl-3d0
lr-x------ 1 root root 64 Jan 25 03:22 195 -> /dev/ion
lrwx------ 1 root root 64 Jan 25 03:22 197 -> /dev/hwbinder
lrwx------ 1 root root 64 Jan 25 02:35 2 -> /dev/null
lrwx------ 1 root root 64 Jan 25 02:35 20 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 206 -> /data/data/com.che168.autotradercloud/code_cache/flutter_engine/e1e6ced81d029258d449bdec2ba3cddca9c2ca0c/skia/a640745ce52ea6ac9c1b958f40c1d28c98ad16fc/
lr-x------ 1 root root 64 Jan 25 03:22 208 -> /data/data/com.che168.autotradercloud/code_cache/flutter_engine/e1e6ced81d029258d449bdec2ba3cddca9c2ca0c/skia/a640745ce52ea6ac9c1b958f40c1d28c98ad16fc/sksl/
lr-x------ 1 root root 64 Jan 25 02:35 21 -> /system/framework/ims-common.jar
lrwx------ 1 root root 64 Jan 25 03:22 212 -> /data/data/com.che168.autotradercloud/files/log/liteav/LiteAV_C.mmap2*
lrwx------ 1 root root 64 Jan 25 03:22 215 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 216 -> 'anon_inode:[eventpoll]'
lr-x------ 1 root root 64 Jan 25 02:35 22 -> '/system/framework/miuisdk@boot.jar'
lr-x------ 1 root root 64 Jan 25 02:35 23 -> '/system/framework/miuisystemsdk@boot.jar'
l-wx------ 1 root root 64 Jan 25 03:22 235 -> /data/data/com.che168.autotradercloud/crashsdk/tags/DUOLCREDARTOTUA0861EHC0MOC.ss
lr-x------ 1 root root 64 Jan 25 02:35 24 -> /system/framework/android.test.base.jar
lrwx------ 1 root root 64 Jan 25 03:22 242 -> 'socket:[1201564]'=
lrwx------ 1 root root 64 Jan 25 03:22 243 -> 'socket:[1201566]'=
lr-x------ 1 root root 64 Jan 25 02:35 25 -> /system/framework/telephony-ext.jar
lr-x------ 1 root root 64 Jan 25 02:35 26 -> /system/framework/tcmiface.jar
lr-x------ 1 root root 64 Jan 25 02:35 27 -> /system/framework/QPerformance.jar
lr-x------ 1 root root 64 Jan 25 02:35 28 -> /system/framework/UxPerformance.jar
lr-x------ 1 root root 64 Jan 25 02:35 29 -> /system/framework/WfdCommon.jar
lrwx------ 1 root root 64 Jan 25 02:35 3 -> 'anon_inode:[eventfd]'
lr-x------ 1 root root 64 Jan 25 02:35 30 -> /apex/com.android.conscrypt/javalib/conscrypt.jar
lr-x------ 1 root root 64 Jan 25 02:35 31 -> /apex/com.android.media/javalib/updatable-media.jar
lr-x------ 1 root root 64 Jan 25 02:35 32 -> /system/framework/framework-res.apk
lr-x------ 1 root root 64 Jan 25 02:35 33 -> /vendor/overlay/FrameworksResCommon.apk
lr-x------ 1 root root 64 Jan 25 02:35 34 -> /vendor/overlay/DevicesAndroidOverlay.apk
lr-x------ 1 root root 64 Jan 25 02:35 35 -> /system/framework/framework-ext-res/framework-ext-res.apk
lr-x------ 1 root root 64 Jan 25 02:35 36 -> /system/app/miuisystem/miuisystem.apk
lr-x------ 1 root root 64 Jan 25 02:35 37 -> /system/app/miui/miui.apk
lrwx------ 1 root root 64 Jan 25 02:35 38 -> /dev/null
lrwx------ 1 root root 64 Jan 25 02:35 4 -> 'socket:[1175500]'=
l-wx------ 1 root root 64 Jan 25 02:35 40 -> /dev/pmsg0
lrwx------ 1 root root 64 Jan 25 02:35 45 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 46 -> /dev/binder
lr-x------ 1 root root 64 Jan 25 02:35 49 -> /proc/18899/task/18899/delay
l-wx------ 1 root root 64 Jan 25 02:35 5 -> /sys/kernel/debug/tracing/trace_marker
lr-x------ 1 root root 64 Jan 25 03:22 50 -> /system/media/theme/default/icons
lr-x------ 1 root root 64 Jan 25 02:35 51 -> '/data/app/com.che168.autotradercloud-LTGEbEGKyOrdPogMOL27SQ==/base.apk'
lr-x------ 1 root root 64 Jan 25 02:35 52 -> /vendor/overlay/GestureLineOverlay.apk
lrwx------ 1 root root 64 Jan 25 02:35 53 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 54 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 55 -> /dev/ashmem
lrwx------ 1 root root 64 Jan 25 03:22 57 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 58 -> 'anon_inode:[eventpoll]'
lr-x------ 1 root root 64 Jan 25 03:22 59 -> anon_inode:inotify
lrwx------ 1 root root 64 Jan 25 02:35 6 -> /dev/null
lrwx------ 1 root root 64 Jan 25 03:22 60 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 61 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 62 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 63 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 64 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 65 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 66 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 67 -> 'anon_inode:[eventpoll]'
lrwx------ 1 root root 64 Jan 25 03:22 68 -> /data/data/com.che168.autotradercloud/shared_prefs/sp_replace_flag.sp
lrwx------ 1 root root 64 Jan 25 03:22 69 -> /data/data/com.che168.autotradercloud/shared_prefs/itconfig.sp
lrwx------ 1 root root 64 Jan 25 02:35 7 -> /dev/null
lrwx------ 1 root root 64 Jan 25 03:22 70 -> 'anon_inode:[eventfd]'
lr-x------ 1 root root 64 Jan 25 03:22 71 -> /dev/null
lrwx------ 1 root root 64 Jan 25 03:22 72 -> 'anon_inode:[eventpoll]'
lr-x------ 1 root root 64 Jan 25 03:22 73 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 74 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 75 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 76 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 77 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 78 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 79 -> /dev/null
lrwx------ 1 root root 64 Jan 25 02:35 8 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 80 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 81 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 82 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 83 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 84 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 85 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 86 -> /dev/null
lrwx------ 1 root root 64 Jan 25 03:22 87 -> 'anon_inode:[eventfd]'
lrwx------ 1 root root 64 Jan 25 03:22 88 -> 'anon_inode:[eventpoll]'
lr-x------ 1 root root 64 Jan 25 02:35 89 -> 'pipe:[1201495]'|
lr-x------ 1 root root 64 Jan 25 02:35 9 -> /apex/com.android.runtime/javalib/core-oj.jar
l-wx------ 1 root root 64 Jan 25 03:22 90 -> 'pipe:[1201495]'|
lr-x------ 1 root root 64 Jan 25 03:22 91 -> 'pipe:[1201496]'|
l-wx------ 1 root root 64 Jan 25 03:22 92 -> 'pipe:[1201496]'|
lrwx------ 1 root root 64 Jan 25 03:22 94 -> 'socket:[1233410]'=
lr-x------ 1 root root 64 Jan 25 03:22 95 -> /dev/null
lrwx------ 1 root root 64 Jan 25 03:22 96 -> 'anon_inode:[eventfd]'
lr-x------ 1 root root 64 Jan 25 03:22 97 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 98 -> /dev/null
lr-x------ 1 root root 64 Jan 25 03:22 99 -> /dev/null
通过文本的比较网站的对比, 基本没有找出什么比较明显的差异.
https://tool.chinaz.com/tools/diff
就是这个网站比较了一些差异.
没有找到 2022年10月下旬讲课中出现的特征字符串,可能是 firda 14.6.28 出现的特征, 但是在16.1.3中并没有出现这个特征.
7, /data/local/tmp/re.frida.server 目录下面通过对比i, 1613 已经没有了这个特征.
已经不存在这个释放的文件, 比如. 释放一些 UUID的 等等的特征,但是现在是没有了. 这个版本的frida 把这个名字进行了相应的修改了. 把frida相关的字眼去除掉.
=====
如果的名字太规则,那么我也可以检测到, 我也认为这是 frida 相关的字眼, 只要检测这个路径里面的什么什么东西,我就直接让他绕过. 就说他不存在. 配合一些像 Frida的一些脚本.
配合中, frida-server 葫芦娃的 脚本 + hook的脚本, 基本配合可以使用, 但是最新的是否可以.? 等待测试才会知道.
不要使用最新版本, 使用14.2.18 . 下载 葫芦娃 魔该版本.
剩下8个,没有观看 . 直接.... 特别关注的位置, 就需要多多测试, 明天,就结束了我的课程的学习, 把这些的案例,彻底构建一遍, 让自己更加明白出现了什么情况!!!!!
day41, Frida 检测为唯品会. . . . . . . . . . . . . 04:57 休息. 明天早上把礼物送给一楼, 李哥, 问一下是否有听到了干扰的声音.
1, 空调的外部的机器的噪音
2, 晚上走动的声音.
3, 我昨晚昨晚休息时间大约在4点休息.
4, 不是在家里耍电脑 ,是 学习编程转业, 最早在跑外卖,送快递,觉得没有前途.所以还是爬到知识上面来搞搞..
到达7点才睡觉--------------------->
=========> 聆听, 母亲的态度, 和 父亲的态度, 内心不会平静. 总是有波澜起伏的. . . . .
==========> 姜哥的历史分析 . 最后的哪个几句话. . . . . .
=============> 微信公众号,上面的收集的, 一些红包封面---> 粽子中的熊猫的logo,
==============> 获取 deepseek的api, 在手机上,或者在 其他的地方. -------> 网页端的---> 接口.-------->
2个小时, 1, 观看了, 收集 ---------> 熊猫的简笔画 , 一些的包装的. 制作.
14:00 起来
先洗头, 去检查, 头屑,和头部皮肤的健康, 果然比以前好了.
面见姜哥, 我进城, 有需要带的什么东西不. ==> 口腔检查, 是免费的. 照片是200 起步,照片,使用材料去照. ++++> 口腔中的牙槽磨损有点严重,是不是常常吃坚硬的东西 ? 少吃点, 四川大学的, 抗过敏的牙膏可以用用.
===> 有人说我的 成立的 业委会 是 多此一举, 是不是有什么企图, (没有业委会我们过的也很舒服.), 有了业委会, (一盘散沙, 需要凝固, 我们是一个团体, 需要的是团结, 是非的不分的人,总是多, 1000多户的人, 各种个样的不同.在疫情时候, 当你的权利被人剥离时候, 生死都在别人手上! 你凭什么? 第二, 没有眼界, 只有眼前,看不到远处. ... 如果哦还有一个可以开放另外一个通道不会拥挤. . . . . . . . 老曾, 直接说了一个, 你为什么会把复兴 带到这个团体厘米来 , 这样反而会破坏他原来的生活. 原来的生活..... 虽然没有明确的说, 但是,我觉得是传递到那么一个意思. 所以, 我还记得,昨天晚上, 大约在 1月24号夜间, 姜哥请我吃了一个红薯, 我都记得,那个是多么的好吃. . . . . . . . . )
====> 做人,需要有立场,不对的人,是需要反驳的, 维护自己的团体, 维护人心的凝聚. . . . . . . . . . . .. . . . ..
==> 忘记了, 和人之间做事, 多么的让人觉得不会, , , ,, , , , , , , , , 珍惜, 对待人, 对待事, 需要有 敬畏之心.. . . . . . . . . . . . . . . . . . . . .. .