github.com/hluwa/FRIDA-DEXDump ↗

About hluwa/FRIDA-DEXDump

FRIDA-DEXDump is a Python-based tool that leverages the Frida dynamic instrumentation framework to locate and extract DEX files from Android application memory. It's designed to assist security engineers and malware analysts in examining Android apps by dumping DEX bytecode that may be loaded dynamically at runtime.

The tool supports fuzzy searching for DEX files with broken or malformed headers through its deep search mode, enabling discovery of obfuscated or damaged bytecode. It works across all Android versions that Frida supports and requires no system modifications, making it straightforward to install and deploy. The command-line interface follows Frida's conventions, allowing users to either dump the currently running foreground application or spawn a specific app for analysis.

The project includes specialized options like the deep-search flag which provides more comprehensive results at the cost of increased processing time. Development and usage are straightforward with standard Python requirements, and the tool can be built and extended by developers working with the Frida ecosystem.