Ajeossida (아저씨다)

Frida with patches that definitively fix basic detection points on Android and iOS.
Unfortunately, I discovered that the patches in several custom Frida builds for bypassing detections are incomplete and still detectable.
For example, frida_agent_main in memory and the gum-js-loop thread name.
Therefore, I created a Python build script to address these issues.

Since this is a manual patch that doesn't automatically follow the Frida upstream,
I will occasionally build it, verify that the patch works properly, and then release it.

Patches

• Android

• No frida_agent_main in memory
  

• No gum-js-loop, gmain, gdbus, frida-gadget thread name in /proc/<pid>/task/<thread_id>/status
  

• No libfrida-agent-raw.so in linker's so list

• No libc hooking
  

• iOS

• No frida_agent_main in memory
  

• No gum-js-loop, gmain, gdbus, pool-frida, pool-spawner thread name
  

• No /usr/lib/frida/

• No exit, abort, task_threads hooking
  

Run

• MacOS
  Output: server, gadget (Android, iOS)
  python3 main_macos.py

• Ubuntu 22.04
  Output: server, gagdet (Android)
  python3 main_ubuntu.py

MagiskAjeossida

• A magisk module that automatically runs ajeossida-server on boot.
• To run it in remote mode, use the following command. It will listen on 0.0.0.0:45678.
  adb shell "su -c sed -i 's/REMOTE=0/REMOTE=1/' /data/adb/modules/magisk_ajeossida/service.sh"
• You can attach Frida to a pairipcore protected app using this module.
  However, the app will crash after a few seconds. Bypassing the crash is up to you. (Spawning the app also causes it to crash)

Contact

• Channel: https://t.me/hackcatml1
• Chat: https://t.me/hackcatmlchat

References

• strongR-frida-android
  
• Florida
• magisk-frida