1. Built-in method
In the Android system, the pre-compiled so or executable program can use the Android.mk configuration module method or use the RODUCT_COPY_FILES provided in the source code to copy.
The precompiled script in Android.mk can refer to the instructions in the previous chapter.
PRODUCT_COPY_FILES:
You can use PRODUCT_COPY_FILES to pre-copy files and directories in the Android source code. The following is an example of how to use it:
RODUCT_COPY_FILES += \vendor/lineage/prebuilt/common/bin/backuptool.sh:install/bin/backuptool.sh \vendor/lineage/prebuilt/common/bin/backuptool.functions:install/bin/backuptool.functions \vendor/lineage/prebuilt/common/bin/50-lineage.sh:$(TARGET_COPY_OUT_SYSTEM)/addon.d/50-lineage.sh
In this article, we plan to use the Android.mk file "include $(BUILD_PREBUILT)" to build frida-server, and use PRODUCT_COPY_FILES to build frida-gadget arm and arm64 platform dynamic libraries into the system.
Two, start built-in
2.1 Prepare material and source code storage directory
Download frida-server executable program (because mine is a 64-bit system, only arm64 is considered) and frida-gadget dynamic library (arm arm64) from the official website. Create the file path framework/base/cmds/mycmds in the source code, and copy the file to this directory. As follows:
qiang@ubuntu:~/lineageOs$ mkdir -p frameworks/base/cmds/mycmdsqiang@ubuntu:~/lineageOs$ cd frameworks/base/cmds/mycmds/qiang@ubuntu:~/lineageOs/frameworks/base/cmds/mycmds$ ls -latotal 74412drwxrwxr-x 2 qiang qiang 4096 1月 3 03:03 .drwxrwxr-x 36 qiang qiang 4096 1月 2 05:59 ..-rwxrw-rw- 1 qiang qiang 20162208 1月 2 05:56 libmyfridagadgetarm64.so-rwxrw-rw- 1 qiang qiang 14677128 1月 2 05:56 libmyfridagadgetarm.so-rwxrw-rw- 1 qiang qiang 41338528 1月 2 05:38 myfridaserverarm64
2.2 Built-in frida-gadget dynamic library
Search for the place where PRODUCT_COPY_FILES is used in the source code, and find a place that is best used regardless of specific equipment. Here I choose to add it in the build/make/target/product/handheld_system.mk file. Add the following content to the file to complete the copying of the frida-gadget dynamic library.
# ///ADD STARTPRODUCT_COPY_FILES += \frameworks/base/cmds/mycmds/libmyfridagadgetarm.so:$(TARGET_COPY_OUT_SYSTEM)/lib/libmygadget.so \frameworks/base/cmds/mycmds/libmyfridagadgetarm64.so:$(TARGET_COPY_OUT_SYSTEM)/lib64/libmygadget.so# ///ADD END
2.3 Built-in frida-server executable file
In the above framework/base/cmds/mycmds folder, add Android.mk to realize the built-in work of frida-server. The contents of Android.mk are as follows:
#///ADD START#///ADD ENDLOCAL_PATH:= $(call my-dir)include $(CLEAR_VARS)LOCAL_MODULE := myfridaserverarm64LOCAL_MODULE_CLASS := EXECUTABLESLOCAL_SRC_FILES := myfridaserverarm64include $(BUILD_PREBUILT)
After the frida-server compilation module Android.mk file is created, add the myfridaserverarm64 module to the PRODUCT_PACKAGES in build/make/target/product/base_system.mk
Compile the file chain. After joining, PRODUCT_PACKAGES is as follows:
#///ADD START# add frida server to system#///ADD END# Base modules and settings for the system partition.PRODUCT_PACKAGES += \myfridaserverarm64 \abb \adbd \am \...(此处省略)
Three, compile and flash test
source build/envsetup.shbreakfast oneplus3brunch oneplus3
Follow the WeChat public account and get updated content in time 
:
