SlideShare a Scribd company logo

Pentesting Android Apps using Frida (Beginners)

Download as PPTX, PDF
C
Chandrapal Badshah

This document discusses using Frida, a dynamic instrumentation toolkit, to bypass security defenses in Android apps. It provides an introduction to Frida and how it works, describes common Android app defenses like anti-debugging and anti-emulation checks, and demonstrates how to use Frida to bypass some of these defenses through code injection and interception. The document contains code examples and promises a demo of using Frida to monitor and intercept methods in an Android app in real-time.

Technology
1 of 36
Pentesting Android Apps using Frida (Beginner level)
Some other titles Instrumentation at the age of obfuscation Pentesting Android Apps using Dynamic Binary Instrumentation It’s a secure Android app ! Let’s hook it up
Agenda - Introduction to Frida - Android app basics - Android app defences - Using Frida to bypass basic defences - Demo
What is Frida ? Dynamic instrumentation toolkit for developers, reverse- engineers, and security researchers.
What is Frida ? Dynamic instrumentation toolkit for developers, reverse- engineers, and security researchers.
What is Dynamic Instrumentation ? Ability to monitor or measure the level of a product's performance, to diagnose errors and to write trace information. Includes code tracing, debugging, profiling, etc
What is Dynamic Instrumentation ? Ability to monitor or measure the level of a product's performance, to diagnose errors and to write trace information. Includes code tracing, debugging, profiling, etc
Finally, What is Frida ? Frida is a toolkit which can be used to monitor / debug a process (app at runtime)
Frida - More than an instrumentation framework. - Injects scripts into processes. Only JavaScript - Portable. Multi-platform support. - Windows / Linux / Mac - Android / iOS - Bindings in multiple languages - NodeJS - Python - Swift bindings - .NET bindings - C API - Free. Complete code on GitHub
How does it work ? Version of server and client should match. Select the correct architecture.
Modes of Operation - Injected - Spawn an existing program (create and execute child process) - Attach/Hooking to running program - Hijack a process when its spawned - Requires Root/Admin priv - Embedded - Useful in non-jailbroken iOS / non-root Android - Preloaded
Frida Toolkit - frida : CLI tool - frida-discover : Tool to discover internal functions - frida-kill : Tool to kill processes - frida-ls-devices : Tool to list attached devices - frida-ps : CLI tool to list processes (useful for remote systems) - frida-trace : Tool for dynamically tracing function calls
Why do we need another debugger ? - More than a debugger - Apart from setting breakpoints, it helps injecting code - From security perspective, apps have been checking for the presence of debuggers since a long time. Mainly GDB “GDB in 2018 is prevented in 2018 different funny ways with different funny tricks” - Best suited for Android apps due to disadvantages in previous instrumentation framework - Xposed. (Restart required for every code change)
Android App Basics - Android apps were traditionally developed using Java, now moving to Kotlin - Each app runs as a user (user level isolation) - Activity - onCreate - initialization function - Compile it. Requires it to be signed. - Android had been using Dalvik VM, but now they are moving to Android RunTime (ART)
Java example
Java example Output: Good Morning, Null Comrades
Frida for Android
Frida Useful commands frida-ps -U frida -U com.target.app --no-pause frida -U -l ssl-pinning.js -f com.target.app --no-pause frida -U -c pcipolloni/universal-android-ssl-pinning-bypass-with-frida -f com.target.app --no-pause
DEMO #1
Frida Template for Android - JavaScript Java.perform(function() { Java.enumerateLoadedClasses({ "onMatch":function(className){ if(className.includes("badshah")) { console.log(className) } }, "onComplete":function(){} } )})
Frida common API Java.use("android.util.Log") - Uses that particular class .implementation - Overrides the default implementation .overload - When polymorphism is used, this can be really useful
Android App Defences There are multiple defences that Android developers use to protect their apps from attackers. They include: - Security through Obscurity - Anti Emulation / Anti-VM checks - Anti-Debug checks - Root check - SSL Pinning - Tamper detection - Obfuscation - Packers
Android App Defences There are multiple defences that Android developers use to protect their apps from attackers. They include: - Security through Obscurity - Anti Emulation / Anti-VM checks - Anti-Debug checks - Root check - SSL Pinning - Tamper detection - Obfuscation - Packers
Security Through Obscurity - Hardcoded passwords are not very popular - Trend is Base64 encoded / Character / Buffer array - Even store in .so (shared object) files
Scenario: FTPConnector(pwd()) pwd() Internet
Code
DEMO #2
Anti Emulation / Anti-VM checks Find more at: https://github.com/CalebFenton/AndroidEmulatorDetect/blob/master/app/src/main/java/org/cf/emulatordetect/Detector.java
Scenario Sensitive Action Non-Sensitive Action StartAction() CheckVM() NOT VM VM
Code
DEMO #3
Anti Debug Check Change the command - as per root detection in Frida codeshare
Scenario Sensitive Action Non-Sensitive Action StartAction() CheckDebug() NO DEBUG DEBUG
Code
DEMO #4
THE END

Recommended

Introduction to Frida
Introduction to FridaIntroduction to Frida
Introduction to Frida
AbhishekJaiswal270
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 Android
Tony Thomas
 
DBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse EngineeringDBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse Engineering
Sahil Dhar
 
Hacking with frida
Hacking with fridaHacking with frida
Hacking with frida
n|u - The Open Security Community
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed Adam
Mohammed Adam
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
Subho Halder
 
Android security
Android securityAndroid security
Android security
Mobile Rtpl
 

Recommended

Introduction to Frida
Introduction to FridaIntroduction to Frida
Introduction to Frida
AbhishekJaiswal270
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 Android
Tony Thomas
 
DBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse EngineeringDBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse Engineering
Sahil Dhar
 
Hacking with frida
Hacking with fridaHacking with frida
Hacking with frida
n|u - The Open Security Community
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed Adam
Mohammed Adam
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
Subho Halder
 
Android security
Android securityAndroid security
Android security
Mobile Rtpl
 
Android Things : Building Embedded Devices
Android Things : Building Embedded DevicesAndroid Things : Building Embedded Devices
Android Things : Building Embedded Devices
Emertxe Information Technologies Pvt Ltd
 
Android Internals
Android InternalsAndroid Internals
Android Internals
Opersys inc.
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
Abdelhamid Limami
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
n|u - The Open Security Community
 
Inter-process communication of Android
Inter-process communication of AndroidInter-process communication of Android
Inter-process communication of Android
Tetsuyuki Kobayashi
 
Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time Optimization
Kan-Ru Chen
 
Android Security
Android SecurityAndroid Security
Android Security
Suminda Gunawardhana
 
Embedded Android Workshop with Pie
Embedded Android Workshop with PieEmbedded Android Workshop with Pie
Embedded Android Workshop with Pie
Opersys inc.
 
Android's HIDL: Treble in the HAL
Android's HIDL: Treble in the HALAndroid's HIDL: Treble in the HAL
Android's HIDL: Treble in the HAL
Opersys inc.
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application Security
Egor Tolstoy
 
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Opersys inc.
 
Android's Multimedia Framework
Android's Multimedia FrameworkAndroid's Multimedia Framework
Android's Multimedia Framework
Opersys inc.
 
Implementing generic JNI hardware control for Kotlin based app on AOSP
Implementing generic JNI hardware control for Kotlin based app on AOSPImplementing generic JNI hardware control for Kotlin based app on AOSP
Implementing generic JNI hardware control for Kotlin based app on AOSP
Cheng Wig
 
Android Security
Android SecurityAndroid Security
Android Security
Arqum Ahmad
 
Understanding the Android System Server
Understanding the Android System ServerUnderstanding the Android System Server
Understanding the Android System Server
Opersys inc.
 
Q4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsQ4.11: Porting Android to new Platforms
Q4.11: Porting Android to new Platforms
Linaro
 
Embedded Android : System Development - Part II (HAL)
Embedded Android : System Development - Part II (HAL)Embedded Android : System Development - Part II (HAL)
Embedded Android : System Development - Part II (HAL)
Emertxe Information Technologies Pvt Ltd
 
基于 FRIDA 的全平台逆向分析
基于 FRIDA 的全平台逆向分析基于 FRIDA 的全平台逆向分析
基于 FRIDA 的全平台逆向分析
CC
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with Falco
Michael Ducy
 
Android is NOT just 'Java on Linux'
Android is NOT just 'Java on Linux'Android is NOT just 'Java on Linux'
Android is NOT just 'Java on Linux'
Tetsuyuki Kobayashi
 
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Romansh Yadav
 
Android's security architecture
Android's security architectureAndroid's security architecture
Android's security architecture
Ofer Rivlin, CISSP
 

More Related Content

What's hot

Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time Optimization
Kan-Ru Chen
 
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Opersys inc.
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with Falco
Michael Ducy
 

What's hot (20)

Android Things : Building Embedded Devices
Android Things : Building Embedded DevicesAndroid Things : Building Embedded Devices
Android Things : Building Embedded Devices
 
Android Internals
Android InternalsAndroid Internals
Android Internals
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
Inter-process communication of Android
Inter-process communication of AndroidInter-process communication of Android
Inter-process communication of Android
 
Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time Optimization
 
Android Security
Android SecurityAndroid Security
Android Security
 
Embedded Android Workshop with Pie
Embedded Android Workshop with PieEmbedded Android Workshop with Pie
Embedded Android Workshop with Pie
 
Android's HIDL: Treble in the HAL
Android's HIDL: Treble in the HALAndroid's HIDL: Treble in the HAL
Android's HIDL: Treble in the HAL
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application Security
 
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
 
Android's Multimedia Framework
Android's Multimedia FrameworkAndroid's Multimedia Framework
Android's Multimedia Framework
 
Implementing generic JNI hardware control for Kotlin based app on AOSP
Implementing generic JNI hardware control for Kotlin based app on AOSPImplementing generic JNI hardware control for Kotlin based app on AOSP
Implementing generic JNI hardware control for Kotlin based app on AOSP
 
Android Security
Android SecurityAndroid Security
Android Security
 
Understanding the Android System Server
Understanding the Android System ServerUnderstanding the Android System Server
Understanding the Android System Server
 
Q4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsQ4.11: Porting Android to new Platforms
Q4.11: Porting Android to new Platforms
 
Embedded Android : System Development - Part II (HAL)
Embedded Android : System Development - Part II (HAL)Embedded Android : System Development - Part II (HAL)
Embedded Android : System Development - Part II (HAL)
 
基于 FRIDA 的全平台逆向分析
基于 FRIDA 的全平台逆向分析基于 FRIDA 的全平台逆向分析
基于 FRIDA 的全平台逆向分析
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with Falco
 
Android is NOT just 'Java on Linux'
Android is NOT just 'Java on Linux'Android is NOT just 'Java on Linux'
Android is NOT just 'Java on Linux'
 

Similar to Pentesting Android Apps using Frida (Beginners)

ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Androi...
ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Androi...ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Androi...
ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Androi...
Priyanka Aash
 
Android Internals (This is not the droid you’re loking for...)
Android Internals (This is not the droid you’re loking for...)Android Internals (This is not the droid you’re loking for...)
Android Internals (This is not the droid you’re loking for...)
Giacomo Bergami
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
Stephan Chenette
 

Similar to Pentesting Android Apps using Frida (Beginners) (20)

Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
 
Android's security architecture
Android's security architectureAndroid's security architecture
Android's security architecture
 
MOBILE PENTESTING Frida.pdf
MOBILE PENTESTING Frida.pdfMOBILE PENTESTING Frida.pdf
MOBILE PENTESTING Frida.pdf
 
MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android Apps
 
Pwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreakPwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreak
 
Outsmarting smartphones
Outsmarting smartphonesOutsmarting smartphones
Outsmarting smartphones
 
Hybrid HTML5 Apps
Hybrid HTML5 AppsHybrid HTML5 Apps
Hybrid HTML5 Apps
 
ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Androi...
ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Androi...ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Androi...
ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Androi...
 
Android Programming made easy
Android Programming made easyAndroid Programming made easy
Android Programming made easy
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
 
Getting started with android
Getting started with androidGetting started with android
Getting started with android
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentesting
 
Mind the gap
Mind the gapMind the gap
Mind the gap
 
Introduction to Android Development Part 1
Introduction to Android Development Part 1Introduction to Android Development Part 1
Introduction to Android Development Part 1
 
Android Internals (This is not the droid you’re loking for...)
Android Internals (This is not the droid you’re loking for...)Android Internals (This is not the droid you’re loking for...)
Android Internals (This is not the droid you’re loking for...)
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
 
Module-I_Introduction-to-Android.pptx
Module-I_Introduction-to-Android.pptxModule-I_Introduction-to-Android.pptx
Module-I_Introduction-to-Android.pptx
 
Building Android games using LibGDX
Building Android games using LibGDXBuilding Android games using LibGDX
Building Android games using LibGDX
 
Intro to Building Android Games using libGDX
Intro to Building Android Games using libGDXIntro to Building Android Games using libGDX
Intro to Building Android Games using libGDX
 

More from Chandrapal Badshah

More from Chandrapal Badshah (11)

Dangling DNS records takeover at scale
Dangling DNS records takeover at scaleDangling DNS records takeover at scale
Dangling DNS records takeover at scale
 
Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)
 
How to get started in InfoSec ?
How to get started in InfoSec ?How to get started in InfoSec ?
How to get started in InfoSec ?
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
 
OSINT Mindset to protect your Organization
OSINT Mindset to protect your OrganizationOSINT Mindset to protect your Organization
OSINT Mindset to protect your Organization
 
Solving OWASP MSTG CrackMe using Frida
Solving OWASP MSTG CrackMe using FridaSolving OWASP MSTG CrackMe using Frida
Solving OWASP MSTG CrackMe using Frida
 
OWASP Serverless Top 10
OWASP Serverless Top 10OWASP Serverless Top 10
OWASP Serverless Top 10
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
 
pwnd.sh
pwnd.shpwnd.sh
pwnd.sh
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
 

Recently uploaded

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Recently uploaded (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Pentesting Android Apps using Frida (Beginners)

  • 2. Some other titles Instrumentation at the age of obfuscation Pentesting Android Apps using Dynamic Binary Instrumentation It’s a secure Android app ! Let’s hook it up
  • 3. Agenda - Introduction to Frida - Android app basics - Android app defences - Using Frida to bypass basic defences - Demo
  • 4. What is Frida ? Dynamic instrumentation toolkit for developers, reverse- engineers, and security researchers.
  • 5. What is Frida ? Dynamic instrumentation toolkit for developers, reverse- engineers, and security researchers.
  • 6. What is Dynamic Instrumentation ? Ability to monitor or measure the level of a product's performance, to diagnose errors and to write trace information. Includes code tracing, debugging, profiling, etc
  • 7. What is Dynamic Instrumentation ? Ability to monitor or measure the level of a product's performance, to diagnose errors and to write trace information. Includes code tracing, debugging, profiling, etc
  • 8. Finally, What is Frida ? Frida is a toolkit which can be used to monitor / debug a process (app at runtime)
  • 9. Frida - More than an instrumentation framework. - Injects scripts into processes. Only JavaScript - Portable. Multi-platform support. - Windows / Linux / Mac - Android / iOS - Bindings in multiple languages - NodeJS - Python - Swift bindings - .NET bindings - C API - Free. Complete code on GitHub
  • 10. How does it work ? Version of server and client should match. Select the correct architecture.
  • 11. Modes of Operation - Injected - Spawn an existing program (create and execute child process) - Attach/Hooking to running program - Hijack a process when its spawned - Requires Root/Admin priv - Embedded - Useful in non-jailbroken iOS / non-root Android - Preloaded
  • 12. Frida Toolkit - frida : CLI tool - frida-discover : Tool to discover internal functions - frida-kill : Tool to kill processes - frida-ls-devices : Tool to list attached devices - frida-ps : CLI tool to list processes (useful for remote systems) - frida-trace : Tool for dynamically tracing function calls
  • 13. Why do we need another debugger ? - More than a debugger - Apart from setting breakpoints, it helps injecting code - From security perspective, apps have been checking for the presence of debuggers since a long time. Mainly GDB “GDB in 2018 is prevented in 2018 different funny ways with different funny tricks” - Best suited for Android apps due to disadvantages in previous instrumentation framework - Xposed. (Restart required for every code change)
  • 14. Android App Basics - Android apps were traditionally developed using Java, now moving to Kotlin - Each app runs as a user (user level isolation) - Activity - onCreate - initialization function - Compile it. Requires it to be signed. - Android had been using Dalvik VM, but now they are moving to Android RunTime (ART)
  • 16. Java example Output: Good Morning, Null Comrades
  • 18. Frida Useful commands frida-ps -U frida -U com.target.app --no-pause frida -U -l ssl-pinning.js -f com.target.app --no-pause frida -U -c pcipolloni/universal-android-ssl-pinning-bypass-with-frida -f com.target.app --no-pause
  • 20. Frida Template for Android - JavaScript Java.perform(function() { Java.enumerateLoadedClasses({ "onMatch":function(className){ if(className.includes("badshah")) { console.log(className) } }, "onComplete":function(){} } )})
  • 21. Frida common API Java.use("android.util.Log") - Uses that particular class .implementation - Overrides the default implementation .overload - When polymorphism is used, this can be really useful
  • 22. Android App Defences There are multiple defences that Android developers use to protect their apps from attackers. They include: - Security through Obscurity - Anti Emulation / Anti-VM checks - Anti-Debug checks - Root check - SSL Pinning - Tamper detection - Obfuscation - Packers
  • 23. Android App Defences There are multiple defences that Android developers use to protect their apps from attackers. They include: - Security through Obscurity - Anti Emulation / Anti-VM checks - Anti-Debug checks - Root check - SSL Pinning - Tamper detection - Obfuscation - Packers
  • 24. Security Through Obscurity - Hardcoded passwords are not very popular - Trend is Base64 encoded / Character / Buffer array - Even store in .so (shared object) files
  • 26. Code
  • 28. Anti Emulation / Anti-VM checks Find more at: https://github.com/CalebFenton/AndroidEmulatorDetect/blob/master/app/src/main/java/org/cf/emulatordetect/Detector.java
  • 30. Code
  • 32. Anti Debug Check Change the command - as per root detection in Frida codeshare
  • 34. Code