Pentesting Android Apps using Frida (Beginners)

C
Chandrapal Badshah
Pentesting Android Apps using Frida (Beginner level)
Some other titles Instrumentation at the age of obfuscation Pentesting Android Apps using Dynamic Binary Instrumentation It’s a secure Android app ! Let’s hook it up
Agenda - Introduction to Frida - Android app basics - Android app defences - Using Frida to bypass basic defences - Demo
What is Frida ? Dynamic instrumentation toolkit for developers, reverse- engineers, and security researchers.
What is Frida ? Dynamic instrumentation toolkit for developers, reverse- engineers, and security researchers.
What is Dynamic Instrumentation ? Ability to monitor or measure the level of a product's performance, to diagnose errors and to write trace information. Includes code tracing, debugging, profiling, etc
What is Dynamic Instrumentation ? Ability to monitor or measure the level of a product's performance, to diagnose errors and to write trace information. Includes code tracing, debugging, profiling, etc
Finally, What is Frida ? Frida is a toolkit which can be used to monitor / debug a process (app at runtime)
Frida - More than an instrumentation framework. - Injects scripts into processes. Only JavaScript - Portable. Multi-platform support. - Windows / Linux / Mac - Android / iOS - Bindings in multiple languages - NodeJS - Python - Swift bindings - .NET bindings - C API - Free. Complete code on GitHub
How does it work ? Version of server and client should match. Select the correct architecture.
Modes of Operation - Injected - Spawn an existing program (create and execute child process) - Attach/Hooking to running program - Hijack a process when its spawned - Requires Root/Admin priv - Embedded - Useful in non-jailbroken iOS / non-root Android - Preloaded
Frida Toolkit - frida : CLI tool - frida-discover : Tool to discover internal functions - frida-kill : Tool to kill processes - frida-ls-devices : Tool to list attached devices - frida-ps : CLI tool to list processes (useful for remote systems) - frida-trace : Tool for dynamically tracing function calls
Why do we need another debugger ? - More than a debugger - Apart from setting breakpoints, it helps injecting code - From security perspective, apps have been checking for the presence of debuggers since a long time. Mainly GDB “GDB in 2018 is prevented in 2018 different funny ways with different funny tricks” - Best suited for Android apps due to disadvantages in previous instrumentation framework - Xposed. (Restart required for every code change)
Android App Basics - Android apps were traditionally developed using Java, now moving to Kotlin - Each app runs as a user (user level isolation) - Activity - onCreate - initialization function - Compile it. Requires it to be signed. - Android had been using Dalvik VM, but now they are moving to Android RunTime (ART)
Java example
Java example Output: Good Morning, Null Comrades
Frida for Android
Frida Useful commands frida-ps -U frida -U com.target.app --no-pause frida -U -l ssl-pinning.js -f com.target.app --no-pause frida -U -c pcipolloni/universal-android-ssl-pinning-bypass-with-frida -f com.target.app --no-pause
DEMO #1
Frida Template for Android - JavaScript Java.perform(function() { Java.enumerateLoadedClasses({ "onMatch":function(className){ if(className.includes("badshah")) { console.log(className) } }, "onComplete":function(){} } )})
Frida common API Java.use("android.util.Log") - Uses that particular class .implementation - Overrides the default implementation .overload - When polymorphism is used, this can be really useful
Android App Defences There are multiple defences that Android developers use to protect their apps from attackers. They include: - Security through Obscurity - Anti Emulation / Anti-VM checks - Anti-Debug checks - Root check - SSL Pinning - Tamper detection - Obfuscation - Packers
Android App Defences There are multiple defences that Android developers use to protect their apps from attackers. They include: - Security through Obscurity - Anti Emulation / Anti-VM checks - Anti-Debug checks - Root check - SSL Pinning - Tamper detection - Obfuscation - Packers
Security Through Obscurity - Hardcoded passwords are not very popular - Trend is Base64 encoded / Character / Buffer array - Even store in .so (shared object) files
Scenario: FTPConnector(pwd()) pwd() Internet
Code
DEMO #2
Anti Emulation / Anti-VM checks Find more at: https://github.com/CalebFenton/AndroidEmulatorDetect/blob/master/app/src/main/java/org/cf/emulatordetect/Detector.java
Scenario Sensitive Action Non-Sensitive Action StartAction() CheckVM() NOT VM VM
Code
DEMO #3
Anti Debug Check Change the command - as per root detection in Frida codeshare
Scenario Sensitive Action Non-Sensitive Action StartAction() CheckDebug() NO DEBUG DEBUG
Code
DEMO #4
THE END
1 of 36

Pentesting Android Apps using Frida (Beginners)

Download to read offline
Technology

Frida is an instrumentation framework which is greatly helpful for dynamic analysis. This presentation was a part of my talk at @Nullblr - https://null.co.in/event_sessions/2039-getting-started-with-frida-on-android-apps

C
Chandrapal Badshah

Recommended

Introduction to Frida by
Introduction to FridaIntroduction to Frida
Introduction to FridaAbhishekJaiswal270
449 views32 slides
FRIDA 101 Android by
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 AndroidTony Thomas
1.2K views20 slides
Hacking with frida by
Hacking with fridaHacking with frida
Hacking with fridan|u - The Open Security Community
1.3K views9 slides
DBI-Assisted Android Application Reverse Engineering by
DBI-Assisted Android Application Reverse EngineeringDBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse EngineeringSahil Dhar
2.1K views35 slides
Mobile security part 1(Android Apps Pentesting)- Romansh yadav by
Mobile security part 1(Android Apps Pentesting)- Romansh yadavMobile security part 1(Android Apps Pentesting)- Romansh yadav
Mobile security part 1(Android Apps Pentesting)- Romansh yadavRomansh Yadav
820 views70 slides
Android pentesting by
Android pentestingAndroid pentesting
Android pentestingMykhailo Antonishyn
459 views33 slides

More Related Content

What's hot

Frida Android run time hooking - Bhargav Gajera & Vitthal Shinde by
Frida Android run time hooking - Bhargav Gajera & Vitthal ShindeFrida Android run time hooking - Bhargav Gajera & Vitthal Shinde
Frida Android run time hooking - Bhargav Gajera & Vitthal ShindeNSConclave
839 views29 slides
Pentesting Android Applications by
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
8.2K views36 slides
Frida - Objection Tool Usage by
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usagen|u - The Open Security Community
558 views12 slides
iOS Application Penetration Testing by
iOS Application Penetration TestingiOS Application Penetration Testing
iOS Application Penetration Testingn|u - The Open Security Community
3.9K views16 slides
Mobile Application Penetration Testing by
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration TestingBGA Cyber Security
6.9K views173 slides
Hacking and securing ios applications by
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
15K views46 slides

What's hot(20)

Frida Android run time hooking - Bhargav Gajera & Vitthal Shinde by NSConclave
Frida Android run time hooking - Bhargav Gajera & Vitthal ShindeFrida Android run time hooking - Bhargav Gajera & Vitthal Shinde
Frida Android run time hooking - Bhargav Gajera & Vitthal Shinde
NSConclave839 views
Pentesting Android Applications by Cláudio André
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André8.2K views
Frida - Objection Tool Usage by n|u - The Open Security Community
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
n|u - The Open Security Community558 views
iOS Application Penetration Testing by n|u - The Open Security Community
iOS Application Penetration TestingiOS Application Penetration Testing
iOS Application Penetration Testing
n|u - The Open Security Community3.9K views
Mobile Application Penetration Testing by BGA Cyber Security
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration Testing
BGA Cyber Security6.9K views
Hacking and securing ios applications by Satish b
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applications
Satish b15K views
Android application penetration testing by Roshan Kumar Gami
Android application penetration testingAndroid application penetration testing
Android application penetration testing
Roshan Kumar Gami59 views
Pwning mobile apps without root or jailbreak by Abraham Aranguren
Pwning mobile apps without root or jailbreakPwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreak
Abraham Aranguren12.2K views
Android pentesting the hackers-meetup by kunwaratul hax0r
Android pentesting the hackers-meetupAndroid pentesting the hackers-meetup
Android pentesting the hackers-meetup
kunwaratul hax0r577 views
Pentesting Android Apps by Abdelhamid Limami
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
Abdelhamid Limami923 views
Android security by Midhun P Gopi
Android securityAndroid security
Android security
Midhun P Gopi4.8K views
Android Security by Arqum Ahmad
Android SecurityAndroid Security
Android Security
Arqum Ahmad4.4K views
Android security by Mobile Rtpl
Android securityAndroid security
Android security
Mobile Rtpl1.9K views
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016 by Frans Rosén
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
Frans Rosén9.2K views
iOS Application Penetration Testing for Beginners by RyanISI
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
RyanISI8.5K views
Android reverse engineering: understanding third-party applications. OWASP EU... by Internet Security Auditors
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...
Internet Security Auditors3K views
Defending against Java Deserialization Vulnerabilities by Luca Carettoni
Defending against Java Deserialization Vulnerabilities Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization Vulnerabilities
Luca Carettoni18.4K views
mobile application security by -jyothish kumar sirigidi
mobile application securitymobile application security
mobile application security
-jyothish kumar sirigidi537 views
Android security and penetration testing | DIVA | Yogesh Ojha by Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
Yogesh Ojha394 views
Android Security by Lars Jacobs
Android SecurityAndroid Security
Android Security
Lars Jacobs4K views

Similar to Pentesting Android Apps using Frida (Beginners)

Null Dubai Humla_Romansh_Yadav_Android_app_pentesting by
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingRomansh Yadav
110 views55 slides
Android's security architecture by
Android's security architectureAndroid's security architecture
Android's security architectureOfer Rivlin, CISSP
178 views49 slides
MobSecCon 2015 - Dynamic Analysis of Android Apps by
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsRon Munitz
137 views30 slides
Outsmarting smartphones by
Outsmarting smartphonesOutsmarting smartphones
Outsmarting smartphonesSensePost
901 views33 slides
Hybrid HTML5 Apps by
Hybrid HTML5 AppsHybrid HTML5 Apps
Hybrid HTML5 AppsHugo Rodrigues
2.5K views78 slides
ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Androi... by
ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Androi...ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Androi...
ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Androi...Priyanka Aash
407 views19 slides

Similar to Pentesting Android Apps using Frida (Beginners)(20)

Null Dubai Humla_Romansh_Yadav_Android_app_pentesting by Romansh Yadav
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Romansh Yadav110 views
Android's security architecture by Ofer Rivlin, CISSP
Android's security architectureAndroid's security architecture
Android's security architecture
Ofer Rivlin, CISSP178 views
MobSecCon 2015 - Dynamic Analysis of Android Apps by Ron Munitz
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android Apps
Ron Munitz137 views
Outsmarting smartphones by SensePost
Outsmarting smartphonesOutsmarting smartphones
Outsmarting smartphones
SensePost901 views
Hybrid HTML5 Apps by Hugo Rodrigues
Hybrid HTML5 AppsHybrid HTML5 Apps
Hybrid HTML5 Apps
Hugo Rodrigues2.5K views
ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Androi... by Priyanka Aash
ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Androi...ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Androi...
ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Androi...
Priyanka Aash407 views
Android Programming made easy by Lars Vogel
Android Programming made easyAndroid Programming made easy
Android Programming made easy
Lars Vogel4.9K views
Null Mumbai Meet_Android Reverse Engineering by Samrat Das by nullowaspmumbai
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
nullowaspmumbai984 views
Getting started with android by Vandana Verma
Getting started with androidGetting started with android
Getting started with android
Vandana Verma57 views
Getting started with Android pentesting by Minali Arora
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentesting
Minali Arora340 views
Mind the gap by Pietro F. Maggi
Mind the gapMind the gap
Mind the gap
Pietro F. Maggi579 views
Introduction to Android Development Part 1 by Kainda Kiniel Daka
Introduction to Android Development Part 1Introduction to Android Development Part 1
Introduction to Android Development Part 1
Kainda Kiniel Daka674 views
Android Internals (This is not the droid you’re loking for...) by Giacomo Bergami
Android Internals (This is not the droid you’re loking for...)Android Internals (This is not the droid you’re loking for...)
Android Internals (This is not the droid you’re loking for...)
Giacomo Bergami3.8K views
Building Custom Android Malware BruCON 2013 by Stephan Chenette
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
Stephan Chenette7.5K views
Building Android games using LibGDX by Jussi Pohjolainen
Building Android games using LibGDXBuilding Android games using LibGDX
Building Android games using LibGDX
Jussi Pohjolainen2K views
Intro to Building Android Games using libGDX by Jussi Pohjolainen
Intro to Building Android Games using libGDXIntro to Building Android Games using libGDX
Intro to Building Android Games using libGDX
Jussi Pohjolainen2.9K views
Android Development in a Nutshell by Aleix Solé
Android Development in a NutshellAndroid Development in a Nutshell
Android Development in a Nutshell
Aleix Solé2.8K views
Begining Android Development by Hayi Nukman
Begining Android DevelopmentBegining Android Development
Begining Android Development
Hayi Nukman1.5K views
Extending Android's Platform Toolsuite by Opersys inc.
Extending Android's Platform ToolsuiteExtending Android's Platform Toolsuite
Extending Android's Platform Toolsuite
Opersys inc.1.1K views
Intro to android (gdays) by Omolara Adejuwon
Intro to android (gdays)Intro to android (gdays)
Intro to android (gdays)
Omolara Adejuwon598 views

More from Chandrapal Badshah

Dangling DNS records takeover at scale by
Dangling DNS records takeover at scaleDangling DNS records takeover at scale
Dangling DNS records takeover at scaleChandrapal Badshah
536 views25 slides
Detecting secrets in code committed to gitlab (in real time) by
Detecting secrets in code committed to gitlab (in real time)Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)Chandrapal Badshah
846 views28 slides
How to get started in InfoSec ? by
How to get started in InfoSec ?How to get started in InfoSec ?
How to get started in InfoSec ?Chandrapal Badshah
568 views31 slides
OSINT mindset to protect your organization - Null monthly meet version by
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionChandrapal Badshah
363 views52 slides
OSINT Mindset to protect your Organization by
OSINT Mindset to protect your OrganizationOSINT Mindset to protect your Organization
OSINT Mindset to protect your OrganizationChandrapal Badshah
118 views24 slides
Solving OWASP MSTG CrackMe using Frida by
Solving OWASP MSTG CrackMe using FridaSolving OWASP MSTG CrackMe using Frida
Solving OWASP MSTG CrackMe using FridaChandrapal Badshah
585 views20 slides

More from Chandrapal Badshah(11)

Dangling DNS records takeover at scale by Chandrapal Badshah
Dangling DNS records takeover at scaleDangling DNS records takeover at scale
Dangling DNS records takeover at scale
Chandrapal Badshah536 views
Detecting secrets in code committed to gitlab (in real time) by Chandrapal Badshah
Detecting secrets in code committed to gitlab (in real time)Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)
Chandrapal Badshah846 views
How to get started in InfoSec ? by Chandrapal Badshah
How to get started in InfoSec ?How to get started in InfoSec ?
How to get started in InfoSec ?
Chandrapal Badshah568 views
OSINT mindset to protect your organization - Null monthly meet version by Chandrapal Badshah
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
Chandrapal Badshah363 views
OSINT Mindset to protect your Organization by Chandrapal Badshah
OSINT Mindset to protect your OrganizationOSINT Mindset to protect your Organization
OSINT Mindset to protect your Organization
Chandrapal Badshah118 views
Solving OWASP MSTG CrackMe using Frida by Chandrapal Badshah
Solving OWASP MSTG CrackMe using FridaSolving OWASP MSTG CrackMe using Frida
Solving OWASP MSTG CrackMe using Frida
Chandrapal Badshah585 views
OWASP Serverless Top 10 by Chandrapal Badshah
OWASP Serverless Top 10OWASP Serverless Top 10
OWASP Serverless Top 10
Chandrapal Badshah1K views
Let’s hunt the target using OSINT by Chandrapal Badshah
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
Chandrapal Badshah1.2K views
pwnd.sh by Chandrapal Badshah
pwnd.shpwnd.sh
pwnd.sh
Chandrapal Badshah487 views
Web Application Firewall by Chandrapal Badshah
Web Application FirewallWeb Application Firewall
Web Application Firewall
Chandrapal Badshah3.4K views
Netcat - A Swiss Army Tool by Chandrapal Badshah
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
Chandrapal Badshah1.4K views

Recently uploaded

Generative AI: Shifting the AI Landscape by
Generative AI: Shifting the AI LandscapeGenerative AI: Shifting the AI Landscape
Generative AI: Shifting the AI LandscapeDeakin University
78 views55 slides
Netmera Presentation.pdf by
Netmera Presentation.pdfNetmera Presentation.pdf
Netmera Presentation.pdfMustafa Kuğu
22 views50 slides
"Package management in monorepos", Zoltan Kochan by
"Package management in monorepos", Zoltan Kochan"Package management in monorepos", Zoltan Kochan
"Package management in monorepos", Zoltan KochanFwdays
37 views18 slides
Choosing the Right Flutter App Development Company by
Choosing the Right Flutter App Development CompanyChoosing the Right Flutter App Development Company
Choosing the Right Flutter App Development CompanyFicode Technologies
13 views9 slides
Measuring User on the web with the core web vitals - by @theafolayan.pptx by
Measuring User on the web with the core web vitals - by @theafolayan.pptxMeasuring User on the web with the core web vitals - by @theafolayan.pptx
Measuring User on the web with the core web vitals - by @theafolayan.pptxOluwaseun Raphael Afolayan
14 views13 slides
The Role of Patterns in the Era of Large Language Models by
The Role of Patterns in the Era of Large Language ModelsThe Role of Patterns in the Era of Large Language Models
The Role of Patterns in the Era of Large Language ModelsYunyao Li
104 views65 slides

Recently uploaded(20)

Generative AI: Shifting the AI Landscape by Deakin University
Generative AI: Shifting the AI LandscapeGenerative AI: Shifting the AI Landscape
Generative AI: Shifting the AI Landscape
Deakin University78 views
Netmera Presentation.pdf by Mustafa Kuğu
Netmera Presentation.pdfNetmera Presentation.pdf
Netmera Presentation.pdf
Mustafa Kuğu22 views
"Package management in monorepos", Zoltan Kochan by Fwdays
"Package management in monorepos", Zoltan Kochan"Package management in monorepos", Zoltan Kochan
"Package management in monorepos", Zoltan Kochan
Fwdays37 views
Choosing the Right Flutter App Development Company by Ficode Technologies
Choosing the Right Flutter App Development CompanyChoosing the Right Flutter App Development Company
Choosing the Right Flutter App Development Company
Ficode Technologies13 views
Measuring User on the web with the core web vitals - by @theafolayan.pptx by Oluwaseun Raphael Afolayan
Measuring User on the web with the core web vitals - by @theafolayan.pptxMeasuring User on the web with the core web vitals - by @theafolayan.pptx
Measuring User on the web with the core web vitals - by @theafolayan.pptx
Oluwaseun Raphael Afolayan14 views
The Role of Patterns in the Era of Large Language Models by Yunyao Li
The Role of Patterns in the Era of Large Language ModelsThe Role of Patterns in the Era of Large Language Models
The Role of Patterns in the Era of Large Language Models
Yunyao Li104 views
Don’t Make A Human Do A Robot’s Job! : 6 Reasons Why AI Will Save Us & Not De... by Moses Kemibaro
Don’t Make A Human Do A Robot’s Job! : 6 Reasons Why AI Will Save Us & Not De...Don’t Make A Human Do A Robot’s Job! : 6 Reasons Why AI Will Save Us & Not De...
Don’t Make A Human Do A Robot’s Job! : 6 Reasons Why AI Will Save Us & Not De...
Moses Kemibaro38 views
"Running students' code in isolation. The hard way", Yurii Holiuk by Fwdays
"Running students' code in isolation. The hard way", Yurii Holiuk "Running students' code in isolation. The hard way", Yurii Holiuk
"Running students' code in isolation. The hard way", Yurii Holiuk
Fwdays38 views
What is Authentication Active Directory_.pptx by HeenaMehta35
What is Authentication Active Directory_.pptxWhat is Authentication Active Directory_.pptx
What is Authentication Active Directory_.pptx
HeenaMehta3515 views
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023 by BookNet Canada
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023Redefining the book supply chain: A glimpse into the future - Tech Forum 2023
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023
BookNet Canada46 views
Optimizing Communication to Optimize Human Behavior - LCBM by Yaman Kumar
Optimizing Communication to Optimize Human Behavior - LCBMOptimizing Communication to Optimize Human Behavior - LCBM
Optimizing Communication to Optimize Human Behavior - LCBM
Yaman Kumar39 views
Measurecamp Brussels - Synthetic data.pdf by Human37
Measurecamp Brussels - Synthetic data.pdfMeasurecamp Brussels - Synthetic data.pdf
Measurecamp Brussels - Synthetic data.pdf
Human37 27 views
The Power of Heat Decarbonisation Plans in the Built Environment by IES VE
The Power of Heat Decarbonisation Plans in the Built EnvironmentThe Power of Heat Decarbonisation Plans in the Built Environment
The Power of Heat Decarbonisation Plans in the Built Environment
IES VE85 views
Bronack Skills - Risk Management and SRE v1.0 12-3-2023.pdf by ThomasBronack
Bronack Skills - Risk Management and SRE v1.0 12-3-2023.pdfBronack Skills - Risk Management and SRE v1.0 12-3-2023.pdf
Bronack Skills - Risk Management and SRE v1.0 12-3-2023.pdf
ThomasBronack31 views
AIM102-S_Cognizant_CognizantCognitive by PhilipBasford
AIM102-S_Cognizant_CognizantCognitiveAIM102-S_Cognizant_CognizantCognitive
AIM102-S_Cognizant_CognizantCognitive
PhilipBasford23 views
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And... by ShapeBlue
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
ShapeBlue120 views
LLMs in Production: Tooling, Process, and Team Structure by Aggregage
LLMs in Production: Tooling, Process, and Team StructureLLMs in Production: Tooling, Process, and Team Structure
LLMs in Production: Tooling, Process, and Team Structure
Aggregage65 views
Future of AR - Facebook Presentation by Rob McCarty
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook Presentation
Rob McCarty66 views
Digital Personal Data Protection (DPDP) Practical Approach For CISOs by Priyanka Aash
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash171 views
Adopting Karpenter for Cost and Simplicity at Grafana Labs.pdf by MichaelOLeary82
Adopting Karpenter for Cost and Simplicity at Grafana Labs.pdfAdopting Karpenter for Cost and Simplicity at Grafana Labs.pdf
Adopting Karpenter for Cost and Simplicity at Grafana Labs.pdf
MichaelOLeary8213 views

Pentesting Android Apps using Frida (Beginners)

  • 2. Some other titles Instrumentation at the age of obfuscation Pentesting Android Apps using Dynamic Binary Instrumentation It’s a secure Android app ! Let’s hook it up
  • 3. Agenda - Introduction to Frida - Android app basics - Android app defences - Using Frida to bypass basic defences - Demo
  • 4. What is Frida ? Dynamic instrumentation toolkit for developers, reverse- engineers, and security researchers.
  • 5. What is Frida ? Dynamic instrumentation toolkit for developers, reverse- engineers, and security researchers.
  • 6. What is Dynamic Instrumentation ? Ability to monitor or measure the level of a product's performance, to diagnose errors and to write trace information. Includes code tracing, debugging, profiling, etc
  • 7. What is Dynamic Instrumentation ? Ability to monitor or measure the level of a product's performance, to diagnose errors and to write trace information. Includes code tracing, debugging, profiling, etc
  • 8. Finally, What is Frida ? Frida is a toolkit which can be used to monitor / debug a process (app at runtime)
  • 9. Frida - More than an instrumentation framework. - Injects scripts into processes. Only JavaScript - Portable. Multi-platform support. - Windows / Linux / Mac - Android / iOS - Bindings in multiple languages - NodeJS - Python - Swift bindings - .NET bindings - C API - Free. Complete code on GitHub
  • 10. How does it work ? Version of server and client should match. Select the correct architecture.
  • 11. Modes of Operation - Injected - Spawn an existing program (create and execute child process) - Attach/Hooking to running program - Hijack a process when its spawned - Requires Root/Admin priv - Embedded - Useful in non-jailbroken iOS / non-root Android - Preloaded
  • 12. Frida Toolkit - frida : CLI tool - frida-discover : Tool to discover internal functions - frida-kill : Tool to kill processes - frida-ls-devices : Tool to list attached devices - frida-ps : CLI tool to list processes (useful for remote systems) - frida-trace : Tool for dynamically tracing function calls
  • 13. Why do we need another debugger ? - More than a debugger - Apart from setting breakpoints, it helps injecting code - From security perspective, apps have been checking for the presence of debuggers since a long time. Mainly GDB “GDB in 2018 is prevented in 2018 different funny ways with different funny tricks” - Best suited for Android apps due to disadvantages in previous instrumentation framework - Xposed. (Restart required for every code change)
  • 14. Android App Basics - Android apps were traditionally developed using Java, now moving to Kotlin - Each app runs as a user (user level isolation) - Activity - onCreate - initialization function - Compile it. Requires it to be signed. - Android had been using Dalvik VM, but now they are moving to Android RunTime (ART)
  • 16. Java example Output: Good Morning, Null Comrades
  • 18. Frida Useful commands frida-ps -U frida -U com.target.app --no-pause frida -U -l ssl-pinning.js -f com.target.app --no-pause frida -U -c pcipolloni/universal-android-ssl-pinning-bypass-with-frida -f com.target.app --no-pause
  • 20. Frida Template for Android - JavaScript Java.perform(function() { Java.enumerateLoadedClasses({ "onMatch":function(className){ if(className.includes("badshah")) { console.log(className) } }, "onComplete":function(){} } )})
  • 21. Frida common API Java.use("android.util.Log") - Uses that particular class .implementation - Overrides the default implementation .overload - When polymorphism is used, this can be really useful
  • 22. Android App Defences There are multiple defences that Android developers use to protect their apps from attackers. They include: - Security through Obscurity - Anti Emulation / Anti-VM checks - Anti-Debug checks - Root check - SSL Pinning - Tamper detection - Obfuscation - Packers
  • 23. Android App Defences There are multiple defences that Android developers use to protect their apps from attackers. They include: - Security through Obscurity - Anti Emulation / Anti-VM checks - Anti-Debug checks - Root check - SSL Pinning - Tamper detection - Obfuscation - Packers
  • 24. Security Through Obscurity - Hardcoded passwords are not very popular - Trend is Base64 encoded / Character / Buffer array - Even store in .so (shared object) files
  • 26. Code
  • 28. Anti Emulation / Anti-VM checks Find more at: https://github.com/CalebFenton/AndroidEmulatorDetect/blob/master/app/src/main/java/org/cf/emulatordetect/Detector.java
  • 30. Code
  • 32. Anti Debug Check Change the command - as per root detection in Frida codeshare
  • 34. Code