SlideShare a Scribd company logo

Frida Android run time hooking - Bhargav Gajera & Vitthal Shinde

NSConclave
NSConclave

The speaker is going to conduct a hands-on instrumentation workshop on android using Frida. Frida is a popular instrumentation framework that is really helpful in the dynamic analysis of Android apps. https://nsconclave.net-square.com/dynamic-instrumentation.html

Technology
1 of 29
Frida Runtime Debugging By: Bhargav Gajera, Vitthal Shinde
Installation Android: Download Link: https://github.com/frida/frida/releases Push it in Android Path : “/data/local/tmp/” System: Command: pip install frida-tools Refer : https://pypi.org/project/frida/
Installation Easy Way: Command: frida-push ● pip install frida-push ● It will identify your device’s architecture from adb ● Download the appropriate server ● Install it ● Run it
Start using Frida Android ADB: Command: /data/local/tmp/frida-server & Base System: Command: frida -U -f “<PackageName>” --no-pause
Start using Frida Want to attach Quickly on whatever is running on screen ? Base System: Command: frida -U -F
Codeshare What is it ? Ans: Repo for universal method hooks & bypass URL: https://codeshare.frida.re/browse How do I use it ? Command: frida -U -f “<PackageName>” --codeshare <URI> --no-pause
Docs All the documentation is listed under: ● URL: https://frida.re/docs/home/ Javascript API docs are available under: ● URL: https://frida.re/docs/javascript-api/
Frida and Scripts 1. Interactive way ➢ Write scripts inside terminal. 2. Attach scripts ➢ Write scripts in file and pass it as argument. 3. Python ➢ Create python file to do the same
Frida Interactive Command: frida -U -f “<PackageName>” --no-pause ➢ An interactive shell will spawn ➢ Write your code in shell
Frida with JS File Command: frida -U -f “<PackageName>” -l “<JSFile>” --no-pause ➢ Write your javascript code in a file. ➢ Use “-l” option to provide file in argument. ➢ Code will execute side by side of the application execution.
Frida with Python File Command: python <PythonFile>.py ➢ Import frida in python code. ➢ Use inbuilt frida functions to: ○ Get USB device ○ Spawn targeted application ○ Attach to it’s PID ○ Create script ○ Load the script ○ Resume the application execution
Setup Vulnerable Environment ● App : InsecureBankv2 ○ Link: https://github.com/dineshshetty/Android-InsecureBankv2 ● Server : Inside Directory “AndroLabServer” ○ Install pip requirements ○ # python app.py
Setup Vulnerable Environment ● Configure the application ○ Navigate to More -> Preferences ○ Give ip of your base system where app.py is running ● Login Credentials : ○ dinesh/Dinesh@123$ ○ jack/Jack@123$
Find Loaded classes Code : Java.perform(function(){ Java.enumerateLoadedClasses({ "onMatch": function(className){ console.log(className) }, "onComplete":function() {} }) });
Find Loaded classes These many classes ? Really ??
Find Loaded classes with known names Java.perform(function(){ Java.enumerateLoadedClasses({ onMatch:function(className) { if(className.toLowerCase().lastIndexOf("<Identifier>")>0) { console.log(className); } }, onComplete:function() {} }); });
Find Loaded classes with known names
Identify Classes being used ● How to Identify which class contains method when an event is called ? ○ Enumerate classes before event. ○ Enumerate classes after event. ○ Find newly loaded classes
Hooking Functions Java.perform(function(){ var varName = Java.use("<className>"); varName.funName.implementation=function() { console.log(“Function Called”) } })
Identify Functions being called ● How to Identify which method is being invoked ? Newbie's way: ➢ Hook suspicious methods and add console.log()
Identify Functions being called If you are hooking all suspicious functions...
Identify Functions being called ● How to Identify which method is being invoked ? Professional’s way: ➢ Hook all methods of a class and ○ Log whenever it is being called ○ Log all Arguments ○ Log Return value
Identify Functions being called ● Script be Like...
Hooking Overloaded Functions Java.perform(function(){ var varName = Java.use("class path"); varName.funName.overload(<args_type>).implementation=function(args) { // Your implementation. } })
Implement custom function Further we will see… ● Dive deep into creating custom logic. ● How can we overwrite original function. ● How to create variable of desired classes. ● How to use such variables and use it to get information from hooked function. ● etc, etc, etc...
Using --no-pause Command: frida -U -f <Package> --no-pause ● Will immediately spawn and start execution of the application ● Load the script side by side ● What if the function mentioned in script executes before scripts is loaded?
Without --no-pause Command: frida -U -f <Package> -l <script> ● Will create a process of the application. ● Will hold the execution of first frame of the application ● We can load the script by pasting it now in the terminal. ● Use “ %resume ” to continue the execution.
Analyzing hooked function Java.perform(function(){ var varName = Java.use("class path"); varName.funName.overload(<args_type>).implementation=function(args) { console.log(“Function called”); console.log(“Arguments are : ”,args); }}) ;
Show Time... ● DEMO...

Recommended

DBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse EngineeringDBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse EngineeringSahil Dhar
 
Pwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreakPwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreakAbraham Aranguren
 
Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Chandrapal Badshah
 
Introduction to Frida
Introduction to FridaIntroduction to Frida
Introduction to FridaAbhishekJaiswal270
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentestingMinali Arora
 
Hacking with frida
Hacking with fridaHacking with frida
Hacking with fridan|u - The Open Security Community
 
PurpleSharp BlackHat Arsenal Asia
PurpleSharp BlackHat Arsenal AsiaPurpleSharp BlackHat Arsenal Asia
PurpleSharp BlackHat Arsenal AsiaMauricio Velazco
 
Abusing Symlinks on Windows
Abusing Symlinks on WindowsAbusing Symlinks on Windows
Abusing Symlinks on WindowsOWASP Delhi
 

Recommended

DBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse EngineeringDBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse EngineeringSahil Dhar
 
Pwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreakPwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreakAbraham Aranguren
 
Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Chandrapal Badshah
 
Introduction to Frida
Introduction to FridaIntroduction to Frida
Introduction to FridaAbhishekJaiswal270
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentestingMinali Arora
 
Hacking with frida
Hacking with fridaHacking with frida
Hacking with fridan|u - The Open Security Community
 
PurpleSharp BlackHat Arsenal Asia
PurpleSharp BlackHat Arsenal AsiaPurpleSharp BlackHat Arsenal Asia
PurpleSharp BlackHat Arsenal AsiaMauricio Velazco
 
Abusing Symlinks on Windows
Abusing Symlinks on WindowsAbusing Symlinks on Windows
Abusing Symlinks on WindowsOWASP Delhi
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationSatria Ady Pradana
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 AndroidTony Thomas
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation TestJongWon Kim
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for youToby Kohlenberg
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Eduardo Arriols Nuñez
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
Linux privilege escalation
Linux privilege escalationLinux privilege escalation
Linux privilege escalationSongchaiDuangpan
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHaydn Johnson
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory ForensicsIIJ
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspectiveSecuRing
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with MetasploitMohammed Danish Amber
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framworkDeepanshu Gajbhiye
 
HashiCorp Vault Workshop:幫 Credentials 找個窩
HashiCorp Vault Workshop:幫 Credentials 找個窩HashiCorp Vault Workshop:幫 Credentials 找個窩
HashiCorp Vault Workshop:幫 Credentials 找個窩smalltown
 
Bug bounty recon.pdf
Bug bounty recon.pdfBug bounty recon.pdf
Bug bounty recon.pdfEusebiuDanielBlindu
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpConJorge Orchilles
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usagen|u - The Open Security Community
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
MOBILE PENTESTING Frida.pdf
MOBILE PENTESTING Frida.pdfMOBILE PENTESTING Frida.pdf
MOBILE PENTESTING Frida.pdfAdityamd4
 

More Related Content

What's hot

Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationSatria Ady Pradana
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 AndroidTony Thomas
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation TestJongWon Kim
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for youToby Kohlenberg
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Eduardo Arriols Nuñez
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
Linux privilege escalation
Linux privilege escalationLinux privilege escalation
Linux privilege escalationSongchaiDuangpan
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHaydn Johnson
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory ForensicsIIJ
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspectiveSecuRing
 
HashiCorp Vault Workshop:幫 Credentials 找個窩
HashiCorp Vault Workshop:幫 Credentials 找個窩HashiCorp Vault Workshop:幫 Credentials 找個窩
HashiCorp Vault Workshop:幫 Credentials 找個窩smalltown
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpConJorge Orchilles
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
 

What's hot (20)

Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming Operation
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 Android
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation Test
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for you
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
 
Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
Linux privilege escalation
Linux privilege escalationLinux privilege escalation
Linux privilege escalation
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team Exercises
 
Android Security
Android SecurityAndroid Security
Android Security
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory Forensics
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspective
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with Metasploit
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
 
HashiCorp Vault Workshop:幫 Credentials 找個窩
HashiCorp Vault Workshop:幫 Credentials 找個窩HashiCorp Vault Workshop:幫 Credentials 找個窩
HashiCorp Vault Workshop:幫 Credentials 找個窩
 
Bug bounty recon.pdf
Bug bounty recon.pdfBug bounty recon.pdf
Bug bounty recon.pdf
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpCon
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your Network
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 

Similar to Frida Android run time hooking - Bhargav Gajera & Vitthal Shinde

Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
MOBILE PENTESTING Frida.pdf
MOBILE PENTESTING Frida.pdfMOBILE PENTESTING Frida.pdf
MOBILE PENTESTING Frida.pdfAdityamd4
 
Deploying Symfony | symfony.cat
Deploying Symfony | symfony.catDeploying Symfony | symfony.cat
Deploying Symfony | symfony.catPablo Godel
 
MobileConf 2021 Slides: Let's build macOS CLI Utilities using Swift
MobileConf 2021 Slides: Let's build macOS CLI Utilities using SwiftMobileConf 2021 Slides: Let's build macOS CLI Utilities using Swift
MobileConf 2021 Slides: Let's build macOS CLI Utilities using SwiftDiego Freniche Brito
 
OpenShift Origin Community Day (Boston) Extending OpenShift Origin: Build You...
OpenShift Origin Community Day (Boston) Extending OpenShift Origin: Build You...OpenShift Origin Community Day (Boston) Extending OpenShift Origin: Build You...
OpenShift Origin Community Day (Boston) Extending OpenShift Origin: Build You...OpenShift Origin
 
OpenShift Origin Community Day (Boston) Writing Cartridges V2 by Jhon Honce
OpenShift Origin Community Day (Boston) Writing Cartridges V2 by Jhon Honce OpenShift Origin Community Day (Boston) Writing Cartridges V2 by Jhon Honce
OpenShift Origin Community Day (Boston) Writing Cartridges V2 by Jhon Honce Diane Mueller
 
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingRomansh Yadav
 
Speed up your development environment PHP + Nginx + Fedora + PG
Speed up your development environment PHP + Nginx + Fedora + PGSpeed up your development environment PHP + Nginx + Fedora + PG
Speed up your development environment PHP + Nginx + Fedora + PGMarcus Sá
 
Movable Type 5.2 Overview at MTDDC 2012
Movable Type 5.2 Overview at MTDDC 2012Movable Type 5.2 Overview at MTDDC 2012
Movable Type 5.2 Overview at MTDDC 2012Yuji Takayama
 
Node.js basics
Node.js basicsNode.js basics
Node.js basicsBen Lin
 
Pyramid Deployment and Maintenance
Pyramid Deployment and MaintenancePyramid Deployment and Maintenance
Pyramid Deployment and MaintenanceJazkarta, Inc.
 
Monitoring as Code: Getting to Monitoring-Driven Development - DEV314 - re:In...
Monitoring as Code: Getting to Monitoring-Driven Development - DEV314 - re:In...Monitoring as Code: Getting to Monitoring-Driven Development - DEV314 - re:In...
Monitoring as Code: Getting to Monitoring-Driven Development - DEV314 - re:In...Amazon Web Services
 
Grunt & Front-end Workflow
Grunt & Front-end WorkflowGrunt & Front-end Workflow
Grunt & Front-end WorkflowPagepro
 
Containerized IDEs.pdf
Containerized IDEs.pdfContainerized IDEs.pdf
Containerized IDEs.pdfLibbySchulze
 
Android application penetration testing
Android application penetration testingAndroid application penetration testing
Android application penetration testingRoshan Kumar Gami
 
EuroPython 2013 - Python3 TurboGears Training
EuroPython 2013 - Python3 TurboGears TrainingEuroPython 2013 - Python3 TurboGears Training
EuroPython 2013 - Python3 TurboGears TrainingAlessandro Molina
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Helpful pre commit hooks for Python and Django
Helpful pre commit hooks for Python and DjangoHelpful pre commit hooks for Python and Django
Helpful pre commit hooks for Python and Djangoroskakori
 

Similar to Frida Android run time hooking - Bhargav Gajera & Vitthal Shinde (20)

Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
MOBILE PENTESTING Frida.pdf
MOBILE PENTESTING Frida.pdfMOBILE PENTESTING Frida.pdf
MOBILE PENTESTING Frida.pdf
 
PHP Development Tools
PHP Development ToolsPHP Development Tools
PHP Development Tools
 
Deploying Symfony | symfony.cat
Deploying Symfony | symfony.catDeploying Symfony | symfony.cat
Deploying Symfony | symfony.cat
 
MobileConf 2021 Slides: Let's build macOS CLI Utilities using Swift
MobileConf 2021 Slides: Let's build macOS CLI Utilities using SwiftMobileConf 2021 Slides: Let's build macOS CLI Utilities using Swift
MobileConf 2021 Slides: Let's build macOS CLI Utilities using Swift
 
OpenShift Origin Community Day (Boston) Extending OpenShift Origin: Build You...
OpenShift Origin Community Day (Boston) Extending OpenShift Origin: Build You...OpenShift Origin Community Day (Boston) Extending OpenShift Origin: Build You...
OpenShift Origin Community Day (Boston) Extending OpenShift Origin: Build You...
 
OpenShift Origin Community Day (Boston) Writing Cartridges V2 by Jhon Honce
OpenShift Origin Community Day (Boston) Writing Cartridges V2 by Jhon Honce OpenShift Origin Community Day (Boston) Writing Cartridges V2 by Jhon Honce
OpenShift Origin Community Day (Boston) Writing Cartridges V2 by Jhon Honce
 
Fastlane
FastlaneFastlane
Fastlane
 
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
 
Speed up your development environment PHP + Nginx + Fedora + PG
Speed up your development environment PHP + Nginx + Fedora + PGSpeed up your development environment PHP + Nginx + Fedora + PG
Speed up your development environment PHP + Nginx + Fedora + PG
 
Movable Type 5.2 Overview at MTDDC 2012
Movable Type 5.2 Overview at MTDDC 2012Movable Type 5.2 Overview at MTDDC 2012
Movable Type 5.2 Overview at MTDDC 2012
 
Node.js basics
Node.js basicsNode.js basics
Node.js basics
 
Pyramid Deployment and Maintenance
Pyramid Deployment and MaintenancePyramid Deployment and Maintenance
Pyramid Deployment and Maintenance
 
Monitoring as Code: Getting to Monitoring-Driven Development - DEV314 - re:In...
Monitoring as Code: Getting to Monitoring-Driven Development - DEV314 - re:In...Monitoring as Code: Getting to Monitoring-Driven Development - DEV314 - re:In...
Monitoring as Code: Getting to Monitoring-Driven Development - DEV314 - re:In...
 
Grunt & Front-end Workflow
Grunt & Front-end WorkflowGrunt & Front-end Workflow
Grunt & Front-end Workflow
 
Containerized IDEs.pdf
Containerized IDEs.pdfContainerized IDEs.pdf
Containerized IDEs.pdf
 
Android application penetration testing
Android application penetration testingAndroid application penetration testing
Android application penetration testing
 
EuroPython 2013 - Python3 TurboGears Training
EuroPython 2013 - Python3 TurboGears TrainingEuroPython 2013 - Python3 TurboGears Training
EuroPython 2013 - Python3 TurboGears Training
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Helpful pre commit hooks for Python and Django
Helpful pre commit hooks for Python and DjangoHelpful pre commit hooks for Python and Django
Helpful pre commit hooks for Python and Django
 

More from NSConclave

RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_ConclaveNSConclave
 
Create a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionCreate a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionNSConclave
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachNSConclave
 
Debugging Android Native Library
Debugging Android Native LibraryDebugging Android Native Library
Debugging Android Native LibraryNSConclave
 
Burp Suite Extension Development
Burp Suite Extension DevelopmentBurp Suite Extension Development
Burp Suite Extension DevelopmentNSConclave
 
Regular Expression Injection
Regular Expression InjectionRegular Expression Injection
Regular Expression InjectionNSConclave
 
HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)NSConclave
 
Node.js Deserialization
Node.js DeserializationNode.js Deserialization
Node.js DeserializationNSConclave
 
RIA Cross Domain Policy
RIA Cross Domain PolicyRIA Cross Domain Policy
RIA Cross Domain PolicyNSConclave
 
LDAP Injection
LDAP InjectionLDAP Injection
LDAP InjectionNSConclave
 
Python Deserialization Attacks
Python Deserialization AttacksPython Deserialization Attacks
Python Deserialization AttacksNSConclave
 
NoSql Injection
NoSql InjectionNoSql Injection
NoSql InjectionNSConclave
 
Thick Client Testing Advanced
Thick Client Testing AdvancedThick Client Testing Advanced
Thick Client Testing AdvancedNSConclave
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing BasicsNSConclave
 
Security Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahSecurity Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahNSConclave
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 

More from NSConclave (20)

RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_Conclave
 
Create a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionCreate a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the Extension
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's Approach
 
Debugging Android Native Library
Debugging Android Native LibraryDebugging Android Native Library
Debugging Android Native Library
 
Burp Suite Extension Development
Burp Suite Extension DevelopmentBurp Suite Extension Development
Burp Suite Extension Development
 
Log Analysis
Log AnalysisLog Analysis
Log Analysis
 
Regular Expression Injection
Regular Expression InjectionRegular Expression Injection
Regular Expression Injection
 
HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)
 
Node.js Deserialization
Node.js DeserializationNode.js Deserialization
Node.js Deserialization
 
RIA Cross Domain Policy
RIA Cross Domain PolicyRIA Cross Domain Policy
RIA Cross Domain Policy
 
LDAP Injection
LDAP InjectionLDAP Injection
LDAP Injection
 
Python Deserialization Attacks
Python Deserialization AttacksPython Deserialization Attacks
Python Deserialization Attacks
 
Sandboxing
SandboxingSandboxing
Sandboxing
 
NoSql Injection
NoSql InjectionNoSql Injection
NoSql Injection
 
Thick Client Testing Advanced
Thick Client Testing AdvancedThick Client Testing Advanced
Thick Client Testing Advanced
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing Basics
 
Markdown
MarkdownMarkdown
Markdown
 
Docker 101
Docker 101Docker 101
Docker 101
 
Security Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahSecurity Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren Shah
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
 

Recently uploaded

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

Frida Android run time hooking - Bhargav Gajera & Vitthal Shinde

  • 1. Frida Runtime Debugging By: Bhargav Gajera, Vitthal Shinde
  • 2. Installation Android: Download Link: https://github.com/frida/frida/releases Push it in Android Path : “/data/local/tmp/” System: Command: pip install frida-tools Refer : https://pypi.org/project/frida/
  • 3. Installation Easy Way: Command: frida-push ● pip install frida-push ● It will identify your device’s architecture from adb ● Download the appropriate server ● Install it ● Run it
  • 4. Start using Frida Android ADB: Command: /data/local/tmp/frida-server & Base System: Command: frida -U -f “<PackageName>” --no-pause
  • 5. Start using Frida Want to attach Quickly on whatever is running on screen ? Base System: Command: frida -U -F
  • 6. Codeshare What is it ? Ans: Repo for universal method hooks & bypass URL: https://codeshare.frida.re/browse How do I use it ? Command: frida -U -f “<PackageName>” --codeshare <URI> --no-pause
  • 7. Docs All the documentation is listed under: ● URL: https://frida.re/docs/home/ Javascript API docs are available under: ● URL: https://frida.re/docs/javascript-api/
  • 8. Frida and Scripts 1. Interactive way ➢ Write scripts inside terminal. 2. Attach scripts ➢ Write scripts in file and pass it as argument. 3. Python ➢ Create python file to do the same
  • 9. Frida Interactive Command: frida -U -f “<PackageName>” --no-pause ➢ An interactive shell will spawn ➢ Write your code in shell
  • 10. Frida with JS File Command: frida -U -f “<PackageName>” -l “<JSFile>” --no-pause ➢ Write your javascript code in a file. ➢ Use “-l” option to provide file in argument. ➢ Code will execute side by side of the application execution.
  • 11. Frida with Python File Command: python <PythonFile>.py ➢ Import frida in python code. ➢ Use inbuilt frida functions to: ○ Get USB device ○ Spawn targeted application ○ Attach to it’s PID ○ Create script ○ Load the script ○ Resume the application execution
  • 12. Setup Vulnerable Environment ● App : InsecureBankv2 ○ Link: https://github.com/dineshshetty/Android-InsecureBankv2 ● Server : Inside Directory “AndroLabServer” ○ Install pip requirements ○ # python app.py
  • 13. Setup Vulnerable Environment ● Configure the application ○ Navigate to More -> Preferences ○ Give ip of your base system where app.py is running ● Login Credentials : ○ dinesh/Dinesh@123$ ○ jack/Jack@123$
  • 14. Find Loaded classes Code : Java.perform(function(){ Java.enumerateLoadedClasses({ "onMatch": function(className){ console.log(className) }, "onComplete":function() {} }) });
  • 15. Find Loaded classes These many classes ? Really ??
  • 16. Find Loaded classes with known names Java.perform(function(){ Java.enumerateLoadedClasses({ onMatch:function(className) { if(className.toLowerCase().lastIndexOf("<Identifier>")>0) { console.log(className); } }, onComplete:function() {} }); });
  • 17. Find Loaded classes with known names
  • 18. Identify Classes being used ● How to Identify which class contains method when an event is called ? ○ Enumerate classes before event. ○ Enumerate classes after event. ○ Find newly loaded classes
  • 19. Hooking Functions Java.perform(function(){ var varName = Java.use("<className>"); varName.funName.implementation=function() { console.log(“Function Called”) } })
  • 20. Identify Functions being called ● How to Identify which method is being invoked ? Newbie's way: ➢ Hook suspicious methods and add console.log()
  • 21. Identify Functions being called If you are hooking all suspicious functions...
  • 22. Identify Functions being called ● How to Identify which method is being invoked ? Professional’s way: ➢ Hook all methods of a class and ○ Log whenever it is being called ○ Log all Arguments ○ Log Return value
  • 23. Identify Functions being called ● Script be Like...
  • 24. Hooking Overloaded Functions Java.perform(function(){ var varName = Java.use("class path"); varName.funName.overload(<args_type>).implementation=function(args) { // Your implementation. } })
  • 25. Implement custom function Further we will see… ● Dive deep into creating custom logic. ● How can we overwrite original function. ● How to create variable of desired classes. ● How to use such variables and use it to get information from hooked function. ● etc, etc, etc...
  • 26. Using --no-pause Command: frida -U -f <Package> --no-pause ● Will immediately spawn and start execution of the application ● Load the script side by side ● What if the function mentioned in script executes before scripts is loaded?
  • 27. Without --no-pause Command: frida -U -f <Package> -l <script> ● Will create a process of the application. ● Will hold the execution of first frame of the application ● We can load the script by pasting it now in the terminal. ● Use “ %resume ” to continue the execution.
  • 28. Analyzing hooked function Java.perform(function(){ var varName = Java.use("class path"); varName.funName.overload(<args_type>).implementation=function(args) { console.log(“Function called”); console.log(“Arguments are : ”,args); }}) ;