The speaker is going to conduct a hands-on instrumentation workshop on android using Frida. Frida is a popular instrumentation framework that is really helpful in the dynamic analysis of Android apps.
https://nsconclave.net-square.com/dynamic-instrumentation.html
3. Installation
Easy Way:
Command: frida-push
● pip install frida-push
● It will identify your device’s architecture from adb
● Download the appropriate server
● Install it
● Run it
4. Start using Frida
Android ADB:
Command: /data/local/tmp/frida-server &
Base System:
Command: frida -U -f “<PackageName>” --no-pause
5. Start using Frida
Want to attach Quickly on whatever is running on screen ?
Base System:
Command: frida -U -F
6. Codeshare
What is it ?
Ans: Repo for universal method hooks & bypass
URL: https://codeshare.frida.re/browse
How do I use it ?
Command: frida -U -f “<PackageName>” --codeshare <URI> --no-pause
7. Docs
All the documentation is listed under:
● URL: https://frida.re/docs/home/
Javascript API docs are available under:
● URL: https://frida.re/docs/javascript-api/
8. Frida and Scripts
1. Interactive way
➢ Write scripts inside terminal.
2. Attach scripts
➢ Write scripts in file and pass it as argument.
3. Python
➢ Create python file to do the same
10. Frida with JS File
Command: frida -U -f “<PackageName>” -l “<JSFile>” --no-pause
➢ Write your javascript code in a file.
➢ Use “-l” option to provide file in argument.
➢ Code will execute side by side of the application execution.
11. Frida with Python File
Command: python <PythonFile>.py
➢ Import frida in python code.
➢ Use inbuilt frida functions to:
○ Get USB device
○ Spawn targeted application
○ Attach to it’s PID
○ Create script
○ Load the script
○ Resume the application execution
13. Setup Vulnerable Environment
● Configure the application
○ Navigate to More -> Preferences
○ Give ip of your base system where app.py is running
● Login Credentials :
○ dinesh/Dinesh@123$
○ jack/Jack@123$
18. Identify Classes being used
● How to Identify which class contains method when an event
is called ?
○ Enumerate classes before event.
○ Enumerate classes after event.
○ Find newly loaded classes
22. Identify Functions being called
● How to Identify which method is being invoked ?
Professional’s way:
➢ Hook all methods of a class and
○ Log whenever it is being called
○ Log all Arguments
○ Log Return value
25. Implement custom function
Further we will see…
● Dive deep into creating custom logic.
● How can we overwrite original function.
● How to create variable of desired classes.
● How to use such variables and use it to get information from hooked
function.
● etc, etc, etc...
26. Using --no-pause
Command: frida -U -f <Package> --no-pause
● Will immediately spawn and start execution of the application
● Load the script side by side
● What if the function mentioned in script executes before scripts is loaded?
27. Without --no-pause
Command: frida -U -f <Package> -l <script>
● Will create a process of the application.
● Will hold the execution of first frame of the application
● We can load the script by pasting it now in the terminal.
● Use “ %resume ” to continue the execution.
28. Analyzing hooked function
Java.perform(function(){
var varName = Java.use("class path");
varName.funName.overload(<args_type>).implementation=function(args)
{
console.log(“Function called”);
console.log(“Arguments are : ”,args);
}}) ;