Frida Guide

bindon 2019-12-01 Android Hacking

Install Frida

Frida on Linux

sudo pip install frida

Install frida on Linux

Frida-tools on Linux

sudo pip install frida-tools

Install frida-tools on Linux

Frida-Server on Android

  1. Download frida-server 
    wget https://github.com/frida/frida/releases/download/12.2.6/frida-server-12.2.6-android-arm.xz
  2. Extract frida-server 
    xz -d ./frida-server-12.2.6-android-arm.xz
  3. Push frida-server in android using ADB 
    adb push ./frida-server-12.2.6-android-arm /data/local/tmp/frida-server
  4. Execute frida-server and check listening port 
    adb shell
$ su
# chmod 755 /data/local/tmp/frida-server
# /data/loca/tmp/frida-server &
# netstat -ntl | grep 27042

Install frida-server on Android ***

Examples

  1. Install test application
    • Android
    • Python
      • sock.send(string) -> print sock.recv(4096)
      • Change address on top
  2. Check frida connection 
    frida -U com.example.android.bluetoothchat
  3. Check hooking point
    • com.example.android.bluetoothchat.BluetoothChatService.write() Check hooking point
  4. Create hooking script 
    import frida
import sys

def on_message(message, data):
 if message['type'] == 'send':
     print("[*] {0}".format(message['payload']))
 else:
     print(message)

try:
 jscode = """
     if (Java.available) {
         Java.enumerateLoadedClasses({
             onMatch: function(className) {
                 send(className);
             }, 
             onComplete: function() {
                 send("Done!");
             }
         });
     } else {
         send("Java not available in this process");
     }
​
     Java.perform(function () {
         var stringClass = Java.use("java.lang.String");
         var BluetoothChatService = Java.use('com.example.android.bluetoothchat.BluetoothChatService');
         BluetoothChatService.write.implementation = function (buffer) {
             var stringInstance = stringClass.$new("(hooked)" + stringClass.$new(buffer).toString());
             send(stringInstance.toString());
             this.write(stringInstance.getBytes());
         }
         send("Bluetooth Hooked!");
     })
 """

 print "[*] Connect...", 
 process = frida.get_usb_device().attach("com.example.android.bluetoothchat")
 print "OK"

 print "[+] Execute script"
 script = process.create_script(jscode)
 script.on('message', on_message)
 script.load()
 print sys.stdin.read()

except Exception as e:
 print e
  5. Hooking Result
Android Python
Android Result Python Result

Android Hacking Post List

TITLE DATE
Frida Guide 2019-12-01