search

frida

Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

hashtag
Installation

hashtag
Client

pip3 install frida-tools

hashtag
Server

Download server for architecture from https://github.com/frida/frida/releasesarrow-up-right.

xz -d frida-server-16.5.6-android-arm64.xz
adb root
adb push frida-server-16.5.6-android-arm64 /data/local/tmp
adb shell
cd /data/local/tmp
chmod +x frida-server-16.5.6-android-arm64
./frida-server-16.5.6-android-arm64

hashtag
Commands

hashtag
Connection

frida -U targetAPK (connect to APK)
frida -U -l script.js targetAPK (execute script and connect to APK)

hashtag
frida-trace

Trace all calls on com.testapp.*:

Trace all calls from native library:

hashtag
Tracing

hashtag
Activities

hashtag
Fragments

Returning a different output:

hashtag
Disable SSL Pinning

hashtag
Bypass Network Security Config and SSLContext:

hashtag
OKHTTP3 Bypass

hashtag
JADX and Frida

If we want to load a class from jadx to Frida we can Right Click > Copy as frida snippet. Now paste it into Java.perform sentence:

Having this class:

For example we can create an instance of the ExampleClass and console.log the result. Example script:

It's so much faster than manually reversing!

hashtag
References

Logohextree.iohextree.iochevron-right
LogoAndroidFrida • A world-class dynamic instrumentation toolkitchevron-right
LogoFrida HandBooklearnfrida.infochevron-right
Previousdns spoofingNextintent

Last updated