The speaker is going to conduct a hands-on instrumentation workshop on android using Frida. Frida is a popular instrumentation framework that is really helpful in the dynamic analysis of Android apps.
https://nsconclave.net-square.com/dynamic-instrumentation.html
3. Installation
Easy Way:
Command: frida-push
ā pip install frida-push
ā It will identify your deviceās architecture from adb
ā Download the appropriate server
ā Install it
ā Run it
4. Start using Frida
Android ADB:
Command: /data/local/tmp/frida-server &
Base System:
Command: frida -U -f ā<PackageName>ā --no-pause
5. Start using Frida
Want to attach Quickly on whatever is running on screen ?
Base System:
Command: frida -U -F
6. Codeshare
What is it ?
Ans: Repo for universal method hooks & bypass
URL: https://codeshare.frida.re/browse
How do I use it ?
Command: frida -U -f ā<PackageName>ā --codeshare <URI> --no-pause
7. Docs
All the documentation is listed under:
ā URL: https://frida.re/docs/home/
Javascript API docs are available under:
ā URL: https://frida.re/docs/javascript-api/
8. Frida and Scripts
1. Interactive way
ā¢ Write scripts inside terminal.
2. Attach scripts
ā¢ Write scripts in ļ¬le and pass it as argument.
3. Python
ā¢ Create python ļ¬le to do the same
9. Frida Interactive
Command: frida -U -f ā<PackageName>ā --no-pause
ā¢ An interactive shell will spawn
ā¢ Write your code in shell
10. Frida with JS File
Command: frida -U -f ā<PackageName>ā -l ā<JSFile>ā --no-pause
ā¢ Write your javascript code in a ļ¬le.
ā¢ Use ā-lā option to provide ļ¬le in argument.
ā¢ Code will execute side by side of the application execution.
11. Frida with Python File
Command: python <PythonFile>.py
ā¢ Import frida in python code.
ā¢ Use inbuilt frida functions to:
ā Get USB device
ā Spawn targeted application
ā Attach to itās PID
ā Create script
ā Load the script
ā Resume the application execution
13. Setup Vulnerable Environment
ā Conļ¬gure the application
ā Navigate to More -> Preferences
ā Give ip of your base system where app.py is running
ā Login Credentials :
ā dinesh/Dinesh@123$
ā jack/Jack@123$
18. Identify Classes being used
ā How to Identify which class contains method when an event
is called ?
ā Enumerate classes before event.
ā Enumerate classes after event.
ā Find newly loaded classes
20. Identify Functions being called
ā How to Identify which method is being invoked ?
Newbie's way:
ā¢ Hook suspicious methods
and add console.log()
22. Identify Functions being called
ā How to Identify which method is being invoked ?
Professionalās way:
ā¢ Hook all methods of a class and
ā Log whenever it is being called
ā Log all Arguments
ā Log Return value
25. Implement custom function
Further we will seeā¦
ā Dive deep into creating custom logic.
ā How can we overwrite original function.
ā How to create variable of desired classes.
ā How to use such variables and use it to get information from hooked
function.
ā etc, etc, etc...
26. Using --no-pause
Command: frida -U -f <Package> --no-pause
ā Will immediately spawn and start execution of the application
ā Load the script side by side
ā What if the function mentioned in script executes before scripts is loaded?
27. Without --no-pause
Command: frida -U -f <Package> -l <script>
ā Will create a process of the application.
ā Will hold the execution of ļ¬rst frame of the application
ā We can load the script by pasting it now in the terminal.
ā Use ā %resume ā to continue the execution.
28. Analyzing hooked function
Java.perform(function(){
var varName = Java.use("class path");
varName.funName.overload(<args_type>).implementation=function(args)
{
console.log(āFunction calledā);
console.log(āArguments are : ā,args);
}}) ;