Frida

Frida is a powerful and extensible instrumentation toolkit – among its many strengths, it is ideally suited to testing and evaluating native Android apps. Frida allows you to intercept data received and sent by apps and inject your own code into the process. If you’ve had any experience with Dex2Jar, JD-GUI or Baksmali, you’ll soon appreciate Frida’s versatility. (if you haven’t, check out our article here [link to Dex2Jar article]

We’ll be running through a quick walkthrough to decompile an apk and inject some arbitrary code into the process.

Requirements:

  • Frida (pip install frida / npm install frida)
  • Frida Server (available at https://github.com/frida/frida/releases)
    • Make sure Frida-Server is the same version as your Frida install. To check this, simply execute ‘frida –version’
  • Dex2Jar
  • JD-GUI
  • adb (Available from the official Google repository – just google “platform-tools adb”
  • A rooted android phone or emulator running at least Android 4.4 (We used Nox Player 6 for this walkthrough)
  • A downloaded APK file (we’re using Sieve [com.mwr.example.sieve]) available from https://github.com/as0ler/Android-Examples/blob/master/sieve.apk

Let’s dive right in – ensure your Android device is plugged in and rooted with Developer options and USB Debugging enabled.

  1. Open a command window and find your connected Android device:

  2. Push Frida-server to your device using “adb push frida-server /data/local/tmp” – we’re placing the Frida-server in a temp directory for ease of use. Note: In the image below, I’m specifically sending to my MEmu emulator – if you’re using a normal phone, just the command above will be fine.

  3. Open a shell session to your device by executing ‘adb.exe shell,’ chmod your Frida-server so that it’s executable and run it!

    As you can see above, there’s no output from running Frida-server but rest assured that it’s listening in the background. We’re ready to start exploring (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Rob Valentine. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/g428IBSWGIs/