Frida

Frida is a dynamic code instrumentation toolkit. It allows you to inject snippets of JavaScript or your own library into native apps on various platforms including Windows, macOS, GNU/Linux, iOS, Android, and QNX.

This makes it a powerful tool for hooking into native applications for dynamic analysis2.

1. Frequently used commands and tips

1.1. Preparation for Typescript

You don’t need to install typescript compiler tsc.

$ npm install frida-compile

If you’re using VSCode, voila! No red snakes under your code, You can get suggestions.

1.2. List process

Use frida-ps. With --usb option it will give you a list of processes of an USB attached device. With --application[s] option it will show you only applications.

In my case, whether the word application was used in the singular or plural form didn’t matter.

$ frida-ps --usb --applications

Shortly,

$ frida-ps -Ua

1.3. Run script

--load option is for loading a frida script. If you connected your phone with USB cable, don’t forget to pass --usb option.

$ frida --usb --load my-frida-script.js

Simply,

$ frida -Ul my-frida-script.js

If you are running the script against an executable file, pass --file option.

$ frida --file hookme.exe --load my-frida-script.js

2. Frida Detection and Bypass

Because the Frida is so strong and the researchers usually rely on Frida when analysing applications, there are attempts to "detect" them and make it impossible to use the apps when Frida is running.

3. References

Official Homepage
Official GitHub
Official Documents
- Javascript Reference
- Python binding, but scarce document.
Android 환경 Frida 탐지 (Korean)

4. See Also

Frida Labs, a playground. Learning by challenging material.
Frida Codeshare, where people share codes to ease your pain, like 'Universal Android SSL Pinning' script.