--- # System prepended metadata title: Hooking with Frida tags: [AndroidPentest] --- # Hooking with Frida :::info Frida is a dynamic instrumentation toolkit β€” a powerful tool used by security researchers, reverse engineers, and malware analysts to inspect, modify, and hook into running applications in real time ::: ## Knowledge base - Frida allows you to: - Inject JavaScript (or Python scripts controlling it) into running processes (Android apps, Windows executables, iOS apps, etc.) - Intercept and modify function calls, arguments, and return values. - Bypass protections (anti-debugging, certificate pinning, etc.) - Trace APIs or functions dynamically while the app runs. | Area | Purpose | | ----------------------------------- | ------------------------------------------------------------- | | πŸ” **Reverse engineering** | Hook and trace internal functions without modifying binaries. | | 🐞 **Malware analysis** | Monitor API calls, decrypt strings, or bypass obfuscation. | | πŸ” **App pentesting** | Bypass SSL pinning, detect weak crypto, dump secrets. | | 🧰 **Debugging closed-source apps** | Observe internal logic and modify behavior at runtime. | ## Installation ![image](https://hackmd.io/_uploads/SkZMoPURlg.png) ### Installation -> Client - Install Frida cli tool ```python! pip3 install frida-tools ``` - Install Frida Python bindings ```python! pip3 install frida ``` - Check whether Frida has been installed successfully ![image](https://hackmd.io/_uploads/HJT6z_8Cxe.png) ### Installation -> Server( ) - Virtual mobile installs frida-server (https://github.com/frida/frida/releases), specific frida-server-17.4.0 android-x86.xz - frida-server on the device should match your Frida client on the PC. ![image](https://hackmd.io/_uploads/H1aSiJPRxg.png) ## Python bindings :::info Frida’s Python bindings let Python control Frida (discover devices/processes, attach or spawn, load JS instrumentation, receive messages, and call exported JS functions), so you write instrumentation logic in Frida JavaScript and use Python to automate, orchestrate, collect and analyze results. ::: - Import frida library into python ```python! import frida ``` - Use **get_usb_device()** function to get info device ```python! device=frida.get_usb_device() ``` - Spawn app ```python! pid=device.spawn("com.android.insecurebankv2") device.resume(pid) ``` - Insert the recently obtained PID into the section. ```python! session=device.attach(pid) ``` - Inject the hook_script into app ```python! script=session.create_script(hook_script) script.load() ``` ```python! import frida import time device = frida.get_usb_device() pid = device.spawn("com.android.insecurebankv2") device.resume(pid) time.sleep(1) # sleep 1 to avoid crash (sometime) session=device.attach(pid) hook_script=""" """ script=session.create_script(hook_script) script.load() input('...?') # prevent terminate ``` **- What is hook_script?** - This will be a script provided for Frida using the JavaScript API, which allows interaction with Java functions and objects. ![image](https://hackmd.io/_uploads/S15OQlwCex.png) - Codes provided for Frida wrapped in **Java.perform(function(){... })** ``` hook_script=""" Java.perform(function () { # do something }); """ ```