An Introduction to Frida

Cesar Rodriguez
Nov 17, 2021 · 3 min read

A dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

Frida is a dynamic binary instrumentation framework. A DBI tool lets the user modify a running process to change the behavior without doing binary patching. These types of tools are used in a wide variety of software engineering domains such as performance analysis, reverse engineering, binary patching, and many more. When doing mobile assessment, these tools allow the pentester to bypass some security checks (like root detection or SSL pinning).

Before Frida, most tools required the user to build a module or a binary injected into the objective process by the DBI tool. This workflow was tedious, and it took a lot of time for a user to create a working module. Also, the difficulty of building a desired patch increased exponentially based on the complexity of the change.

Another limitation in most DBI tools is that they work in limited scenarios or technologies, so you need to use multiple tools to engage different environments (Android, iOS, Linux, Windows, Mac).

Frida has a different approach. It is not a tool but a framework that you can use in all the scenarios we mentioned. It is possible as well to extend the compatibility of the framework to new languages or technologies. But the best feature of Frida is creating scripts in the JavaScript language and running them in runtime. So it is useful for those who try to patch a binary. From now on, they won’t need to build modules anymore. It highly accelerates the process of doing binary instrumentation. These are the main reasons that have made Frida in a very short amount of time the de facto DBI framework used in most environments.

Although Frida is a fantastic tool, there are no in-depth tutorials or workshops that teach beginner users. They have to face the painful path of learning by examples and by reading blog posts with working examples or guessing ways to patch particular cases. That was the main reason I created this workshop.

The workshop explains how to create scripts in Frida to do binary instrumentation in the Java layer on the Android environment. The goal is to learn how to create scripts regardless of the scenario and understand scripts used for other tools.

The content of the workshop includes:

* Creation of scripts to hook methods.

* Creation of scripts to override methods.

* Creation of scripts to hook overloaded methods.

* Creation of scripts to find stack trace of function and log parts of the code.

* Methodology to develop scripts to bypass security restrictions, reversing of Android APKs in order to find what to hook.

The APKs and presentation can be downloaded from: https://github.com/CesarMRodriguez/eko_2021

Here is a list of resources you can check to learn a bit more of Frida:

Cesar RodriguezSr Security Consultant at Faraday

For more information about Faraday products and our new version, click here

Faraday

Faraday Platform helps you perform security engineering by…

Faraday

Faraday Platform helps you perform security engineering by maximizing your team’s resources, increasing risk visibility by converting all your data into valuable information https://www.faradaysec.com/

Cesar Rodriguez

Written by

Faraday

Faraday Platform helps you perform security engineering by maximizing your team’s resources, increasing risk visibility by converting all your data into valuable information https://www.faradaysec.com/