Frida CodeShare: Building a Community of Giants
I’m a huge fan of open source software. It, in a very organic way, creates a community of individuals working together to build something awesome not for monetary reward, but because they’re passionate about it. Sure tools like GitHub & friends have their problems, but It’s truly breathtaking to see how much of a catalyst for social communities they’ve turned into. It’s the ecosystem and collaborative tooling they offer that allows so many amazing projects to flourish in the way they do. As with everything though, for some communities they find it’s not always one-size-fits-all.
Enter Frida
I’ve long chattered away to anyone who would listen about Frida, as it’s by far my personal favorite tool for RE tasks. It’s an amazing piece of open source software, extremely well designed, and the applications for it are almost limitless in their possibilities. It’s also written largely by one person, Ole André Vadla Ravnås — whom I would consider a giant in the RE community and a good friend. He has been tirelessly working on it for at least the past 5 years, and is excited about it every single time I’ve talked to him, seemingly without fail. He’s also one of the most humble engineers I’ve ever had the pleasure of collaborating with, and someone I truly strive to emulate on a daily basis.
Before discovering Frida I was a long-time user of Vivisect (another great RE toolset) to accomplish the things I wanted, but unfortunately it had some stability issues, some confusing APIs, and was being developed on a non-public repository, which meant that it had basically no accessible community to go to for solving my problems. Same goes for Intel’s PIN. I’ve used it to great outcomes, but it left a lot to be desired and I generally found myself fighting against these frameworks instead of focusing on working towards my goal.
When I found Frida it was truly a breath of fresh air. Its development was done in the open, Ole André Vadla Ravnås is extremely responsive, and its architecture was such that I had awesome flexibility to develop on and against basically whatever platforms I wanted. In one word — awesome.
Let’s talk about abstractions
Abstractions are a great thing. It’s what lets people like me drive a car with little knowledge of how my car’s engine works. It’s what allows my grandmother to email me, even though she has no working knowledge of just how much effort goes into moving those humble bytes across the globe.
Building abstractions is a great thing, but building the RIGHT abstractions is vital to it not being a wasted effort (I’d much rather have functional duplication than the wrong abstraction!). It’s also very hard to design the right abstraction while having intimate knowledge of a field, since you take details that might not be obvious for granted (“Of course everyone knows how a sparkplug works, right?”).
With that, let’s talk about Frida.
Frida has been more or less typecast into a reverse engineering tool (and to be clear — it IS an RE tool), and the perception that it has the same barrier of entry as the rest of the complex tools out there, but both Ole André and I think it can be used for so much more by a much broader community. When I look at Frida I see a vision of a flourishing community of people sharing and building basic blocks that can be easily stitched together to accomplish great things with minimal code or effort. The groundwork is already there, it just needs the community.
Unfortunately, GitHub really doesn’t seem to be the ideal place to build a lot of this sort of ecosystem. Ole André has maintained a rich plugin API for Frida, and released quite a few modules, yet there is no easy method for finding and running these plugins/code snippits through GitHub. Other projects have powered their way though this barrier, but we think it warrants something different.
Introducing CodeShare
As Ole André and I were talking about the problem of adoption and how we could stoke developers, system administrators, and folks who generally don’t dip their toe into the RE world to start using Frida, an idea came about — what about something like ActiveState’s Recipes or command line fu? That way we can have a decent ranking algorithm and community dedicated to nothing but Frida modules and snippits, and with minimal effort integrate it directly into the frida command so you can accomplish an un-godly amount of awesome in 2 simple commands on any computer.
We envisioned a world where we as reverse engineers would be able to help build the right tools that people need and would use on a regular basis. Imagine if dtrace had a good social community behind it ensuring it grew properly — that’s what we’re aiming for.
Imagine being able to run a single command to be able to examine every value that’s run through a hashing library, or one command to visualize every network connection made on a map, or one command to monitor your application’s memory allocations with a black-box implementation of Google’s AddressSanitizer. These aren’t pipe dreams — these are things that Ole André and I have actually built using Frida.
Unfortunately it takes effort and time to maintain stuff like that, and while it seems that Ole André never actually sleeps (I’m fairly certain he has one of these at home), everyone is busy, and the effort put in to maintain a github repo and small community for a one-off project is usually higher than it’s worth.
So I spent a bit of my free time hacking something together and slapped a coat of paint on it. It’s rough around the edges, but as people use it, it’ll only get better, and I’m extremely excited to think about what this could someday be.
So this is a call to arms for you, dear reader — help us achieve our dream where everyone can use Frida, not just those of us who spend our days mucking around with memory addresses and hexadecimal!
Frida is stupid simple to install, and you can get started by running this (all it does is console.log() some ascii art as a demo, source here):
$ sudo pip install frida
$ frida --codeshare fitblip/hello-world -f /usr/local/bin/pythonClick below to check it out!
