How to start:
- Download Android SDK to use
adb
tools. - Download and install GenyMotion Android Emulator (rooted)
- Download
frida-server
image for Android from https://github.com/frida/frida/releases - Copy
frida-server
image file to/data/local/tmp/
path of emulator device. (you can useadb push
command or just drag & drop the file) - Use
adb shell "chmod 755 /data/local/tmp/{frida server file name}"
to set proper permissions forfrida-server
file. - Run
frida-server
usingadb shell "/data/local/tmp/{firda server file name} &"
command. - Download and install
python 3.7
. - Create a python environment and name it what you want, then activate it.
- In your env, use
pip install frida-tools
to install frida python package. - To see if everything works fine, in command line use
frida-ps -U
. this command will show a list of emulator device processes. - Download and install
rps.apk
from https://github.com/ctfs/write-ups-2015/blob/master/seccon-quals-ctf-2015/binary/reverse-engineering-android-apk-1/rps.apk - Run
rsp
app on emulator and then runpython ctf.py
. you will see the injected code works.
References:
https://frida.re/docs/android/
https://github.com/frida/frida/releases
https://github.com/ctfs/write-ups-2015/blob/master/seccon-quals-ctf-2015/binary/reverse-engineering-android-apk-1/rps.apk
https://book.hacktricks.xyz/mobile-apps-pentesting/android-app-pentesting/frida-tutorial
https://forum.xda-developers.com/t/official-xposed-for-lollipop-marshmallow-nougat-oreo-v90-beta3-2018-01-29.3034811/
https://labs.f-secure.com/tools/drozer/
https://github.com/m9rco/Genymotion_ARM_Translation/blob/master/package/Genymotion-ARM-Translation_for_8.0.zip