Hacking Android apps in Windows with Frida (Part I)

Frida is a dynamic instrumentation toolkit to debug and analyze processes in multiple platforms (Windows, Linux, MacOS, Android, iOS, …).

First thing before install frida-tools, you we’ll need python 3.x and pip tool. After that you can install easily Frida opening the Command Prompt as Administrator:

Installing frida toolkit in Windows

That’s all you need in your laptop.

Thanks for reading Learn Pentesting like a Pro! Subscribe for free to receive new posts.

As frida works like a client-server model, now we have to setup the frida server in your Android phone. (Assuming that you already have adb installed).

You can download the latest frida-server from the official github repository: https://github.com/frida/frida/releases. Most probably yours will be frida-server-14.2.15-android-arm64.xz.

After unzip it, connect your Android phone to your laptop and send the executable to your phone:

$ adb root # might be required
$ adb push frida-server /data/local/tmp/
$ adb shell "chmod 755 /data/local/tmp/frida-server"
$ adb shell "/data/local/tmp/frida-server &"

To test that everything works well, try to list your Android phone processes from your laptop Command Prompt as Administrator:

frida-ps -U 

That should output something similar to this:

Frida-ps listing Android phone processes

If that’s the case, your setup with frida is already finished 😎

To avoid to start frida-server after each reboot/shutdown, you can use MagiskFrida plugin for Magisk as shown below:

We will continue this series to dive into the Android apps internals. Stay tuned!


More about Android hacking in the next post:

Learn Pentesting like a Pro
✅ The Ultimate Cheat Sheet for Android and iOS hacking: Part II (Dynamic Analysis)
In this post you will learn how to use different tools and frameworks to audit the security of running Apps in Android and Apple smartphones. Android emulators Genymotion Genymotion Cloud: Cloud-based Android emulators running on SaaS or as virtual images on AWS, GCP or Alibaba Cloud (PaaS…
Read more

Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *