Frida is a dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Frida allows:
1)Injection of your own scripts into black box processes. 2)Hook any function. 3)Spy on crypto APIs or trace private application code. 4)Disable SSL Pinning and root checkers. and many more things....
Frida is one of the best tools to use during an application penetration testing.
The script does the following:
1 Unzips the APK passed as input. 2 Asks for the architecture of the Android device. There are two options: The architecture is known, then the gadget is injected only for that architecture. The architecture is unknow, then the gadget is injected in all architectures. 3 Asks for the library to be injected, then downloads the last gadget from Frida repository and injects it. 4 Removes the old signature. 5 Generates the APK with the name my_app.apk
Executable formats include libraries that are linked with executable. In the loading phase of the executable, the loader iterates over these libraries and map them in the memory space of the process. Once mapped it calls its constructor. The idea is to add frida-agent.so as a dependency of native libraries embedded in the APK.
This tool is inspired by "https://gitlab.com/jlajara/frida-gadget-lief-injector" Jorge/Frida gadget Lief injection but with new UI
Python 3.6
apt install python, python2
lief installation
pip install lief
xtract installation:
pip install xtract
Not checked on MacOS
pkg update, upgrade
apt up -y && apt update
pip install lief
pip install xtract
wget https://github.com/AbhiTheModder/frida_injection/releases/download/release-v1.1/frida_injection.py
Now run frida_injection.py
python frida_injection.py
Now you'll think why i made this as a new repo ? The reason is simple that Jorge stopped the work and furthur improvements on it and i'm a believer of non-root so i thought to continue this project....😊😊
Pull requests & issues are always welcomed
Video by Jorge Lajara
