You’re almost there — sign up to start building in Notion today.
Sign up or login
Reverse Engineering
What is Frida?

What is Frida?

Frida is a dynamic code instrumentation toolkit. It lets you inject your script into black-box processes(No source code needed). It allows you to inject your own code and to programmatically and interactively inspect and change running processes.
Frida, on the other hand, allows you to interact with the Android APK so you can inject code to bypass many of the techniques developers use to secure the apps. Some examples include bypassing the login screen to authenticate without a password or disabling SSL pinning to allow the hacker to see all the network traffic between your app and any backend servers.
Many of the method calls you make in your Android app can be hijacked or overridden by Frida for purposes that were never intended. By injecting JavaScript code, Frida can disable or enable a switch or pass fake parameters to gain access to information that would not otherwise be available.

How to install

Download the Frida client.
pip install frida-tools
Then download the android server from this address:
Note: Your Frida client version and server must be same.
If you are in emulator the x86 version is fine.
Then extract the Frida server. One of directories which can run binaries is
/data/local/tmp
. So put the frida-server on this directory and add execute permission to it. Now run it.
To test the connection use this command:
frida-ps -U # When using -U firda use adb connection to connect to it's server.
In case of -U didn’t work use device ID in adb:
C:\Users\Hossein>adb devices List of devices attached emulator-5554 device frida-ps -D emulator-5554

How Frida Works

First User have to create an file in which patching method written like Accessing any method value, or changing return value .
The patched method is sent from the computer of the User to the agent frida (installed on android device),
The agent being injected in the application on the mobile.
And there, the patch (in js) is compiled and used to patch application
While the application is running (the user of the phone starts the app)
The ART loads the app’s
.oat
file to run it and the
.so
containing FridaDroid + patch is started.
In the
.so
, FridaDroid hook ART functions
Get the references of the target method using the hooks obtained in (1).
Compile the patch and modify the reference to the target method with the binaries obtained at the end of the compilation.
The application continues to run

Frida Tools

Frida Cli : REPL interface, a tool aimed at rapid prototyping and easy debugging, for more Use
Frida -h
frida-ps : This is a command-line tool for listing processes, which is very useful when interacting with a remote system.
frida-trace : frida-trace is a tool for dynamically Monitoring/tracing Method calls. It is useful for debugging method calls on every event in mobile application.
frida-discover:
frida-discover
is a tool for discovering internal functions in a program, which can then be traced by using
frida-trace
.
frida-ls-devices: This is a command-line tool for listing attached devices, which is very useful when interacting with multiple devices.
frida-kill: This is a command-line tool for killing processes.