Hacking Android apps in Windows with Frida (Part I)

Penetration Testing Wiki

Hacking Android apps in Windows with Frida (Part I)

Cybersecurity Android Apps

Frida is a dynamic instrumentation toolkit to debug and analyze processes in multiple platforms (Windows, Linux, MacOS, Android, iOS, …).

First thing before install frida-tools, you we’ll need python 3.x and pip tool. After that you can install easily Frida opening the Command Prompt as Administrator:

Installing frida toolkit in Windows
Installing frida toolkit in Windows

That’s all you need in your laptop.

As frida works like a client-server model, now we have to setup the frida server in your Android phone. (Assuming that you already have adb installed).

You can download the latest frida-server from the official github repository: https://github.com/frida/frida/releases. Most probably yours will be frida-server-14.2.15-android-arm64.xz.

After unzip it, connect your Android phone to your laptop and send the executable to your phone:

$ adb root # might be required
$ adb push frida-server /data/local/tmp/
$ adb shell "chmod 755 /data/local/tmp/frida-server"
$ adb shell "/data/local/tmp/frida-server &"

To test that everything works well, try to list your Android phone processes from your laptop Command Prompt as Administrator:

frida-ps -U 

That should output something similar to this:

Frida-ps listing Android phone processes
Frida-ps listing Android phone processes

If that’s the case, your setup with frida is already finished 😎

To avoid to start frida-server after each reboot/shutdown, you can use MagiskFrida plugin for Magisk as shown below:

Magisk Modules (MagiskFrida)

We will continue this series to dive into the Android apps internals in the following weeks.