3. DYNAMIC INSTRUMENTATION
• Using Xposed Modules
• Using adbi
• Other tools using Library Injection Techniques , LD_PRELOAD
• Xposed Framework being the most famous with larger user / developer base
5. How it’s done currently ?
• Xposed Framework
• Xposed modules are indented to make long lasting changes to devices
• Install Xposed Installer , which installs the xposed –bridge
• Replaces app_process with a modified version which loads the bridge which enables the hooking func
• Write app using java ( android studio ) using the deps and install it on the device
• To activate the module , reboot
• If you need to change something , reboot
10. DIFF-DROID
• Based on Frida
• Supports Hooking Native and Java Methods
• Web UI , with editable scripts to hook Android Methods
• Re-usable Modules which can be combined as well
• Instant changes in hooking scripts
• No Restarts at allJ
15. INTERNALS
• Frida-server injects a native library into the process using the ptrace api . This is the only support
injection mechanism for now .
• Loads the hook code and replaces / logs the fuction/arguments accordingly
• Send method is used to send data from JVM to python side
• Java.perfrom is used to hook Dalvik Code
• Interceptor.attach is used to hook Native Code
• Most exceptions are handled gracefully with a detailed stacktrace
16. CONT ..
• Zero Modification to the device
• Just push frida-server binary to the device and exec ( requires root )
• Communicates to the system component over adb
• Updates from the instrumentation script is pushed to the web using Server side push for real-time
updates
• Using redis-server as message que
23. FEW WORDS FROM OLE ANDRÉ VADLA RAVNÅS
• Future of Frida is the Community !
• We have an active irc @ freenode #frida
• Frida Mailing List
• Happy to have community contributions in terms of Code /
Documentation / Apps based on Frida