Frida is a dynamic instrumentation framework which can be very useful for reverse engineering, security auditing, fuzzing and more.

  1. Download the latest 'frida-server' binary for the arm64 architecture. This can be built from source or grabbed from the release tags on Frida's github. Specifically, you're looking for`frida-server-{RELEASE-NUMBER}-android-arm64.xz`.

  2. Download and extract this file.

  3. Push it to the virtual device, make it executable, and run it:

$ wget "https://github.com/frida/frida/releases/download/12.7.5/frida-server-12.7.5-android-arm64.xz"
$ xz -d frida-server-12.7.5-android-arm64.xz
$ adb connect 10.x.x.x:5001
$ adb push frida-server-12.7.5-android-arm64 /data/local/tmp/frida-server
$ adb shell chmod +x /data/local/tmp/frida-server
$ adb shell /data/local/tmp/frida-server &

Replacing `10.x.x.x:5001` with the correct Services IP listed on your device page.

Assuming `frida-server` has been run properly, `frida` on your host machine should automatically see this as a connected usb device. You can test this by running the normal `frida-ps -U` command.

More Than One Device

If you have more than one device connected to the host machine with `adb` enabled, then scripts and different commands may have issues identifying which device to talk too. When connecting to a device over tcp/ip, the "serial number" becomes the ip address and port. This means you can identify the devices using the `Services IP` for both `adb` and `frida` commands like below:

$ adb -s 10.30.71.1:5001 shell /data/local/tmp/frida-server &

For usage in a `frida` script, you'll need to utilize the `DeviceManager` and assert which device you want to connect to. Below is an example python script which would load a script against a specific package name:

#!/usr/bin/python3
# unpacker.py
import frida
import sys
device_ip = '10.x.x.x:5001'
script_name = 'emulator_cloak.js'
fd = open(script_name, 'r')
package_name = 'diff.strazzere.anti'
def on_message(message, data):
if message['type'] == 'send':
print('[*] {0}'.format(message['payload']))
else:
print(message)

dm = frida.get_device_manager()
device = dm.get_device(device_ip)
pid = device.spawn([package_name])
session = device.attach(pid)
script = session.create_script(fd.read())
fd.close()
script.on('message', on_message)
script.load()
device.resume(pid)
sys.stdin.read()


Did this answer your question?