Control Which Frida-Server Version the Device Uses
At any point, you can downgrade or upgrade the version of Frida being used by rooted or jailbroken devices. This is useful if you require a specific Frida version for your testing.
Run a Custom frida-server on Android
-
Download the latest
frida-serverbinary for the arm64 architecture. This can be built from source or you can download a precompiled package from the release tags on Frida's GitHub. Specifically, you're looking forfrida-server-{RELEASE-NUMBER}-android-arm64.xz.wget https://github.com/frida/frida/releases/download/x.y.z/frida-server-x.y.z-android-arm64.xz -
Decompress the file.
xz -d frida-server-x.y.z-android-arm64.xz -
Connect to the device using the adb connect command provided in the UI.
adb connect {Services IP}:5001 -
Become super user.
adb root -
Push the
frida-serverfile to the virtual device.noteYou can also drop
frida-serverinto this path directly from the files tab if seeing slowadbuploads.adb push frida-server-x.y.z-android-arm64 /data/local/tmp -
Make the file executable.
adb shell chmod +x /data/local/tmp/frida-server-x.y.z-android-arm64 -
Before starting the
frida-serveryou've pushed to the device, stop or remove the built-infrida-serverto avoid conflicts.To stop:
adb shell stop fridaserverTo remove, you can find the path with:
adb shell which frida-serverThen remount the root filesystem as read-write:
adb shell mount -o remount,rw /Then remove:
adb shell rm /vendor/bin/frida-server -
Start your uploaded
frida-server.adb shell /data/local/tmp/frida-server-x.y.z-android-arm64Optionally, specify the interface
frida-serverlistens on, additionally adding a&to tellfrida-serverto run in the background.Frida-serverlistens on127.0.0.1:27042by default.For simplicity, we'll make
frida-serverlisten on all interfaces:adb shell /data/local/tmp/frida-server-x.y.z-android-arm64 -l 0.0.0.0 &Confirm frida-server is running:
netstat -tuln | grep 27042 -
With
frida-serverlistening on all interfaces(0.0.0.0)and you have an Android device connected via adb, you can start spawning and attaching to apps.Webview spawn and attach example:
% frida -U -f org.chromium.webview_shell
____
/ _ | Frida 16.6.6 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
. . . .
. . . . Connected to Corellium Generic (id=10.11.1.81:5001)
Spawned `org.chromium.webview_shell`. Resuming main thread!
[Corellium Generic::org.chromium.webview_shell ]->
If you have more than one device connected to the host machine over adb, then the scripts and different commands may have issues identifying which device to talk to. When connecting to a device over TCP/IP, the "serial number" becomes the IP address and port. This means you can identify the devices using the Services IP for both adb and frida commands like below:
adb -s 10.30.71.1:5001 shell /data/local/tmp/frida-server -l {Host IP}
Script to Change the frida-server version on Android
Recommended way to use script:
-
Copy the script contents, then create a
.shfile on your local workstation and paste the script contents into it. -
Use the device's files tab to drop the script somewhere on the device's filesystem.
-
In the device terminal, run
suto become root user. -
Run the bash script on the device, passing in the the
frida-serverversion you want to run as a command line argument.
Example:
./change_frida_version.sh 16.5.6
#!/bin/bash
# Pass in frida-server version as command line argument
FRIDA_VERSION=$1
# Remount root filesystem to read write
mount -o remount,rw /
# Pull frida-server package
if wget -O frida-server.xz \
"https://github.com/frida/frida/releases/download/${FRIDA_VERSION}/frida-server-${FRIDA_VERSION}-android-arm64.xz"; then
busybox xz -d frida-server.xz
else
echo "[+] Failed to download frida-server."
exit 1
fi
# Kill any existing frida-server process
pkill -9 frida-server >/dev/null 2>&1 || true
# Start frida-server on all interfaces
mv frida-server /data/local/tmp/ && chmod 755 /data/local/tmp/frida-server && nohup /data/local/tmp/frida-server -l 0.0.0.0 >/dev/null 2>&1 &
echo "[+] Started frida-server version $FRIDA_VERSION listening on all interfaces (0.0.0.0)."
Replace the Built-In Frida Server on iOS
Complete the following steps to replace the frida-server binary for iOS.
-
Create the file and paste in the script below (recommended to first ssh into the device before attempting to edit the file).
vim frida_update.sh -
Make the script executable for your user.
chmod u+x frida_update.sh -
Run the script from the root directory of your iOS device and pass in the version of
frida-serveryou would like to run.cd ~
./frida_update 16.0.5 -
You can verify the
frida-serverwas updated.frida-server --version
You can now begin interacting with the device's frida-server.
Script to Replace the Version of frida-server on your iOS Device
#!/bin/bash
FRIDA_VER=$1
# contains plist
cd /Library/LaunchDaemons/
# move plist to root
mv re.frida.server.plist ~
cd ~
# unload service
launchctl unload re.frida.server.plist
# stash plist
mv re.frida.server.plist /Library/LaunchDaemons
mv /Library/LaunchDaemons/re.frida.server.plist /Library/LaunchDaemons/re.frida.server.backup
# fetch FRIDA
wget -O /tmp/frida_${FRIDA_VER}_iphoneos-arm.deb https://github.com/frida/frida/releases/download/${FRIDA_VER}/frida_${FRIDA_VER}_iphoneos-arm.deb
# update server, agent and plist
dpkg -i /tmp/frida_${FRIDA_VER}_iphoneos-arm.deb
# restore plist
mv /Library/LaunchDaemons/re.frida.server.backup /Library/LaunchDaemons/re.frida.server.plist
# launch service using new plist
launchctl load /Library/LaunchDaemons/re.frida.server.plist
# delete package
rm /tmp/frida_${FRIDA_VER}_iphoneos-arm.deb