Frida is a dynamic code instrumentation toolkit for developing, researching, and reversing applications.
For ease of use, we’ve included a Frida daemon in all iOS and Android VMs. To activate the included
frida-server, simply navigate to the
FRIDA tab, as shown shown below, and select a process to get started.
You can either use the Corellium user interface, or you can connect directly to the
frida-server. In the Corellium user interface, you can upload, edit, download, and execute scripts, as well as attach to processes and receive a
To interface directly with the
frida-server from your local machine, you must first connect to the VPN provided on the
CONNECT tab (for cloud users). Then, you must connect to the device.
For example, on Android, you must connect to adb. Once the device is connected and the local machine can see it, Frida will forward the necessary ports and connect using adb, which you can test using the
frida-ps -U command:
$ frida-ps -U PID Name ---- ------------------------------------------------------------- 396 adbd 1433 android.ext.services 240 email@example.com 315 android.hardware.audio.service 316 firstname.lastname@example.org 419 email@example.com 420 firstname.lastname@example.org 317 email@example.com ...
For iOS, to use the -U argument, make sure you have USBFlux running. If you want to connect without USBFlux using -H/--host, you should add a new entry 27042->27042 to the PORT FORWARDING tab of your VM and then use:
frida-ps -H [VM IP ADDRESS]:27042
To use the
FRIDA tab in the Corellium user interface, you must first select a process. When you click
Select a Process, you will be provided with all valid attachable processes on the device that are currently running. The list is explicitly filtered to exclude any processes that would render an error, such as processes that are statically linked or do not include libc. Below is an example of what you will see on the
Select a Process prompt. You can quickly filter the list by searching in the magnifying glass field in the top-right-hand corner.
One command which is explicitly different from the stock
frida cli is the
%load command. If you push a file to the VM, such as
/data/local/tmp, and want to load it into the console, you should use this command.
____ / _ | Frida 12.11.17 - A world-class dynamic instrumentation toolkit | (_| | > _ | Commands: /_/ |_| help -> Displays the help system . . . . object? -> Display information about 'object' . . . . exit/quit -> Exit . . . . . . . . More info at https://www.frida.re/docs/home/ [Remote::PID::320]-> %load /data/local/tmp/hook_java.js [+] Hook android.webkit.WebView.loadUrl()... [Remote::PID::320]->
Replacing the Built-in Frida Server on Android
If you want to replace the built-in frida server, to run a different version or a customized frida server: