Skip to content

1. Introduction

Jump to bottom
Jaimin Gohel edited this page Jan 6, 2024 · 5 revisions

What is Dynamic binary instrumentation?

Dynamic binary instrumentation (DBI) can be thought of as a technique used by a spy organization to gather information about the inner workings of rival organization.

Dynamic Binary Instrumentation Analogy

In this analogy, the rival organization is like a compiled program, and the spy organization is like a DBI tool. Just as the spy gathers information by observing and interacting with the rival organization, the DBI tool gathers information by analyzing and modifying the compiled program.

Introduction to Frida and dynamic instrumentation

Frida is a dynamic instrumentation tool that allows you to manipulate the behavior of running processes on a device. It works by injecting a JavaScript library into the process, which gives you access to the process's memory and allows you to manipulate its behavior in real-time.

Dynamic instrumentation is a powerful technique that can be used for a wide range of purposes, such as reverse engineering, penetration testing, and automating tasks. In this workshop, we will focus on using Frida for reverse engineering Android apps.

Dynamic binary instrumentation with FRIDA

Frida is available on the following platforms:

  • Android: Frida is commonly used for dynamic analysis and instrumentation of Android applications.

  • iOS: It supports instrumentation on iOS devices, making it valuable for analyzing and manipulating iOS applications.

  • Windows: Frida can be used for instrumentation on Windows systems, allowing dynamic analysis of Windows applications.

  • macOS: Frida is compatible with macOS, making it useful for analyzing and instrumenting applications on Apple's desktop operating system.

  • Linux: Frida supports Linux platforms, allowing dynamic instrumentation of applications running on Linux.

and many more...

As per FRIDA documentation

Why a Python API, but JavaScript debugging logic?

Frida’s core is written in C and injects QuickJS into the target processes, where your JS gets executed with full access to memory, hooking functions and even calling native functions inside the process. There’s a bi-directional communication channel that is used to talk between your app and the JS running inside the target process.

Using Python and JS allows for quick development with a risk-free API. Frida can help you easily catch errors in JS and provide you an exception rather than crashing.

Rather not write in Python? No problem. You can use Frida from C directly, and on top of this C core there are multiple language bindings, e.g. Node.js, Python, Swift, .NET, Qml, Go, etc. It is very easy to build additional bindings for other languages and environments.

Use cases for android apps

Frida provides many advanced features that allow you to perform more sophisticated manipulations of Android apps. Here are a few examples of what you can do with Frida:

  • Hook into method calls made by the app, and manipulate the arguments or return values
  • Bypassing client side controls such as:
    • Encryption
    • Root detection
    • SSL pinning
    • Emulator detection
    • Biometric Authentication
Clone this wiki locally