Injecting Shared Object in Android native process using Frida
This code is taken from https://github.com/oleavr/android-inject-custom
I have removed frida-gum dependency as it's not required for injection and have provided build system to build it for different architecture supported by Android NDK.
- Android NDK r22
- Rooted Android device
$ PATH="$PATH:$HOME/Android/Sdk/ndk/22.0.7026061" makeThis will build the injector, the agent, and an example program you can inject the agent into to easily observe the results.
$ PATH="$PATH:$HOME/Android/Sdk/ndk/22.0.7026061" make deployOpen a terminal and get into adb shell and launch the victim-x86_64 process.
$ adb shell
generic_x86_64:/ # cd /data/local/tmp/injection
generic_x86_64:/data/local/tmp/injection #
generic_x86_64:/data/local/tmp/injection # ./victim-x86_64
Victim running with PID 7521Then in another terminal change directory to where the injector-x86_64 binary is and run it.
generic_x86_64:/data/local/tmp/injection # ./injector-x86_64 -l /data/local/tmp/injection/libagent-x86_64.so -e entrypoint -p 7521
██╗███╗ ██╗ ██╗███████╗ ██████╗████████╗ ██████╗ ██████╗
██║████╗ ██║ ██║██╔════╝██╔════╝╚══██╔══╝██╔═══██╗██╔══██╗
██║██╔██╗ ██║ ██║█████╗ ██║ ██║ ██║ ██║██████╔╝
██║██║╚██╗██║██ ██║██╔══╝ ██║ ██║ ██║ ██║██╔══██╗
██║██║ ╚████║╚█████╔╝███████╗╚██████╗ ██║ ╚██████╔╝██║ ██║
╚═╝╚═╝ ╚═══╝ ╚════╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝
[+] Patching SeLinux policy
[+] Injecting library: /data/local/tmp/injection/libagent-x86_64.so in pid: 7521
[+] Injection completed
1|generic_x86_64:/data/local/tmp/injection #Note: If entry point is not provided the target process will crash after loading the shared object.
You should now see a message printed by the victim-x86_64 process when the entry point is called.
generic_x86_64:/data/local/tmp/injection # ./victim-x86_64
Victim running with PID 7521
entrypoint() called