Skip to content
Inject frida agents on local processes through an Android app
Java JavaScript
Branch: master
Clone or download
Latest commit f3a7f26 Jan 14, 2020
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
fridainjector implementing sync interfaces Jan 14, 2020
fridainjectorexample implementing sync interfaces Jan 14, 2020
gradle/wrapper push Jan 5, 2020
.gitignore push Jan 5, 2020
README.md
build.gradle push Jan 5, 2020
example.apk 1.1 Jan 6, 2020
gradle.properties push Jan 5, 2020
gradlew push Jan 5, 2020
gradlew.bat
settings.gradle push Jan 5, 2020

README.md

Frida Injector for Android

is a library allowing you to inject frida agents from an Android application.

The things are very very easy:

Setup

allprojects {
		repositories {
			...
			maven { url 'https://jitpack.io' }
		}
	}
dependencies {
        implementation 'com.github.iGio90:FridaAndroidInjector:+'
}

How to:

    try {
        // build an instance of FridaInjector providing binaries for arm/arm64/x86/x86_64 as needed
        // assets/frida-inject-12.8.2-android-arm64
        FridaInjector fridaInjector = new FridaInjector.Builder(this)
                .withArm64Injector("frida-inject-12.8.2-android-arm64")
                .build();

        // build an instance of FridaAgent
        FridaAgent fridaAgent = new FridaAgent.Builder(this)
                .withAgentFromAssets("agent.js")
                .build();

        // inject systemUi
        fridaInjector.inject(fridaAgent, "com.android.systemui", true);
    } catch (IOException e) {
        e.printStackTrace();
    }

Implementing "on('message')"

    public class MainActivity extends AppCompatActivity implements OnMessage {
        @Override
        public void onMessage(String data) {
            try {
                JSONObject object = new JSONObject(data);
                Log.e("FridaInjector", "SystemUI pid: " + object.getString("pid"));
            } catch (JSONException e) {
                e.printStackTrace();
            }
        }
    }
    FridaAgent fridaAgent = new FridaAgent.Builder(this)
            .withAgentFromAssets("agent.js")
            .withOnMessage(this)
            .build();

and from your agent

    Java.send({'pid': Process.id});

Implementing sync interfaces

this allows to play with target objects in runtime from your java impl

public class Interfaces {
    static final class ActivityInterface implements FridaInterface {
        @Override
        public Object call(Object[] args) {
            Log.e("FridaAndroidInject", Arrays.toString(args));
            return null;
        }
    }
}
// register a custom interface
fridaAgent.registerInterface("activityInterface", Interfaces.ActivityInterface.class);

and from your agent

var app = Java.use("android.app.Activity");
app.onResume.overloads[0].implementation = function() {
    this.onResume.apply(this, arguments);
    Java.activityInterface(Java.cast(this, app), "otherArg1", "otherArg2");
};

additional

  • console.log is redirected to Log.e("FridaAndroidInject", what);

The example apk here is built and ready to try. You will see it works! (only arm64).

You can’t perform that action at this time.