Skip to content

Latest commit

 

History

History
183 lines (144 loc) · 8.58 KB

README.rst

File metadata and controls

183 lines (144 loc) · 8.58 KB

frida-gadget

Codacy-Grade Docker LICENCE

frida-gadget is a tool for patching Android applications to integrate the Frida Gadget.
This tool automates the process of downloading the Frida gadget library and injecting the loadLibrary code into the main activity.

Installation

Py-Versions PyPI-Downloads

pip install frida-gadget --upgrade

Prerequirement

You should install apktool and add it to your PATH environment variable.

# Install Apktool on macOS
brew install apktool

# Add Apktool to your PATH environment variable
export PATH=$PATH:$HOME/.brew/bin
For other operating systems, such as Windows, you can refer to the Install Guide.

Usage

$ frida-gadget --help
  Usage: cli.py [OPTIONS] APK_PATH

    Patch an APK with the Frida gadget library

  Options:
    --arch TEXT                Target architecture of the device. (options: arm64, x86_64, arm, x86)
    --config TEXT              Upload the Frida configuration file.
    --custom-gadget-name TEXT  Custom name for the Frida gadget.
    --no-res                   Do not decode resources.
    --main-activity TEXT       Specify the main activity if desired. (e.g., com.example.MainActivity)
    --sign                     Automatically sign the APK using uber-apk-signer.
    --skip-decompile           Skip decompilation if desired.
    --skip-recompile           Skip recompilation if desired.
    --use-aapt2                Use aapt2 instead of aapt.
    --version                  Show version and exit.
    --help                     Show this message and exit.

How do I begin?

Simply provide the APK file with the target architecture.

$ frida-gadget handtrackinggpu.apk --sign
  [INFO] Auto-detected frida version: 16.1.3
  [INFO] APK: '[REDACTED]/demo-apk/handtrackinggpu.apk'
  [INFO] Auto-detected architecture via ADB: arm64-v8a # Alternatively, specify the architecture with --arch arm64
  [INFO] Gadget Architecture(--arch): arm64(default)
  [DEBUG] Decompiling the target APK using apktool
  [DEBUG] Downloading the frida gadget library for arm64
  [DEBUG] Checking internet permission and extractNativeLibs settings
  [DEBUG] Adding 'android.permission.INTERNET' permission to AndroidManifest.xml
  [DEBUG] Searching for the main activity in the smali files
  [DEBUG] Found the main activity at '[REDACTED]/frida-gadget/tests/demo-apk/handtrackinggpu/smali/com/google/mediapipe/apps/handtrackinggpu/MainActivity.smali'
  [DEBUG] Locating the onCreate method and injecting the loadLibrary code
  [DEBUG] Recompiling the new APK using apktool
  ...
  I: Building apk file...
  I: Copying unknown files/dir...
  I: Built apk into: [REDACTED]/demo-apk/handtrackinggpu/dist/handtrackinggpu.apk
  [INFO] Success
  ...

How to Identify?

Observe the main activity; the injected loadLibrary code will be visible.

https://github.com/ksg97031/frida-gadget/blob/trunk/images/decompile.png

Furthermore, the Frida gadget library has been injected into your APK.
$ unzip -l [REDACTED]/demo-apk/handtrackinggpu/dist/handtrackinggpu.apk | grep libfrida-gadget
  21133848  09-15-2021 02:28   lib/arm64-v8a/libfrida-gadget-16.1.3-android-arm64.so

With Docker

Use the -v flag to bind the current directory to the /workspace/mount directory inside the Docker container.
Ensure that your APK file is in the current directory, or replace $APK_DIRECTORY with the path to your APK file's location.

APK_DIRECTORY=$PWD
APK_FILENAME=example.apk
docker run -v $APK_DIRECTORY/:/workspace/mount ksg97031/frida-gadget mount/$APK_FILENAME --arch arm64 --sign

...
# The patched APK will be located at $APK_DIRECTORY/example/dist/example.apk

How to know device architecture?

Connect your device and run the following command:

adb shell getprop ro.product.cpu.abi
This command will output the architecture of your device, such as arm64-v8a, armeabi-v7a, x86, or x86_64.

- Most modern Android emulators use the x86_64 architecture.
- Newer high-end devices typically use arm64-v8a.
- Older or lower-end devices might use armeabi-v7a.
- Some specific emulators or devices may still use x86.

Contributing