1 of 15

Intro to FRIDA

By Chase Killorin and Sohail Shaik

2 of 15

PSA

If you want to follow along download the VM!

https://drive.google.com/file/d/1TLF_8jkBgujCuEwHxXK3QsHKquWORPTO/view?usp=sharing

Or in research channel

3 of 15

$ whoami

Chase Killorin

  • Long Island, NY
  • 2nd ½ year?
  • Doing cool stuff usually
  • Rock climbing & Volleyball
  • Trying my best
  • Future MITRE intern

4 of 15

$ whoami

Sohail Shaik

  • Webster, NY
  • Redteam, CPTC, ops ?
  • 2nd year
  • Soccer & Fencing

5 of 15

0x04

0x05

0x06

0x01

0x02

0x03

What is Frida?

Why Frida?

How to use Frida

Combining Tools

Frida Labs

Demos

Not Frida Kahlo

Possibilities of the tool

Javascript API

Android Studio & JADX

What is it

Doing Frida Labs

6 of 15

What is Frida?

Is Frida

Isn’t Frida

Dynamic Code Instrumentation Toolkit

FOSS

Reversing Tool

Well Documented

Really Cool

Simple

Impossible

0x01

7 of 15

What is Frida?

Java

Interceptor

Stalker

Frida lets you lets you hook java functions

Interceptor is how frida intercepts functions

Stalker is Frida’s code tracing engine.

Objective-C

Frida lets you hook Objective-C functions

0x02

Frida has a lot more!

8 of 15

Uses of Frida

Following asm instructions,

While also being able to change the instructions

Tracing

Frida enhances fuzzing, enabling real-time monitoring and vulnerability detection.

Fuzzing

Manipulation Monitoring

Injection

Process

Application

Security Testing

Reversing

Exploitation

Mobile

0x03

9 of 15

Other Tools to use with Frida

  • Android Studio
    • Android Emulation
  • Jadx
    • Static Analysis
  • Apktool
    • Decode Resources
  • Adb
    • Connecting to Android Devices

0x04

10 of 15

How to Use Frida

Javascript API

*for mobile security

  • You want to test a mobile app
  • Install Frida Server on the device
  • Find functions you would want to modify
  • Hook functions with frida to change the functionality
  • Win

0x05

11 of 15

Using Frida more in depth

  • Acquire the binary
    • pull from phone or apkpure.com
  • Decompile with Jadx
    • Optionally: use apktool to get resources
  • Locate functions of interest
    • This depends on the goal of your testing
  • Now hook with Frida
    • From jadx you can copy as frida snipped
  • Test, and repeat

0x06

12 of 15

What is Frida Labs?

https://github.com/DERE-ad2001/Frida-Labs

0x07

13 of 15

Demo

Follow Along!

Challenge 0x1

https://github.com/DERE-ad2001/Frida-Labs

https://github.com/frida/frida

0x08

14 of 15

Instructions

Follow Along!

Challenge 0x1

https://github.com/DERE-ad2001/Frida-Labs

https://github.com/frida/frida

  • Make sure to download the vm from google drive
    • Or install android studio
      • Set up a virtual phone
    • Install jadx, android sdk tools, and adb
  • Now follow along and solve the challenge!

0x09

15 of 15

Questions?

About Frida?

Other Tools?

Message Us!

@chasek & @data_rot

0x10

CREDITS: This presentation template was created by Slidesgo, including icons by Flaticon, and infographics & images by Freepik.