parent
9e074cf483
commit
c272d62903
GPG key ID:
B66AEEDA9B645AD2
3 changed files with 15 additions and 6 deletions
|
|
@ -1,4 +1,4 @@
|
|||
#import "../lib.typ": todo, APK, IDE, SDK, DEX, ADB, ART, eg, XML, AXML
|
||||
#import "../lib.typ": todo, APK, IDE, SDK, DEX, ADB, ART, eg, XML, AXML, API
|
||||
|
||||
== Android Reverse Engineering Tools <sec:bg-tools>
|
||||
|
||||
|
|
@ -69,6 +69,13 @@ Compared to Soot, it has a modernize interface and architecture, but it is not y
|
|||
|
||||
=== Frida <sec:bg-frida>
|
||||
|
||||
Fidra#footnote[https://frida.re/] is a dynamic intrumentation toolki.
|
||||
Fidra#footnote[https://frida.re/] is a dynamic intrumentation toolkit.
|
||||
It allows the reverse engineer to inject and run javascript code inside a running application.
|
||||
|
||||
To instrument an application, the frida server must be running as root on the phone, or the frida librairy must be injected inside the #APK file before installing it.
|
||||
Frida defines a javascript wrapper arround the Java Native Interface (JNI) used by native code to interact with Java classes and the Android i#API.
|
||||
In addition to allowing interaction with Java objects from the application and the Android API, this wrapper provide the option to replace a method implementation by a javascript function (that itself can call the original method implementation if needed).
|
||||
This make Frida a powerfull tool capable of collecting runtime informations or modifying the behavior of an application as needed.
|
||||
|
||||
The main drawback of using Frida is that it is a known tools easily detected by applications.
|
||||
Malware might implement countermeasures that avoid running malicious payload in presence of Frida.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue