- 0xduraki

Frida

Frida Internals

frida-gum is a cross-platform instrumentation and introspection library written in C. This library is consumed by frida-core through its JavaScript bindings, GumJS. See official documentation for more details and possible providers. The following example shows how to use frida-gum for standalone injection; specifically via iOS dylib injection.

Prototyping with Fermion

Fermion is an electron application that wraps frida-node and monaco-editor. It offers a fully integrated environment to prototype, test and refine Frida scripts through a single UI. With the integration of Monaco come all the features you would expect from Visual Studio Code: Linting, IntelliSense, keybindings, etc. In addition, Fermion has a TypeScript language definition for the Frida API so it is easy to write Frida scripts.

Frida Scripting

It’s recommended to develop Frida scripts using TypeScript, which contains code auto-completion and instant type-checking feedback. The TypeScript is typically compiled to a final Javascript file agent.js.

$ git clone https://github.com/oleavr/frida-agent-example.git my-new-script
$ cd my-new-script/
$ npm install
$ npm run watch
$ frida -U -f com.durakiconsulting.com --no-pause -l _agent.js

Scripts Directory

Frida Stalker

Scripts Dictionary

  • Interruptor - Human-friendly interrupts hook library based on Frida’s Stalker

Tools of Trades

Links to this note

duraki notes

Frida

iOS Reverse Engineering

Upgrade to latest Frida version

Jailbreak Bypass

Frida as a standalone instrumentation

Network Reverse Engineering

fritap is a Python package that can be used to analyze network traffic on SSL/TLS transport layers. Works on SSL/TLS and supports all major operating systems (MacOS, iOS, Linux, Windows, Android). It is based on frida, therefore it require frida-server to be up and running on the iOS/Android device.

r2frida

r2frida is a self-contained plugin for radare2 that allows to instrument remote processes using frida.