Cracking Android apps with Frida
Vložit
- čas přidán 25. 12. 2022
- Magnus shows how to crack Android apps using the open source tool Frida. Frida speeds up reverse engineering and makes it easier to explore and patch closed source apps.
This is a re-recording of the presentation at the last 0xFF event in Stockholm, Sweden.
Check out out website for more free events. - Věda a technologie
I really appreciate the work you do, I mod apps and use Frida, it's good to see them married in one video.
And here I was just staring at decompiled smali code xD
Great instructional video, could You possible make one with Frida + Flutter? Not SSL pinning but some patching on the fly with frida? To print some values out that goes in and goes out from onClick functions? Thanks.
Thanks for making this Video. Do you guys make or have more resources like this that dives deep using Frida for more complex mobile applications ? Besides Frida documentation, and the owasp UnCrackable exercises.
Simply amazing. Of course most real world apps won't have such a convenient "hideAds" flag, but great for educational purposes anyway. High quality video.
Really good talk! I was able to replicate the TV4Play example on my phone, but I was not required to bypass the certificate pinning. Did you install a certificate for your MitM proxy on the phone? I installed my Burp certificate as a system certificate and that worked without a problem.
Thanks. Yes, I didn't go into detail of the MITM-setup but you're absolutely right in that it requires you to add the proxy CA-cert to the phone. Of course this is only needed for the exploration phase and the final patch works without root or custom CA-certs, yet another reason to have a dedicated phone for testing stuff out on.
Great video
ur really good at this damn
This is so cool
Hi, I am trying to reproduce the steps (dicer app) I am using real rooted device, android 13, Frida 16.1.11 and for instance frida-trace does not capture the clicks or other interactions in real time. Also I use the same script as yours but it does not print out the arguments, could someone please help ?thank you
Continue the tutorial like this
BTW how to online bypass signature
WHERE HAVE YOU BEEN A YEAR AGO!
Thanks for the video, I have a question that is not particularly frida related - Do you know if it is possible to fake a dns response to an android emulator or phone that are not connected to the internet, namely StandAlone?
More specifically - I am reversing an app that is sending a lot of requests to multiple servers and than waits for the right encrypted response from the server. Then the app decrypts it and compares it to a const string. I wanted to fake the response with the encrypted string to have a proof that I am correct with my decryption.
I will be glad if you'll answer, Thanks!
Glad you liked it! In your situation I would probably have the phone tether network over USB to a computer running dnsmasq (can act as a dhcp server and serve fake dns responses) and a web server. If the app is using SSL you'll need to install a custom CA certificate and possibly disable cert pinning in the app if used.
May I ask
How to run Frida on real device that is not rooted ?
Help is highly appreciated.
I will suggest to ask chatGpt, I am sure its answer will satisfy you :)
Nevertheless, I read that it is possible by installing frida-gadget or something like that, have fun!
@@yonatanhaldarov u have a packed one apk with Frida gadget
you probably cant, mayby an virtual space apk but wouldt know how to replicate it
friend, I would like to know if you could make the subtitles in English officially available because the subtitles automatically generated by CZcams are terrible and there is little quality content like yours
Auto subs.
What i best method to undetect for example banking app apk in root device?
1. Is that using magisk module, as we know that apk developer will update day by day so we hard to follow frequently every an update that support with magisk module.
2. Reverse engineering updateble apk with downgrade manifest?
3. You suggestion sir?
Great question. Personally I would never do banking on a rooted phone considering all the security implications, so that rules out option 1. I would patch the app statically and recompile and if there is an issue that it keeps getting updated I usually just change the app package name to not have the app store app recognize it.
Great video please don't whisper
makasih abangku sayang 🤯🤯🥳🥳🥳🥳😥😥😥
why did you pass const/4 while patching smali ? why not just const v11?
Bro, if I pay you, will you break an apk for me?
frida-trace -J doesn't work anymore it seems like...