Useful Android Frida code snippets. (Utili frammenti di Frida per androidi)
Some of the snippets aren't made by me. Credits goes to the authors.
Basic js frida script template
Java.perform(function() {
// code goes here
console.log("Done.");
});Print class members and methods
console.log('Loaded class members and methods', Object.getOwnPropertyNames(Java.use('com.example.SomeClass').__proto__).join('\n\t'));Print webview loaded url
Java.use("android.webkit.WebView").loadUrl.overload("java.lang.String").implementation = function (s) {
console.log('webview loaded url = ', s.toString());
this.loadUrl.overload("java.lang.String").call(this, s);
};Get application context
function getApplicationContext() {
return Java.use('android.app.ActivityThread').currentApplication().getApplicationContext().getContentResolver();
}Print application android_id
function logAndroidId() {
console.log('android_id = ', Java.use('android.provider.Settings$Secure').getString(Java.use('android.app.ActivityThread').currentApplication().getApplicationContext().getContentResolver(), 'android_id'));
}Print shared preferences updates
var shared_pref_class = Java.use('android.app.SharedPreferencesImpl$EditorImpl');
shared_pref_class.putString.overload('java.lang.String', 'java.lang.String').implementation = function(k, v) {
console.log('Shared preference updated: ', k, '=', v);
return this.putString(k, v);
}
shared_pref_class.putInt.overload('java.lang.String', 'int').implementation = function(k, v) {
console.log('Shared preference updated: ', k, '=', v);
return this.putInt(k, v);
}
shared_pref_class.putFloat.overload('java.lang.String', 'float').implementation = function(k, v) {
console.log('Shared preference updated: ', k, '=', v);
return this.putFloat(k, v);
}
shared_pref_class.putBoolean.overload('java.lang.String', 'boolean').implementation = function(k, v) {
console.log('Shared preference updated: ', k, '=', v);
return this.putBoolean(k, v);
}
shared_pref_class.putLong.overload('java.lang.String', 'long').implementation = function(k, v) {
console.log('Shared preference updated: ', k, '=', v);
return this.putLong(k, v);
}
shared_pref_class.putStringSet.overload('java.lang.String', java.util.Set).implementation = function(k, v) {
console.log('Shared preference updated: ', k, '=', v);
return this.putStringSet(k, v);
}Create java array
var byteArr1 = Java.array('byte', [ 13, 37, 42 ]);Get hex string from byte array
function byteArrayToHexString(array, size) {
if (array == null) return 'null';
var result = [];
for (var i = 0; i < size; ++i) {
result.push(('0' + (array[i] & 0xFF).toString(16)).slice(-2));
}
return result.join('');
}
byteArrayToHexString(byteArr1, byteArr1.length);Get ascii string from byte array
function byteArrayToAscii(array, size) {
if (array == null) return 'null';
var result = [];
for (var i = 0; i < size; ++i) {
result.push(String.fromCharCode(
parseInt(
('0' + (array[i] & 0xFF).toString(16)).slice(-2),
16
)
));
}
return result.join('');
}
byteArrayToAscii(byteArr1, byteArr1.length);Print secret crypto keys bytes
function byteArrayToHexString(array, size) {
if (array == null) return 'null';
var result = [];
for (var i = 0; i < size; ++i) {
result.push(('0' + (array[i] & 0xFF).toString(16)).slice(-2));
}
return result.join('');
}
var SecretKeySpec_class = Java.use('javax.crypto.spec.SecretKeySpec');
SecretKeySpec_class.$init.overload('[B', 'java.lang.String').implementation = function(p0, p1) {
console.log('SecretKeySpec =', byteArrayToHexString(p0, p0.length), 'algo =', p1);
return this.$init(p0, p1);
};
SecretKeySpec_class.$init.overload('[B', 'int', 'int', 'java.lang.String').implementation = function(p0, p1, p2, p3) {
console.log('SecretKeySpec =', byteArrayToHexString(p0, p0.length), 'offset =', p1, 'size =', p2, 'algo =', p4);
return this.$init(p0, p1, p2, p3);
};Print all strings created at runtime
['java.lang.StringBuilder', 'java.lang.StringBuffer'].forEach(function(clazz, i) {
var func = 'toString';
Java.use(clazz)[func].implementation = function() {
var ret = this[func]();
console.log('String created: ' + ret);
return ret;
}
}); Print stacktrace in this point
Java.perform(function() {
var jAndroidLog = Java.use("android.util.Log"), jException = Java.use("java.lang.Exception");
console.log(jAndroidLog.getStackTraceString( jException.$new()));
}); TODO:
Add things from
- https://gitlab.com/roxanagogonea/frida-scripts/blob/master/data-storage/sqlite-database.js
- https://gitlab.com/roxanagogonea/frida-scripts/blob/master/data-storage/log.js
- https://gitlab.com/roxanagogonea/frida-scripts/blob/master/network/http-connection.js
- https://gitlab.com/roxanagogonea/frida-scripts/blob/master/network/read-write.js
- https://gitlab.com/roxanagogonea/frida-scripts/blob/master/network/ssl-pinning.js