Binary Instrumentation using Frida

Frida is a binary instrumentation tool which helps us in injecting scripts in black-box process.

So what is Frida, exactly?

It’s a dynamic code instrumentation toolkit. It lets you inject snippets of JavaScript or your own library into native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX. Frida also provides you with some simple tools built on top of the Frida API. These can be used as-is, tweaked to your needs, or serve as examples of how to use the API.

Frida is a major tool for a reverse engineer because it helps in hooking a function,

Here is an example:

Above is a small script where there a small authentication.

By compiling the above script using,

: gcc chal.c -o chal

Here our aim is to hook the function f. Here comes the use of frida. So we can use Frida to hook the function f and insert our own script:

from __future__ import print_function

import frida

import sys

session = frida.attach(“chal”);

script = session.create_script(“””

var st = Memory.allocUtf8String(“Login Successful”);

var f = new NativeFunction(ptr(“%s”), ‘int’, [‘pointer’]);

f(st);

“”” % int(sys.argv[1], 16))

def on_message(message,data):

print(message)

script.on(‘message’, on_message)

script.load()

By executing the above python script using the pid as a command argument we hook the function f . In NativeFunction param 2 is the return value type and param 3 is an array of input types. Basically this script injects “login successful” to the process id of the “chal” binary, in this way frida helps us to inject our scripts to the targeted binaries.