Automated Frida Gadget injection tool
Project description
frida-gadget is a tool that can be used to patch APKs in order to utilize the Frida Gadget.
This tool automates the process of downloading the Frida gadget library and injecting the loadlibrary code into the main activity.
Installation
pip install frida-gadget --upgrade
Prerequirement
You should install Apktool and add it to your PATH environment variable.
# Install Apktool on macOS
brew install apktool
# Add Apktool to your PATH environment variable
export PATH=$PATH:$HOME/.brew/bin
For other operating systems, you can refer to the Install Guide.
Docker
The -v flag is used to bind mount the current directory to the /workspace/mount directory inside the container.
Ensure that your APK file is located in the current directory, or replace $APK_DIRECTORY with the path to the directory where the APK file is stored.
APK_DIRECTORY=$PWD
APK_FILENAME=example.apk
docker run -v $APK_DIRECTORY/:/workspace/mount ksg97031/frida-gadget mount/$APK_FILENAME --arch arm64 --sign
...
# New apk is in the $APK_DIRECTORY/example/dist/example.apk
Usage
$ frida-gadget --help
Usage: cli.py [OPTIONS] APK_PATH
Patch an APK with the Frida gadget library
Options:
--arch TEXT Target architecture of the device. (options: arm64, x86_64, arm, x86)
--config TEXT Upload the Frida configuration file.
--no-res Do not decode resources.
--main-activity TEXT Specify the main activity if desired. (e.g., com.example.MainActivity)
--sign Automatically sign the APK using uber-apk-signer.
--skip-decompile Skip decompilation if desired.
--skip-recompile Skip recompilation if desired.
--use-aapt2 Use aapt2 instead of aapt.
--version Show version and exit.
--help Show this message and exit.
How do I begin?
Simply provide the APK file with the target architecture.
$ frida-gadget handtrackinggpu.apk --arch arm64 --sign
[INFO] Auto-detected frida version: 16.1.3
[INFO] APK: '[REDACTED]\demo-apk\handtrackinggpu.apk'
[INFO] Gadget Architecture(--arch): arm64(default)
[DEBUG] Decompiling the target APK using apktool
[DEBUG] Downloading the frida gadget library for arm64
[DEBUG] Checking internet permission and extractNativeLibs settings
[DEBUG] Adding 'android.permission.INTERNET' permission to AndroidManifest.xml
[DEBUG] Searching for the main activity in the smali files
[DEBUG] Found the main activity at '[REDACTED]\frida-gadget\tests\demo-apk\handtrackinggpu\smali\com\google\mediapipe\apps\handtrackinggpu\MainActivity.smali'
[DEBUG] Locating the onCreate method and injecting the loadLibrary code
[DEBUG] Recompiling the new APK using apktool
...
I: Building apk file...
I: Copying unknown files/dir...
I: Built apk into: [REDACTED]\demo-apk\handtrackinggpu\dist\handtrackinggpu.apk
[INFO] Success
...
$ unzip -l [REDACTED]\demo-apk\handtrackinggpu\dist\handtrackinggpu.apk | grep libfrida-gadget
21133848 09-15-2021 02:28 lib/arm64-v8a/libfrida-gadget-16.1.3-android-arm64.so
How to know device architecture?
Connect your device and run the following command:
adb shell getprop ro.product.cpu.abi
This command will output the architecture of your device, such as arm64-v8a, armeabi-v7a, x86, or x86_64.
- Most modern Android emulators use the x86_64 architecture.
- Newer high-end devices typically use arm64-v8a.
- Older or lower-end devices might use armeabi-v7a.
- Some specific emulators or devices may still use x86.
How to Identify?
Observe the main activity; the injected loadLibrary code will be visible.
Resigning the APK
After modifying the APK, you need to re-sign it.
You can quickly re-sign your application with the --sign option.
This option uses uber-apk-signer.
Contributing
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
frida-gadget-1.4.4.tar.gz
(12.2 kB
view details)
File details
Details for the file frida-gadget-1.4.4.tar.gz
.
File metadata
- Download URL: frida-gadget-1.4.4.tar.gz
- Upload date:
- Size: 12.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1c6bcb811b7641cd90b56dbe6a4e47d22a9cf918c20f288454e0ba9b105024f9 |
|
MD5 | 6fd4ede9cb7b5f097ba36a8b4321ed23 |
|
BLAKE2b-256 | 8df18a1aed3a38be1a97290ab54a1556cd3ca68b2de976d7785287eebf32ccee |