frida-gadget 1.1.0

Frida gadget into an APK

frida-gadget is a APK patcher for frida gadget.

I hope this will help you to patch APK when you want to utilize the Frida gadget.

Installation

pip install frida-gadget

Prerequirement

You should install the Apktool and set the PATH environment variable. (Install apktool)

brew install apktool

Usage

$ frida-gadget --help
  Usage: frida-gadget [OPTIONS] APK_PATH

  Options:
    --arch TEXT  Support [arm, arm64, x86]
    --help       Show this message and exit.

Example

$ frida-gadget /Users/ksg/demo.apk  --arch arm64
  [INFO] Auto-detected frida version: 16.1.3
  [INFO] APK: '[REDACTED]\frida-gadget\tests\demo-apk\handtrackinggpu.apk'
  [INFO] Gadget Architecture(--arch): arm64(default)
  [DEBUG] Decompiling the target APK using apktool
  [DEBUG] Downloading the frida gadget library for arm64
  [DEBUG] Checking internet permission and extractNativeLibs settings
  [DEBUG] Adding 'android.permission.INTERNET' permission to AndroidManifest.xml
  [DEBUG] Searching for the main activity in the smali files
  [DEBUG] Found the main activity at '[REDACTED]\frida-gadget\tests\demo-apk\handtrackinggpu\smali\com\google\mediapipe\apps\handtrackinggpu\MainActivity.smali'
  [DEBUG] Locating the onCreate method and injecting the loadLibrary code
  [DEBUG] Recompiling the new APK using apktool
  [INFO] Success!

  [INFO] Output: [REDACTED]\frida-gadget\tests\demo-apk\handtrackinggpu\dist\handtrackinggpu.apk

$ unzip -l handtrackinggpu.apk | grep libfrida-gadget
  21133848  09-15-2021 02:28   lib/arm64-v8a/libfrida-gadget-16.1.3-android-arm64.so

loadLibrary code will be injected

Easy to re-sign your app by apk-signer

$ apk-signer handtrackinggpu.apk
  [Warning] Signing with default keystore.
  [Warning] Please pass --key_path, --key_alias, --key_pass, --ks_pass parameter, if you want to use your keystore
  handtrackinggpu-signed.apk

$ adb install handtrackinggpu-signed.apk

Similar Projects

https://github.com/sensepost/objection

https://github.com/NickstaDB/patch-apk