# Frida

![](https://3928478158-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhjMjdRXwO33Lfo7uCpl6%2Fuploads%2Fgit-blob-8c5d6ef24ae54759175052b237351dccf0432770%2Fmapt.png?alt=media)

All the following main commands are implemented in [HacknDroid](https://github.com/RaffaDNDM/HacknDroid).

## Installation

1. Install frida-tools

```bash
pip install frida-tools
```

2. Identify the current `frida` version

```bash
frida --version
```

## Frida-server setup

1. Download frida-server for the current version of frida (for Android) from [here](https://github.com/frida/frida/releases)
2. Move the frida-server on the mobile device

```bash
adb push frida-server /data/local/tmp/
adb shell "chmod 755 /data/local/tmp/frida-server"
adb shell "su -c '/data/local/tmp/frida-server &'"
```

## Cheat sheet

### List applications

| Command        | Description                          |
| -------------- | ------------------------------------ |
| `frida-ps -U`  | List apps on USB device              |
| `frida-ps -Ua` | List apps including system processes |

### Attaching a running process

| Command                      | Description            |
| ---------------------------- | ---------------------- |
| `frida -U -n <package_name>` | Attach by package name |
| `frida -U <pid>`             | Attach by PID          |

### Spawn an app and inject script immediately

```bash
frida -U -f com.example.app -l myscript.js --no-pause
```

### Other frida tools

#### frida-trace

Trace native `open()` calls:

```bash
frida-trace -U -i "open" <package_name>
```

Trace Java methods:

```bash
frida-trace -U -j -i "java.io.*" <package_name>
```

Auto-instrument functions by pattern:

```bash
frida-trace -U -i "ssl*" <package_name>
```

#### REPL

Interactive JS REPL after attach:

```bash
frida -U -n <package_name>
```

#### frida-compile

Convert JS module into single file to load simpler:

```bash
frida-compile script/ -o script.compiled.js
```