Code Tampering
To tamper an APK file, the foolowing steps should be performed:
- Disassemble the app with
apktool
and save the smali code into output directory
apktool d <APK_file> -o <directory_output>
- Modify the smali code of your app (or the resource files if needed)
- Build the modified APK with
apktool
apktool b <directory_output> -o <new_APK_file>
- Sign the APK (see Application Signing)
- (Optional) Use
zipalign
to provide optimization to the APK file
zipalign -fv 4 <input_APK> <output_APK>
Frida
Installation
Install Frida and Python bindings on your system using pip
pip install frida frida-tools
Download the Frida server binary matching the targeted architecture and your Frida version
VER=`frida --version` ABI=`adb shell getprop ro.product.cpu.abi` wget https://github.com/frida/frida/releases/download/$VER/frida-server-$VER-android-$ABI.xz xz -d frida-server-$VER-android-$ABI.xz
Upload and execute the Frida server binary on your Android device (root privileges are needed)
VER=`frida --version` ABI=`adb shell getprop ro.product.cpu.abi` adb root adb push frida-server-$VER-android-$ABI /data/local/tmp/frida adb shell "chmod 755 /data/local/tmp/frida" adb shell "/data/local/tmp/frida"
Tools
List running processes (emulators or devices connected through USB)
frida-ps -U
List only installed applications
frida-ps -U -i
Attach Frida client to the specified application (emulator or device connected through USB)
frida -U <package_name>
Spawn the specified application (emulator or device connected through USB)
frida -U -f <package_name>
Spawn the specified application without any pause at the beginning (emulator or device connected through USB)
frida -U -f <package_name> --no-pause
Load a Frida script when attaching to the specified application
frida -U -l <script_file> <package_name>
Objection
Inject Frida Gadget library inside an APK file by specifying the targeted architecture (if emulator not running or device not connected)
objection patchapk --source <APK_file> -V <frida_version> --architecture <arch>
Inject Frida Gadget library inside an APK file using lastest Frida version available on Github (if emulator running or device connected to the device)
objection patchapk --source <APK_file>
*Beware click the link!