---
title: Frida & R2Frida
categories: [cheatsheets]
tags: [reversing, mobile]
---

# Frida and r2frida on Android Apps

## Workflow ~ initial

* Setup the Phone (rooted = better)
* download frida-server (arm64) and move it to the phone `adb push frida-server /data/local/tmp/frida-server && adb shell "chmod 755 /data/local/tmp/frida-server"`
* Connect to the server using Frida/r2frida


### Frida

* Test the connection with: `frida-ps -U` to list all the processes on the device.
* List all devices: `frida-ls-devices -U`
* Interactive Scripting with `frida -U -f com.app.name` (-f to start the application (1))


### r2frida

* To interact with it: `radare2 frida://<device-id>/<pid,name, ..>`
* Get device id with `frida-ls-devices -U`
* usen two slashes to tell r2frida to start the application if its not already started (1).
* All frida commands can be used with `\<command>` , for example `\?` to view the help page.
* List all java classes: `\ic` (2)


## Hooking Functions




# Notes

* (1) when starting directly with frida, this can bypass security mechanisms, because the app is instrumented before the startup happens!
* (2) This works better than the Java.Enumerate...Classes() function in Frida