android-debugging-frida.md 1.2 KB
title: Frida & R2Frida categories: [cheatsheets]
- Setup the Phone (rooted = better)
- download frida-server (arm64) and move it to the phone
adb push frida-server /data/local/tmp/frida-server && adb shell "chmod 755 /data/local/tmp/frida-server" - Connect to the server using Frida/r2frida
- Test the connection with:
frida-ps -Uto list all the processes on the device. - List all devices:
frida-ls-devices -U - Interactive Scripting with
frida -U -f com.app.name(-f to start the application (1))
- To interact with it:
radare2 frida://<device-id>/<pid,name, ..> - Get device id with
frida-ls-devices -U - usen two slashes to tell r2frida to start the application if its not already started (1).
- All frida commands can be used with
\<command>, for example\?to view the help page. - List all java classes:
\ic(2)
- (1) when starting directly with frida, this can bypass security mechanisms, because the app is instrumented before the startup happens!
- (2) This works better than the Java.Enumerate...Classes() function in Frida