Skip to content

Latest commit

 

History

History
84 lines (58 loc) · 3.55 KB

README.md

File metadata and controls

84 lines (58 loc) · 3.55 KB
Raw

frida-gadget injector (fgi)

Another frida-gadget injector for APK with laziness in mind:

  • Windows & Linux support
  • Downloads and updates dependencies
  • Can inject multiple frida-gadget`s architectures
  • Built-in configs that save a lot of time
  • Can rename frida-gadget and script libraries to bypass detection by name
  • Uses APKEditor instead of apktool to reduce the number of dependencies and amount of time

Installing

Windows (tested on Windows 11)

  • Ensure Android Studio or Android Build tools installed
  • Ensure JDK installed
  • Ensure deps in path, if not:
    • Open start menu and type environment
    • Click on Edit the system environment variables
    • Click Environment variables...
    • Select Path and click Edit...
    • Add build tools and keytool into path:
      • Click on New
      • Enter path to build tools, e.g. C:\Users\User\AppData\Local\build-tools\x.y.z
      • Click New again
      • Enter path of JAVA_HOME + /bin, e.g. C:\Program Files\Java\jdk-22\bin
  • Run pip install git+https://github.com/commonuserlol/fgi

Linux

  • Ensure JDK installed
  • Ensure zipalign and apksigner or Android SDK installed, if not:
    • Add ~/Android/Sdk/build-tools/x.y.z to path if you're using Android SDK
  • Run pip install git+https://github.com/commonuserlol/fgi
    • Add --break-system-packages if pip refuses to install
  • Add ~/.local/bin to path

Usage

NOTE: On linux if you're using /tmp for temp files and working with large APK, remount tmpfs using mount -o remount,size=4G /tmp

Run fgi -h to get options

Built-in configs

These configs are taken from Frida website

If you need to use other configuration options, such as using v8 runtime, consider using the --config-path option

Examples

  1. fgi -i target.apk --config-type listen - inject arm, arm64, x86, x86_64 frida-gadget into target.apk with listen mode

  2. fgi -i target.apk -t listen -o out.apk - same as 1 + ready APK will be named out.apk instead of target.patched.apk

  3. fgi -i target.apk -t listen -a arm64 --offline-mode - inject ONLY arm64 frida-gadget into target.apk with listen mode and skip frida-gadget & APKEditor update check

  4. fgi -i . -t script -l index.js -a arm - inject ONLY arm frida-gadget into split APKs in currect directory with index.js script

  5. fgi -i . -c myconfig.json -r . - inject arm, arm64, x86, x86_64 frida-gadget into split APKs in currect directory with myconfig.json config and current directory as parent temporary directory (DANGEROUS, current directory will be filled with temp files)

    • fgi will check does config require script and raise exception if no -l option provided
    • Parent temporary directory also will be checked

  6. fgi -i target.apk -t listen -n libnotafrida.so -s libnotascript.so - same as 1 + rename frida-gadget into libnotafrida.so and script into libnotascript.so

    • Both frida-gadget and script libraries name should be prefixed with lib and end with .so

  7. fgi -i target.apk --config-type listen --no-cleanup -v - same as 1 + do NOT remove temporary directory and enable debug logs

    • Temporary directory can be found using log message:
    Decoding APK to /tmp/whatever...
                ~~~~~~~~~~~~~
                    Here

Acknowledgements

objection - smali injector & manifest stuff

License

This repository is licensed under a GNU General Public v3 License.

See LICENSE file for details