Frida android repinning
May 28, 20211 min read
Photo by Frida.re
Installation of frida
pip3 install frida
pip3 install objection
Download frida-server (for the target)
wget https://github.com/frida/frida/releases/download/12.1.2/frida-server-12.1.2-android-arm.xz
xz –decompress frida-server-12.1.2-android-arm.xz
Setup frida-server on the phone
adb push frida-server-12.1.2-android-x86 /data/local/tmp/frida-server
adb shell chmod 777 /data/local/tmp/frida-server
adb shell "su -c '/data/local/tmp/frida-server &'"
Connect to frida server
# New terminal :
frida-ps -U # USB
frida-ps -R 127.0.0.1 # Remote connection (via Wifi)
frida-ps -H 127.0.0.1 # Remote connection
To inject script into the app
frida -U -f mobi.societegenerale.mobile.lappli.hf.sg -l ANYTHING.js –no-pause
-U
# USB-f [Package name]
# Package name-l
# location of the script--no-pause
# automatically start main thread after startup
See https://www.frida.re/docs/home/ to learn how to build and inject any script on the apps or download scripts from https://github.com/ or https://codeshare.frida.re/
Inject the Burp certificate to bypass the ssl pinning
adb push burpca-cert-der.crt /data/local/tmp/cert-der.crt
frida -U -f mobi.societegenerale.mobile.lappli.hf.sg -l frida-android-repinning.js –no-pause
or
frida –codeshare pcipolloni/universal-android-ssl-pinning-bypass-with-frida -f YOUR_BINARY