Explore innovative techniques for mobile application analysis using Frida in this 59-minute conference talk by Dawn Isabel. Discover how to overcome black-box testing challenges by building customizable lightweight analysis tools. Learn to trace library functions, examine application memory and runtime state, and bypass common security controls through practical examples on both iOS and Android platforms. Gain insights into Frida's toolkit, including frida-trace, CLI, agent scripts, and the Interceptor API. Delve into real-world scenarios such as exploring keychain functionality, Bluetooth metadata analysis, URL scheme fuzzing, and SSL pinning bypass. Master the creation of standalone tools using Frida's capabilities and enhance your mobile security testing skills.
Fun with Frida on Mobile - Leveraging Dynamic Analysis Tools
Overview
Syllabus
Intro
Black-box testing challenges
Enter Frida
Where does it work?
Frida's toolkit
Simple example - frida-trace on iOS
Digging into a trace
Inside a handler
Modifying handlers
A new and improved trace
Where was that code running?
How can we use Frida?
Tracing functions on Android
Function tracing in action
Using a trace to explore
Exploring keychain functionality
What did we find?
Frida CLI
Exploring Keychain classes
Automating with agent scripts
Tracing Java methods on Android
Building agent.js
Java trace in action
How can we use agents?
Bluetooth metadata on Android
URL scheme fuzzing on iOS
Adding commands
URL scheme fuzzer highlights
Using Frida Codeshare
Bypassing controls - SSL pinning
SSL pinning bypass on iOS
Interceptor API
Locating nw tls create peer trust
Replacing nw_tls_create_peer_trust
Try it for yourself!
SSL pinning bypass - demo
Standalone tools
Elements of a standalone tool
Basic Python script
Frida rpc.exports
The agent: classdump.js
Want to learn more?
Taught by
Bugcrowd
