[Andorid Penetration] 안드로이드 Frida Server 설정

Firda Server 다운로드 및 실행

1. Frida releases 

https://github.com/frida/frida/releases

frida/frida

 

2. 자신에게 맞는 버전을 다운로드

 

https://github.com/frida/frida/releases/download/12.8.14/frida-server-12.8.14-android-arm64.xz

불러오는 중입니다...

3. 압축 해제 한 파일을 안드로이드 기기에 업로드

 

adb push 사용법

 push [--sync] LOCAL... REMOTE
     copy local files/directories to device
     --sync: only push files that are newer on the host than the device

 

adb push 로 바이너리 업로드

SANGui-MBP-4:Downloads fsec$ adb push ./frida-server-12.8.14-android-arm64 /data/local/tmp
./frida-server-12.8.14-android-arm64: .... 33.2 MB/s (37955920 bytes in 1.090s)
SANGui-MBP-4:Downloads fsec$ 

 

업로드된 바이너리 파일명 변경

crosshatch:/data/local/tmp # pwd
/data/local/tmp
crosshatch:/data/local/tmp # ls -al
total 38205
drwxrwx--x 3 shell shell     3488 2020-03-13 14:11 .
drwxr-x--x 5 root  root      3488 2020-03-13 14:06 ..
drwxrwxrwx 2 root  root      3488 2020-03-13 09:53 AMCA
-rwxrwxrwx 1 shell shell     2362 2020-01-03 15:30 HOOKA.config
-rwxrwxrwx 1 shell shell  1109128 2020-01-03 11:00 busybox-armv7l
-rw-rw-rw- 1 shell shell 37955920 2020-03-13 14:05 frida-server-12.8.14-android-arm64
crosshatch:/data/local/tmp # mv frida-server-12.8.14-android-arm64 frida-server               
crosshatch:/data/local/tmp # ls -al
total 38205
drwxrwx--x 3 shell shell     3488 2020-03-13 14:14 .
drwxr-x--x 5 root  root      3488 2020-03-13 14:06 ..
drwxrwxrwx 2 root  root      3488 2020-03-13 09:53 AMCA
-rwxrwxrwx 1 shell shell     2362 2020-01-03 15:30 HOOKA.config
-rwxrwxrwx 1 shell shell  1109128 2020-01-03 11:00 busybox-armv7l
-rw-rw-rw- 1 shell shell 37955920 2020-03-13 14:05 frida-server

 

 

4. root 권한으로 frida-server 실행

 

바이너리 실행권한 설정 후 root권한으로 frida-server 실행

crosshatch:/data/local/tmp # chmod 755 ./frida-server
crosshatch:/data/local/tmp # ls -al
total 38205
drwxrwx--x 3 shell shell     3488 2020-03-13 14:14 .
drwxr-x--x 5 root  root      3488 2020-03-13 14:06 ..
drwxrwxrwx 2 root  root      3488 2020-03-13 09:53 AMCA
-rwxrwxrwx 1 shell shell     2362 2020-01-03 15:30 HOOKA.config
-rwxrwxrwx 1 shell shell  1109128 2020-01-03 11:00 busybox-armv7l
-rwxr-xr-x 1 shell shell 37955920 2020-03-13 14:05 frida-server
crosshatch:/data/local/tmp # id                                                               
uid=0(root) gid=0(root) groups=0(root),1000(system),2000(shell),1007(log),1011(adb) context=u:r:shell:s0
crosshatch:/data/local/tmp # ./frida-server &                                                 
[1] 11375
crosshatch:/data/local/tmp # ps -ef |grep frida-server                                        
root         11375 11235 8 14:17:13 pts/0 00:00:00 frida-server
root         11405 11235 10 14:17:19 pts/0 00:00:00 grep frida-server
crosshatch:/data/local/tmp # 

 

Firda Client 다운로드 및 실행

1. frida client 설치 Python3 예시

pip3 install frida

 

2. USB 로 연결된 기기 프로세스 목록 확인

SANGui-MBP-4:Downloads fsec$ frida-ps -U
  PID  Name
-----  --------------------------------------------------------
 2331  .dataservices
  998  adbd
  842  adsprpcd
  764  android.hardware.audio@2.0-service
  765  android.hardware.authsecret@1.0-service.citadel
  930  android.hardware.biometrics.fingerprint@2.1-service.fpc
  766  android.hardware.bluetooth@1.0-service-qti
  603  android.hardware.boot@1.0-service
  767  android.hardware.camera.provider@2.4-service_64
  768  android.hardware.cas@1.0-service
  611  android.hardware.configstore@1.1-service
  769  android.hardware.confirmationui@1.0-service-crosshatch
  770  android.hardware.contexthub@1.0-service
  771  android.hardware.drm@1.0-service
  772  android.hardware.drm@1.1-service.clearkey
  773  android.hardware.drm@1.1-service.widevine
  774  android.hardware.dumpstate@1.0-service.crosshatch
  604  android.hardware.gatekeeper@1.0-service-qti