# APP Tracing with Frida ### 01. Introduction > Frida is a dynamic code instrumentation toolkit. It lets you inject your script into black-box processes(No source code needed). It allows you to inject your own code and to programmatically and interactively inspect and change running processes. > > Frida, on the other hand, allows you to interact with the Android APK so you can inject code to bypass many of the techniques developers use to secure the apps. Goal of this exercise is to trace the CrackmeSimple application with frida and find a way to decode the password.

APK File: {% embed url="" %} ### 02. Install Frida If you haven't setup frida you can install it with the following commands: ``` pipenv –python 3 shell pip install frida pip install frida-tools git clone https://github.com/Hamz-a/frida-android-helper.git cd frida-android-helper python3 setup.py install ``` In Android Studio I'll setup a Nexus 5 Device with Android 9.0 running on it. This version works much more stable and faster in my virtual environment than other Android Images I’ve tested before.

Install the APK File on the device: ``` adb install CrackmeSimple.apk ``` ### 03. Tracing the app First we must push the frida server on the device ``` python fah.py server update ``` Starting the frida server as root on the device: ``` adb shell su cd /data/local/temp ./frida-server & ``` ![](https://3977837039-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MfT0VPyK6X13Egd9pzy%2Fuploads%2FGsjeCmBbGfxUaJqklXLa%2Ffrida03.png?alt=media\&token=e3a4b9c1-7391-47d1-9faf-18f64c677427) List running processes with frida: ``` frida-ps -U ``` List running applications with frida: ``` frida-ps -Ua ``` List installed applications with frida: ``` frida-ps -Uai ``` ![](https://3977837039-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MfT0VPyK6X13Egd9pzy%2Fuploads%2FgMLCfScAPFKQTCrYEIzG%2Ffrida04.png?alt=media\&token=b8947e79-5171-4931-a8b8-75a188ee4339) I try to hook all imported classes with the following command: ``` frida-trace -U -j 'org.bfe*!*' 'CrackMe*' ``` Frida catched 39 classes. Let's see what we get when I type a wrong password: ![](https://3977837039-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MfT0VPyK6X13Egd9pzy%2Fuploads%2FQgpdCuY5MYWOWr86nUka%2Ffrida05.png?alt=media\&token=acf1758f-8ad9-4c22-bb78-70a6998e20cf) Let's have a closer look on the return values: ``` <= [72,76,123,82,51,118,51,114,115,105,110,103,46,70,85,78,125] ``` ### 04. Decoding with Cyberchef I'll use Cyberchef to decode the values:

![](https://3977837039-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MfT0VPyK6X13Egd9pzy%2Fuploads%2FdWbBNZnPW4rcKEwY7r1X%2Ffrida07.png?alt=media\&token=680c7cc0-d136-4a2d-9c6b-cc2f2e03aa88)