Injecting Shared Object in Android native process using Frida
This code is taken from https://github.com/oleavr/android-inject-custom
I have removed frida-gum dependency as it's not required for injection and have provided build system to build it for different architecture supported by Android NDK.
- Android NDK r22
- Rooted Android device
$ PATH="$PATH:$HOME/Android/Sdk/ndk/22.0.7026061" makeThis will build the injector, the agent, and an example program you can inject the agent into to easily observe the results.
$ PATH="$PATH:$HOME/Android/Sdk/ndk/22.0.7026061" make deployOpen a terminal and get into adb shell and launch the victim-x86_64 process.
$ adb shell generic_x86_64:/ # cd /data/local/tmp/injection generic_x86_64:/data/local/tmp/injection # generic_x86_64:/data/local/tmp/injection # ./victim-x86_64 Victim running with PID 7521Then in another terminal change directory to where the injector-x86_64 binary is and run it.
generic_x86_64:/data/local/tmp/injection # ./injector-x86_64 -l /data/local/tmp/injection/libagent-x86_64.so -e entrypoint -p 7521 ██╗███╗ ██╗ ██╗███████╗ ██████╗████████╗ ██████╗ ██████╗ ██║████╗ ██║ ██║██╔════╝██╔════╝╚══██╔══╝██╔═══██╗██╔══██╗ ██║██╔██╗ ██║ ██║█████╗ ██║ ██║ ██║ ██║██████╔╝ ██║██║╚██╗██║██ ██║██╔══╝ ██║ ██║ ██║ ██║██╔══██╗ ██║██║ ╚████║╚█████╔╝███████╗╚██████╗ ██║ ╚██████╔╝██║ ██║ ╚═╝╚═╝ ╚═══╝ ╚════╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ [+] Patching SeLinux policy [+] Injecting library: /data/local/tmp/injection/libagent-x86_64.so in pid: 7521 [+] Injection completed 1|generic_x86_64:/data/local/tmp/injection #Note: If entry point is not provided the target process will crash after loading the shared object.
You should now see a message printed by the victim-x86_64 process when the entry point is called.
generic_x86_64:/data/local/tmp/injection # ./victim-x86_64 Victim running with PID 7521 entrypoint() called