Sign up for our newsletter - Navigating the horizon of business technology​
Technology / Software

Introducing Frida: Because Hooking Into Proprietary Software is Useful

Frida, free software that allows developers, reverse engineers and researchers to “hook” into locked down or black box proprietary software, has released a new version, 12.1, of what is fast becoming a cult tool — with “massive changes under the hood”.

Tell Me More About this Frida Tool

Frida is a free dynamic instrumentation toolkit that enables software professionals to execute their own scripts in software that has traditionally been locked down; i.e. proprietary (such as Android applications).

This allows the software community to hook into live processes, enabling them to test, add functionality to, or even debug such applications.

Frida, proprietary software
Frida founder Ole André Vadla Ravnås

Founder Ole André Vadla Ravnås told Computer Business Review: “Frida makes it possible for a small company to create products compatible with products from large software companies. For example if a big company dominates the market in one area but isn’t interested in supporting users with Android phones, a small company could use Frida to gain the knowledge needed to create a compatible app for Android users.”

White papers from our partners

Due to its ability to hook into processes dynamically, developers can rapidly develop tools using Frida. For example, in an Android application process, this can be hooked into to extract the output of the process itself, meaning that any additional functionality can be added with minimal effort. (For the technically inclined, the Frida team has produced a useful example for injecting arbitrary JavaScript into an Android app process.)

(In programming, the term hooking covers a range of techniques used to alter or augment the behavior of an OS, app or other software components by intercepting function calls or messages or events passed between software components. Code that handles such intercepted function calls, events or messages is called a hook.)

As Ole André Vadla Ravnås puts it: “I often found myself creating custom tools to understand the inner workings of existing software. As a user of an operating system not supported by large software companies at the time, I wanted to fix these gaps myself by writing software compatible with software from the big guys.”

He adds: “At the time that was MSN Webcam, which Microsoft did not provide any documentation on how to interoperate with. As I built such tools over time, I realized every situation was different and I couldn’t just create one tool for all such challenges. So this inspired me to create Frida, which allows me to quickly create new tools tailored to the task at hand. But not just create, also quickly adapt them as my understanding of the software evolves.”

Tampering with Proprietary Software… Is This Legal?

As Ravnås puts it to Computer Business Review: “It depends on the jurisdiction and the situation. EU Directive 2009/24 offers some insights. Here’s an excerpt: ‘The unauthorised reproduction, translation, adaptation or transformation of the form of the code in which a copy of a computer program has been made available constitutes an infringement of the exclusive rights of the author.’

‘Nevertheless, circumstances may exist when such a reproduction of the code and translation of its form are indispensable to obtain the necessary information to achieve the interoperability of an independently created program with other programs. It has therefore to be considered that, in these limited circumstances only, performance of the acts of reproduction and translation by or on behalf of a person having a right to use a copy of the program is legitimate and compatible with fair practice and must therefore be deemed not to require the authorisation of the right-holder.’”

Frida has been built for multiple platforms, including Windows, Mac, Linux, iOS and Android. Version 12.1 comes with Frida’s V8 dependency (V8 is Google’s open source high-performance JavaScript engine) upgraded to a more recent version, introducing the new inspector API which is natively supported by Google Chrome’s inspector.

The release also contains support for obtaining process ids from the executing agent using the brand new Process.id property which the team claims is especially useful in preloaded mode.

Why “Frida”?

“The name Frida came about as me and a friend, Håvard Sørbø were doing some brainstorming on what to name this project. We were both familiar with IDA, which is a commercial reverse-engineering tool. The pun “FRIDA” came up, both as in “Free IDA”, but also as in the Norwegian female names Ida and Frida, where Frida could be Ida’s sister, as IDA is a static analysis tool and Frida is a dynamic analysis toolkit. Later I discovered Radare, an awesome open source project that focuses on static analysis, so in retrospect I’m happy that Frida stayed its course.”

He adds: “The author of Radare, is a friend and colleague of mine at NowSecure. We believe that combining static and dynamic analysis has a ton of potential, so we have created r2frida that is plugging Frida into Radare’s static analysis engine. For anyone wanting to learn more about Radare or Frida I would highly recommend attending r2con () next month.”

 

 

 

 
This article is from the CBROnline archive: some formatting and images may not be present.

CBR Staff Writer

CBR Online legacy content.