Injecting Shared Object in Android native process using Frida
This code is taken from https://github.com/oleavr/android-inject-custom
I have removed frida-gum dependency as it's not required for injection and have provided build system to build it for different architecture supported by Android NDK.
- Android NDK r22
- Rooted Android device
$ PATH="$PATH:$HOME/Android/Sdk/ndk/22.0.7026061" makeThis will build the injector, the agent, and an example program you can inject the agent into to easily observe the results.
$ PATH="$PATH:$HOME/Android/Sdk/ndk/22.0.7026061" make deployOpen a terminal and get into adb shell and launch the victim-x86_64 process.
$ adb shell
generic_x86_64:/ # cd /data/local/tmp/injection
generic_x86_64:/data/local/tmp/injection #
generic_x86_64:/data/local/tmp/injection # ./victim-x86_64
Victim running with PID 7521Then in another terminal change directory to where the injector-x86_64 binary is and run it.
generic_x86_64:/data/local/tmp/injection # ./injector-x86_64 -l /data/local/tmp/injection/libagent-x86_64.so -e entrypoint -p 7521
โโโโโโโ โโโ โโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโ โโโโโโโ
โโโโโโโโ โโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโ โโโ โโโโโโโโโ โโโ โโโ โโโ โโโโโโโโโโโ
โโโโโโโโโโโโโโโ โโโโโโโโโ โโโ โโโ โโโ โโโโโโโโโโโ
โโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโโ โโโโโโโโโโโโ โโโ
โโโโโโ โ๏ฟฝ๏ฟฝโโโ โโโโโโ โโโโโโโโ โโโโโโโ โโโ โโโโโโโ โโโ โโโ
[+] Patching SeLinux policy
[+] Injecting library: /data/local/tmp/injection/libagent-x86_64.so in pid: 7521
[+] Injection completed
1|generic_x86_64:/data/local/tmp/injection #Note: If entry point is not provided the target process will crash after loading the shared object.
You should now see a message printed by the victim-x86_64 process when the entry point is called.
generic_x86_64:/data/local/tmp/injection # ./victim-x86_64
Victim running with PID 7521
entrypoint() called