[HES2013] Frida IRE – a tool for scriptable dynamic instrumentation in userland by Ole André Vadla Ravnås

May 03, 2013

Research

230

[HES2013] Frida IRE – a tool for scriptable dynamic instrumentation in userland by Ole André Vadla Ravnås

Frida IRE (Interactive Reverse-engineering Environment) is an open source reversing tool focusing on scriptable dynamic instrumentation in userland. It runs on Windows, Mac, Linux and iOS.
In this talk, I will focus on live demos showing you how to use Frida’s scripting capabilities to explore live processes both locally and remote. I will also show how Frida potentially can be used to do stealthy instrumentation of paranoid processes protected by anti-debugging.

Audio available here : http://2013.hackitoergosum.org/presentations/Day2-02.Frida%20IRE%20-%20a%20tool%20for%20scriptable%20dynamic%20instrumentation%20in%20userland%20and%20evading%20anti-debugging%20techniques%20by%20Ole%20Andr%c3%a9%20Vadla%20Ravn%c3%a5s.mp3
More information about the conference :
https://www.hackitoergosum.org

HackitoErgoSum

May 03, 2013

Tweet

More Decks by HackitoErgoSum

See All by HackitoErgoSum

[HES2014] Vaccinating APK’s by Milan Gabor & Danijel Grah

[HES2014] WMI Shell: A new way to get shells on remote Windows machines using only the WMI service by Andrei Dumitrescu

[HES2014] LTE vs. Darwin: The Evolution Strikes Back? by Hendrik Schmidt & Brian Butterly

[HES2014] Applying science to eliminate 100% of buffer overflows by Andreas Bogk

[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phone got pwnd ! by Mathieu ‘GoToHack’ RENARD

[HES2013] Paparazzi over ip by Daniel Mende

[HES2014] HackRF A Low Cost Software Defined Radio Platform by Benjamin Vernoux

[HES2013] Information Warfare: mistakes from the MoDs by Raoul “Nobody” Chiesa

[HES2013] The reality about Red October by Paul “RootBSD” Rascagneres

Other Decks in Research

See All in Research

第20回チャンピオンズミーティング・サジタリウス杯ラウンド2集計 / Umamusume Sagittarius 2022 Round2

プロシージャ型処理を用いたステートレスな5Gコアネットワークの実現

資源として見る実験プログラム

正確な推薦は無条件に信頼できるか？

【マケデコ】JPX Kaggleコンペ5位解法共有

Optimizing Electric Journal Subscriptions via Integer Programs

単語の通時的な意味変化のモデル化

FADEC: FPGA-based Acceleration of Video Depth Estimation by HW/SW Co-design (FPT 2022)

Foundation Model and Robotics | 基盤モデルとロボティクス

On the Training of Infinitely Deep and Wide ResNets

Confusion Detection

自然言語処理による論文執筆支援

Featured

See All Featured

What’s in a name? Adding method to the madness

productmarketing

Art, The Web, and Tiny UX

Designing with Data

How GitHub Uses GitHub to Build GitHub

Design and Strategy: How to Deal with People Who Don’t "Get" Design

Fantastic passwords and where to find them - at NoRuKo

How New CSS Is Changing Everything About Graphic Design on the Web

WebSockets: Embracing the real-time Web

Facilitating Awesome Meetings

Producing Creativity

Faster Mobile Websites

Reflections from 52 weeks, 52 projects

Transcript

Frida
h(p://frida.github.io/

View Slide
Demo: screencast

View Slide
Nomenclature
•  Debugger
•  Agent
•  Target

View Slide
Architecture
Python
hackito.py
hackito.js
frida-‐python
frida-‐core
Skype
frida-‐agent
frida-‐gum
hackito.js

View Slide
Demo: a(ach()

View Slide
Demo: enumerate_modules()

View Slide
Demo: inspecFng and manipulaFng
funcFon calls

View Slide
Demo: communicaFng with a target
process

View Slide
Example: .NET binding

View Slide
Example: browser plugin

View Slide
QuesFons?

View Slide
Thanks!
•  DocumentaFon: h(p://frida.github.io/
•  Code: h(p://github.com/frida
•  Chat: #frida @ FreeNode

View Slide