Beginning Frida: by example
Frida, https://frida.re/, is one of those awesome tools that you think to youself is a must know, and never find time to invest to learn.
The moment I invested more than five minutes I got caught. Oh-my-god, what a solution. Thanks Ole (Frida’s creator) because this is magic :)
Hooking and instrumentation
Not going to provide a detailed description about hooking or instrumentation. If you don’t know what these terms mean, please do check this and this.
But what is really important, related to Frida, is that instrumenting a binary is EASY. The learning curve to be able to perform productive and effective stuff is really short, so if I have to mention the most relevant capability in Frida is giving a completely ignorant user the opportunity of doing magic.
Hooking is the technique that allows us to intercept a function (typically a syscall) and do stuff, finally invoking the real function or syscall.
In this post we will an easy hook of the “write” function. But when dealing with complex applications, instrumentation (as the art and technique of instrumenting an application from outside) evolves to a difficult discipline that requires a deep knowledge in the guts of the application and, potentially, the operating system.