On this post, I will show you how you can run Fridump against an Android application. The device is connected on our workstation over USB, hence the use of the -u flag is mandatory.
A reminder of all the flags available for Fridump is:
As an example, I decided to use the Damn Insecure and Vulnerable Android (DIVA) app.
We will first run frida-ps -U, to get the application’s process name.
The application’s full name is jakhar.aseem.diva and is running with Process ID 18168.
The DIVA app has a lot of areas for testing Android applications, however it didn’t seem to have a specific memory analysis area, as DViA had on the iOS example.
As a result, to demonstrate that we managed to extract the values stored in memory, I entered a value on a text field and I would look to find it on the memory dump.
The value that we are looking for is Test12345!!
We then run Fridump as follows:
- fridump -u -s -o <full output dir> –max-size 2097152 jakhar.aseem.diva
Y0u will notice that I have set the –max-size value for Fridump to 2097152 (2MB). This is due to the fact that I am running it on a really old Android device, so I had to minimise the amount read from memory to multiple chunks to avoid crashing the app.
The operations took slightly more time, due to the multiple reads, however it succeeded.
Looking through the strings.txt file, we can see the value being present.
This concludes the example of Fridump running against an Android application. If you need more information regarding how to use Fridump, give a look to the original introduction post here.
For the examples of Fridump running against iOS applications, you can visit here.