frida-gadget is a tool that can be used to patch APKs in order to utilize the Frida Gadget.This tool automates the process of downloading the Frida gadget library and injecting the loadlibrary code into the main activity.
pip install frida-gadget --upgradeYou should install Apktool and add it to your PATH environment variable.
# Install Apktool on macOS
brew install apktool
# Add Apktool to your PATH environment variable
export PATH=$PATH:$HOME/.brew/binFor other operating systems, you can refer to the Install Guide.
The -v flag is used to mount the current directory to the /workspace directory in the container.
The APK file should reside in the
$PWD directory, or you can substitute $pwd with the directory path where the APK file is stored.docker run -v $PWD/:/workspace/mount ksg97031/frida-gadget mount/handtrackinggpu.apk$ frida-gadget --help
Usage: cli.py [OPTIONS] APK_PATH
Patch an APK with the Frida gadget library
Options:
--arch TEXT Target architecture of the device.
--use-aapt2 Use aapt2 instead of aapt.
--no-res Do not decode resources.
--skip-decompile Skip decompilation if desired.
--skip-recompile Skip recompilation if desired.
--version Show version and exit.
--help Show this message and exit.Simply provide the APK file.
$ frida-gadget handtrackinggpu.apk --arch arm64
[INFO] Auto-detected frida version: 16.1.3
[INFO] APK: '[REDACTED]\demo-apk\handtrackinggpu.apk'
[INFO] Gadget Architecture(--arch): arm64(default)
[DEBUG] Decompiling the target APK using apktool
[DEBUG] Downloading the frida gadget library for arm64
[DEBUG] Checking internet permission and extractNativeLibs settings
[DEBUG] Adding 'android.permission.INTERNET' permission to AndroidManifest.xml
[DEBUG] Searching for the main activity in the smali files
[DEBUG] Found the main activity at '[REDACTED]\frida-gadget\tests\demo-apk\handtrackinggpu\smali\com\google\mediapipe\apps\handtrackinggpu\MainActivity.smali'
[DEBUG] Locating the onCreate method and injecting the loadLibrary code
[DEBUG] Recompiling the new APK using apktool
...
I: Building apk file...
I: Copying unknown files/dir...
I: Built apk into: [REDACTED]\demo-apk\handtrackinggpu\dist\handtrackinggpu.apk
[INFO] Success
$ unzip -l [REDACTED]\demo-apk\handtrackinggpu\dist\handtrackinggpu.apk | grep libfrida-gadget
21133848 09-15-2021 02:28 lib/arm64-v8a/libfrida-gadget-16.1.3-android-arm64.soObserve the main activity; the injected loadLibrary code will be visible.
Quickly re-sign your application with the
apk-signer tool.$ apk-signer handtrackinggpu.apk
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent