Preprint has been submitted for publication in journal
Preprint / Version 1

Frida Framework Implementation for Workflow Manipulation in Android Applications


Implementasi Frida Framework untuk Manipulasi Alur Kerja pada Aplikasi Android

##article.authors##

  • Aldo Reghan Ramadhan Universitas Muhammadiyah Sidoarjo
  • Arif Senja Fitriani Universitas Muhammadiyah Sidoarjo

DOI:

https://doi.org/10.21070/ups.3249

Keywords:

Root, Android Devices, Frida Framework, Dynamic Instrumentation Framework, Android Device Security

Abstract

Enhancing security on Android devices has posed challenges for security researchers. Root bypass is a commonly employed method to evade detection by security mechanisms. In this research, the author explains the utilization of Frida, a dynamic instrumentation framework, for performing root bypass on Android devices. By leveraging Frida's capabilities for runtime code interception and modification, the author can alter the behavior of applications attempting to detect root presence. A series of experiments were conducted using Frida, successfully by passing common root detection mechanisms. The results demonstrate Frida's potential as an effective tool for root bypass and security testing on Android devices. This research provides further insights into the use of Frida in the context of Android device security

Downloads

Download data is not yet available.

References

W. F. Elsersy, A. Feizollah, and N. B. Anuar, “The rise of obfuscated Android malware and impacts on detection methods,” PeerJ Comput. Sci., vol. 8, no. September 2018, 2022, doi: 10.7717/PEERJ-CS.907.

A. You, M. Be, and I. In, “Java Code Obfuscator to Prevent Reverse Engineering,” vol. 020004, no. June, 2023.

G. You, G. Kim, S. Han, M. Park, and S. J. Cho, “Deoptfuscator: Defeating Advanced Control-Flow Obfuscation Using Android Runtime (ART),” IEEE Access, vol. 10, pp. 61426–61440, 2022, doi: 10.1109/ACCESS.2022.3181373.

S. W. Asher, S. Jan, G. Tsaramirsis, F. Q. Khan, A. Khalil, and M. Obaidullah, “Reverse engineering of mobile banking applications,” Comput. Syst. Sci. Eng., vol. 38, no. 3, pp. 265–278, 2021, doi: 10.32604/CSSE.2021.016787.

M. Ziadia, J. Fattahi, M. Mejri, and E. Pricop, “Smali+: An operational semantics for low-level code generated from reverse engineering android applications,” Inf., vol. 11, no. 3, 2020, doi: 10.3390/info11030130.

B. Urooj, M. A. Shah, C. Maple, M. K. Abbasi, and S. Riasat, “Malware Detection: A Framework for Reverse Engineered Android Applications Through Machine Learning Algorithms,” IEEE Access, vol. 10, no. December 2021, pp. 89031–89050, 2022, doi: 10.1109/ACCESS.2022.3149053.

B. Soewito and A. Suwandaru, “Android sensitive data leakage prevention with rooting detection using Java function hooking,” J. King Saud Univ. - Comput. Inf. Sci., vol. 34, no. 5, pp. 1950–1957, 2022, doi: 10.1016/j.jksuci.2020.07.006.

F. A. Alviansyah and E. Ramadhani, “Implementasi Dynamic Application Security Testing pada Aplikasi Berbasis Android,” Automata, vol. 2, no. 1, pp. 1–6, 2021, [Online]. Available: https://journal.uii.ac.id/AUTOMATA/article/view/17387

J. Li, “Vulnerabilities mapping based on OWASP-SANS: A survey for static application security testing (SAST),” Ann. Emerg. Technol. Comput., vol. 4, no. 3, pp. 1–8, 2020, doi: 10.33166/AETiC.2020.03.001.

M. Sharma, “Review of the Benefits of DAST ( Dynamic Application Security Testing ) Versus SAST SAST Integration and DAST Reporting,” no. May, pp. 5–8, 2021.

F. O. Sonmez and B. G. Kilic, “Holistic Web Application Security Visualization for Multi-Project and Multi-Phase Dynamic Application Security Test Results,” IEEE Access, vol. 9, pp. 25858–25884, 2021, doi: 10.1109/ACCESS.2021.3057044.

Y. Pan, “Interactive application security testing,” Proc. - 2019 Int. Conf. Smart Grid Electr. Autom. ICSGEA 2019, vol. 1, pp. 558–561, 2019, doi: 10.1109/ICSGEA.2019.00131.

I. U. Haq and T. A. Khan, “Penetration Frameworks and Development Issues in Secure Mobile Application Development: A Systematic Literature Review,” IEEE Access, vol. 9, no. 1, pp. 87806–87825, 2021, doi: 10.1109/ACCESS.2021.3088229.

M. Aydos, Ç. Aldan, E. Coşkun, and A. Soydan, “Security testing of web applications: A systematic mapping of the literature,” J. King Saud Univ. - Comput. Inf. Sci., vol. 34, no. 9, pp. 6775–6792, 2022, doi: 10.1016/j.jksuci.2021.09.018.

L. Ardito, R. Coppola, S. Leonardi, M. Morisio, and U. Buy, “Automated Test Selection for Android Apps Based on APK and Activity Classification,” IEEE Access, vol. 8, pp. 187648–187670, 2020, doi: 10.1109/ACCESS.2020.3029735.

Downloads

Additional Files

Posted

2023-09-07

Categories

License

Copyright (c) 2023 UMSIDA Preprints Server

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.