In this post, we will explain how to setup Frida with Android through USB on MacOS. Let’s first prepare your environment.
- Rooted Android device or emulator, we like the Pixel 4a.
- Android SDK Platform-Tools
- Python (latest 3.x recommended)
This guide targets Android 9.0 and later.
Enable developer mode by locating the
Build Number item in our system settings and tapping it 7 times.
This is found at: Settings > About Phone > Build Number. Once completed, you will see a
You are now a developer! message.
Enable USB debugging at: Settings > System > Advanced > Developer Options > USB debugging
$ brew install android-platform-tools
After installation, we will test the adb utility along with USB debugging on our Android device. If using a physical device, be sure that it’s connected to your computer over USB. Run the following command (we will use this output to select the right Frida server binary below):
$ adb shell uname -m aarch64
Success, we have adb and USB debugging functioning. Also, we confirmed this device is running AArch64/ARM64.
adb shell <cmd>, enables us to run a single command on our Android device and get output back. If we wanted to drop into a shell on our device, we would run
Common issues with adb can be resolved by stopping and starting the server:
$ adb kill-server $ adb start-server
Setup Frida Server
Download the latest Frida server binary matching your devices architecture. In this example for the Pixel 4a, we use Arm64.
$ wget https://github.com/frida/frida/releases/download/14.2.3/frida-server-14.2.3-android-arm64.xz
Extract and rename the binary to
$ unxz frida-server-14.2.3-android-arm64.xz $ mv frida-server-14.2.3-android-arm64 frida-server
frida-server to your Android device and mark it as executable:
$ adb push frida-server /data/local/tmp/ $ adb shell "chmod 755 /data/local/tmp/frida-server"
Get a shell, elevate to
root, execute and background
$ adb shell sunfish:/ $ su sunfish:/ # id uid=0(root) gid=0(root) groups=0(root) context=u:r:magisk:s0 sunfish:/ # /data/local/tmp/frida-server &  9555
frida-server is running as
$ adb shell sunfish:/ $ ps -e | grep frida-server root 9555 1 10851964 3636 do_sys_poll 0 S frida-server
Confirmed to be running as the
root user, let’s move on.
Setup Frida Tools
This can be accomplished with
pip, the Python package installer. Frida prefers Python3 and I have
pip3 configured as the package installer for my Python3 environment.
$ pip3 install frida-tools
Get list of running applications:
$ frida-ps -Ua
Should return something like:
PID Name Identifier ----- -------------------------- ----------------------------------------- 1601 Android System android 2151 Bluetooth com.android.bluetooth 1601 Call Management com.android.server.telecom 5900 Carrier Services com.google.android.ims 2529 CneApp com.qualcomm.qti.cne ...
Attach to a process:
$ frida -U org.mozilla.firefox
Attach to a process and load Frida script:
$ frida -U org.mozilla.firefox -l script.js
That is all for now.
Thank you for reading and hope you enjoyed as an initial walkthrough or reference next time you need Frida up in a hurry. Have an issue or want to comment, tweet me.
All the best,