Dynamic instrumentation with Frida and friends

Binaries are rigid black boxes, quite secretive about their internal implementation and stubborn if you attempt to change them, but there is a way to modify their runtime behavior long after they have been compiled via the magic of dynamic instrumentation.

This magic is often used to do evil, but studying it can help you defend what you consider righteous. Alternatively it can help you achieve your own selfish day-to-day software development goals without the need for such moral absolutism.

The talk gives an introduction into one popular dynamic instrumentation toolkit called Frida and demonstrates how you can use it to intercept and change function calls on the fly. Some alternative tools and tools built on top of Frida are also presented. We will discuss some of the possibilities this opens up and then finish up by trying to get you started on putting them into practice.

Windows, macOS, GNU/Linux, Android and iOS are all supported targets. If you want to actively participate, bring a laptop.  For the desktop ones this will also run the app that you want to inspect, for the mobile ones you will also need to bring a phone in addition to the laptop.

People use these tools to:

  • interactively inspect some binary that they want to reverse engineer or dump it after it did some fancy unpacking
  • add logging to code that is in production at a customer site to track down some tricky bug
  • fake tricky error conditions like a lot of dropped TCP packets without polluting your production code with testing code
  • see their own app from a hackers perspective

What: Dynamic instrumentation with Frida
When: 21. März 2018, 19:00
Where: LBS3, FH3
Who: Martin Schwaighofer und Thomas Wimmer

Updates and additional info can be found on our website http://fhLUG.at.

PS. We will bring the new T-Shirts. If you have ordered a shirt, stop by.