Fast Rev-eng Is Definitely Awesome (Android Frida tutorial)

Hsun-Jen Hsu, Jen-Yu Tsai/AVAST

Frida is a great instrumentation dynamic toolkit, and using tools like Frida has become commonplace within the security community, so much so, that it’s hard to imagine our life without it. We want to introduce the beauty of Frida to more researchers and exchange experiences with advanced Frida users.

We will share the details of our hands-on experience with Frida on Android, from basic to advanced and lessons learned together with scenarios we have analyzed.

The following sections will be presented in detail.

  • - “What is Frida?” and “What do we think Frida is?”
  • - Suspicious URL and HTTPS parameters with or without networks.
  • - Identity-specific malware that bypasses VM as well as works differently in different environments
  • - The variations of dynamic payloads.
  • - The tricky in-memory cache.
  • - Encrypting ransomware.
  • - What happens when Frida meets Dirty Cow?

A summary will be given to the audience, and what we will present in the talk is just a small part of Frida, which shows the power and how it can be used to crack malware. From our scenarios, the audience will gain a certain level of understanding of how useful Frida can be and how they can potentially use Frida to combine with the existing toolchains.

All our scripts shared in this talk will be open-sourced to researchers. All our scripts shared in this talk will be open-sourced to researchers.

November 8 at 10:30 - 11:00, Stage B

Hsun-Jen Hsu (Vash Hsu) / Main Speaker Vash Hsu is a Senior Threat Researcher at the Avast Threat Labs, specializing in reverse engineering, malware behavior analysis and threat analysis automation. One of Vash’s key research topics is the analysis of attack scenarios using Frida, the dynamic instrumentation toolkit. He pays particular attention to threats originating in Asia, specifically China. Previously, Vash was a Software Development Engineer in Test for more than 14 years in the security industry. He has successfully transformed himself into a hardcore threat researcher.

Jen-Yu Tsai (Bill Tsai) / 2nd Speaker Bill Tsai is the Threat Research Lead and Technical Solutions Architect at the Avast Threat Labs. He oversees a team specializing in reverse engineering, malware behavior analysis and threat analysis automation. Bill and his team pay particular attention to threats targeting Asia, specifically those emanating from China. He also leads the development, integration, analysis and operation of the Avast Android Antivirus SDK, collaborating with internal teams and Avast’s global partner teams. Today, Avast is one of the biggest Android Antivirus SDK providers in the market. When Bill is not glued to his MacBook Pro, he spends time building LEGO, playing with his son, and trying very hard not to wake up late on holidays.