Persisting Frida Scripts¶

FIRERPA provides you with the ability to persist Frida scripts. You can conveniently inject scripts through the relevant APIs, and FIRERPA's script manager will automatically manage the injected scripts for you. Even if your script exits unexpectedly or the app process terminates, FIRERPA will automatically re-inject the script for you the next time your app is opened. This feature was introduced in version 7.80.

Installing a Script¶

You can use this API to install your script into a target application. The script you install will be immediately injected into the application. The installed script will be automatically added to the script manager, which will continuously monitor and re-inject it for you.

app = d.application("com.android.settings")
app.attach_script(script, runtime=ScriptRuntime.RUNTIME_QJS, standup=5)

The script parameter is the content of the Frida script you want to inject (bytecode is supported). The runtime is the corresponding runtime, defaulting to qjs. The standup parameter means that the injection will only occur 5 seconds after the app process starts (the time is calculated from process creation). This parameter has a minimum value of 1 second and a maximum of 300 seconds. It helps avoid crashes or other race condition issues caused by injecting into the app process too early. In spawn mode, this parameter should always be 0.

This API also supports spawn mode injection. However, please note that using spawn mode may interrupt your UI operation flow (if you need to operate the UI simultaneously). This is because in spawn mode, if the injected script crashes or the application exits, this mode will automatically relaunch the application, which can interfere with your UI operations. If you need to use spawn mode, please use the following parameters.

app = d.application("com.android.settings")
app.attach_script(script, runtime=ScriptRuntime.RUNTIME_QJS, spawn=True, standup=0)

It's important to note the difference between spawn mode and normal mode. In normal mode, if the application exits for some reason, it will wait until the application is started again before performing the injection; it will not start the application on its own. Therefore, you may need to start the application yourself through code or manually for the injection to proceed. In spawn mode, however, even if the application exits, it will be automatically started, and the injection will be performed.

Uninstalling a Script¶

This API will remove a Frida script that has been installed in an application. The script will also be detached from the application process, and FIRERPA's script manager will no longer monitor the script's health status or perform re-injections after a crash.

app = d.application("com.android.settings")
app.detach_script()

Checking if a Script is Installed¶

This API is used to check whether a script has already been installed in an application. You can use this status to determine if a re-installation is necessary.

app = d.application("com.android.settings")
app.is_attached_script()

Checking if a Script is Injected¶

This API is used to check if the script you installed is currently injected into the application process. Even if you have installed a script, it might not be injected into the app process because the app may not be running or the script may contain errors. You can use its return value to determine whether you need to start the relevant application or check for syntax errors in your injection script.

app = d.application("com.android.settings")
app.is_script_alive()

Viewing Script Logs¶

You can view console logs such as console.log from your script, as well as script error messages. However, you need to set this up in advance at startup. Please refer to the Viewing Logs chapter to learn how to set up a log file. Let's assume you have correctly set the log file to /data/local/tmp/server.log. Then, when you need to view the script logs, execute the following command. This will filter out all log information from the injected scripts. You can also use other commands like tail -f to continuously track the logs.

grep SCRIPT /data/local/tmp/server.log

Offline Persistence¶

Offline persistence means you can place your FRIDA script as a configuration file on the phone, and FIRERPA will automatically load it upon startup. You don't need to use the APIs mentioned above for injection or uninstallation; you just need to write the script file in a specific format and place it in a designated directory. This feature supports directory monitoring, enabling real-time loading, unloading, and updating of scripts. Direct edits to files in the script directory will also be applied in real-time. Below is a simple YAML configuration for script persistence. The script content in this configuration is console.log("Hello From Yaml Script").

enable: true
application: "com.android.settings"
version: "2.10"
user: 0
runtime: "qjs"
script: !!binary "Y29uc29sZS5sb2coIkhlbGxvIEZyb20gWWFtbCBTY3JpcHQiKQ=="
emit: "http://myserver/reportData"
encode: "none"
standup: 10
spawn: false

Here is a detailed explanation of each configuration item in the example script configuration above:

For more information on the emit data reporting feature, please see the Using Frida to Report Data chapter.

The above is a complete example of an offline script. After writing it, save the configuration file with a name like {file_name}.yaml and place it in the /data/usr/modules/script directory on the device. The system will automatically load your configuration. The system automatically detects changes in the /data/usr/modules/script directory. If you update or delete a YAML configuration, the system will also automatically update or uninstall your script.