Advanced Frida Usage Part 9 – Memory Scanning in Android

Introduction

Welcome to another blog in the series of Advanced Frida Usage. There is a very interesting API provided by frida called Memory.scan() which can help you to scan bytes from the memory and also helps you to patch them as well. Analyzing a program can be challenging, particularly when attempting to statically identify the locations of specific bytes, especially in scenarios where the program exhibits polymorphic behavior.

To better understand how one can utilize Memory.scan() API of frida lets consider our sample application where after launching it you can see that it is asking for a PIN from the user. When a valid pin is entered it says “Verification Status: True” otherwise “False”.

Application Details

Name: PaymentApp

Package Name: com.eightksec.paymentapp

 

SHA-256 Hash: 9348bd36167227d5e5953cdba9158e462b1b436f7611333b48f5172a58b6b410

Analysis

Lets dive into the analysis of this application. To analyze the apk we first need to extract this apk and for that we use apktool.

				
					apktool d ap