Monday 19 March 2018

Uitkyk: Android Frida Library To Hunt Android Malware

Uitkyk: Android Frida Library To Hunt Android Malware

Uitkyk: Android Frida Library To Hunt Android Malware

Uitkyk is a custom Android Frida libary which provides an API to analyze Android applications for malicious activity. This is a PoC library to illustrate the capabilities of performing runtime analysis on Android. Additionally Uitkyk is a collection of resources to assist in the identification of malicious Android applications at runtime.

This Repo

The folder "Frida Scripts" contains some basic Frida scripts to assist in the runtime analysis of Android applications. The folder "Android Library" contains the custom Android Frida library which can be used by Android applications to interact with Frida server instances. The folder "UitkykDemoApp" contains a demo Android application which utilizes the Uitkyk library.

Uitkyk Usage

To use the Uitkyk library, add the module to your Android application as a regular Android module. Currently there are two methods supported. To run the Frida equivelant of "frida-ps -U", use:

UitkykUtils uitkykUtils = new UitkykUtils(fridaHost, fridaPort);

To run the Frida equivelant of "frida -U -l AnalyzingHeapForObjects.js", use:

UitkykUtils uitkykUtils= new UitkykUtils(fridaHost,fridaPort);


A Frida Server instance is required to be running on the device. The defaults will suffice but a custom host and IP can be used.


The scripts located in the Scripts folder can be run as following:

frida -U -l AnalyzingHeapForObjects.js
frida -U -l CatchingRuntimeExec.js

Uitkyk Demo App

This application uses the Uitkyk library. Import the library into the app to ensure the application builds and runs. To ensure that the demo app runs, a local instance of Frida Server is required to be running locally on the device.



Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer