Dynamic Code Injection with Frida – Hooking the InsecureBankv2 App
1.Objective
Demonstrate how to intercept and manipulate sensitive app functionality using Frida to bypass login checks on the InsecureBankv2 app.
1.1. Prerequisites
✅ Frida installed on your PC (
pip install frida-tools)✅ Rooted Android emulator/device (Genymotion or similar)
✅ InsecureBankv2 APK installed and running on the device
✅ USB debugging enabled (or virtual ADB over Genymotion)
1.2. Understanding Prerequisites
🐞 Frida – Dynamic Instrumentation Toolkit
Frida is a powerful tool used by developers and ethical hackers to inspect, modify, and control apps while they are running. Think of it like a "microscope" that lets you look inside an app and change what it does — without changing the actual app code.
✅ Common Uses:
Debugging mobile apps
Bypassing root detection
Hooking functions to see how they work
📱 Genymotion ADB – Android Bridge for Emulators
Genymotion ADB (Android Debug Bridge) connects your computer to a Genymotion virtual Android device. It works the same way as it does with a real phone.
✅ Why Use It?
Easy to test apps on different Android versions
Run scripts, install apps, and debug smoothly
Great for automation and security testing
💻 ADB Shell – Command Line Access to Android
ADB Shell lets you open a terminal directly inside the Android device (real or virtual). You can run commands to control the device or inspect files.
✅ What You Can Do:
Access system directories
Modify app files or settings
Run commands like
pm list packages,am start, etc.
2.Environment Installation
Now you understand the basic term required for the dynamic code injection. we will then proceed to installing those requirements
✅ Here are the Prerequisites Setup for Frida on Kali Linux/Ubuntu (No virtual box is needed if you are linux)
If you are a window user then you must need to install virtual box with creating a virtual environment for installation of kali linux on virtual box and perform the operation on linux machine.
1. Install Frida
Make sure Python and pip are available:
sudo apt update
sudo apt install python3 python3-pip -y
Then install Frida:
pip3 install frida-tools
Check version to confirm:
frida --version
2. Install ADB (Android Debug Bridge)
ADB is needed to connect your PC to the Android emulator:
sudo apt install android-tools-adb -y
3. Set Up Genymotion Emulator (Rooted)
Download Genymotion from: https://www.genymotion.com/
Install and launch a rooted virtual device directly from Genymotion.
Enable ADB over network in the emulator settings.
Connect to the emulator:
adb connect <your_emulator_ip>:5555
adb devices
4. Install InsecureBankv2 APK
Download the APK, then install it on the emulator:
You will get problem to download the apk. so don’t worry here i’ll provide you a direct link.
App Link: https://github.com/dineshshetty/Android-InsecureBankv2/raw/master/InsecureBankv2.apk
adb install InsecureBankv2.apk
Make sure the app runs on the emulator.
5. Enable USB Debugging / ADB Over Network
On Genymotion, USB debugging is pre-enabled. Just connect using the IP shown in the emulator.
3. Setting up frida server on android(rooted)
Look your phone is not rooted at this point so i prefer you to use genymotion we talk about earlier. Once you've installed Frida on your Kali Linux or Ubuntu system and set up a rooted Android device/emulator (like Genymotion), it’s time to set up the Frida Server to start hooking into Android apps.
✅ Step 1: Download the Correct Frida Server
Frida server must match the Frida version installed on your PC and the CPU architecture of your Android device (e.g., arm, arm64, x86, x86_64).
Check your Frida version:
frida --versionGo to: https://github.com/frida/frida/releases
Download the server binary like:
frida-server-<version>-android-x86_64.xz(for Genymotion)
OR
frida-server-<version>-android-arm64.xz(for real phones)Extract the binary:
tar -xf frida-server-*.xz
✅ Step 2: Push Frida Server to Android
Make sure ADB is connected:
adb devices
Push and set permissions:
adb push frida-server /data/local/tmp/
adb shell "chmod 755 /data/local/tmp/frida-server"
✅ Step 3: Start Frida Server on Android
Now open an ADB shell and run the server as root step by step one after another:
adb shell
su
cd /data/local/tmp/
./frida-server &
✅ You should now have Frida server running in the background on your device.
🕵️♂️ Step 4: Using Frida and frida-ps
List running processes (check if your target app is visible):
frida-ps -U-Ustands for USB device (or connected emulator).List only apps:
frida-ps -Uai-a= applications only
-i= include app identifiers (package names)
🎯 Step 5: Attach to a Running App
To attach to an app (e.g., InsecureBankv2), find the package name (like com.android.insecurebankv2) using frida-ps, then:
frida -U -n com.android.insecurebankv2
Sometimes com.android.insecurebankv2 might not work so in that situation
🧪 Step 6: Attach to the App Process when above snippet didn’t work
frida -U -p 3990
This attaches Frida to the app’s running process. Here 3990 is pid obtained from “frida-ps -Uai” command line. Then you will enter into frida REPL.
🧪 Step 7: Write a Frida Hook Script – hook-login.js
Now that Frida is running, let's create a custom script to hook into the app's login function.
Create a file called hook-login.js with the following content:
jsCopyEditJava.perform(function () {
var loginClass = Java.use("com.android.insecurebankv2.LoginActivity");
loginClass.performlogin.implementation = function () {
console.log("🔒 performlogin() hooked!");
// Skip original logic
console.log("✅ Login bypassed (fake success)");
};
});
🧠 Why Are We Doing This?
We're telling Frida:
“Hey, whenever the
performlogin()function is called in the app, don’t do the real logic. Just show a fake success.”
This lets us bypass the actual login check — useful for testing how the app handles sessions, authentication logic, or insecure code.
🧪 Step 6: Inject the Script into the App
Now use Frida to inject the hook into the running app.
First, find the app’s PID (process ID):
frida-ps -U
Then inject the script:
frida -U -p <PID> -l hook-login.js
Example:
frida -U -p 3990 -l hook-login.js
✅ If successful, Frida will inject your script, and you’ll return to a prompt where you can see logs printed from your hook.
🧪 Step 7: Trigger the Hook
Go back to the app and enter any credentials, even invalid ones.
If the hook works, you’ll see in the Frida console:
scssCopyEdit🔒 performlogin() hooked!
✅ Login bypassed (fake success)
