Another frida-gadget injector for APK:
- Windows & Linux support
- Automatically downloads and updates dependencies
- Injects multiple frida-gadget architectures, if needed
- Built-in configs that save a lot of (copy/paste) time
- Can rename frida-gadget and script libraries to bypass detection by name
- Uses APKEditor instead of apktool to reduce the number of dependencies and amount of run time
- Ensure Android Studio or Android Build tools installed
- Ensure JDK installed
- Ensure deps in path, if not:
- Open start menu and type
environment
- Click on Edit the system environment variables
- Click Environment variables...
- Select
Path
and click Edit... - Add build tools and
keytool
into path:- Click on New
- Enter path to build tools, e.g.
C:\Users\User\AppData\Local\build-tools\x.y.z
- Click New again
- Enter path of JAVA_HOME +
bin
, e.g.C:\Program Files\Java\jdk-22\bin
- Open start menu and type
- Run
pip install git+https://github.com/commonuserlol/fgi
- Restart current cmd/powershell/terminal session
- Ensure JDK installed
- Ensure
zipalign
andapksigner
or Android SDK installed, if not:- Add
~/Android/Sdk/build-tools/x.y.z
to path if you're using Android SDK
- Add
- Run
pip install git+https://github.com/commonuserlol/fgi
- Add
--break-system-packages
if pip refuses to install
- Add
- Add
~/.local/bin
to path
NOTE: On linux if you're using /tmp
for temp files and working with large APK, remount tmpfs using mount -o remount,size=4G /tmp
Run fgi -h
to get options
These configs are taken from Frida website
If you need to use other configuration options, such as using v8 runtime, consider using the --config-path
option
-
fgi -i target.apk
- inject frida-gadget for existing architectures into target.apk with listen mode- To specify only some architectures use
-a
flag
- To specify only some architectures use
-
fgi -i target.apk -o out.apk
- same as 1 + ready APK will be namedout.apk
instead oftarget.patched.apk
-
fgi -i target.apk -a arm64 --offline-mode
- inject ONLY arm64 frida-gadget into target.apk with listen mode and skip frida-gadget & APKEditor update check -
fgi -i . -t script -l index.js -a arm64 arm
- inject ONLY arm64 and arm frida-gadget into split APKs in currect directory withindex.js
as script -
fgi -i . -c myconfig.json -r .
- inject frida-gadget for existing architectures into split APKs in currect directory with myconfig.json config and current directory as parent temporary directory (DANGEROUS, current directory will be filled with temp files)fgi
will check does config require script and raise exception if no-l
option provided- Parent temporary directory also will be checked
-
fgi -i target.apk -t script -n libnotafrida.so -s libnotascript.so
- same as 1, but use script type + rename frida-gadget intolibnotafrida.so
and script intolibnotascript.so
- Both frida-gadget and script libraries name must be prefixed with
lib
and end with.so
- Both frida-gadget and script libraries name must be prefixed with
-
fgi -i target.apk --config-type listen --no-cleanup -v
- same as 1 + do NOT remove temporary directory and enable debug logs- Temporary directory can be found using log message:
Decoding APK to /tmp/whatever... ~~~~~~~~~~~~~ Here
objection - smali injector & manifest stuff
This repository is licensed under a GNU General Public v3 License.
See LICENSE file for details