Another frida-gadget injector for APK with laziness in mind:
- Windows & Linux support
- Downloads and updates dependencies
- Can inject multiple frida-gadget`s architectures
- Built-in configs that save a lot of time
- Can rename frida-gadget and script libraries to bypass detection by name
- Uses APKEditor instead of apktool to reduce the number of dependencies and amount of time
- Ensure Android Studio or Android Build tools installed
- Ensure JDK installed
- Ensure deps in path, if not:
- Open start menu and type
environment
- Click on Edit the system environment variables
- Click Environment variables...
- Select
Path
and click Edit... - Add build tools and
keytool
into path:- Click on New
- Enter path to build tools, e.g.
C:\Users\User\AppData\Local\build-tools\x.y.z
- Click New again
- Enter path of JAVA_HOME +
/bin
, e.g.C:\Program Files\Java\jdk-22\bin
- Open start menu and type
- Run
pip install git+https://github.com/commonuserlol/fgi
- Ensure JDK installed
- Ensure
zipalign
andapksigner
or Android SDK installed, if not:- Add
~/Android/Sdk/build-tools/x.y.z
to path if you're using Android SDK
- Add
- Run
pip install git+https://github.com/commonuserlol/fgi
- Add
--break-system-packages
if pip refuses to install
- Add
- Add
~/.local/bin
to path
NOTE: On linux if you're using /tmp
for temp files and working with large APK, remount tmpfs using mount -o remount,size=4G /tmp
Run fgi -h
to get options
These configs are taken from Frida website
If you need to use other configuration options, such as using v8 runtime, consider using the --config-path
option
-
fgi -i target.apk --config-type listen
- inject arm, arm64, x86, x86_64 frida-gadget into target.apk with listen mode -
fgi -i target.apk -t listen -o out.apk
- same as 1 + ready APK will be namedout.apk
instead oftarget.patched.apk
-
fgi -i target.apk -t listen -a arm64 --offline-mode
- inject ONLY arm64 frida-gadget into target.apk with listen mode and skip frida-gadget & APKEditor update check -
fgi -i . -t script -l index.js -a arm
- inject ONLY arm frida-gadget into split APKs in currect directory withindex.js
script -
fgi -i . -c myconfig.json -r .
- inject arm, arm64, x86, x86_64 frida-gadget into split APKs in currect directory with myconfig.json config and current directory as parent temporary directory (DANGEROUS, current directory will be filled with temp files)fgi
will check does config require script and raise exception if no-l
option provided- Parent temporary directory also will be checked
-
fgi -i target.apk -t listen -n libnotafrida.so -s libnotascript.so
- same as 1 + rename frida-gadget intolibnotafrida.so
and script intolibnotascript.so
- Both frida-gadget and script libraries name should be prefixed with
lib
and end with.so
- Both frida-gadget and script libraries name should be prefixed with
-
fgi -i target.apk --config-type listen --no-cleanup -v
- same as 1 + do NOT remove temporary directory and enable debug logs- Temporary directory can be found using log message:
Decoding APK to /tmp/whatever... ~~~~~~~~~~~~~ Here
objection - smali injector & manifest stuff
This repository is licensed under a GNU General Public v3 License.
See LICENSE file for details