June 22nd 2025 updates (#2530)

* Breaking change: Frida 17+ support and script updates
* Breaking change: Corellium iOS device must install frida >=17
* Updated Frida scripts for logging, ssl/cert pinning bypass
* Added bridges support to frida
* Poetry dependency updates
* Fix Frida Code Editor code alignment issues
* Fix Google Play Scrapper timeout issues behind proxy
* Apply MobSF proxy settings to standalone tools_download.py

Author: ajinabraham

mobsf/DynamicAnalyzer/tools/frida_scripts/android/default/debugger_check_bypass.js

@@ -11,13 +11,16 @@ Java.perform(function () {
  // Following are based on: https://github.com/apkunpacker/FridaScripts
 try {
     /* Bypass Frida Detection Based On Port Number */
-    Interceptor.attach(Module.findExportByName("libc.so", "connect"), {
+    const libc = Process.getModuleByName("libc.so");
+    Interceptor.attach(libc.getExportByName("connect"), {
         onEnter: function(args) {
-            var memory = Memory.readByteArray(args[1], 64);
-            var b = new Uint8Array(memory);
-            if (b[2] == 0x69 && b[3] == 0xa2 && b[4] == 0x7f && b[5] == 0x00 && b[6] == 0x00 && b[7] == 0x01) {
-                this.frida_detection = true;
-            }
+            try{
+                var memory = Memory.readByteArray(args[1], 64);
+                var b = new Uint8Array(memory);
+                if (b[2] == 0x69 && b[3] == 0xa2 && b[4] == 0x7f && b[5] == 0x00 && b[6] == 0x00 && b[7] == 0x01) {
+                    this.frida_detection = true;
+                }
+            } catch(e){}
         },
         onLeave: function(retval) {
             if (this.frida_detection) {
@@ -28,30 +31,31 @@ try {
     });
 } catch(e){}
 try {
-    Interceptor.attach(Module.findExportByName(null, "connect"), {
+    Interceptor.attach(Module.getGlobalExportByName("connect"), {
         onEnter: function(args) {
-            var family = Memory.readU16(args[1]);
+            var family = args[1].readU16();
             if (family !== 2) {
                 return
             }
-            var port = Memory.readU16(args[1].add(2));
+            var port = args[1].add(2).readU16();
             port = ((port & 0xff) << 8) | (port >> 8);
             if (port === 27042) {
                 send('[Debugger Check] Frida Port detection bypassed');
-                Memory.writeU16(args[1].add(2), 0x0101);
+                args[1].add(2).writeU16(0x0101);
             }
         }
     });
 } catch(e){}
 try {
     /* Bypass TracerPid Detection Based On Pid Status */
-    var fgetsPtr = Module.findExportByName("libc.so", "fgets");
+    const libc = Process.getModuleByName("libc.so");
+    var fgetsPtr = libc.getExportByName("fgets");
     var fgets = new NativeFunction(fgetsPtr, 'pointer', ['pointer', 'int', 'pointer']);
     Interceptor.replace(fgetsPtr, new NativeCallback(function(buffer, size, fp) {
         var retval = fgets(buffer, size, fp);
-        var bufstr = Memory.readUtf8String(buffer);
+        var bufstr = buffer.readUtf8String();
         if (bufstr.indexOf("TracerPid:") > -1) {
-            Memory.writeUtf8String(buffer, "TracerPid:\t0");
+            buffer.writeUtf8String("TracerPid:\t0");
             send("[Debugger Check] TracerPID check bypassed");
         }
         return retval;
@@ -60,7 +64,7 @@ try {
 
 try {
     /* Bypass Ptrace Checks */
-    Interceptor.attach(Module.findExportByName(null, "ptrace"), {
+    Interceptor.attach(Module.getGlobalExportByName("ptrace"), {
         onEnter: function(args) {},
         onLeave: function(retval) {
             send("[Debugger Check] Ptrace check bypassed");
@@ -71,7 +75,7 @@ try {
 
 try {
     /* Watch Child Process Forking */
-    var fork = Module.findExportByName(null, "fork")
+    var fork = Module.getGlobalExportByName("fork")
     Interceptor.attach(fork, {
         onEnter: function(args) {},
         onLeave: function(retval) {

mobsf/DynamicAnalyzer/tools/frida_scripts/android/default/root_bypass.js

@@ -205,39 +205,49 @@ Java.performNow(function () {
 
     // Native Root Check Bypass
 
-    Interceptor.attach(Module.findExportByName("libc.so", "fopen"), {
-        onEnter: function (args) {
-            var path = Memory.readCString(args[0]);
-            path = path.split("/");
-            var executable = path[path.length - 1];
-            var shouldFakeReturn = (RootBinaries.indexOf(executable) > -1)
-            if (shouldFakeReturn) {
-                Memory.writeUtf8String(args[0], "/notexists");
-                send("[RootDetection Bypass] native fopen");
-            }
-        },
-        onLeave: function (retval) {
+    try {
+        const libc = Process.getModuleByName("libc.so");
+        
+        Interceptor.attach(libc.getExportByName("fopen"), {
+            onEnter: function (args) {
+                try{
+                var path = Memory.readCString(args[0]);
+                path = path.split("/");
+                var executable = path[path.length - 1];
+                var shouldFakeReturn = (RootBinaries.indexOf(executable) > -1)
+                if (shouldFakeReturn) {
+                    args[0].writeUtf8String("/notexists");
+                    send("[RootDetection Bypass] native fopen");
+                }
+                } catch(e){}
+            },
+            onLeave: function (retval) {
 
-        }
-    });
-    Interceptor.attach(Module.findExportByName("libc.so", "system"), {
-        onEnter: function (args) {
-            var cmd = Memory.readCString(args[0]);
-            send("[RootDetection Bypass] SYSTEM CMD: " + cmd);
-            if (cmd.indexOf("getprop") != -1 || cmd == "mount" || cmd.indexOf("build.prop") != -1 || cmd == "id") {
-                send("[RootDetection Bypass] native system: " + cmd);
-                Memory.writeUtf8String(args[0], "grep");
-            }
-            if (cmd == "su") {
-                send("[RootDetection Bypass] native system: " + cmd);
-                Memory.writeUtf8String(args[0], "justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled");
             }
-        },
-        onLeave: function (retval) {
-
-        }
+        });
+        
+        Interceptor.attach(libc.getExportByName("system"), {
+            onEnter: function (args) {
+                try{
+                var cmd = Memory.readCString(args[0]);
+                send("[RootDetection Bypass] SYSTEM CMD: " + cmd);
+                if (cmd.indexOf("getprop") != -1 || cmd == "mount" || cmd.indexOf("build.prop") != -1 || cmd == "id") {
+                    send("[RootDetection Bypass] native system: " + cmd);
+                    args[0].writeUtf8String("grep");
+                }
+                if (cmd == "su") {
+                    send("[RootDetection Bypass] native system: " + cmd);
+                    args[0].writeUtf8String("justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled");
+                }
+                } catch(e){}
+            },
+            onLeave: function (retval) {
 
-    });
+            }
+        });
+    } catch (err) {
+        send('[RootDetection Bypass] Error hooking libc.so: ' + err);
+    }
     /*
 
     TO IMPLEMENT: