I want to make the method I bypassed with frida tool permanent

Question

I want the application that I bypass using frida to be permanent and to run in this code without running frida

Example Command:

frida -U -f com.xxxxxxx.package -l root.js

I wanted to use apk patcher tool but it doesn't work

Answer 1

In every Frida release you will find libraries called "Frida Gadget" which is effectively Frida not as executable but as a library which can be embedded into an app. Together with the frida gadget library (e.g. frida-gadget-16.1.4-android-arm64.so) you can embed a configuration file and a Frida JavaScript file that will be executed on the app the library is running in.

You can rename the frida gadget library e.g. to libfrida-gadget.so and place it in the app directory /lib/arm64-v8a/ within the APK file.

Embedding Frida gadget library into an app allows to modify the app at run-time even on un-rooted devices.

For integrating frida gadget library you have to make minor modifications to the smali code of the app: at some point you have to load the frida gadget library (preferably early in the app start process). To modify the APK my recommendation is to use apktool with the option to not decompile resources as resources often causes problems: apktool d --no-res apkfile.apk.

The code to be added

# adapt the const-string to the name of the frida gadget library 
# "frida-gadget" -> file name "libfrida-gadget.so"
const-string v0, "frida-gadget"
invoke-static {v0}, Ljava/lang/System;->loadLibrary(Ljava/lang/String;)V

The common points for adding this code is in the clinit method of the main activity (see AndroidManifest.xml) or the application class (the class that extends android.app.Application). If there is no clinitmethod in those classes you can add it:

.method static constructor <clinit>()V
    .registers 1
    const-string v0, "frida-gadget"
    invoke-static {v0}, Ljava/lang/System;->loadLibrary(Ljava/lang/String;)V
    return-void
.end method