Implementasi Frida Framework untuk Manipulasi Alur Kerja pada Aplikasi Android
DOI:
https://doi.org/10.47134/pslse.v1i2.198Keywords:
Root, perangkat Android, Frida Framework, Kerangka Instrumentasi Dinamis, Keamanan Perangkat AndroidAbstract
Peningkatan keamanan pada perangkat Android telah menjadi tantangan bagi para peneliti keamanan. Bypass root adalah salah satu metode yang sering digunakan untuk menghindari deteksi oleh mekanisme keamanan. Dalam penelitian ini, menjelaskan penggunaan Frida, sebuah framework dynamic instrumentation, untuk melakukan bypass root pada perangkat Android. Dengan memanfaatkan kemampuan Frida untuk melakukan intersepsi dan modifikasi kode pada saat runtime, dapat mengubah perilaku aplikasi yang mencoba mendeteksi keberadaan root. Penulis melakukan serangkaian percobaan menggunakan Frida dan berhasil melewati mekanisme deteksi root yang umum digunakan. Hasil penelitian ini menunjukkan potensi Frida sebagai alat yang efektif dalam melakukan bypass root dan serangkaian pengujian keamanan pada perangkat Android. Penelitian ini memberikan pemahaman lebih lanjut tentang penggunaan Frida dalam konteks keamanan perangkat Android.
References
Alviansyah, F. A., & Ramadhani, E. (2021). Implementasi Dynamic Application Security Testing pada Aplikasi Berbasis Android. Automata, 2(1), 1–6. https://journal.uii.ac.id/AUTOMATA/article/view/17387
Anglano, C. (2023). Enabling the forensic study of application-level encrypted data in Android via a Frida-based decryption framework. ACM International Conference Proceeding Series. https://doi.org/10.1145/3600160.3605029
Ardito, L., Coppola, R., Leonardi, S., Morisio, M., & Buy, U. (2020). Automated Test Selection for Android Apps Based on APK and Activity Classification. IEEE Access, 8, 187648–187670. https://doi.org/10.1109/ACCESS.2020.3029735
Asher, S. W., Jan, S., Tsaramirsis, G., Khan, F. Q., Khalil, A., & Obaidullah, M. (2021). Reverse Engineering of Mobile Banking Applications. Comput. Syst. Sci. Eng., 38(3), 265–278. https://doi.org/10.32604/CSSE.2021.016787
Aydos, M., Aldan, Ç., Coşkun, E., & Soydan, A. (2022). Security Testing of Web Applications: A Systematic Mapping of the Literature. J. King Saud Univ. - Comput. Inf. Sci., 34(9), 6775–6792. https://doi.org/10.1016/j.jksuci.2021.09.018
Chintalapati, P. V. (2023). Usage of AI Techniques for Cyberthreat Security System in Android Mobile Devices. Lecture Notes in Networks and Systems, 703, 443–454. https://doi.org/10.1007/978-981-99-3315-0_33
Elsersy, W. F., Feizollah, A., & Anuar, N. B. (2022). The Rise of Obfuscated Android Malware and Impacts on Detection Methods. PeerJ Comput. Sci., 8(September 2018). https://doi.org/10.7717/PEERJ-CS.907
Fang, C. (2023). Quantifying structural distortion manipulation for desired perovskite phase: Part II. Three-step workflow to reveal phase evolution logic. Journal of Materiomics. https://doi.org/10.1016/j.jmat.2023.06.002
Haq, I. U., & Khan, T. A. (2021). Penetration Frameworks and Development Issues in Secure Mobile Application Development: A Systematic Literature Review. IEEE Access, 9(1), 87806–87825. https://doi.org/10.1109/ACCESS.2021.3088229
Li, J. (2020). Vulnerabilities Mapping Based on OWASP-SANS: A Survey for Static Application Security Testing (SAST). Ann. Emerg. Technol. Comput., 4(3), 1–8. https://doi.org/10.33166/AETiC.2020.03.001
Li, W. (2023). A Security Enhanced Android Unlock Scheme based on Pinch-to-Zoom for Smart Devices. IEEE Transactions on Consumer Electronics. https://doi.org/10.1109/TCE.2023.3280064
Moreno, G. E. C. (2022). FRIDA, a Framework for Software Design, Applied in the Treatment of Children with Autistic Disorder. Sustainability (Switzerland), 14(21). https://doi.org/10.3390/su142114560
Neic, A. (2020). Automating image-based mesh generation and manipulation tasks in cardiac modeling workflows using Meshtool. SoftwareX, 11. https://doi.org/10.1016/j.softx.2020.100454
Pan, Y. (2019). Interactive Application Security Testing. Proc. - 2019 Int. Conf. Smart Grid Electr. Autom. ICSGEA 2019, 1, 558–561. https://doi.org/10.1109/ICSGEA.2019.00131
Sambaraju, A. (2020). Analyzing User Awareness on Security in Android Smartphone Devices. Lecture Notes on Data Engineering and Communications Technologies, 44, 213–221. https://doi.org/10.1007/978-3-030-37051-0_24
Sen, V. (2023). Mobile Device Security Comparison of Different Operating Systems: iOS and Android. UBMK 2023 - Proceedings: 8th International Conference on Computer Science and Engineering, 141–146. https://doi.org/10.1109/UBMK59864.2023.10286662
Sharma, M. (2021). Review of the Benefits of DAST (Dynamic Application Security Testing) Versus SAST SAST Integration and DAST Reporting. May, 5–8.
Singh, A. K. (2022). Android Web Security Solution using Cross-device Federated Learning. 2022 14th International Conference on COMmunication Systems and NETworkS, COMSNETS 2022, 473–481. https://doi.org/10.1109/COMSNETS53615.2022.9668449
Soewito, B., & Suwandaru, A. (2022). Android Sensitive Data Leakage Prevention with Rooting Detection Using Java Function Hooking. J. King Saud Univ. - Comput. Inf. Sci., 34(5), 1950–1957. https://doi.org/10.1016/j.jksuci.2020.07.006
Sonmez, F. O., & Kilic, B. G. (2021). Holistic Web Application Security Visualization for Multi-Project and Multi-Phase Dynamic Application Security Test Results. IEEE Access, 9, 25858–25884. https://doi.org/10.1109/ACCESS.2021.3057044
Urooj, B., Shah, M. A., Maple, C., Abbasi, M. K., & Riasat, S. (2022). Malware Detection: A Framework for Reverse Engineered Android Applications Through Machine Learning Algorithms. IEEE Access, 10(December 2021), 89031–89050. https://doi.org/10.1109/ACCESS.2022.3149053
van Himbeeck, R. (2024). A full-length SSU rRNA-based workflow for high-resolution monitoring of nematode communities reveals direct and indirect responses to plant-based manipulations. Soil Biology and Biochemistry, 189. https://doi.org/10.1016/j.soilbio.2023.109263
Venken, K. J. T. (2023). Multiplexed Transgenic Selection and Counterselection Strategies to Expedite Genetic Manipulation Workflows Using Drosophila melanogaster. Current Protocols, 3(2). https://doi.org/10.1002/cpz1.652
You, A., Be, M., & In, I. (2023). Java Code Obfuscator to Prevent Reverse Engineering. 020004(June).
You, G., Kim, G., Han, S., Park, M., & Cho, S. J. (2022). Deoptfuscator: Defeating Advanced Control-Flow Obfuscation Using Android Runtime (ART). IEEE Access, 10, 61426–61440. https://doi.org/10.1109/ACCESS.2022.3181373
Ziadia, M., Fattahi, J., Mejri, M., & Pricop, E. (2020). Smali+: An Operational Semantics for Low-level Code Generated from Reverse Engineering Android Applications. Inf., 11(3). https://doi.org/10.3390/info11030130