Implementasi Frida Framework untuk Manipulasi Alur Kerja pada Aplikasi Android

Authors

  • Aldo Reghan Ramadhan Program Studi Manajemen Informasi Kesehatan, Universitas Muhammadiyah Sidoarjo
  • Arif Senja Fitriani Program Studi Manajemen Informasi Kesehatan, Universitas Muhammadiyah Sidoarjo
  • Mochamad Alfan Rosid Program Studi Manajemen Informasi Kesehatan, Universitas Muhammadiyah Sidoarjo
  • Cindy Taurusta Program Studi Manajemen Informasi Kesehatan, Universitas Muhammadiyah Sidoarjo

DOI:

https://doi.org/10.47134/pslse.v1i2.198

Keywords:

Root, perangkat Android, Frida Framework, Kerangka Instrumentasi Dinamis, Keamanan Perangkat Android

Abstract

Peningkatan keamanan pada perangkat Android telah menjadi tantangan bagi para peneliti keamanan. Bypass root adalah salah satu metode yang sering digunakan untuk menghindari deteksi oleh mekanisme keamanan. Dalam penelitian ini, menjelaskan penggunaan Frida, sebuah framework dynamic instrumentation, untuk melakukan bypass root pada perangkat Android. Dengan memanfaatkan kemampuan Frida untuk melakukan intersepsi dan modifikasi kode pada saat runtime, dapat mengubah perilaku aplikasi yang mencoba mendeteksi keberadaan root. Penulis melakukan serangkaian percobaan menggunakan Frida dan berhasil melewati mekanisme deteksi root yang umum digunakan. Hasil penelitian ini menunjukkan potensi Frida sebagai alat yang efektif dalam melakukan bypass root dan serangkaian pengujian keamanan pada perangkat Android. Penelitian ini memberikan pemahaman lebih lanjut tentang penggunaan Frida dalam konteks keamanan perangkat Android.

References

Alviansyah, F. A., & Ramadhani, E. (2021). Implementasi Dynamic Application Security Testing pada Aplikasi Berbasis Android. Automata, 2(1), 1–6. https://journal.uii.ac.id/AUTOMATA/article/view/17387

Anglano, C. (2023). Enabling the forensic study of application-level encrypted data in Android via a Frida-based decryption framework. ACM International Conference Proceeding Series. https://doi.org/10.1145/3600160.3605029

Ardito, L., Coppola, R., Leonardi, S., Morisio, M., & Buy, U. (2020). Automated Test Selection for Android Apps Based on APK and Activity Classification. IEEE Access, 8, 187648–187670. https://doi.org/10.1109/ACCESS.2020.3029735

Asher, S. W., Jan, S., Tsaramirsis, G., Khan, F. Q., Khalil, A., & Obaidullah, M. (2021). Reverse Engineering of Mobile Banking Applications. Comput. Syst. Sci. Eng., 38(3), 265–278. https://doi.org/10.32604/CSSE.2021.016787

Aydos, M., Aldan, Ç., Coşkun, E., & Soydan, A. (2022). Security Testing of Web Applications: A Systematic Mapping of the Literature. J. King Saud Univ. - Comput. Inf. Sci., 34(9), 6775–6792. https://doi.org/10.1016/j.jksuci.2021.09.018

Chintalapati, P. V. (2023). Usage of AI Techniques for Cyberthreat Security System in Android Mobile Devices. Lecture Notes in Networks and Systems, 703, 443–454. https://doi.org/10.1007/978-981-99-3315-0_33

Elsersy, W. F., Feizollah, A., & Anuar, N. B. (2022). The Rise of Obfuscated Android Malware and Impacts on Detection Methods. PeerJ Comput. Sci., 8(September 2018). https://doi.org/10.7717/PEERJ-CS.907

Fang, C. (2023). Quantifying structural distortion manipulation for desired perovskite phase: Part II. Three-step workflow to reveal phase evolution logic. Journal of Materiomics. https://doi.org/10.1016/j.jmat.2023.06.002

Haq, I. U., & Khan, T. A. (2021). Penetration Frameworks and Development Issues in Secure Mobile Application Development: A Systematic Literature Review. IEEE Access, 9(1), 87806–87825. https://doi.org/10.1109/ACCESS.2021.3088229

Li, J. (2020). Vulnerabilities Mapping Based on OWASP-SANS: A Survey for Static Application Security Testing (SAST). Ann. Emerg. Technol. Comput., 4(3), 1–8. https://doi.org/10.33166/AETiC.2020.03.001

Li, W. (2023). A Security Enhanced Android Unlock Scheme based on Pinch-to-Zoom for Smart Devices. IEEE Transactions on Consumer Electronics. https://doi.org/10.1109/TCE.2023.3280064

Moreno, G. E. C. (2022). FRIDA, a Framework for Software Design, Applied in the Treatment of Children with Autistic Disorder. Sustainability (Switzerland), 14(21). https://doi.org/10.3390/su142114560

Neic, A. (2020). Automating image-based mesh generation and manipulation tasks in cardiac modeling workflows using Meshtool. SoftwareX, 11. https://doi.org/10.1016/j.softx.2020.100454

Pan, Y. (2019). Interactive Application Security Testing. Proc. - 2019 Int. Conf. Smart Grid Electr. Autom. ICSGEA 2019, 1, 558–561. https://doi.org/10.1109/ICSGEA.2019.00131

Sambaraju, A. (2020). Analyzing User Awareness on Security in Android Smartphone Devices. Lecture Notes on Data Engineering and Communications Technologies, 44, 213–221. https://doi.org/10.1007/978-3-030-37051-0_24

Sen, V. (2023). Mobile Device Security Comparison of Different Operating Systems: iOS and Android. UBMK 2023 - Proceedings: 8th International Conference on Computer Science and Engineering, 141–146. https://doi.org/10.1109/UBMK59864.2023.10286662

Sharma, M. (2021). Review of the Benefits of DAST (Dynamic Application Security Testing) Versus SAST SAST Integration and DAST Reporting. May, 5–8.

Singh, A. K. (2022). Android Web Security Solution using Cross-device Federated Learning. 2022 14th International Conference on COMmunication Systems and NETworkS, COMSNETS 2022, 473–481. https://doi.org/10.1109/COMSNETS53615.2022.9668449

Soewito, B., & Suwandaru, A. (2022). Android Sensitive Data Leakage Prevention with Rooting Detection Using Java Function Hooking. J. King Saud Univ. - Comput. Inf. Sci., 34(5), 1950–1957. https://doi.org/10.1016/j.jksuci.2020.07.006

Sonmez, F. O., & Kilic, B. G. (2021). Holistic Web Application Security Visualization for Multi-Project and Multi-Phase Dynamic Application Security Test Results. IEEE Access, 9, 25858–25884. https://doi.org/10.1109/ACCESS.2021.3057044

Urooj, B., Shah, M. A., Maple, C., Abbasi, M. K., & Riasat, S. (2022). Malware Detection: A Framework for Reverse Engineered Android Applications Through Machine Learning Algorithms. IEEE Access, 10(December 2021), 89031–89050. https://doi.org/10.1109/ACCESS.2022.3149053

van Himbeeck, R. (2024). A full-length SSU rRNA-based workflow for high-resolution monitoring of nematode communities reveals direct and indirect responses to plant-based manipulations. Soil Biology and Biochemistry, 189. https://doi.org/10.1016/j.soilbio.2023.109263

Venken, K. J. T. (2023). Multiplexed Transgenic Selection and Counterselection Strategies to Expedite Genetic Manipulation Workflows Using Drosophila melanogaster. Current Protocols, 3(2). https://doi.org/10.1002/cpz1.652

You, A., Be, M., & In, I. (2023). Java Code Obfuscator to Prevent Reverse Engineering. 020004(June).

You, G., Kim, G., Han, S., Park, M., & Cho, S. J. (2022). Deoptfuscator: Defeating Advanced Control-Flow Obfuscation Using Android Runtime (ART). IEEE Access, 10, 61426–61440. https://doi.org/10.1109/ACCESS.2022.3181373

Ziadia, M., Fattahi, J., Mejri, M., & Pricop, E. (2020). Smali+: An Operational Semantics for Low-level Code Generated from Reverse Engineering Android Applications. Inf., 11(3). https://doi.org/10.3390/info11030130

Downloads

Published

2024-01-23

How to Cite

Ramadhan, A. R., Fitriani, A. S., Rosid, M. A., & Taurusta, C. (2024). Implementasi Frida Framework untuk Manipulasi Alur Kerja pada Aplikasi Android. Physical Sciences, Life Science and Engineering, 1(2), 9. https://doi.org/10.47134/pslse.v1i2.198

Issue

Vol. 1 No. 2 (2024): Maret

Section

Articles
Crossref
Scopus
Google Scholar
Europe PMC