Using Frida for fun and profit

The following is basic instructions for using Frida on DJI hardware.

Install frida-tools 15.1.17

wget https://github.com/frida/frida/releases/download/15.1.17/python3-frida_15.1.17-1.ubuntu-focal_amd64.deb
wget https://github.com/frida/frida/releases/download/15.1.17/python3-frida-tools_10.5.4-1.ubuntu-focal_all.deb
sudo apt install ./python3-frida_15.1.17-1.ubuntu-focal_amd64.deb
sudo apt install ./python3-frida-tools_10.5.4-1.ubuntu-focal_all.deb

Get the forked frida-server

wget https://github.com/fpv-wtf/frida-core/releases/download/15.1.17-2/frida-server

Run

adb connect 192.168.42.5
adb push ./frida-server /tmp
adb shell "chmod u+x /tmp/frida-server && /tmp/frida-server" &

List processes

frida-ps -D 192.168.42.5:5555

Trace malloc in dji_glasses

frida-trace -D 192.168.42.5:5555 -i calloc dji_glasses

See the Frida docs for more.

Get crazy

frida-trace -D 192.168.42.5:5555 -i "_ZN9MMSWindow*" -x "_ZN9MMSWindow7isShownEbb*" dji_gls_wm150

Direct adb connection on host

Get your device id from adb devices and replace -D 192.168.42.5:5555 with -D YOUR_ADB_DEVICE_ID in above commands.

Alternative method without Adb Connect

Goggles V1 and Airunits don't support 'adb connect' so this alternative method is required.

Start frida-server on goggles:

./frida-server -l 192.168.42.5

Connect goggles V2:

frida-trace -H 192.168.42.5 -i calloc dji_gls_wm150

Connect goggles V1:

frida-trace -H 192.168.42.5 -i calloc dji_glasses

Was this page useful?

If the information on this page helped you, please consider donating to our Open Collective.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly