Hacking

Architecture

7RvbkqO49Wu6MnkwBQZfeGz3dG8yNcl2Ve9sMk9TAoStGYwI4La9X7/nCAkDFr5CuzOJH2x00OXoXC+S7+yH5eaXlCSLf/CARndDM9jc2R/vhsOJ68A3ArYFwHGsAjBPWVCAKoAX9geVQFNCVyygWa1jznmUs6QO9HkcUz+vwUIeySXkZAmZq+l3gBefRPvQf7EgXxTQ6XC8g/+NsvlCLWON3eJNlm/VHAENySrKBwIE7/D1kqi5JCIbs2iqFbeyLadLSFxD6A/OlzVASrOSUnLKkEmsZNvjaUBTuYyERSz+USWb/QicSzmHkfi03DzQCLmnOFMMe2p5W1IrpXFt7bYB9sT0xtTz3NC1ych1BrYUjlcSreRu9ui5XrCcviTEx/YaZOzOni3yZQQtCx5DHudSaizY0IxEbI7E8wEn3P4sZFH0wCOOpIh5DB1nAckWFHHCCSQGNM2plFnNvnbUAjmnfEnzdItslEIuyStFXInueidCJWxRER/bkUAieTIvZ94RER4kHU+l6einoKkzviFRdSQcR7DCjOByKQ0FdPyfFaoOkC5Ha3SP8w+f5ixfrDzDB5UdPoVg1GBM8TuIwTruhqEpI+mcFpgr6DcvIvGPaq/xHH9rMwhcYFqYunirYAF7bYKQmzX2q5nxxaCwI4C6OU02+6t+Iq/kxU9ZglMAkCxRVorvshl7mWyLBTM0X7oFwfzQgWIWLmkZSNjGksAdeC5ng10WE9Z3hTQVG9sD10hwnuB3ILeu9BVKbKf7cmsp0a7K7cg+W2y/ZDT91fuOXg9MO/HA8XYoqz5Pr5RVOcMpsvrhLJyz3KghziNKXlN4oGMSTieuRQKPhtPQC6gJ7LhsD0Bt8/757/oN4MssJzmD2CFC7qNnpcFf28SwVTk9QPuwBPej17+TCEm9r9FdaHDTMAC1utJlZaGFltWN9y3VfDiSLuOYmk9kvzPUHJoVTdc7rMlxn08DCHVlk6f5gs95TKLHHXSW8lUcCB8O0eg+vXCCw9SC9fgqFUTfOdGKytW4VqFpSiNQpdf67J0GRTKu1jj0ioR9BeQR4Y60ALKU43J/yFmBdBbWr2RElqf8B21EXppgbC9gQ1lHW3UvX+QcVUKnJhy6hhFfA2TBgoBC72o8OHRuGjL3EjFbEvvD0nFUKhpm1xqi3UVNKtxDQ2Icw3bxM7amI9u0dTa6Sz/+lKcUf5YkQ4kYPkXMQ5c2R35d5eXVFK1uvkX4b+X51CRMAV4WILWBYJKXEiGkLEZbi0B9hAuYlsOPODHodyKiraKiMy4eoqkNs3SI/T+g6CA5aGbFeptatcZ3QzsUnz3TDW9M8ekoWXYb5nSkyTqU7aza0zI96dagyujj5zSo8xXCmvbUY3HA4nmGY1fL7/B7mVFVg/9bzGmZrZsffp9W85/+FbADxRkpRVFxvCXT8IriqFCl/zhEVw39udTmmkCjmOBcvXgzLXgj10eyKhVu5vz60D2laEd0Tw3rVvdOqJpfkUHryXduRt3qaKs5dotZuUXWrS1L7LurBpmzBUnwcbmZ44miQdKUrzMDK218lX8L+MqL6DcBrRNZBWSfsRT6zDOWM46BmcfzHM/PWiK2IjJT533InfZYrcnHlGMRUKwCIVgnamE3Dj7gxHQ/N9aohSuJ3S0H2wsnZ9g1jY+R/ghLHANZrcCusmDRbyrsRRxz34k9NYlDnZE9mdqO57qO745M6jquQ0eeZTuWZXkjEwICmSwzxC0EC4lBXkazDBhvAGVgAfuzNRp8Rmpd5uGSYQIDPs5WLaGfSfyUZ9WXOst/TpTw7rmkL1gkDGzDpUQGexfydDnIEuqzkPk4PCVxloA17yC0OFq+E6f2BKyXdBBklYOVKqzJ6VU7QMWHTOM3bHwcYD3uZOcsL0lIFKr3Ik61TkNXOkplnWxNpqk8dO1ctpezbuUkO3HSdMPyfyPYGMnW18qbZ5oywFhcqdC5AhoH94VPUlVYgDxBNUD278jlK5/6LsrqtsyW+qQ/dtLRH6iWbkV31RC9xdh3xJuWavNNuCXPrA7nl78VyMPaCfik//mDikvvofRzt2c/oN6CQA4ycUPD2BWO3tFJ8wOPs9USYybzl9Xy08tfilT5cKBQxgnr9doQYYEhgoKA+xh8fYdbKcWeBySBgjf0vCwkqF1vaT3tvyavVtlMzHMU+GtvXs0hKoJApPOK8akF417qxWqhiliXTOHygkvTzUQR3AB9TxS1HOkM2yk6lrFTlaDKvFxDUCcIx0E4daht+67lD6SVuEVUpPfKovcRH7yFPcHbN/TEhdhd4YnFUNgUwVGqQ8IhTwQjVc78jIBKfq8qS+pCtKxxlZdmG/0Pd4eHAoGdoJQ7uUh2+jkMP3jA6RpjUV+xp5YzdifaGvSMDQKWgiWAnJsg/nTjL0gMYgImIoSvTy+//hNvWkNaDifSmdFVWfjNdvhozAHp0jWWx7h6B18/6DWxOIbv2k6rdSToZGfamnUGmv3Bgqu4cB6ElXEw0f5CJdtLhtrRP2an0Fz0vEBOrruAMEF8d/B8WytpiIG7NtKyOoc8aZDthGwjTqod5JkP3qw37yaI2qHgpeu9fYlBKYNIXKcADaWJKI5WOV+j+CnxVE+3QM5iAgXHVat3IRcMQ+jrURqfnTwdTYqWkO8Ip31qXiR9a9XL93RNH2qqp+VHKv7sMu5Rh7cdBz7VYkQRBJVBzq5ZliqwsR8V9Rf7tDnwg6FPER+9dejjWPI4QcUy8o5oV7GMPfaoHzim401GxKb+YNqHPKhnjTwUcW6tFPWmYa+qD1R5r5ePt6g/NbmhzEDv1cIW9WxkIX5E4AjHr3Gk09vO3Sccl5O+p0I5XGdvpf3UnOxT/7Bx7JYllx2XFzrUPZOgufunZWHcdn+YtR//BA==

Porting

The first step is setting up the build system. Let’s assume you’re about to port Frida to run on Linux/MIPS. As Frida already supports Linux, all we need to do is add the architecture-specific bits.

Porting the build system

  • releng/setup-env.sh

This is the script that generates an .rc file that you can source to enter the build environment, along with a .txt that is a Meson machine file. The top-level Makefile.$build_os.mk uses this script to generate the environment before proceeding to build modules inside of it. Fill in the blanks here. We use the same terminology as Meson, so build means the build machine while host refers to the machine that will be executing the binaries.

Building the SDK

$ make -f Makefile.sdk.mk FRIDA_HOST=linux-mips

Building frida-gum

A user would normally not build a component by hand and instead invoke the toplevel Makefile. However, when porting we recommend focusing on one module at a time and get its tests passing before moving on to the next one. We’ll start with frida-gum, which is the low-level foundation of frida-core.

Let’s first use the top-level Makefile to bootstrap the basics:

$ make build/frida-linux-mips/lib/pkgconfig/frida-gum-1.0.pc

This may not actually succeed in building frida-gum, but should at least get the environment set up.

Now let’s change the working directory to frida-gum and rinse and repeat this until all is well:

$ (. ../build/frida-env-linux-mips.rc && ninja -C ../build/tmp-linux-mips/frida-gum)
$ scp ../build/tmp-linux-mips/frida-gum/tests/gum-tests target:/tmp/
$ ssh target "/tmp/gum-tests"

You can add -p to limit which tests are run, e.g. -p /Core/Interceptor/attach_one.

Porting frida-gum

Add the directory gum/backend-mips by duplicating for example gum/backend-arm64, and then search-replace everything. The important part to port here is guminterceptor-mips.c and gumspinlock-mips.c. You should leave gumstalker-mips.c as a stub, as it’s an advanced feature that takes a lot of effort to port.

Building frida-core

Let’s first use the top-level Makefile to bootstrap the basics:

$ make build/frida-linux-mips/lib/pkgconfig/frida-core-1.0.pc

This may not actually succeed in building frida-core, but should at least get the environment set up.

Now let’s change the working directory to frida-core and rinse and repeat this until all is well:

$ (. ../build/frida-env-linux-mips.rc && ninja -C ../build/tmp-linux-mips/frida-core)
$ scp ../build/tmp-linux-mips/frida-core/tests/frida-tests target:/tmp/
$ ssh target "/tmp/frida-tests"

You can add -p to limit which tests are run, e.g. -p /Injector/inject-dynamic-current-arch.

Porting frida-core

This should only be a matter of porting the injector. The implementation is here and the recommended approach is to follow the HAVE_ARM64 breadcrumbs to port the architecture-specific bits. For a walkthrough of the Linux injector, check out our presentation here.