anti-frida-bypass

by enovella December 15, 2025

4 views 657095a0...

Description

Libc-based anti-frida bypass (strstr)

How to Use

Download the script and run it with Frida CLI:

Then run with Frida:


                                frida -U -f YOUR_PACKAGE_NAME -l anti-frida-bypass.js

Replace YOUR_PACKAGE_NAME with the target app's package name.

Source Code

JavaScript

Interceptor.attach(Module.findExportByName("libc.so", "strstr"), {

    onEnter: function(args) {

        this.haystack = args[0];
        this.needle = args[1];
        this.frida = Boolean(0);

        haystack = Memory.readUtf8String(this.haystack);
        needle = Memory.readUtf8String(this.needle);

        if (haystack.indexOf("frida") !== -1 || haystack.indexOf("xposed") !== -1) {
            this.frida = Boolean(1);
        }
    },

    onLeave: function(retval) {

        if (this.frida) {
            retval.replace(0);
        }
        return retval;
    }
});

Description

How to Use

Source Code

Comments