Frida-ps, included with the standard frida tools suite, is a helpful way of listing running apps on your target device. Out of the box, an iPhone will have hundreds of running processes at first boot. Thankfully, frida-ps provides several command line options to make this process easier.
Remember to utilize the-U flag to tell Frida you want to see apps on the device connected via USB / emulator. If you don't, you'll instead see processes running on your host machine.
Examples:
C:\>frida-ps -U -a
PID Name Identifier
----- ------------------------ ---------------------------------------
1797 AnalyticsService org.android_x86.analytics
1411 Android Keyboard (AOSP) com.android.inputmethod.latin
6765 Android Setup com.google.android.setupwizard
1285 Android System android
20054 Blocked Numbers Storage com.android.providers.blockednumber
20054 Contacts Storage com.android.providers.contacts
19534 Download Manager com.android.providers.downloads
5617 ES File Explorer com.estrongs.android.pop
5438 External Storage com.android.externalstorage
5399 Files com.android.documentsui
1285 Fused Location com.android.location.fused
5102 Gallery com.android.gallery3d
1792 Google App com.google.android.googlequicksearchbox
15496 Google Partner Setup com.google.android.partnersetup
6219 Google Play Store com.android.vending
1874 Google Play services com.google.android.gms
6274 Google Services Framew… com.google.android.gsf
20089 MTP Host com.android.mtp
19534 Media Storage com.android.providers.media
1510 Mobile Data com.android.phone
1510 Mobile Network Configur… com.android.providers.telephony
5477 Package installer com.google.android.packageinstaller
6551 Photo Vault com.enchantedcloud.photovault
1832 Quickstep com.android.launcher3
1285 Settings Storage com.android.providers.settings
1422 System UI com.android.systemui
3360 Terminal Emulator com.termoneplus
20054 User Dictionary com.android.providers.userdictionary
C:\>frida-ps -U -a -i
PID Name Identifier
----- --------------------------- ----------------------------------------------------
1797 AnalyticsService org.android_x86.analytics
1411 Android Keyboard (AOSP) com.android.inputmethod.latin
6765 Android Setup com.google.android.setupwizard
1285 Android System android
20054 Blocked Numbers Storage com.android.providers.blockednumber
20054 Contacts Storage com.android.providers.contacts
19534 Download Manager com.android.providers.downloads
5617 ES File Explorer com.estrongs.android.pop
5438 External Storage com.android.externalstorage
5399 Files com.android.documentsui
1285 Fused Location com.android.location.fused
5102 Gallery com.android.gallery3d
1792 Google App com.google.android.googlequicksearchbox
15496 Google Partner Setup com.google.android.partnersetup
6219 Google Play Store com.android.vending
1874 Google Play services com.google.android.gms
6274 Google Services Framew… com.google.android.gsf
20089 MTP Host com.android.mtp
19534 Media Storage com.android.providers.media
1510 Mobile Data com.android.phone
1510 Mobile Network Configur… com.android.providers.telephony
5477 Package installer com.google.android.packageinstaller
6551 Photo Vault com.enchantedcloud.photovault
1832 Quickstep com.android.launcher3
1285 Settings Storage com.android.providers.settings
1422 System UI com.android.systemui
3360 Terminal Emulator com.termoneplus
20054 User Dictionary com.android.providers.userdictionary
- Android Easter Egg com.android.egg
- Android Services Library com.google.android.ext.services
- Android Setup com.google.android.apps.restore
- Android Shared Library com.google.android.ext.shared
- Android System WebView com.google.android.webview
- Basic Daydreams com.android.dreams.basic
- Bluetooth com.android.bluetooth
- Bluetooth MIDI Service com.android.bluetoothmidiservice
- Bookmark Provider com.android.bookmarkprovider
- BusyBox Free stericson.busybox
- Calculator com.android.calculator2
- Calendar com.android.calendar
- Calendar Storage com.android.providers.calendar
- Calibration org.zeroxlab.util.tscal
- Call Log Backup/Restore com.android.calllogbackup
- Camera com.android.camera2
- CaptivePortalLogin com.android.captiveportallogin
- CarrierDefaultApp com.android.carrierdefaultapp
- Cell Broadcasts com.android.cellbroadcastreceiver
- Certificate Installer com.android.certinstaller
- Chrome com.android.chrome
- Clock com.android.deskclock
- Companion Device Mana… com.android.companiondevicemanager
- Contacts com.android.contacts
- Corner display cutout com.android.internal.display.cutout.emulation.corner
- Dark com.android.systemui.theme.dark
- Default Print Service com.android.bips
- Dev Tools com.android.development
- Double display cutout com.android.internal.display.cutout.emulation.double
- Downloads com.android.providers.downloads.ui
- Emergency information com.android.emergency
- Gmail com.google.android.gm
- Google Account Manager com.google.android.gsf.login
- Google Backup Transport com.google.android.backuptransport
- Google Calendar Sync com.google.android.syncadapters.calendar
- Google Contacts Sync com.google.android.syncadapters.contacts
- Google One Time Init com.google.android.onetimeinitializer
- HTML Viewer com.android.htmlviewer
- Input Devices com.android.inputdevices
- Intent Filter Verification… com.android.statementservice
- Key Chain com.android.keychain
- Live Wallpaper Picker com.android.wallpaper.livepicker
- Market Feedback Agent com.google.android.feedback
- MmsService com.android.mms.service
- Music org.lineageos.eleven
- NotePad com.example.android.notepad
- PacProcessor com.android.pacprocessor
- Package Access Helper com.android.defcontainer
- Phone com.android.dialer
- Print Service Recommen… com.google.android.printservice.recommendation
- Print Spooler com.android.printspooler
- ProxyHandler com.android.proxyhandler
- RSS Reader com.example.android.rssreader
- Settings com.android.settings
- Settings Suggestions com.android.settings.intelligence
- Shell com.android.shell
- Sim App Dialog com.android.simappdialog
- Simple message receiver com.android.basicsmsreceiver
- Storage Manager com.android.storagemanager
- SuperSU eu.chainfire.supersu
- System Tracing com.android.traceur
- Tall display cutout com.android.internal.display.cutout.emulation.tall
- Taskbar com.farmerbb.taskbar.androidx86
- VpnDialogs com.android.vpndialogs
- Work profile setup com.android.managedprovisioning
- com.android.backupcon… com.android.backupconfirm
- com.android.carrierconfig com.android.carrierconfig
- com.android.cts.ctsshim com.android.cts.ctsshim
- com.android.cts.priv.cts… com.android.cts.priv.ctsshim
- com.android.providers.p… com.android.providers.partnerbookmarks
- com.android.sharedstor… com.android.sharedstoragebackup
- com.android.wallpaperb… com.android.wallpaperbackup
- com.android.wallpapercr… com.android.wallpapercropper
- com.android.wallpaperpi… com.android.wallpaperpicker
- com.google.android.gms… com.google.android.gms.setup
If you are finding yourself needing to know an app's identifier, frida-ps can be a good way to find it. It will also get us the application's current Process ID (PID) if it's running.
On your host machine, open a Command Prompt.
Type frida-ps -U -a. These switches will limit our list greatly and make it easier to spot our target.
In the case of Photo Vault, the bundle identifier is com.enchantedcloud.photovault. You may optionally note down the PID (Process ID) however, the application identifier is primarily what we are after since we may re-launch the app several times throughout the lab (resulting in a different PID).
Great, now we’ve established our application identifier, and can see that it is running. We also know that since frida-ps gave us the data we needed, we indeed have connectivity between the host machine and frida-server on the device (or emulator).
