frida-ps
Frida-ps, included with the standard frida tools suite, is a helpful way of listing running apps on your target device. Out of the box, an iPhone will have hundreds of running processes at first boot. Thankfully, frida-ps provides several command line options to make this process easier.
Remember to utilize the
-U flag to tell Frida you want to see apps on the device connected via USB / emulator. If you don't, you'll instead see processes running on your host machine.Examples:
List running apps (-a)
List all installed apps (-a -i)
List all running processes
C:\>frida-ps -U -a
PID Name Identifier
----- ------------------------ ---------------------------------------
1797 AnalyticsService org.android_x86.analytics
1411 Android Keyboard (AOSP) com.android.inputmethod.latin
6765 Android Setup com.google.android.setupwizard
1285 Android System android
20054 Blocked Numbers Storage com.android.providers.blockednumber
20054 Contacts Storage com.android.providers.contacts
19534 Download Manager com.android.providers.downloads
5617 ES File Explorer com.estrongs.android.pop
5438 External Storage com.android.externalstorage
5399 Files com.android.documentsui
1285 Fused Location com.android.location.fused
5102 Gallery com.android.gallery3d
1792 Google App com.google.android.googlequicksearchbox
15496 Google Partner Setup com.google.android.partnersetup
6219 Google Play Store com.android.vending
1874 Google Play services com.google.android.gms
6274 Google Services Framew… com.google.android.gsf
20089 MTP Host com.android.mtp
19534 Media Storage com.android.providers.media
1510 Mobile Data com.android.phone
1510 Mobile Network Configur… com.android.providers.telephony
5477 Package installer com.google.android.packageinstaller
6551 Photo Vault com.enchantedcloud.photovault
1832 Quickstep com.android.launcher3
1285 Settings Storage com.android.providers.settings
1422 System UI com.android.systemui
3360 Terminal Emulator com.termoneplus
20054 User Dictionary com.android.providers.userdictionary
C:\>frida-ps -U -a -i
PID Name Identifier
----- --------------------------- ----------------------------------------------------
1797 AnalyticsService org.android_x86.analytics
1411 Android Keyboard (AOSP) com.android.inputmethod.latin
6765 Android Setup com.google.android.setupwizard
1285 Android System android
20054 Blocked Numbers Storage com.android.providers.blockednumber
20054 Contacts Storage com.android.providers.contacts
19534 Download Manager com.android.providers.downloads
5617 ES File Explorer com.estrongs.android.pop
5438 External Storage com.android.externalstorage
5399 Files com.android.documentsui
1285 Fused Location com.android.location.fused
5102 Gallery com.android.gallery3d
1792 Google App com.google.android.googlequicksearchbox
15496 Google Partner Setup com.google.android.partnersetup
6219 Google Play Store com.android.vending
1874 Google Play services com.google.android.gms
6274 Google Services Framew… com.google.android.gsf
20089 MTP Host com.android.mtp
19534 Media Storage com.android.providers.media
1510 Mobile Data com.android.phone
1510 Mobile Network Configur… com.android.providers.telephony
5477 Package installer com.google.android.packageinstaller
6551 Photo Vault com.enchantedcloud.photovault
1832 Quickstep com.android.launcher3
1285 Settings Storage com.android.providers.settings
1422 System UI com.android.systemui
3360 Terminal Emulator com.termoneplus
20054 User Dictionary com.android.providers.userdictionary
- Android Easter Egg com.android.egg
- Android Services Library com.google.android.ext.services
- Android Setup com.google.android.apps.restore
- Android Shared Library com.google.android.ext.shared
- Android System WebView com.google.android.webview
- Basic Daydreams com.android.dreams.basic
- Bluetooth com.android.bluetooth
- Bluetooth MIDI Service com.android.bluetoothmidiservice
- Bookmark Provider com.android.bookmarkprovider
- BusyBox Free stericson.busybox
- Calculator com.android.calculator2
- Calendar com.android.calendar
- Calendar Storage com.android.providers.calendar
- Calibration org.zeroxlab.util.tscal
- Call Log Backup/Restore com.android.calllogbackup
- Camera com.android.camera2
- CaptivePortalLogin com.android.captiveportallogin
- CarrierDefaultApp com.android.carrierdefaultapp
- Cell Broadcasts com.android.cellbroadcastreceiver
- Certificate Installer com.android.certinstaller
- Chrome com.android.chrome
- Clock com.android.deskclock
- Companion Device Mana… com.android.companiondevicemanager
- Contacts com.android.contacts
- Corner display cutout com.android.internal.display.cutout.emulation.corner
- Dark com.android.systemui.theme.dark
- Default Print Service com.android.bips
- Dev Tools com.android.development
- Double display cutout com.android.internal.display.cutout.emulation.double
- Downloads com.android.providers.downloads.ui
- Emergency information com.android.emergency
- Gmail com.google.android.gm
- Google Account Manager com.google.android.gsf.login
- Google Backup Transport com.google.android.backuptransport
- Google Calendar Sync com.google.android.syncadapters.calendar
- Google Contacts Sync com.google.android.syncadapters.contacts
- Google One Time Init com.google.android.onetimeinitializer
- HTML Viewer com.android.htmlviewer
- Input Devices com.android.inputdevices
- Intent Filter Verification… com.android.statementservice
- Key Chain com.android.keychain
- Live Wallpaper Picker com.android.wallpaper.livepicker
- Market Feedback Agent com.google.android.feedback
- MmsService com.android.mms.service
- Music org.lineageos.eleven
- NotePad com.example.android.notepad
- PacProcessor com.android.pacprocessor
- Package Access Helper com.android.defcontainer
- Phone com.android.dialer
- Print Service Recommen… com.google.android.printservice.recommendation
- Print Spooler com.android.printspooler
- ProxyHandler com.android.proxyhandler
- RSS Reader com.example.android.rssreader
- Settings com.android.settings
- Settings Suggestions com.android.settings.intelligence
- Shell com.android.shell
- Sim App Dialog com.android.simappdialog
- Simple message receiver com.android.basicsmsreceiver
- Storage Manager com.android.storagemanager
- SuperSU eu.chainfire.supersu
- System Tracing com.android.traceur
- Tall display cutout com.android.internal.display.cutout.emulation.tall
- Taskbar com.farmerbb.taskbar.androidx86
- VpnDialogs com.android.vpndialogs
- Work profile setup com.android.managedprovisioning
- com.android.backupcon… com.android.backupconfirm
- com.android.carrierconfig com.android.carrierconfig
- com.android.cts.ctsshim com.android.cts.ctsshim
- com.android.cts.priv.cts… com.android.cts.priv.ctsshim
- com.android.providers.p… com.android.providers.partnerbookmarks
- com.android.sharedstor… com.android.sharedstoragebackup
- com.android.wallpaperb… com.android.wallpaperbackup
- com.android.wallpapercr… com.android.wallpapercropper
- com.android.wallpaperpi… com.android.wallpaperpicker
- com.google.android.gms… com.google.android.gms.setup
C:\>frida-ps -U
PID Name
----- --------------------------------------------------
3678 adbd
1130 [email protected]
1131 [email protected]
1132 [email protected]
1133 [email protected]
1134 [email protected]
1135 [email protected]
1136 [email protected]
1137 [email protected]
1138 andro[email protected]
1139 [email protected]
1140 [email protected]
1128 [email protected]
20054 android.process.acore
19534 android.process.media
1141 audioserver
1148 cameraserver
6622 com.android.chrome:sandboxed_process0
5399 com.android.documentsui
5438 com.android.externalstorage
5102 com.android.gallery3d
1411 com.android.inputmethod.latin
1832 com.android.launcher3
20089 com.android.mtp
1510 com.android.phone
1422 com.android.systemui
6219 com.android.vending
6551 com.enchantedcloud.photovault
5617 com.estrongs.android.pop
1874 com.google.android.gms
1768 com.google.android.gms.persistent
6835 com.google.android.gms.unstable
1792 com.google.android.googlequicksearchbox:interactor
18157 com.google.android.googlequicksearchbox:search
5477 com.google.android.packageinstaller
15496 com.google.android.partnersetup
6765 com.google.android.setupwizard
6274 com.google.process.gservices
3360 com.termoneplus
1149 drmserver
11689 frida-helper-32
11670 frida-server
1162 gatekeeperd
1129 healthd
1059 hwservicemanager
1150 incidentd
1 init
1044 init
1045 init
1151 installd
1189 ip6tables-restore
1188 iptables-restore
1152 keystore
6024 libestool2.so
1142 lmkd
11672 logcat
1057 logd
1181 mdnsd
1160 media.codec
1154 media.extractor
1155 media.metrics
1153 mediadrmserver
1156 mediaserver
1124 netd
1797 org.android_x86.analytics
1163 perfprofd
1161 rild
1058 servicemanager
1145 sh
3388 sh
3424 sh
11667 sh
1157 statsd
1158 storaged
1147 su
3405 su
3406 su
3411 su
3418 su
1143 surfaceflinger
1285 system_server
1144 thermalserviced
1164 tombstoned
1046 ueventd
1102 v86d
1060 vndservicemanager
1117 vold
1458 webview_zygote
1159 wificond
1406 wpa_supplicant
1126 zygote
1125 zygote64
Locating an app with frida-ps
If you are finding yourself needing to know an app's identifier, frida-ps can be a good way to find it. It will also get us the application's current Process ID (PID) if it's running.
On your host machine, open a Command Prompt.
Type
frida-ps -U -a. These switches will limit our list greatly and make it easier to spot our target.
In the case of Photo Vault, the bundle identifier is
com.enchantedcloud.photovault. You may optionally note down the PID (Process ID) however, the application identifier is primarily what we are after since we may re-launch the app several times throughout the lab (resulting in a different PID).Great, now we’ve established our application identifier, and can see that it is running. We also know that since frida-ps gave us the data we needed, we indeed have connectivity between the host machine and frida-server on the device (or emulator).
Last modified 3yr ago