frida-ps

Frida-ps, included with the standard frida tools suite, is a helpful way of listing running apps on your target device. Out of the box, an iPhone will have hundreds of running processes at first boot. Thankfully, frida-ps provides several command line options to make this process easier.

Remember to utilize the-U flag to tell Frida you want to see apps on the device connected via USB / emulator. If you don't, you'll instead see processes running on your host machine.

Examples:

C:\>frida-ps -U -a
  PID  Name                      Identifier
-----  ------------------------  ---------------------------------------
 1797  AnalyticsService          org.android_x86.analytics
 1411  Android Keyboard (AOSP)   com.android.inputmethod.latin
 6765  Android Setup             com.google.android.setupwizard
 1285  Android System            android
20054  Blocked Numbers Storage   com.android.providers.blockednumber
20054  Contacts Storage          com.android.providers.contacts
19534  Download Manager          com.android.providers.downloads
 5617  ES File Explorer          com.estrongs.android.pop
 5438  External Storage          com.android.externalstorage
 5399  Files                     com.android.documentsui
 1285  Fused Location            com.android.location.fused
 5102  Gallery                   com.android.gallery3d
 1792  Google App                com.google.android.googlequicksearchbox
15496  Google Partner Setup      com.google.android.partnersetup
 6219  Google Play Store         com.android.vending
 1874  Google Play services      com.google.android.gms
 6274  Google Services Framew…   com.google.android.gsf
20089  MTP Host                  com.android.mtp
19534  Media Storage             com.android.providers.media
 1510  Mobile Data               com.android.phone
 1510  Mobile Network Configur…  com.android.providers.telephony
 5477  Package installer         com.google.android.packageinstaller
 6551  Photo Vault               com.enchantedcloud.photovault
 1832  Quickstep                 com.android.launcher3
 1285  Settings Storage          com.android.providers.settings
 1422  System UI                 com.android.systemui
 3360  Terminal Emulator         com.termoneplus
20054  User Dictionary           com.android.providers.userdictionary

C:\>frida-ps -U -a -i
  PID  Name                         Identifier
-----  ---------------------------  ----------------------------------------------------
 1797  AnalyticsService             org.android_x86.analytics
 1411  Android Keyboard (AOSP)      com.android.inputmethod.latin
 6765  Android Setup                com.google.android.setupwizard
 1285  Android System               android
20054  Blocked Numbers Storage      com.android.providers.blockednumber
20054  Contacts Storage             com.android.providers.contacts
19534  Download Manager             com.android.providers.downloads
 5617  ES File Explorer             com.estrongs.android.pop
 5438  External Storage             com.android.externalstorage
 5399  Files                        com.android.documentsui
 1285  Fused Location               com.android.location.fused
 5102  Gallery                      com.android.gallery3d
 1792  Google App                   com.google.android.googlequicksearchbox
15496  Google Partner Setup         com.google.android.partnersetup
 6219  Google Play Store            com.android.vending
 1874  Google Play services         com.google.android.gms
 6274  Google Services Framew…      com.google.android.gsf
20089  MTP Host                     com.android.mtp
19534  Media Storage                com.android.providers.media
 1510  Mobile Data                  com.android.phone
 1510  Mobile Network Configur…     com.android.providers.telephony
 5477  Package installer            com.google.android.packageinstaller
 6551  Photo Vault                  com.enchantedcloud.photovault
 1832  Quickstep                    com.android.launcher3
 1285  Settings Storage             com.android.providers.settings
 1422  System UI                    com.android.systemui
 3360  Terminal Emulator            com.termoneplus
20054  User Dictionary              com.android.providers.userdictionary
    -  Android Easter Egg           com.android.egg
    -  Android Services Library     com.google.android.ext.services
    -  Android Setup                com.google.android.apps.restore
    -  Android Shared Library       com.google.android.ext.shared
    -  Android System WebView       com.google.android.webview
    -  Basic Daydreams              com.android.dreams.basic
    -  Bluetooth                    com.android.bluetooth
    -  Bluetooth MIDI Service       com.android.bluetoothmidiservice
    -  Bookmark Provider            com.android.bookmarkprovider
    -  BusyBox Free                 stericson.busybox
    -  Calculator                   com.android.calculator2
    -  Calendar                     com.android.calendar
    -  Calendar Storage             com.android.providers.calendar
    -  Calibration                  org.zeroxlab.util.tscal
    -  Call Log Backup/Restore      com.android.calllogbackup
    -  Camera                       com.android.camera2
    -  CaptivePortalLogin           com.android.captiveportallogin
    -  CarrierDefaultApp            com.android.carrierdefaultapp
    -  Cell Broadcasts              com.android.cellbroadcastreceiver
    -  Certificate Installer        com.android.certinstaller
    -  Chrome                       com.android.chrome
    -  Clock                        com.android.deskclock
    -  Companion Device Mana…       com.android.companiondevicemanager
    -  Contacts                     com.android.contacts
    -  Corner display cutout        com.android.internal.display.cutout.emulation.corner
    -  Dark                         com.android.systemui.theme.dark
    -  Default Print Service        com.android.bips
    -  Dev Tools                    com.android.development
    -  Double display cutout        com.android.internal.display.cutout.emulation.double
    -  Downloads                    com.android.providers.downloads.ui
    -  Emergency information        com.android.emergency
    -  Gmail                        com.google.android.gm
    -  Google Account Manager       com.google.android.gsf.login
    -  Google Backup Transport      com.google.android.backuptransport
    -  Google Calendar Sync         com.google.android.syncadapters.calendar
    -  Google Contacts Sync         com.google.android.syncadapters.contacts
    -  Google One Time Init         com.google.android.onetimeinitializer
    -  HTML Viewer                  com.android.htmlviewer
    -  Input Devices                com.android.inputdevices
    -  Intent Filter Verification…  com.android.statementservice
    -  Key Chain                    com.android.keychain
    -  Live Wallpaper Picker        com.android.wallpaper.livepicker
    -  Market Feedback Agent        com.google.android.feedback
    -  MmsService                   com.android.mms.service
    -  Music                        org.lineageos.eleven
    -  NotePad                      com.example.android.notepad
    -  PacProcessor                 com.android.pacprocessor
    -  Package Access Helper        com.android.defcontainer
    -  Phone                        com.android.dialer
    -  Print Service Recommen…      com.google.android.printservice.recommendation
    -  Print Spooler                com.android.printspooler
    -  ProxyHandler                 com.android.proxyhandler
    -  RSS Reader                   com.example.android.rssreader
    -  Settings                     com.android.settings
    -  Settings Suggestions         com.android.settings.intelligence
    -  Shell                        com.android.shell
    -  Sim App Dialog               com.android.simappdialog
    -  Simple message receiver      com.android.basicsmsreceiver
    -  Storage Manager              com.android.storagemanager
    -  SuperSU                      eu.chainfire.supersu
    -  System Tracing               com.android.traceur
    -  Tall display cutout          com.android.internal.display.cutout.emulation.tall
    -  Taskbar                      com.farmerbb.taskbar.androidx86
    -  VpnDialogs                   com.android.vpndialogs
    -  Work profile setup           com.android.managedprovisioning
    -  com.android.backupcon…       com.android.backupconfirm
    -  com.android.carrierconfig    com.android.carrierconfig
    -  com.android.cts.ctsshim      com.android.cts.ctsshim
    -  com.android.cts.priv.cts…    com.android.cts.priv.ctsshim
    -  com.android.providers.p…     com.android.providers.partnerbookmarks
    -  com.android.sharedstor…      com.android.sharedstoragebackup
    -  com.android.wallpaperb…      com.android.wallpaperbackup
    -  com.android.wallpapercr…     com.android.wallpapercropper
    -  com.android.wallpaperpi…     com.android.wallpaperpicker
    -  com.google.android.gms…      com.google.android.gms.setup

C:\>frida-ps -U
  PID  Name
-----  --------------------------------------------------
 3678  adbd
 1130  [email protected]
 1131  [email protected]
 1132  [email protected]
 1133  [email protected]
 1134  [email protected]
 1135  [email protected]
 1136  [email protected]
 1137  [email protected]
 1138  [email protected]
 1139  [email protected]
 1140  [email protected]
 1128  [email protected]
20054  android.process.acore
19534  android.process.media
 1141  audioserver
 1148  cameraserver
 6622  com.android.chrome:sandboxed_process0
 5399  com.android.documentsui
 5438  com.android.externalstorage
 5102  com.android.gallery3d
 1411  com.android.inputmethod.latin
 1832  com.android.launcher3
20089  com.android.mtp
 1510  com.android.phone
 1422  com.android.systemui
 6219  com.android.vending
 6551  com.enchantedcloud.photovault
 5617  com.estrongs.android.pop
 1874  com.google.android.gms
 1768  com.google.android.gms.persistent
 6835  com.google.android.gms.unstable
 1792  com.google.android.googlequicksearchbox:interactor
18157  com.google.android.googlequicksearchbox:search
 5477  com.google.android.packageinstaller
15496  com.google.android.partnersetup
 6765  com.google.android.setupwizard
 6274  com.google.process.gservices
 3360  com.termoneplus
 1149  drmserver
11689  frida-helper-32
11670  frida-server
 1162  gatekeeperd
 1129  healthd
 1059  hwservicemanager
 1150  incidentd
    1  init
 1044  init
 1045  init
 1151  installd
 1189  ip6tables-restore
 1188  iptables-restore
 1152  keystore
 6024  libestool2.so
 1142  lmkd
11672  logcat
 1057  logd
 1181  mdnsd
 1160  media.codec
 1154  media.extractor
 1155  media.metrics
 1153  mediadrmserver
 1156  mediaserver
 1124  netd
 1797  org.android_x86.analytics
 1163  perfprofd
 1161  rild
 1058  servicemanager
 1145  sh
 3388  sh
 3424  sh
11667  sh
 1157  statsd
 1158  storaged
 1147  su
 3405  su
 3406  su
 3411  su
 3418  su
 1143  surfaceflinger
 1285  system_server
 1144  thermalserviced
 1164  tombstoned
 1046  ueventd
 1102  v86d
 1060  vndservicemanager
 1117  vold
 1458  webview_zygote
 1159  wificond
 1406  wpa_supplicant
 1126  zygote
 1125  zygote64

Locating an app with frida-ps

Locate a specific app using frida-ps

If you are finding yourself needing to know an app's identifier, frida-ps can be a good way to find it. It will also get us the application's current Process ID (PID) if it's running.

On your host machine, open a Command Prompt.

Type frida-ps -U -a. These switches will limit our list greatly and make it easier to spot our target.

For more info on frida-ps, see frida-ps.

In the case of Photo Vault, the bundle identifier is com.enchantedcloud.photovault. You may optionally note down the PID (Process ID) however, the application identifier is primarily what we are after since we may re-launch the app several times throughout the lab (resulting in a different PID).

Great, now we’ve established our application identifier, and can see that it is running. We also know that since frida-ps gave us the data we needed, we indeed have connectivity between the host machine and frida-server on the device (or emulator).

Previousfrida Nextfrida-trace

Last updated 5 years ago

Was this helpful?

C:\>frida-ps -U -a -i PID Name Identifier ----- --------------------------- ---------------------------------------------------- 1797 AnalyticsService org.android_x86.analytics 1411 Android Keyboard (AOSP) com.android.inputmethod.latin 6765 Android Setup com.google.android.setupwizard 1285 Android System android 20054 Blocked Numbers Storage com.android.providers.blockednumber 20054 Contacts Storage com.android.providers.contacts 19534 Download Manager com.android.providers.downloads 5617 ES File Explorer com.estrongs.android.pop 5438 External Storage com.android.externalstorage 5399 Files com.android.documentsui 1285 Fused Location com.android.location.fused 5102 Gallery com.android.gallery3d 1792 Google App com.google.android.googlequicksearchbox 15496 Google Partner Setup com.google.android.partnersetup 6219 Google Play Store com.android.vending 1874 Google Play services com.google.android.gms 6274 Google Services Framew… com.google.android.gsf 20089 MTP Host com.android.mtp 19534 Media Storage com.android.providers.media 1510 Mobile Data com.android.phone 1510 Mobile Network Configur… com.android.providers.telephony 5477 Package installer com.google.android.packageinstaller 6551 Photo Vault com.enchantedcloud.photovault 1832 Quickstep com.android.launcher3 1285 Settings Storage com.android.providers.settings 1422 System UI com.android.systemui 3360 Terminal Emulator com.termoneplus 20054 User Dictionary com.android.providers.userdictionary - Android Easter Egg com.android.egg - Android Services Library com.google.android.ext.services - Android Setup com.google.android.apps.restore - Android Shared Library com.google.android.ext.shared - Android System WebView com.google.android.webview - Basic Daydreams com.android.dreams.basic - Bluetooth com.android.bluetooth - Bluetooth MIDI Service com.android.bluetoothmidiservice - Bookmark Provider com.android.bookmarkprovider - BusyBox Free stericson.busybox - Calculator com.android.calculator2 - Calendar com.android.calendar - Calendar Storage com.android.providers.calendar - Calibration org.zeroxlab.util.tscal - Call Log Backup/Restore com.android.calllogbackup - Camera com.android.camera2 - CaptivePortalLogin com.android.captiveportallogin - CarrierDefaultApp com.android.carrierdefaultapp - Cell Broadcasts com.android.cellbroadcastreceiver - Certificate Installer com.android.certinstaller - Chrome com.android.chrome - Clock com.android.deskclock - Companion Device Mana… com.android.companiondevicemanager - Contacts com.android.contacts - Corner display cutout com.android.internal.display.cutout.emulation.corner - Dark com.android.systemui.theme.dark - Default Print Service com.android.bips - Dev Tools com.android.development - Double display cutout com.android.internal.display.cutout.emulation.double - Downloads com.android.providers.downloads.ui - Emergency information com.android.emergency - Gmail com.google.android.gm - Google Account Manager com.google.android.gsf.login - Google Backup Transport com.google.android.backuptransport - Google Calendar Sync com.google.android.syncadapters.calendar - Google Contacts Sync com.google.android.syncadapters.contacts - Google One Time Init com.google.android.onetimeinitializer - HTML Viewer com.android.htmlviewer - Input Devices com.android.inputdevices - Intent Filter Verification… com.android.statementservice - Key Chain com.android.keychain - Live Wallpaper Picker com.android.wallpaper.livepicker - Market Feedback Agent com.google.android.feedback - MmsService com.android.mms.service - Music org.lineageos.eleven - NotePad com.example.android.notepad - PacProcessor com.android.pacprocessor - Package Access Helper com.android.defcontainer - Phone com.android.dialer - Print Service Recommen… com.google.android.printservice.recommendation - Print Spooler com.android.printspooler - ProxyHandler com.android.proxyhandler - RSS Reader com.example.android.rssreader - Settings com.android.settings - Settings Suggestions com.android.settings.intelligence - Shell com.android.shell - Sim App Dialog com.android.simappdialog - Simple message receiver com.android.basicsmsreceiver - Storage Manager com.android.storagemanager - SuperSU eu.chainfire.supersu - System Tracing com.android.traceur - Tall display cutout com.android.internal.display.cutout.emulation.tall - Taskbar com.farmerbb.taskbar.androidx86 - VpnDialogs com.android.vpndialogs - Work profile setup com.android.managedprovisioning - com.android.backupcon… com.android.backupconfirm - com.android.carrierconfig com.android.carrierconfig - com.android.cts.ctsshim com.android.cts.ctsshim - com.android.cts.priv.cts… com.android.cts.priv.ctsshim - com.android.providers.p… com.android.providers.partnerbookmarks - com.android.sharedstor… com.android.sharedstoragebackup - com.android.wallpaperb… com.android.wallpaperbackup - com.android.wallpapercr… com.android.wallpapercropper - com.android.wallpaperpi… com.android.wallpaperpicker - com.google.android.gms… com.google.android.gms.setup

C:\>frida-ps -U PID Name ----- -------------------------------------------------- 3678 adbd 1130 [email protected] 1131 [email protected] 1132 [email protected] 1133 [email protected] 1134 [email protected] 1135 [email protected] 1136 [email protected] 1137 [email protected] 1138 [email protected] 1139 [email protected] 1140 [email protected] 1128 [email protected] 20054 android.process.acore 19534 android.process.media 1141 audioserver 1148 cameraserver 6622 com.android.chrome:sandboxed_process0 5399 com.android.documentsui 5438 com.android.externalstorage 5102 com.android.gallery3d 1411 com.android.inputmethod.latin 1832 com.android.launcher3 20089 com.android.mtp 1510 com.android.phone 1422 com.android.systemui 6219 com.android.vending 6551 com.enchantedcloud.photovault 5617 com.estrongs.android.pop 1874 com.google.android.gms 1768 com.google.android.gms.persistent 6835 com.google.android.gms.unstable 1792 com.google.android.googlequicksearchbox:interactor 18157 com.google.android.googlequicksearchbox:search 5477 com.google.android.packageinstaller 15496 com.google.android.partnersetup 6765 com.google.android.setupwizard 6274 com.google.process.gservices 3360 com.termoneplus 1149 drmserver 11689 frida-helper-32 11670 frida-server 1162 gatekeeperd 1129 healthd 1059 hwservicemanager 1150 incidentd 1 init 1044 init 1045 init 1151 installd 1189 ip6tables-restore 1188 iptables-restore 1152 keystore 6024 libestool2.so 1142 lmkd 11672 logcat 1057 logd 1181 mdnsd 1160 media.codec 1154 media.extractor 1155 media.metrics 1153 mediadrmserver 1156 mediaserver 1124 netd 1797 org.android_x86.analytics 1163 perfprofd 1161 rild 1058 servicemanager 1145 sh 3388 sh 3424 sh 11667 sh 1157 statsd 1158 storaged 1147 su 3405 su 3406 su 3411 su 3418 su 1143 surfaceflinger 1285 system_server 1144 thermalserviced 1164 tombstoned 1046 ueventd 1102 v86d 1060 vndservicemanager 1117 vold 1458 webview_zygote 1159 wificond 1406 wpa_supplicant 1126 zygote 1125 zygote64

hashtagLocate a specific app using frida-ps

Locate a specific app using frida-ps