Rev Frida

Name: Rev Frida
Author: p4nda0s

p4nda0s/reverse-skills

Generate modern Frida hook scripts to trace, intercept, and dump runtime behavior on Android and other native targets during security or reverse-engineering work.

Install

npx skills add https://github.com/p4nda0s/reverse-skills --skill rev-frida

What is this skill?

Generates Frida scripts using current Module, Process, and Interceptor APIs
Covers native exports, Java, and ObjC method hooks with argument and return tracing
Documents modern Frida CLI usage without deprecated --no-pause spawn behavior
Handles loader-aware native instrumentation and memory or export dumping
Supports spawn (-f), attach-by-name, and attach-by-PID workflows on USB devices (-U)

Adoption & trust: 736 installs on skills.sh; 1.3k GitHub stars; 2/3 security scanners passed (skills.sh audits).

Recommended Skills

Azure Compliancemicrosoft/azure-skills

Azure Compliance is a Microsoft agent skill for solo builders and small teams who need structured security and complianc…373k installs·1.2k stars

Openclaw Secure Linux Cloudxixu-me/skills

OpenClaw Secure Linux Cloud guides a hardened VPS deployment—rootless Podman, loopback-only gateway, SSH-tunneled Contro…201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

entra-agent-id is a Microsoft-authored agent skill for provisioning and operating OAuth-capable identities tailored to A…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Firebase Security Rules Auditor turns your agent into a senior penetration-style reviewer for Firestore rulesets. Solo b…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Firestore-security-rules-auditor is a checker skill for solo builders and small teams shipping Firebase-backed apps who …20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Skill Vetter is a security-first OpenClaw agent skill that makes your coding agent behave like a pre-install auditor for…19.2k installs·62 stars

Journey fit

Primary fit

Dynamic instrumentation is most often run while hardening or assessing apps before or after release, which maps to the Ship phase security shelf. Hooks, interceptors, and memory dumps are classic application-security and dynamic-analysis tasks, not generic feature coding.

Common Questions / FAQ

Is Rev Frida safe to install?

skills.sh reports 2 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.

SKILL.md

READMESKILL.md - Rev Frida

# rev-frida - Frida Script Generator

Generate Frida instrumentation scripts for dynamic analysis, hooking, and runtime inspection.

## Overview

Use Frida for:
- native export hooks
- Java or ObjC method hooks
- runtime tracing
- argument or return-value capture
- memory dumping
- loader-aware native instrumentation

## Important: Modern Frida CLI

The modern Frida CLI does not use `--no-pause`. A spawned process resumes after the script is loaded.

```bash
# Spawn and hook
frida -U -f com.example.app -l hook.js

# Attach to running process
frida -U com.example.app -l hook.js

# Attach by PID
frida -U -p 1234 -l hook.js
```

## Modern API Reference

### Module & Symbol Lookup

```javascript
const mod = Process.getModuleByName("libssl.so");

mod.name;
mod.base;
mod.size;
mod.path;

const ptr = mod.getExportByName("SSL_read");

Process.enumerateModules();
mod.enumerateExports();
mod.enumerateImports();

const addr = Module.getExportByName(null, "open");
```

### Interceptor

```javascript
Interceptor.attach(ptr, {
    onEnter(args) {
        console.log("arg0:", args[0].toInt32());
        console.log("arg1 str:", args[1].readUtf8String());
    },
    onLeave(retval) {
        console.log("ret:", retval.toInt32());
    }
});

Interceptor.replace(ptr, new NativeCallback(function (a0, a1) {
    console.log("replaced");
    return 0;
}, "int", ["pointer", "int"]));
```

### NativeFunction & NativeCallback

```javascript
const open = new NativeFunction(
    Module.getExportByName(null, "open"),
    "int",
    ["pointer", "int"]
);

const fd = open(Memory.allocUtf8String("/etc/hosts"), 0);

const cb = new NativeCallback(function (arg) {
    console.log("called with:", arg);
    return 0;
}, "int", ["int"]);
```

### Memory Operations

```javascript
ptr(addr).readByteArray(size);
ptr(addr).readUtf8String();
ptr(addr).readU32();
ptr(addr).readPointer();

ptr(addr).writeByteArray(bytes);
ptr(addr).writeUtf8String("hello");
ptr(addr).writeU32(0x41414141);

const buf = Memory.alloc(256);
const str = Memory.allocUtf8String("hello");

Memory.scan(mod.base, mod.size, "48 89 5C 24 ?? 48 89 6C", {
    onMatch(address, size) {
        console.log("found at:", address);
    },
    onComplete() {}
});
```

### ObjC

```javascript
if (ObjC.available) {
    const hook = ObjC.classes.ClassName["- methodName:"];
    Interceptor.attach(hook.implementation, {
        onEnter(args) {
            const selfObj = new ObjC.Object(args[0]);
            const param = new ObjC.Object(args[2]);
            console.log(selfObj.toString());
            console.log(param.toString());
        }
    });
}
```

### Java

```javascript
if (Java.available) {
    Java.perform(function () {
        const Activity = Java.use("android.app.Activity");
        Activity.onCreate.implementation = function (bundle) {
            console.log("onCreate called");
            return this.onCreate(bundle);
        };
    });
}
```

## Script Generation Guidelines

When generating Frida scripts:

1. Always use the modern API such as `Process.getModuleByName()` and `mod.getExportByName()`.
2. Do not use `--no-pause`.
3. Prefer load-event-driven native hooking over polling.
4. Print pointers and buffers in readable form.
5. Wrap risky hooks in `try/catch`.
6. Use `hexdump()` for binary inspection.

### Handle Native Module Load Timing

Do not assume a target `.so` is already loaded.

Preferred order:
1. Hook `android_dlopen_ext` or `dlopen` and install hooks when the target library loads.
2. Use an immediate `Process.findModuleByName()` check for already-loaded modules.
3. Use polling only as a fallback.

Use this helper by default:

```javascr

What is this skill?

Generates Frida scripts using current Module, Process, and Interceptor APIs

Covers native exports, Java, and ObjC method hooks with argument and return tracing

Documents modern Frida CLI usage without deprecated --no-pause spawn behavior

Handles loader-aware native instrumentation and memory or export dumping

Supports spawn (-f), attach-by-name, and attach-by-PID workflows on USB devices (-U)

Adoption & trust: 736 installs on skills.sh; 1.3k GitHub stars; 2/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Rev Frida

# rev-frida - Frida Script Generator

Generate Frida instrumentation scripts for dynamic analysis, hooking, and runtime inspection.

## Overview

Use Frida for:
- native export hooks
- Java or ObjC method hooks
- runtime tracing
- argument or return-value capture
- memory dumping
- loader-aware native instrumentation

## Important: Modern Frida CLI

The modern Frida CLI does not use `--no-pause`. A spawned process resumes after the script is loaded.

```bash
# Spawn and hook
frida -U -f com.example.app -l hook.js

# Attach to running process
frida -U com.example.app -l hook.js

# Attach by PID
frida -U -p 1234 -l hook.js
```

## Modern API Reference

### Module & Symbol Lookup

```javascript
const mod = Process.getModuleByName("libssl.so");

mod.name;
mod.base;
mod.size;
mod.path;

const ptr = mod.getExportByName("SSL_read");

Process.enumerateModules();
mod.enumerateExports();
mod.enumerateImports();

const addr = Module.getExportByName(null, "open");
```

### Interceptor

```javascript
Interceptor.attach(ptr, {
    onEnter(args) {
        console.log("arg0:", args[0].toInt32());
        console.log("arg1 str:", args[1].readUtf8String());
    },
    onLeave(retval) {
        console.log("ret:", retval.toInt32());
    }
});

Interceptor.replace(ptr, new NativeCallback(function (a0, a1) {
    console.log("replaced");
    return 0;
}, "int", ["pointer", "int"]));
```

### NativeFunction & NativeCallback

```javascript
const open = new NativeFunction(
    Module.getExportByName(null, "open"),
    "int",
    ["pointer", "int"]
);

const fd = open(Memory.allocUtf8String("/etc/hosts"), 0);

const cb = new NativeCallback(function (arg) {
    console.log("called with:", arg);
    return 0;
}, "int", ["int"]);
```

### Memory Operations

```javascript
ptr(addr).readByteArray(size);
ptr(addr).readUtf8String();
ptr(addr).readU32();
ptr(addr).readPointer();

ptr(addr).writeByteArray(bytes);
ptr(addr).writeUtf8String("hello");
ptr(addr).writeU32(0x41414141);

const buf = Memory.alloc(256);
const str = Memory.allocUtf8String("hello");

Memory.scan(mod.base, mod.size, "48 89 5C 24 ?? 48 89 6C", {
    onMatch(address, size) {
        console.log("found at:", address);
    },
    onComplete() {}
});
```

### ObjC

```javascript
if (ObjC.available) {
    const hook = ObjC.classes.ClassName["- methodName:"];
    Interceptor.attach(hook.implementation, {
        onEnter(args) {
            const selfObj = new ObjC.Object(args[0]);
            const param = new ObjC.Object(args[2]);
            console.log(selfObj.toString());
            console.log(param.toString());
        }
    });
}
```

### Java

```javascript
if (Java.available) {
    Java.perform(function () {
        const Activity = Java.use("android.app.Activity");
        Activity.onCreate.implementation = function (bundle) {
            console.log("onCreate called");
            return this.onCreate(bundle);
        };
    });
}
```

## Script Generation Guidelines

When generating Frida scripts:

1. Always use the modern API such as `Process.getModuleByName()` and `mod.getExportByName()`.
2. Do not use `--no-pause`.
3. Prefer load-event-driven native hooking over polling.
4. Print pointers and buffers in readable form.
5. Wrap risky hooks in `try/catch`.
6. Use `hexdump()` for binary inspection.

### Handle Native Module Load Timing

Do not assume a target `.so` is already loaded.

Preferred order:
1. Hook `android_dlopen_ext` or `dlopen` and install hooks when the target library loads.
2. Use an immediate `Process.findModuleByName()` check for already-loaded modules.
3. Use polling only as a fallback.

Use this helper by default:

```javascr

Install

What is this skill?

Recommended Skills

Journey fit

Is Rev Frida safe to install?

SKILL.md

This week for builders

Install

What is this skill?

Recommended Skills

Journey fit

Is Rev Frida safe to install?

SKILL.md