Hacking
Frida Hacking (Porting to New Architectures)
This page uses Linux/MIPS as a concrete example of porting Frida to an unsupported architecture.
Component Overview
Frida has two primary low-level components that require architecture-specific work:
| Component | Role | Repository |
|---|---|---|
frida-gum | Lowest-level instrumentation engine (interceptor, stalker, memory) | https://github.com/frida/frida-gum |
frida-core | Process injection and communication layer | https://github.com/frida/frida-core |
Step 1 — Understand the Build System
- Review
releng/machine_spec.pyfor architecture-specific configuration and target triplet parsing. - After running
./configure --host=<target>, inspect the generated machine file atbuild/frida-<os>-<arch>.txt(e.g.,build/frida-linux-mips.txt) to verify toolchain and sysroot settings.
Step 2 — Port frida-gum
Clone and build for host (sanity check)
1git clone https://github.com/frida/frida-gum.git
2cd frida-gum
3make
4make test
Run a specific test
1FRIDA_TEST_OPTIONS="--test-args='-p /Core/Process/process_modules' -v" make test
Create the new backend directory
1cp -r gum/backend-arm64 gum/backend-mips
Reference for ARM64 backend: https://github.com/frida/frida-gum/tree/main/gum/backend-arm64
Files to port
| File | Priority | Notes |
|---|---|---|
guminterceptor-mips.c | Required | Core function hooking; must be fully ported |
gumspinlock-mips.c | Required | Atomic spin-lock primitives |
gumstalker-mips.c | Optional stub | Code tracing engine — leave as empty stub initially; significant effort to fully implement |
Step 3 — Port frida-core (Injector)
The injector is the component that loads the Frida agent into a target process.
- Entry point:
src/linux/frida-helper-backend.vala - Search for
#if X86guards in the source — these mark all architecture-specific branches that need a corresponding#elif MIPSblock.
Porting Checklist
-
releng/machine_spec.pyrecognizes the new target triplet - Machine file generated correctly under
build/ -
gum/backend-<arch>/guminterceptor-<arch>.cimplemented -
gum/backend-<arch>/gumspinlock-<arch>.cimplemented -
frida-gumtests pass (make test) -
gum/backend-<arch>/gumstalker-<arch>.cstubbed (or fully implemented) -
frida-coreinjector ported (all#if X86guards extended)
Key File Paths
| Path | Description |
|---|---|
releng/machine_spec.py | Target triplet parsing and machine spec generation |
build/frida-linux-mips.txt | Generated Meson machine file for the target |
gum/backend-arm64/ | Reference backend to duplicate for a new arch |
gum/backend-mips/guminterceptor-mips.c | New arch interceptor (to be created) |
gum/backend-mips/gumspinlock-mips.c | New arch spinlock (to be created) |
gum/backend-mips/gumstalker-mips.c | New arch stalker stub (to be created) |
src/linux/frida-helper-backend.vala | Linux injector — primary porting target in frida-core |