Home

Awesome

CI stars forks release frida-node frida-gum

Fermion

Fermion is an electron application that wraps frida-node and monaco-editor. It offers a fully integrated environment to prototype, test and refine Frida scripts through a single UI. With the integration of Monaco come all the features you would expect from Visual Studio Code: Linting, IntelliSense, keybindings, etc. In addition, Fermion has a TypeScript language definition for the Frida API so it is easy to write Frida scripts.

What's in a name: A fermion can be an elementary particle, such as the electron, or it can be a composite particle, such as the proton. Fermions include all quarks and leptons, as well as all composite particles made of an odd number of these, such as all baryons and many atoms and nuclei.

How to get Fermion?

Run Fermion from source

Download the repository and navigate to the Fermion folder in the terminal. Once there, set the following environment variables.

# Windows
set npm_config_runtime=electron
set npm_config_target=21.0.0

# Linux / OSX
export npm_config_runtime=electron
export npm_config_target=21.0.0

Afterwards install the packages required to run Fermion with:

npm install

Once complete, you can run Fermion by issuing:

npm start

Compile a release package

Complete the steps above and then issue the following command from the terminal:

# Windows
electron-packager . --icon .\src\images\fermion-ico.ico

# Linux
electron-packager . --icon ./src/images/fermion-ico.png

# OSX
electron-packager . --icon ./src/images/fermion-ico.icns

Releases

You can get the latest pre-built Fermion for x64 Windows and Linux from releases.

FAQ notes

Windows

Linux

General

About

You can see an example of Fermion at work below, in this case instrumenting kernel32!ReadFile.

Fermion

Fermion has auto-complete, linting and Frida API symbol support.

Help

Fermion can connect to a Frida server to debug remote applications using the device context menu. In many cases such as with USB debugging or when attaching to mobile applications through emulators like genymotion Fermion will automatically pick up the server as available. However, it is also possible to specify a remote server using an IP and Port combination.

Server

Fermion has built-in support for thread CALL tracing.

Trace

This may not do exactly what you expect it to. When you define either a pointer or module/Symbol combination the tracer will attach to that location and any time a thread executes at that place it will start tracing all CALL instructions that thread performs till it returns. This means that different executions can generate different graphs, it also means that you may not see everything a function is doing (e.g. if, inside the function, a different thread gets spawned).

SVG

Fermion converts these traces into a Graphviz SVG format using dot which you can then explore. This is a feature which I find useful on occasion when performing exploratory work (What does a function do? How complex is that execution?). That being said, this is a prototype feature which I built on top of Fermion and probably needs some more loving to be more production ready.

Fermion also has built-in documentation for Frida's JavaScript API. Like everyone else I don't always remember how everything works and having the docs in the app obviates the need to have a browser window open.

Docs

Notes

ChangeLog

For more details on version specific changes consult the changelog.

Call to action

If you integrate Fermion into your work-flow and find it useful I encourage you to make pull requests, submit bug reports and ask for features to improve the application. I'm not exactly a Node developer so I am sure people will find ways optimize and rework some of the components.

Roadmap

Special thanks

I just want to give a few special thanks!