Skip to content

synacktiv/frinet

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
crates
crates
 
 
frontend
frontend
 
 
screenshots
screenshots
 
 
tracer
tracer
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
rustfmt.toml
rustfmt.toml
 
 

Repository files navigation

Frinet

By combining Frida with an enhanced version of Tenet, Frinet facilitates the study of large programs, vulnerability research and root-cause analysis on iOS, Android, Linux, Windows, and most architectures. Blogpost on the Synacktiv website

Tenet

This version is a complete rewrite of synacktiv/frinet (originally a fork of gaasedelen/tenet). You can still find the old version on the legacy branch.

This project was presented at SSTIC 2026 (in French) : video/slides/paper.

The new archictecture is based on four components :

  • Indexer : A Rust CLI that produces an optimized index from a trace file.
  • Backend : A Rust crate that implements specialized algorihms to query the optimized index file.
  • Backend (Python bindings) : A Rust crate that exposes a python interface.
  • IDA Plugin : A thin layer of python code that queries and integrates data from the backend into the IDA interface.

Features

Tracer based on Frida: Identical to the legacy version of Frinet.

Indexer / Backend:

  • Efficient indexing of traces with up to 2 billion instructions (~100 GB).
  • Independent of the trace format (only the Tenet format is supported for now).
  • Multi-threaded memory search with full regex support.
  • Usable as a standalone Rust library: crates/db.

Frontend:

  • Timeline / Register / Memory views.
  • Assembly timeline trails (red/green/blue).
  • Memory read/write breakpoint.
  • Jump to first/prev/next/last execution.

Missing features & TODOs

  • Reach frontend feature parity with Frinet v1:
    • The call tree view is not yet implemented.
  • UI polishing.

Build & Installation

# Build the Python bindings shared lib
apt install python3-dev
cargo build --release
cp target/release/libfrinet_db.so frontend/frinet_db.so

# Symlink (or copy) the IDA Plugin
ln -s $PWD/frontend ~/.idapro/plugins/frinet

Usage

# 1. Trace /bin/ls with frida
python tracer/trace.py spawn /bin/ls ls 0x4c00

# 2. Build an optimised index of the trace
cargo run --bin frinet --release -- index --format tenet tracer/traces/ls_xxxx.tenet ls.db

# 3. Open the trace in IDA (File > Load File > Open Frinet DB...)

Testing & Fuzzing & Benchmark

cargo test

cargo install cargo-fuzz
cargo +nightly fuzz run --fuzz-dir crates/fuzz register_indexing

cargo install cargo-criterion
BENCH_DB=my.db cargo criterion

About

Frida-based tracer for easier reverse-engineering on Android, iOS, Linux, Windows and most related architectures.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

597 stars

Watchers

15 watching

Forks

56 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages