iOS Hooking
Hooking¶
Debugging¶
https://github.com/aozhimin/iOS-Debug-Hacks
Frida¶
Frida Flags:
- -U: use frida over USB for use with
- -H 127.0.0.1: use frida to connect to a server on a port. This must be used with frida-server -H 0.0.0.0
- -f: run the application and pause the application. Use com.example.application.name
- --no-pause: with the -f parameter but don't pause the application
- -p: attach to running with process id
- -n Name: attach to process with name
- -l SCRIPT: add a JavaScript file to the application.
- -o Output_file: Specify log file
Other Frida Programs:
# Connect Frida to an iPad over USB and list running processes
$ frida-ps -U
# List running applications
$ frida-ps -Ua
# List installed applications
$ frida-ps -Uai
# Connect Frida to the specific device
$ frida-ps -D 0216027d1d6d3a03
# Trace recv* and send* APIs in Safari
$ frida-trace -i "recv*" -i "send*" Safari
# Trace ObjC method calls in Safari
$ frida-trace -m "-[NSView drawRect:]" Safari
# Launch SnapChat on your iPhone and trace crypto API calls
$ frida-trace -U -f com.app.testing -I "libcommonCrypto*"
#Frida trace every open function while program start
$ frida-trace -U -i open com.app.testing
Launch Application through USB. Attach a script to be run on startup and log output to file:
>>> frida -U -f com.app.ios.dev -l /opt/Memory/Mobile/frida_iOS_helper_functions.js -o Keychain_test
Attach to running Application through USB. Attach a script to be run on startup and log output to file:
>>> frida -U -n "App - Dev" -l /opt/Memory/Mobile/frida_iOS_helper_functions.js -o Keychain_test