frida-cycript

项目地址: nowsecure/frida-cycript: Cycript fork powered by Frida

Prerequisite

  1. Node 使用6.10.3 - nvm alias default 6.10.3
  2. Readline - Mac 自带 readline, brew install readline会将 readline 安装为 keg-only.
  • brew info readline
  • brew switch readline 6.3.8
  • ls -la /usr/local/opt/readline/lib - 查看安装情况
  1. 更改 frida 版本与 iphone 一致
  • /Users/its/Desktop/frida-cycript/src/Makefile
  • /Users/its/Desktop/frida-cycript/src/Makefile.am
  • /Users/its/Desktop/frida-cycript/src/Makefile.in

Installation

参考 Github readme

Troubleshoot

Problem 1 - Readline

psqlしたらreadlineのエラーが出るようになって | はらいそ

% brew info readline
readline: stable 7.0 [keg-only]
Library for command-line editing
https://tiswww.case.edu/php/chet/readline/rltop.html
/usr/local/Cellar/readline/6.3 (39 files, 2M)
Built from source
/usr/local/Cellar/readline/7.0 (46 files, 2.1M) *
Built from source on 2016-10-06 at 17:03:00

% brew switch readline 6.3.8
Cleaning /usr/local/Cellar/readline/6.3
Cleaning /usr/local/Cellar/readline/7.0
Opt link created for /usr/local/Cellar/readline/6.3

% ls -la /usr/local/opt/readline/lib
total 2984
(略)
-r-xr-xr-x   1 hoge  admin   303128 10  6 17:35 libreadline.6.3.dylib
lrwxr-xr-x   1 hoge  admin       21 10  6 17:35 libreadline.6.dylib -> libreadline.6.3.dylib


Problem 2: /usr/local/Library/ENV/4.3/sed: No such file or directory

➜  ~ brew uninstall libtool && brew install libtool

Problem 3 /bin/sh: dx: command not found

➜  frida-cycript git:(master) ✗ make -j8
/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-recursive
Making all in src
/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-recursive
  CXX      libcycript_la-Parser.lo
  CXX      libcycript_la-Scanner.lo
./libcycript.py 1 libcycript.db ../ext <Bridge.def
cd Class; dx --dex --output=../Class/classes.dex *.class
  CXX      Console.o
/bin/sh: dx: command not found

[snip...]

make[4]: *** [Console.o] Error 1
make[3]: *** [all-recursive] Error 1
make[2]: *** [all] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2

需要在 PATH 中设置 Android SDK路径 (Ref)

Problem 4 - Node Module Mismatch

NIN: 再一次强调, 不能用 v4.5.0

Use 6.10.3

假如出错了, 造成无法 compile, Run below

cd src && rm -rf node_modules && npm install

Problem 5 Assertion failed. linker command failed with exit code 1

不能一次 compile 的话,会出现此错误, 疑似要 clean project, 但是不知道如何用 CLI 完成.

Solution: 重新 Clone 一份.

➜  frida-cycript git:(master) make -j8
/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-recursive
Making all in src
/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-recursive
  CXXLD    libcycript.la
0  0x105f4499e  __assert_rtn + 144
1  0x105f7b207  archive::File<x86_64>::makeObjectFileForMember(archive::File<x86_64>::Entry const*) const + 1131
2  0x105f7a866  archive::File<x86_64>::justInTimeforEachAtom(char const*, ld::File::AtomHandler&) const + 112
3  0x105f8eb25  ld::tool::InputFiles::searchLibraries(char const*, bool, bool, bool, ld::File::AtomHandler&) const + 265
4  0x105f96763  ld::tool::Resolver::resolveUndefines() + 165
5  0x105f98deb  ld::tool::Resolver::resolve() + 75
6  0x105f457a7  main + 940
A linker snapshot was created at:
	/tmp/libcycript.dylib-2017-04-15-165650.ld-snapshot
ld: Assertion failed: (memberIndex != 0), function makeObjectFileForMember, file /Library/Caches/com.apple.xbs/Sources/ld64/ld64-264.3.102/src/ld/parsers/archive_file.cpp, line 355.
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[4]: *** [libcycript.la] Error 1
make[3]: *** [all-recursive] Error 1
make[2]: *** [all] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2

Problem 6 - curl 下载慢

运行make -j8时, 它会从 github 中下载frida-core-devkit-8.x.x-mac-x86_64.tar.xz, 由于国内的网速的问题, 经常很难下载成功.

curl -Ls https://github.com/frida/frida/releases/download/8.1.7/frida-core-devkit-8.1.7-mac-x86_64.tar.xz | xz -d | tar -C frida/_ -xf -

Solution: 可以在 browser 中下载, 然后解压到src/frida目录下.

$ mkdir -p frida/_
$ cat /Users/its/Desktop/frida-core-devkit-8.1.7-mac-x86_64.tar.xz | xz -d | tar -C frida/_ -xf -

NIN: 注意 Frida 版本要与 iphone 一致.

GitHub 中下载对应的版本 (frida-core-devkit-[version]-mac-x86_64.tar.xz).

Test

➜  frida-cycript git:(master) ✗ cd test && cnpm install && cnpm run test
> cycript-test@1.0.0 install /Users/its/Desktop/frida-cycript/test
> node-gyp rebuild

  CXX(target) Release/obj.target/cytest_binding/addon.o
  SOLINK_MODULE(target) Release/cytest_binding.node
cycript-test@1.0.0 /Users/its/Desktop/frida-cycript/test
├── bindings@1.2.1
├─┬ mocha@3.4.1
│ ├── browser-stdout@1.3.0
│ ├─┬ commander@2.9.0
│ │ └── graceful-readlink@1.0.1
│ ├─┬ debug@2.6.0
│ │ └── ms@0.7.2
│ ├── diff@3.2.0
│ ├── escape-string-regexp@1.0.5
│ ├─┬ glob@7.1.1
│ │ ├── fs.realpath@1.0.0
│ │ ├─┬ inflight@1.0.6
│ │ │ └── wrappy@1.0.2
│ │ ├── inherits@2.0.3
│ │ ├─┬ minimatch@3.0.4
│ │ │ └─┬ brace-expansion@1.1.7
│ │ │   ├── balanced-match@0.4.2
│ │ │   └── concat-map@0.0.1
│ │ ├── once@1.4.0
│ │ └── path-is-absolute@1.0.1
│ ├── growl@1.9.2
│ ├── json3@3.3.2
│ ├─┬ lodash.create@3.1.1
│ │ ├─┬ lodash._baseassign@3.2.0
│ │ │ ├── lodash._basecopy@3.0.1
│ │ │ └─┬ lodash.keys@3.1.2
│ │ │   ├── lodash._getnative@3.9.1
│ │ │   ├── lodash.isarguments@3.1.0
│ │ │   └── lodash.isarray@3.0.4
│ │ ├── lodash._basecreate@3.0.3
│ │ └── lodash._isiterateecall@3.0.9
│ ├─┬ mkdirp@0.5.1
│ │ └── minimist@0.0.8
│ └─┬ supports-color@3.1.2
│   └── has-flag@1.0.0
├── nan@2.6.2
└─┬ should@11.2.1
  ├── should-equal@1.0.1
  ├── should-format@3.0.3
  ├── should-type@1.4.0
  ├── should-type-adaptors@1.0.1
  └── should-util@1.0.0


> cycript-test@1.0.0 test /Users/its/Desktop/frida-cycript/test
> DYLD_LIBRARY_PATH=$(pwd)/../src/.libs node node_modules/mocha/bin/_mocha .



  Types
    ✓ should support primitive types
    ✓ should support `new` semantics
    ✓ should support pretty-printing function pointers
    ✓ should support pointer casting
    ✓ should support declaring functions
    ✓ should source types from the database (42ms)
    ✓ should support structs
    ✓ should support arrays
    ✓ should support C strings
    ✓ should support completion of database types
    ✓ should support Objective-C types
    ✓ should support Objective-C literals
    ✓ should keep Objective-C objects alive until GCed
    ✓ should support NSString objects seamlessly
    ✓ should support NSArray objects seamlessly
    ✓ should support NSDictionary objects seamlessly
    ✓ should support calling a selector
    ✓ should support Objective-C completion (54ms)
    ✓ should support symbol lookups
    ✓ should support hooking functions
    ✓ should support swizzling methods


  21 passing (612ms)
Show Comments