Prototyping And Reverse Engineering With Frida by Jay Harris

Watch on YouTube Slide Material Demo 1 // Run within REPL Process.getCurrentThreadId() Process.enumerateModulesSync() Interceptor.attach(ptr(Module.findExportByName(null, "rand")), {onLeave: function(retval){retval.replace(0x00)}}) Demo 2 - frida-trace frida-trace -i "*" my_process frida-trace -i "*rand*" -i "read" exercise Demo…

Intro to Android Hacking with Frida

Watch on YouTube NIN: 头50min 可以略过, 作者尝试用 emulator 玩 frida,不过失败了. frida -U --no-pause -f com.your.app frida -U -l script.js com.your.app Java.perform(function(){ console.log("debug"); Java.enumerateLoadedClasses({ "onMatch": function(){ console.log(className); }, "onComplete": function(){ } }); }); ADB related adb…

Exposing Your "Privates!"

Find Application Binary Location - Use cda dumpdecrypted IDA analysis Jailbreak Bypass Connected Device Bypass Common Flaw Vulnerabilities Base64 Authorization Confirmation Bypass ViewTime Bypass Security Option Bypass 1. dumpdecrypted Ref: https://github.com/stefanesser/dumpdecrypted/ Upload scp -P 3333 dumpdecrypted.dylib root@localhost:/var/root/ Decrypt iPhone5c:~ root# DYLD_INSERT_…

Brida: Advanced Mobile Application Penetration Testing with Frida

Watch on YouTUbe NIN: 讲座是意大利文, 基本上是读 PPT,无 Demo, 可忽略. Slide: PDF (Mirror) 分析 traffic时的各种难度系数: Level 1: 完全没加密. 此时连 certificate 也不用安装 Level 2: HTTPs. 安装 Burp certificate Level 3: SSL + Certitifcate Pinning. 此时需要 SSL KillSwitch 2等的帮助 Level 4: SSL + Certitifcate Pinning + POST data被AES加密. 此时需要知道加密的 Key Level 5: SSL + Certitifcate Pinning…

未越狱iPhone中使用Frida - 更简单

1. 下载项目 $ git clone https://github.com/Naituw/IPAPatch.git 2. 下载 Frida.dylib 下载 frida-gadget-xx.xx.xx-ios-universal.dylib.xz 3. 替换IPA 将要target App, 放置在IPAPatch/Assets, 并将 IPA 改名为app.ipa. 4. 修改patch.sh 打开XCodeProject. 由于暂时项目有 bug, 需要修改 patch.sh. 5. Build Project 连接 iPhone, 点 Run 即可. App 会直接安装在手机上, 信任开发者证书后,…

未越狱iPhone中使用Frida

现时越狱越来越难了, iOS 10.2.1 - 11都没有有效的越狱. 没有有效的越狱, 我们就无法安装 frida-server, 也无法访问 localstorage, keychain 等. 本文为此阐述了如何在未越狱 iPhone 中运行 Frida. 项目地址: Github 1. Prerequisite python3.4+ pip3 virtualev (optional, but highly recommended) XCode nvm (optional, but highly recommended) applesign insert_dylib ios-deploy 1.1 Installing python3 & pip3 Since Mac has python2…

Frida on non-rooted device

1. jdwp-lib-injector (Recommended) Tool: Github Find Arch of your android $ adb shell getprop ro.product.cpu.abi arm64-v8a 下载jdwp-lib-injector $ git clone https://github.com/ikoz/jdwp-lib-injector.git NIN: frida-gadget.so需要放置在jdwp-lib-injector 同一个目录下. Download Gadget 因应 arch (arm/arm64/x86/x86_64) 下载相应 frida-server . $ unxz *.xz Inject Frida Go to developer options,…

Frida on non-jb device

1. Method 1 - Appmon How to install Appmon and Frida on a Mac – The sh3llc0d3r's blog 2. Method 2 - Objection sensepost/objection: objection - runtime mobile exploration NIN: 推荐 objection, 其内置了很多 tweaks. 假如在 JB device 上使用, 可以不 patch app. // `frida-ps -U` to get <name> objection -g…