TouchID Bypass with Frida

TouchID authentication有两种方式: LAContext - Using only the Local Authentication framework to authenticate the user User Presence - Using Keychain access control lists (ACLs) 第一种方法是可以用 frida bypass 的, 只需要 override 方法LAContextevaluatePolicy:localizedReason:reply即可. Example - Github 第二种方法因为Keychain data management在 Secure enclave 中进行, hooking framework(e.g. frida, cycript)都无法circumvent. Ref Useful…

frida-cycript

项目地址: nowsecure/frida-cycript: Cycript fork powered by Frida Prerequisite Node 使用6.10.3 - nvm alias default 6.10.3 Readline - Mac 自带 readline, brew install readline会将 readline 安装为 keg-only. brew info readline brew switch readline 6.3.8 ls -la /usr/local/opt/readline/lib - 查看安装情况 更改…

frida - learn by example

0. Background 0.1 Instrumentation This process of tracing, profiling, and debugging the execution of an app during runtime is called Instrumentation. frida can be injected into running processes across multiple platforms. The type of injection will allow us to inspect the state of different objects, variables and execution threads.…

Android Studio and more

近日在研究 frida 的时候, 遇到了不少的问题. 该文汇总了期间的部分问题的解决方法. frida 不支持 x86的模拟器, 但是暂时还没找到办法如何令 GenyMotion 支持 ARM. 要用模拟器的话, 需要安装 Android Studio. 不过 ARM 模拟器的速度感人. 还是用回 real device 吧. Android Studio 下载 SDK 的速度感人, 参见#3, 设置国内源 Gradle build 疑难参见#4. 1. AVD NIN: 似乎 Android Studio 2.3之后,就不再支持用 command line call起 AVD manager. Command…

Frida

Installation on Mac 官网的教程无法安装, 原因未明 Update (17 Mar 2017): OSError: [Errno 1] Operation not permitted: '/tmp/pip-Xb_ctc-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/six-1.4.1-py2.7.egg-info' 由于 OsX 10.11 预装了six 1.4.1, 因此在安装 frida 的过程中无法卸载(ref). Solution: $ sudo pip…