TouchID Bypass with Frida

TouchID authentication有两种方式:

  1. LAContext - Using only the Local Authentication framework to authenticate the user
  2. User Presence - Using Keychain access control lists (ACLs)

第一种方法是可以用 frida bypass 的, 只需要 override 方法LAContextevaluatePolicy:localizedReason:reply即可.

Example - Github

第二种方法因为Keychain data management在 Secure enclave 中进行, hooking framework(e.g. frida, cycript)都无法circumvent.

Ref

Show Comments