-> Install Frida Client and Objection in your computer
pip install frida-tools objection
-> Install frida-server em Sileo (Sources -> Add Source -> add https://build.frida.re) -> Then go to Packages and install the frida-server from the added package.
-> Listing by PID’s, names and bundle indentifier sinstalled on the device. It is also widely used to test the connection between the frida client and the frida server.
frida-ps -Uai
-> To use a script in Frida it is necessary to receive it through the -l parameter and pass the name of the application package in the -f parameter
frida -U -l <frida_script> -f <bundle_identifier>
There have been changes regarding the use of --no-pause, in the past it was possible to use it to not pause the application process and execute the script directly, because by default when using frida, the application was paused to wait for new instructions. Currently, --no-pause has been removed and --pause has been implemented, which basically pauses the process when starting and allows you to decide when to resume, using the %resume command, so now when starting hooking with frida, the application by default does not is paused, if the --pause parameter is not set.
-> Usage Example
frida -U -l <frida_script> -f <bundle_identifier> --pause
%resume
With frida-trace you can obtain information about the internal flow of the application, which will help in understanding the app's logic, as well as in the possible identification of vulnerabilities
-> Track all functions that have the string "log" in their name
frida-trace -U -f <bundle_identifier> -i "*log*"
-> or if you prefer, first open the application on your device and then use the following command:
frida-trace -U <app_name> -i "*log*"
You can use objection in phases or you can pass the command directly on one line using the -s parameter, examples: -> Mode of Use 1
objection -g <bundle_identifier> explore
<command>
-> Mode of Use 2
objection -g <bundle_identifier> explore -s "<command>"
-> Download file from device
file download <remote_path> <local_path>
-> Upload file to device
file upload <local_path> <remote_path>
-> Import Frida Script
import <frida_script>
-> Find the location of all paths where installed application data is stored.
env
-> List used frameworks
ios bundles list_frameworks
-> List modules loaded in memory
memory list modules
-> Export a loaded module
memory list exports <module_name>
-> List classes
ios hooking list classes
-> Search for a class that contains a given string
ios hooking search classes <string>
-> List methods of a given class
ios hooking list class_methods <blunde_identifier>.<class_name>
-> Search for a method that contains a given string
ios hooking search methods <string>
If you are encountering the following objection error:
"return Device(self._impl.get_device_matching(lambda d: predicate(Device(d)), raw_timeout))
frida.InvalidArgumentError: device not found"
Fix it by adding a timeout to avoid timeout when connecting to the device by modifying the following line: "self._device = frida.get_device(self._device_id)" to "self._device = frida.get_device(self._device_id, 1000)" at https://github.com/frida/frida-tools/blob/main/frida_tools/application.py
This issue may only occur on some devices. Thanks to the user salisbury-espinosa who contributed information to this issue: frida/frida#1416
-> Install applesign
npm install -g applesign
-> Install insert_dylib
git clone https://github.com/Tyilo/insert_dylib
cd insert_dylib
xcodebuild
cp build/Release/insert_dylib /usr/local/bin/insert_dylib
-> Install xcode cli
-> Get signing identity
applesign -L
-> Patching .ipa
objection patchipa --source <app.ipa> --code-signature <identity_signature> -P embedded.mobileprovision
-> Deploy
git clone https://github.com/ios-control/ios-deploy
ios-deploy ---bundle <app.apk> --debug -W
frida -U -l <frida_script> -f <package_name>
-> https://github.com/interference-security/frida-scripts/tree/master/iOS