| import threading | |
| from frida_tools.application import Reactor | |
| import frida | |
| class Application: | |
| def __init__(self): | |
| self._stop_requested = threading.Event() |
Based on this article https://dev.to/halimsamy/wsl-for-developers-installing-the-android-sdk-53n9
sudo apt-get update
| /** | |
| * Android, iOS (12.0-15.7.3), Linux universal SSLKEYLOG dumper. | |
| * | |
| * Usage: | |
| * | |
| * # For iOS and mac: | |
| * rvictl -s [UDID] | |
| * # Then open Wireshark and select rvi0 | |
| * | |
| * # For iOS and not mac: |
| const typeMap = { | |
| "c": "char", | |
| "i": "int", | |
| "s": "short", | |
| "l": "long", | |
| "q": "long long", | |
| "C": "unsigned char", | |
| "I": "unsigned int", | |
| "S": "unsigned short", |
| console.log("[*] SSL Pinning Bypasses"); | |
| console.log(`[*] Your frida version: ${Frida.version}`); | |
| console.log(`[*] Your script runtime: ${Script.runtime}`); | |
| /** | |
| * by incogbyte | |
| * Common functions | |
| * thx apkunpacker, NVISOsecurity, TheDauntless | |
| * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that. | |
| * !!! THIS SCRIPT IS NOT A SILVER BULLET !! |
Here, I'll show you how to compile Frida for both rootfull and rootless jailbreaks.
On Dopamine/Fugu15 Max or palera1n you can add my repo (open the link in your favorite browser on your jailbroken iDevice).
The DEBs you will install are build using the following instructions.
| Java.perform(function(){ | |
| let ThreadDef = Java.use('java.lang.Thread'); | |
| let ThreadObj = ThreadDef.$new(); | |
| function stackTrace() { | |
| console.log('------------START STACK---------------') | |
| let stack = ThreadObj.currentThread().getStackTrace(); | |
| for (let i = 0; i < stack.length; i++) { | |
| console.log(i + ' => ' + stack[i].toString()); | |
| } | |
| console.log('------------END STACK---------------'); |
| function monitorMemory(base, length, interceptedInstructions = new Set()) { | |
| const baseAddress = ptr(base.toString()); | |
| MemoryAccessMonitor.enable({base: baseAddress, size: length}, { | |
| onAccess: function(details) { | |
| let baseOffset = details.address.sub(baseAddress); | |
| console.log(`${details.address} (offset in range ${baseAddress} = ${baseOffset}) accessed for ${details.operation} from address ${DebugSymbol.fromAddress(details.from)}. Page ${details.pageIndex + 1} of ${details.pagesTotal}`); | |
| let instruction = Instruction.parse(details.from); | |
| const nextInstr = ptr(instruction.next.toString()); | |
| if (interceptedInstructions.has(nextInstr.toString())) { | |
| return; |
| #! /bin/bash | |
| # Simple Utility Script for allowing debug of hardened macOS apps. | |
| # This is useful mostly for plug-in developer that would like keep developing without turning SIP off. | |
| # Credit for idea goes to (McMartin): https://forum.juce.com/t/apple-gatekeeper-notarised-distributables/29952/57?u=ttg | |
| # Update 2022-03-10: Based on Fabian's feedback, add capability to inject DYLD for sanitizers. | |
| # | |
| # Please note: | |
| # - Modern Logic (on M1s) uses `AUHostingService` which resides within the system thus not patchable and REQUIRES to turn-off SIP. | |
| # - Some hosts uses separate plug-in scanning or sandboxing. | |
| # if that's the case, it's required to patch those (if needed) and attach debugger to them instead. |