Last active
February 18, 2019 13:15
-
-
Save oleavr/6f2531bcb7fea583d5fd28f72cb4a978 to your computer and use it in GitHub Desktop.
Frida script to load Cycript into an arbitrary process (workaround for sandboxing issues)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| /* | |
| * Usage: | |
| * $ frida -U -n Twitter -l load-cycript.js | |
| */ | |
| var PORT = 27060; | |
| dlopen('/usr/lib/libcycript.dylib'); | |
| var CYListenServer = new NativeFunction(Module.findExportByName('libcycript.dylib', 'CYListenServer'), 'void', ['int16']); | |
| CYListenServer(PORT); | |
| console.log([ | |
| '', | |
| 'Cycript listening on port ' + PORT, | |
| '', | |
| 'SSH to the device and run:', | |
| ' $ cycript -r 127.0.0.1:' + PORT, | |
| '', | |
| 'You may now detach Frida.', | |
| '' | |
| ].join('\n')); | |
| function dlopen(library) { | |
| var _dlopen = new NativeFunction(Module.findExportByName(null, 'dlopen'), 'pointer', ['pointer', 'int']); | |
| var RTLD_GLOBAL = 0x8; | |
| var RTLD_LAZY = 0x1; | |
| var path = Memory.allocUtf8String(library); | |
| var handle = _dlopen(path, RTLD_GLOBAL | RTLD_LAZY); | |
| if (handle.isNull()) | |
| throw new Error('Failed to load ' + library); | |
| return handle; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment