saeed9321 · August 31, 2022 03:12
diff --git a/frida_ctor_tracer.js b/frida_ctor_tracer.js
 // Trace all calls to constructor functions in all loaded images 

 // * For more details - please read https://www.romainthomas.fr/post/21-07-pokemongo-anti-frida-jailbreak-bypass/
 // * In case the app is crashing due to slow lanuch - please read https://github.com/opa334/WatchdogDisabler 


 // Image =  /usr/lib/dyld
 // Function Signature = ImageLoader::containsAddress(void const*)
 // Symbol Name = __ZNK11ImageLoader15containsAddressEPKv
 // Address = 0x1083c

 // Usage: frida -U -f ${BUNDLE_ID} -l frida_ctor_tracer.js --no-pause

 var containsAddress_ptr =  0x1083c
 let a = Process.enumerateModules();
 a.forEach(b => {
    if (b.name == "dyld") {
        let addr = new NativePointer(b.base.add(containsAddress_ptr));
        Interceptor.attach(addr, {
            onEnter: function (args) {
                var a = new NativePointer(this.context.x1); // x1 holds ctor_addr
                    console.log(DebugSymbol.fromAddress(a));
            }
        })
    }
 });
	// Trace all calls to constructor functions in all loaded images

	// * For more details - please read https://www.romainthomas.fr/post/21-07-pokemongo-anti-frida-jailbreak-bypass/
	// * In case the app is crashing due to slow lanuch - please read https://github.com/opa334/WatchdogDisabler


	// Image = /usr/lib/dyld
	// Function Signature = ImageLoader::containsAddress(void const*)
	// Symbol Name = __ZNK11ImageLoader15containsAddressEPKv
	// Address = 0x1083c

	// Usage: frida -U -f ${BUNDLE_ID} -l frida_ctor_tracer.js --no-pause

	var containsAddress_ptr = 0x1083c
	let a = Process.enumerateModules();
	a.forEach(b => {
	if (b.name == "dyld") {
	let addr = new NativePointer(b.base.add(containsAddress_ptr));
	Interceptor.attach(addr, {
	onEnter: function (args) {
	var a = new NativePointer(this.context.x1); // x1 holds ctor_addr
	console.log(DebugSymbol.fromAddress(a));
	}
	})
	}
	});