Tracing srtp_aes_icm_context_init in WhatsApp with Frida

srtp_aes_icm_context_init.js

const apiResolver = new ApiResolver("objc");
const resolvedMatches = apiResolver.enumerateMatches(
  "+[NSURL URLWithUnicodeString:]"
);

const SCAN_SIZE = 100000;
const scanStart = resolvedMatches[0].address;
const scanResults = Memory.scanSync(
  ptr(scanStart),
  SCAN_SIZE,
  // first bytes of the hexadecimal representation of srtp_aes_icm_context_init
  "FF 83 01 D1 F8 5F 02 A9 F6 57 03 A9"
);

// srtp_err_status_t srtp_aes_icm_context_init(void *cv, const uint8_t *key)
const targetPointer = ptr(scanResults[0].address);
const targetFunction = new NativeFunction(targetPointer, "int", [
  "pointer",
  "pointer"
]);

console.log("scan start: " + scanStart);
console.log("srtp_aes_icm_context_init: " + scanResults[0].address);

Interceptor.attach(targetFunction, {
  onEnter: function(args) {
    /*
      static srtp_err_status_t srtp_aes_icm_context_init(void *cv, const uint8_t *key)
      
      typedef struct {
          v128_t counter;                        holds the counter value         
          v128_t offset;                         initial offset value            
          v128_t keystream_buffer;               buffers bytes of keystream      
          srtp_aes_expanded_key_t expanded_key;  the cipher key                  
          int bytes_in_buffer;                   number of unused bytes in buffer
          int key_size;                          AES key size + 14 byte SALT
      } srtp_aes_icm_ctx_t;

    */
    console.log("srtp_aes_icm_context_init " + args[0] + " key:");
    console.log(
      hexdump(args[1], {
        offset: 0,
        length: 16
      })
    );
  },
  onLeave: function(args) {}
});