-
-
Save insi2304/14a384c3d1cf785952fb5661a210fbc7 to your computer and use it in GitHub Desktop.
Frida iOS patch and deploy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Grab UDID: | |
ios-deploy -c | grep -oE 'Found ([0-9A-Za-z\-]+)' | sed 's/Found //g' | |
system_profiler SPUSBDataType | sed -n -E -e '/(iPhone|iPad)/,/Serial/s/ *Serial Number: *(.+)/\1/p' | |
instruments -s devices | grep -v Simulator | |
----------------------------------------------------------- | |
Frida patch and deploy using objection: | |
security find-identity -p codesigning -v | |
objection patchipa --source <IPAfile> --codesign-signature <IDENT1TY> -P emb.mobileprovision | |
unzip <patchedlPAfile> | |
ios-deploy --bundle Payload/my-app.app -W -d | |
objection explore | |
--------------------------------------------------------------- | |
https://blog.securityinnovation.com/frida | |
rename ipa to zip and unzip it | |
rm -f embedded.mobileprovision and _CodeSign folder | |
cp ~/Library/Developer/Xcode/DerivedData/pentest1-exsojslupbntkfbnffktzafuoftk/Build/Products/Debug-iphoneos/pentest1.app/embedded.mobileprovision App.app/ | |
cd Payload | |
codesign -d --entitlements - App.app > entitlements.plist | |
cat entitlements.plist | |
cd .. | |
mv Payload/entitlements.plist . | |
codesign -f -s "iPhone Distribution: Company Cert" --entitlements entitlements.plist Payload/App.app | |
KEYCHAIN_PASSWD='xyz' | |
KEYCHAIN=$(ls $HOME/Library/Keychains/login.keychain-db 2>/dev/null) | |
/usr/bin/security list-keychains -s $KEYCHAIN | |
/usr/bin/security unlock-keychain -p "$KEYCHAIN_PASSWD" $KEYCHAIN | |
/usr/bin/security show-keychain-info $KEYCHAIN | |
/usr/bin/security find-identity -p codesigning -v | |
codesign -f -s "iPhone Distribution: Company Cert" --entitlements entitlements.plist Payload/App.app | |
zip -qr resigned.ipa Payload | |
unzip -p myapp.ipa \*/embedded.mobileprovision | grep -a -A 2 ExpirationDate | grep date | sed -e 's/^.*<date>\(.*\)<\/date>/\1/' | |
==================== | |
Steps | |
Assumptions: | |
.ipa filename is app.ipa | |
app is called MyApp | |
new provisioning profile resides at: ~/Downloads/AdHoc.mobileprovision | |
distribution certificate name is Company Certificate | |
may not need resource-rules parameter | |
provisioning profile is either for Adhoc, or Enterprise distribution | |
Commands: | |
unzip app.ipa | |
rm -rf Payload/MyApp.app/_CodeSignature/ | |
cp ~/Downloads/AdHoc.mobileprovision Payload/MyApp.app/embedded.mobileprovision | |
codesign -f -s "iPhone Distribution: Company Certificate" --resource-rules Payload/MyApp.app/ResourceRules.plist Payload/MyApp.app | |
zip -qr app-resigned.ipa Payload/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment