Skip to content

Instantly share code, notes, and snippets.

View miticollo's full-sized avatar
🏠
Working from home

Lorenzo miticollo

🏠
Working from home
33 followers · 19 following
View GitHub Profile
@miticollo
miticollo / How-to-build-frida-server-for-ios.md
Last active June 5, 2024 11:24
How to build frida server for iOS jailbroken devices

Here, I'll show you how to compile Frida for both rootfull and rootless jailbreaks.

TL;DR

On Dopamine/Fugu15 Max or palera1n you can add my repo (open the link in your favorite browser on your jailbroken iDevice).

The DEBs you will install are build using the following instructions.

Update 2024-02-29

@miticollo
miticollo / child-gating.py
Created April 28, 2023 19:21
A gist to show an example
import threading
from frida_tools.application import Reactor
import frida
class Application:
def __init__(self):
self._stop_requested = threading.Event()
@miticollo
miticollo / sample.py
Created April 30, 2023 02:48
Python3 script containing a Frida script (as a string) with a child-gating feature, designed to run after device.resume(). Tested on iOS 16.3.1.
#!/usr/bin/env python3
import signal
import sys
import _frida
import frida
from frida.core import Session, Script, Device, ScriptMessage
@miticollo
miticollo / close.py
Last active June 2, 2023 17:20
frida spawn gating with send message on process termination.
#!/usr/bin/env python3
import signal
import sys
import threading
from typing import List, Tuple
import _frida
import frida
from frida.core import Session, Device, Script
@miticollo
miticollo / permissions.py
Created May 9, 2023 01:07
A frida agent to reset all permissions on specific app. This work is based on https://github.com/FouadRaheb/AppData.
#!/usr/bin/env python3
import json
import frida
from frida.core import Device, Session, Script, ScriptExportsSync
compiler: frida.Compiler = frida.Compiler()
compiler.on("diagnostics", lambda diag: print(f"on_diagnostics: {diag}"))
bundle: str = compiler.build('permissions.ts', compression='terser')
@miticollo
miticollo / tccd.py
Last active June 7, 2023 17:40
A tccd tracer. It logs all INSERT queries that tccd does to store permissions for a third-party app.
#!/usr/bin/env python3
import signal
import threading
import _frida
import frida
from frida.core import Device, Session, Script, ScriptMessage
signal_event: threading.Event = threading.Event()
@miticollo
miticollo / list.md
Last active May 30, 2023 21:54
How to crash iOS using frida
@miticollo
miticollo / proc.ts
Last active April 1, 2024 19:09
An incomplete `lsof` for iOS implemented in frida
/*
* This is example shows how to use CModule, Typescript, and ObjC.
* It lets us see what files are opened by the target process (`getpid()`).
* It is lsof for iOS but implemented in frida.
*
* How to run?
* frida -U -n <target> -l proc.ts
* In REPL:
* rpc.exports.fds();
*
@miticollo
miticollo / foo.ts
Last active July 29, 2023 02:07
frida-swift-bridge: first attempt
const GRDB_PATH: string = Process.enumerateModules().find((x: Module): boolean => x.name === "GRDB")!.path;
declare let Swift: any;
if (Swift.available) {
// Tested on iOS 14.4.2 and iOS 15.1b1.
const mangled: string = "$s4GRDB8DatabaseC13usePassphraseyy10Foundation4DataVKF";
const demangled: NativePointer = Swift.api.swift_demangle(Memory.allocUtf8String(mangled), mangled.length, NULL, NULL, 0);
console.log(`Function hooked: ${demangled.readUtf8String()}`);
@miticollo
miticollo / FridaTimeBomb.js
Created August 18, 2023 20:09
Based on https://github.com/opa334/TimeBomb by opa334
const SYSTEMCONFIGURATION_PATH = '/System/Library/Frameworks/SystemConfiguration.framework/SystemConfiguration';
const CAPTIVENETWORK_PATH = '/System/Library/PrivateFrameworks/CaptiveNetwork.framework/CaptiveNetwork';
const FOUNDATION_PATH = '/System/Library/Frameworks/Foundation.framework/Foundation';
Interceptor.attach(Module.getExportByName(SYSTEMCONFIGURATION_PATH, "CNCopyCurrentNetworkInfo"), {
onEnter(args) {
console.log("onEnter CNCopyCurrentNetworkInfo");
},
onLeave(retval) {
console.log("onLeave CNCopyCurrentNetworkInfo");