View explore.js
'use strict';
Interceptor.attach(ptr('0x103cdbf40'), {
onEnter: function (args) {
send({ type: 'need-input' });
var operation = recv(function (res) {
args[0] = ptr(res);
});
operation.wait();
View trust-manager.js
'use strict';
var TrustManager;
var manager;
Java.perform(function () {
var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
TrustManager = Java.registerClass({
name: 'com.example.TrustManager',
View load-cycript.js
'use strict';
/*
* Usage:
* $ frida -U -n Twitter -l load-cycript.js
*/
var PORT = 27060;
dlopen('/usr/lib/libcycript.dylib');
View _gvariant-leak-tracker.md

GVariant leak tracker in 78 lines of code

To use it on a running process, first pip install frida to grab Frida's python bindings and CLI tools, then:

$ frida FooApp -l gvariant-leak-tracker.js

Then in the REPL you can call count() and list() to inspect the values currently alive:

View _gobject-leak-tracker.md

GObject leak tracker

To use it on a running process, first pip install frida to grab Frida's python bindings and CLI tools, then:

$ frida FooApp -l gobject-leak-tracker.js

Then in the REPL you can call count() and list() to inspect the instances currently alive:

View example.js
const pendingBlocks = new Set();
Interceptor.attach(..., {
onEnter(args) {
const block = new ObjC.Block(args[4]);
pendingBlocks.add(block); // Keep it alive
const appCallback = block.implementation;
block.implementation = (success, error) => {
// Do your logging here
appCallback(success, error);
View 00-README.md

frida-gum-example.c

$ clang -Wall -Os -pipe -g3 frida-gum-example.c -o frida-gum-example -L. -lfrida-gum -lresolv -Wl,-dead_strip -Wl,-no_compact_unwind
$ ./frida-gum-example
[*] open("/etc/hosts")
[*] close(3)
[*] open("/etc/fstab")
[*] close(-1)
[*] listener got 4 calls
[*] listener still has 4 calls
View keybase.md

Keybase proof

I hereby claim:

  • I am oleavr on github.
  • I am oleavr (https://keybase.io/oleavr) on keybase.
  • I have a public key whose fingerprint is 8831 9572 8E5A 6FA7 C4DE 2ADC D7F0 D062 8F33 186D

To claim this, I am signing this object:

View _FridaCommonJSIntegration.md

Install Node.js 5.x, then:

npm install frida co uuid

and run:

node app.js
View frida-5.0
$ frida-ls-devices
Id Type Name
---------------------------------------- ------ ---------------------------------------------------------
local local Local System
emulator-5554 tether Android Emulator 5554
192.168.57.101:5555 tether Genymotion Samsung Galaxy S5 - 4.4.4 - API 19 - 1080x1920
03157df369703a2a tether Samsung SM-G925F
af87839fdec193814e23a59a867d02d08f4a6e1d tether iPhone
tcp remote Local TCP
$ frida-ps -D 03157df369703a2a