Skip to content

Instantly share code, notes, and snippets.

@oleavr
Last active February 18, 2019 13:15
Show Gist options
  • Save oleavr/6f2531bcb7fea583d5fd28f72cb4a978 to your computer and use it in GitHub Desktop.
Save oleavr/6f2531bcb7fea583d5fd28f72cb4a978 to your computer and use it in GitHub Desktop.
Frida script to load Cycript into an arbitrary process (workaround for sandboxing issues)
'use strict';
/*
* Usage:
* $ frida -U -n Twitter -l load-cycript.js
*/
var PORT = 27060;
dlopen('/usr/lib/libcycript.dylib');
var CYListenServer = new NativeFunction(Module.findExportByName('libcycript.dylib', 'CYListenServer'), 'void', ['int16']);
CYListenServer(PORT);
console.log([
'',
'Cycript listening on port ' + PORT,
'',
'SSH to the device and run:',
' $ cycript -r 127.0.0.1:' + PORT,
'',
'You may now detach Frida.',
''
].join('\n'));
function dlopen(library) {
var _dlopen = new NativeFunction(Module.findExportByName(null, 'dlopen'), 'pointer', ['pointer', 'int']);
var RTLD_GLOBAL = 0x8;
var RTLD_LAZY = 0x1;
var path = Memory.allocUtf8String(library);
var handle = _dlopen(path, RTLD_GLOBAL | RTLD_LAZY);
if (handle.isNull())
throw new Error('Failed to load ' + library);
return handle;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment