Gating examples

gating.js

'use strict';

const co = require('co');
const frida = require('frida');

let target, device;

co(function *() {
  target = process.argv[2];
  if (target === 'ios')
    device = yield frida.getUsbDevice();
  else if (target === 'android')
    device = yield frida.getRemoteDevice();
  else
    throw new Error('Usage: ' + process.argv[0] + ' <iphone|android>');

  device.events.listen('spawned', onSpawned);
  device.enableSpawnGating();

  const pending = yield device.enumeratePendingSpawns();
  pending.forEach(function (spawn, i) {
    console.log('pending[' + i + ']=', spawn, ' Resuming!');
    device.resume(spawn.pid);
  });

  console.log('ready');
})
.catch(function (error) {
  console.error(error.message);
  process.exitCode = 1;
});

function onSpawned(spawn) {
  console.log('onSpawned:', spawn);

  co(function *() {
    const session = yield device.attach(spawn.pid);
    const script = yield session.createScript('(' + agent.toString() + ').call(this);');
    script.events.listen('message', function (message, data) { onMessage(spawn, message, data); });
    yield script.load();
    const exports = yield script.getExports();
    yield exports.init();
    yield device.resume(spawn.pid);
  })
  .catch(function (error) {
    console.error(error.message);
  });
}

function onMessage(spawn, message, data) {
  console.log('onMessage:', spawn, message, data);
}

function agent() {
  "use strict";

  rpc.exports = {
    init: function () {
      Interceptor.attach(Module.findExportByName("UIKit", "UIApplicationMain"), {
        onEnter(args) {
          send("UIApplicationMain");
        }
      });
    }
  };
}

gating.py

import codecs
import frida
import sys
import threading

target = sys.argv[1] if len(sys.argv) > 1 else None
if target == 'ios':
    device = frida.get_usb_device()
elif target == 'android':
    device = frida.get_remote_device()
else:
    print("Usage: %s <iphone|android>" % sys.argv[0])
    sys.exit(1)

pending = []
sessions = []
scripts = []
event = threading.Event()

def on_spawned(spawn):
    print('on_spawned:', spawn)
    pending.append(spawn)
    event.set()

def on_message(spawn, message, data):
    print('on_message:', spawn, message, data)

device.on('spawned', on_spawned)
device.enable_spawn_gating()
event = threading.Event()
print('Enabled spawn gating')
print('Pending:', device.enumerate_pending_spawns())
for spawn in device.enumerate_pending_spawns():
    print('Resuming:', spawn)
    device.resume(spawn.pid)
while True:
    while len(pending) == 0:
        print('Waiting for data')
        event.wait()
        event.clear()
    spawn = pending.pop()
    if spawn.identifier is not None and not spawn.identifier.startswith('com.apple'):
        print('Instrumenting:', spawn)
        session = device.attach(spawn.pid)
        if target == 'ios':
            script = session.create_script("""\
"use strict";

rpc.exports = {
    init() {
        Interceptor.attach(Module.findExportByName("UIKit", "UIApplicationMain"), {
            onEnter(args) {
                send("UIApplicationMain");
            }
        });
    }
};""")
        else:
            script = session.create_script("""\
(function () {
"use strict";

rpc.exports = {
    init() {
        Java2.perform(() => {
            const Activity = Java2.use("android.app.Activity");
            Activity.onResume.implementation = () => {
                send("onResume");
                this.onResume();
            };
        });
    }
};
}).call(this);""")

        script.on('message', lambda message, data: on_message(spawn, message, data))
        script.load()
        script.exports.init()

        sessions.append(session)
        scripts.append(script)
    else:
        print('Not instrumenting:', spawn)
    device.resume(spawn.pid)
    print('Processed:', spawn)