Skip to content

Instantly share code, notes, and snippets.

@oleavr

oleavr/gating.js Secret

Last active December 5, 2022 18:26
Show Gist options
  • Save oleavr/ae7bcbbb9179852a4731 to your computer and use it in GitHub Desktop.
Save oleavr/ae7bcbbb9179852a4731 to your computer and use it in GitHub Desktop.
Gating examples
'use strict';
const co = require('co');
const frida = require('frida');
let target, device;
co(function *() {
target = process.argv[2];
if (target === 'ios')
device = yield frida.getUsbDevice();
else if (target === 'android')
device = yield frida.getRemoteDevice();
else
throw new Error('Usage: ' + process.argv[0] + ' <iphone|android>');
device.events.listen('spawned', onSpawned);
device.enableSpawnGating();
const pending = yield device.enumeratePendingSpawns();
pending.forEach(function (spawn, i) {
console.log('pending[' + i + ']=', spawn, ' Resuming!');
device.resume(spawn.pid);
});
console.log('ready');
})
.catch(function (error) {
console.error(error.message);
process.exitCode = 1;
});
function onSpawned(spawn) {
console.log('onSpawned:', spawn);
co(function *() {
const session = yield device.attach(spawn.pid);
const script = yield session.createScript('(' + agent.toString() + ').call(this);');
script.events.listen('message', function (message, data) { onMessage(spawn, message, data); });
yield script.load();
const exports = yield script.getExports();
yield exports.init();
yield device.resume(spawn.pid);
})
.catch(function (error) {
console.error(error.message);
});
}
function onMessage(spawn, message, data) {
console.log('onMessage:', spawn, message, data);
}
function agent() {
"use strict";
rpc.exports = {
init: function () {
Interceptor.attach(Module.findExportByName("UIKit", "UIApplicationMain"), {
onEnter(args) {
send("UIApplicationMain");
}
});
}
};
}
import codecs
import frida
import sys
import threading
target = sys.argv[1] if len(sys.argv) > 1 else None
if target == 'ios':
device = frida.get_usb_device()
elif target == 'android':
device = frida.get_remote_device()
else:
print("Usage: %s <iphone|android>" % sys.argv[0])
sys.exit(1)
pending = []
sessions = []
scripts = []
event = threading.Event()
def on_spawned(spawn):
print('on_spawned:', spawn)
pending.append(spawn)
event.set()
def on_message(spawn, message, data):
print('on_message:', spawn, message, data)
device.on('spawned', on_spawned)
device.enable_spawn_gating()
event = threading.Event()
print('Enabled spawn gating')
print('Pending:', device.enumerate_pending_spawns())
for spawn in device.enumerate_pending_spawns():
print('Resuming:', spawn)
device.resume(spawn.pid)
while True:
while len(pending) == 0:
print('Waiting for data')
event.wait()
event.clear()
spawn = pending.pop()
if spawn.identifier is not None and not spawn.identifier.startswith('com.apple'):
print('Instrumenting:', spawn)
session = device.attach(spawn.pid)
if target == 'ios':
script = session.create_script("""\
"use strict";
rpc.exports = {
init() {
Interceptor.attach(Module.findExportByName("UIKit", "UIApplicationMain"), {
onEnter(args) {
send("UIApplicationMain");
}
});
}
};""")
else:
script = session.create_script("""\
(function () {
"use strict";
rpc.exports = {
init() {
Java2.perform(() => {
const Activity = Java2.use("android.app.Activity");
Activity.onResume.implementation = () => {
send("onResume");
this.onResume();
};
});
}
};
}).call(this);""")
script.on('message', lambda message, data: on_message(spawn, message, data))
script.load()
script.exports.init()
sessions.append(session)
scripts.append(script)
else:
print('Not instrumenting:', spawn)
device.resume(spawn.pid)
print('Processed:', spawn)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment