Skip to content

Instantly share code, notes, and snippets.

View oleavr's full-sized avatar

Ole André Vadla Ravnås oleavr

1.6k followers · 14 following
View GitHub Profile
@oleavr
oleavr / trust-manager.js
Created June 8, 2017 13:49
How to implement an X509TrustManager using Frida
'use strict';
var TrustManager;
var manager;
Java.perform(function () {
var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
TrustManager = Java.registerClass({
name: 'com.example.TrustManager',
@oleavr
oleavr / load-cycript.js
Last active February 18, 2019 13:15
Frida script to load Cycript into an arbitrary process (workaround for sandboxing issues)
'use strict';
/*
* Usage:
* $ frida -U -n Twitter -l load-cycript.js
*/
var PORT = 27060;
dlopen('/usr/lib/libcycript.dylib');
@oleavr
oleavr / _gvariant-leak-tracker.md
Last active August 6, 2016 19:41
GVariant leak tracker in 78 lines of code

GVariant leak tracker in 78 lines of code

To use it on a running process, first pip install frida to grab Frida's python bindings and CLI tools, then:

$ frida FooApp -l gvariant-leak-tracker.js

Then in the REPL you can call count() and list() to inspect the values currently alive:

@oleavr
oleavr / _gobject-leak-tracker.md
Last active November 18, 2019 18:52
GObject leak tracker in 46 lines of code

GObject leak tracker

To use it on a running process, first pip install frida to grab Frida's python bindings and CLI tools, then:

$ frida FooApp -l gobject-leak-tracker.js

Then in the REPL you can call count() and list() to inspect the instances currently alive:

@oleavr
oleavr / example.js
Last active June 4, 2021 09:07
Frida ObjC.Block example
const pendingBlocks = new Set();
Interceptor.attach(..., {
onEnter(args) {
const block = new ObjC.Block(args[4]);
pendingBlocks.add(block); // Keep it alive
const appCallback = block.implementation;
block.implementation = (success, error) => {
// Do your logging here
appCallback(success, error);
@oleavr
oleavr / 00-README.md
Last active April 26, 2024 11:18
Frida devkit examples

frida-gum-example.c

$ clang -Wall -Os -pipe -g3 frida-gum-example.c -o frida-gum-example -L. -lfrida-gum -lresolv -Wl,-dead_strip -Wl,-no_compact_unwind
$ ./frida-gum-example
[*] open("/etc/hosts")
[*] close(3)
[*] open("/etc/fstab")
[*] close(-1)
[*] listener got 4 calls

[*] listener still has 4 calls

@oleavr
oleavr / keybase.md
Last active September 27, 2015 18:28
keybase.md

Keybase proof

I hereby claim:

  • I am oleavr on github.
  • I am oleavr (https://keybase.io/oleavr) on keybase.
  • I have a public key whose fingerprint is 8831 9572 8E5A 6FA7 C4DE 2ADC D7F0 D062 8F33 186D

To claim this, I am signing this object:

@oleavr
oleavr / _FridaCommonJSIntegration.md
Last active January 8, 2024 16:21
How to consume npm modules from Frida agent scripts

Install Node.js 5.x, then:

npm install frida co uuid

and run:

node app.js
@oleavr
oleavr / frida-5.0
Last active September 17, 2015 00:36
Frida 5.0
$ frida-ls-devices
Id Type Name
---------------------------------------- ------ ---------------------------------------------------------
local local Local System
emulator-5554 tether Android Emulator 5554
192.168.57.101:5555 tether Genymotion Samsung Galaxy S5 - 4.4.4 - API 19 - 1080x1920
03157df369703a2a tether Samsung SM-G925F
af87839fdec193814e23a59a867d02d08f4a6e1d tether iPhone
tcp remote Local TCP
$ frida-ps -D 03157df369703a2a
@oleavr
oleavr / rpc.js
Last active August 29, 2015 14:26
RPC
#!/usr/bin/env iojs --harmony_arrow_functions
'use strict';
const co = require('co');
const frida = require('frida');
co(function *() {
const session = yield frida.attach('cat');
const script = yield session.createScript('(' +
agent.toString() + ').call(this);');