Frisky is an instruments to assist in binary application reversing and augmentation, geared towards walled gardens like iOS. Most, if not all, recently tested on iOS 11.1.2 and macOS 10.12.6.
Intercepts all URLs of an iOS/macOS application, allowing you to trace and alter/intercept all network traffic, including https, per app before encryption and after decryption:
frida -U -n Safari -l frida-url-interceptor.js
Also Read Dejavu – Open Source Deception Framework
When building recent iOS jailbreaks dependent on SHA256 signatures, ldid2
is required. This repo will allow you to easily compile ldid
and ldid2
for signing and modifying an iOS binary’s entitlements, and thus jailbreaking a device.
ldid{2} -e MobileSafari
# to dump MobileSafari’s entitlementsldid{2} -S cat
# to sign cat/System/Library/Caches/com.apple.dyld/dyld_shared_cache_arm*
into individual dylibs:mkdir -p dylibs && dyld-210.2.3-patched/launch-cache/dsc_extractor /path/to/copied/dyld_shared_cache_arm* dylibs
frida-trace -U -i "*tls*" Twitter
# hook all calls matching /tls/i for the Twitter app__handlers__/libcoretls.dylib/tls_private_key_create.js
will be generated: onEnter
‘s args[2]
is first argument to the function Memory.readUtf8String(args[2])
or ObjC.Object(args[2]))
onLeave
‘s retval
is the return value log(retval.toInt32())
retval.replace(0)
system_profiler SPUSBDataType|perl -n0e'`rvictl -s $1`if/iP(?:hone|ad):.*?Serial Number: (\S+)/s';sudo tcpdump -i rvi0
su mobile && mkdir -p ~/tmp && cd ~/tmp && DYLD_INSERT_LIBRARIES=/usr/lib/dumpdecrypted.dylib /var/containers/Bundle/Application/*/AppName.app/AppName
deviceconsole
unbuffer deviceconsole | grep something
# keeps pretty colors- requires
expect, can be installed via
sudo port install expector
brew install expect`mv /Library/TweakInject /Library/TweakInject.bak && ln -s /Library/MobileSubstrate/DynamicLibraries /Library/TweakInject && killall -HUP SpringBoard
ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…
Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…
SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…
PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…
HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…
What Are Bash Comments? Comments in Bash scripts, are notes in your code that the…