본문 바로가기

reversing

 (86)
frida -memo pointer controller ptr(addr) ptr(addr).add(offset) ptr(addr).sub(offset) log 찍기 console.log( hexdump(ptr(args[2]).add(0x10), {length :16})); Memory READ, WRITE var data = ['\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01'; Memory.writeByteArray(ptr(args[2]).add(0x10), data); Memory.readByteArray(ptr(args[2]).add(0x10), 16) return 변조 r..
ios - frida string 확인 Print NSString Objective-C | Frida 12.0.8 · Issue #607 · frida/frida Hi, I was trying to hook the method - isEqualToString from NSString class. This method receives a NSString pointer. The problem comes when I want to print this string, I've noticed differents t... github.com 1 2 3 4 5 6 7 8 9 10 11 12 Interceptor.attach(ObjC.classes.NSString['+ stringWithUTF8String:'].implementation, { onEnter:..
frida-ios class, method monitoring ios - class, method trace frida -H 192.168.0.39:4444 --codeshare mrmacete/objc-method-observer -p 475 > observeClass('NSString'); # class 모니터링 하고 싶은거 > observeSomething('*[* *Password:*]'); # method 모니터링 하고 싶은거
ios - ssl pinning 우회 루팅된 IOS 단말기 필요[SSH 설치] 해당 사이트에서 https://github.com/nabla-c0d3/ssl-kill-switch2/releases 패키지 파일 "com.nablac0d3.sslkillswitch2_0.14.deb" 다운로드 Releases · nabla-c0d3/ssl-kill-switch2 Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications. - nabla-c0d3/ssl-kill-switch2 github.com 다운로드 받은 파일 scp로 iphone으로 이동 $scp com.nablac0d3.sslkillswi..
ios - usb to ssh 1. windows - ifunbox 설치(usb tunnel) 이용 (http://www.i-funbox.com/en_download.html0 2. linux https://www.shadowinfosec.io/2017/03/iphone-ssh-over-usb-on-linux.html iPhone SSH over USB on Linux I recently got access to an iPhone 5C running iOS 10.2. I wanted such a device specifically to get it Jailbroken for iOS app reverse engine... www.shadowinfosec.io
ARM hooking 정리 보호되어 있는 글입니다.
frida - runtime.exec hook[root bypass] 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121console.log("[+] Start Script"); Java.perform(function () { console.log("[*] Hooking Test code"); var Runtime = Java.use('java.lang.Runtime'); ..
frida - script 1. target class 찾아보기 android.app --> 원하는 클래스 시작 명 1 2 3 4 5 6 7 8 9 10 11 Java.perform(function() { Java.enumerateLoadedClasses({ onMatch: function(className) { if (className.startsWith('android.app')){ console.log(className); } }, onComplete: function() {} }); }); Colored by Color Scripter cs 2. OWASP Uncracable_1 --> 해당 함수의 Class를 후킹하고 싶었는데 클래스 명이 다르다고함.. (public class C0002c.m2a, m3b, m4c) 해당..

티스토리툴바