본문 바로가기

reversing/reversing

 (33)
frida -memo pointer controller ptr(addr) ptr(addr).add(offset) ptr(addr).sub(offset) log 찍기 console.log( hexdump(ptr(args[2]).add(0x10), {length :16})); Memory READ, WRITE var data = ['\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01','\x01'; Memory.writeByteArray(ptr(args[2]).add(0x10), data); Memory.readByteArray(ptr(args[2]).add(0x10), 16) return 변조 r..
ios - frida string 확인 Print NSString Objective-C | Frida 12.0.8 · Issue #607 · frida/frida Hi, I was trying to hook the method - isEqualToString from NSString class. This method receives a NSString pointer. The problem comes when I want to print this string, I've noticed differents t... github.com 1 2 3 4 5 6 7 8 9 10 11 12 Interceptor.attach(ObjC.classes.NSString['+ stringWithUTF8String:'].implementation, { onEnter:..
frida-ios class, method monitoring ios - class, method trace frida -H 192.168.0.39:4444 --codeshare mrmacete/objc-method-observer -p 475 > observeClass('NSString'); # class 모니터링 하고 싶은거 > observeSomething('*[* *Password:*]'); # method 모니터링 하고 싶은거
ios - ssl pinning 우회 루팅된 IOS 단말기 필요[SSH 설치] 해당 사이트에서 https://github.com/nabla-c0d3/ssl-kill-switch2/releases 패키지 파일 "com.nablac0d3.sslkillswitch2_0.14.deb" 다운로드 Releases · nabla-c0d3/ssl-kill-switch2 Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications. - nabla-c0d3/ssl-kill-switch2 github.com 다운로드 받은 파일 scp로 iphone으로 이동 $scp com.nablac0d3.sslkillswi..
ios - usb to ssh 1. windows - ifunbox 설치(usb tunnel) 이용 (http://www.i-funbox.com/en_download.html0 2. linux https://www.shadowinfosec.io/2017/03/iphone-ssh-over-usb-on-linux.html iPhone SSH over USB on Linux I recently got access to an iPhone 5C running iOS 10.2. I wanted such a device specifically to get it Jailbroken for iOS app reverse engine... www.shadowinfosec.io
ARM hooking 정리 보호되어 있는 글입니다.
frida - runtime.exec hook[root bypass] 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121console.log("[+] Start Script"); Java.perform(function () { console.log("[*] Hooking Test code"); var Runtime = Java.use('java.lang.Runtime'); ..
idapython 메모 EnableTracing() enables debugger step tracing according to the trace_level value which is the first argument. TRACE_STEP (the lowest level trace – records all instructions), TRACE_INSN (records instruction trace) and TRACE_FUNC (records calls and rets) are possible options. The second argument, called enable, can have one of two values: 0 = turn off; 1 = turn on.12345678910111213// Enable step t..

티스토리툴바