In this article, we will talk about Frida. Frida is a dynamic instrumentation toolkit which can prove to be extremely useful in iOS application assessments. It can be used to assess apps on jailbroken and non-jailbroken devices (provided you have the source code). We will look at all these examples in this and the coming few articles.
Let’s start first with assessment over jailbroken devices. Frida basically works on a client-server model. The client is running on your computer and the server on the iOS device. To install Frida on your computer, simply issue the following command as shown.
On your jailbroken device, add the source https://build.frida.re. Then go to Search and search for Frida.
One of the important things is to make sure both the Frida versions on the iOS device and the computer are same. Otherwise, Frida won’t work.
Now SSH into your jailbroken device and you will see a process with the name frida-server which is running.
From your computer, simply issue the command frida-ps -U. Make sure the jailbroken device is connected to your computer over USB. If you get similar output, it means Frida is all set up and running.
Frida comes with a bunch of command-line tools, as can be seen here.
Issuing the command frida-ps will just show you a list of the processes running on your computer. But right now, we are interested in iDevices. Running the command frida-ls-devices will show all the devices connected to the computer. We can interface with this device with frida-ps -U command. If there is more than one device, you will need to specify the UDID.
Ok, so we are all set. Let’s now look at what we can do with Frida.
In this case, we will be using the application Damn Vulnerable iOS (Read more…)