-
Notifications
You must be signed in to change notification settings - Fork 858
Patching iOS Application Sources
Sometimes, you are lucky enough to have the source code for the application you want to test. In these cases its possible to simply load the FridaGadget
as part of the Xcode project, deploy it on an iOS device and connect objection
.
Lets walk through a sample project to get this going. We are going to use a simple currency converter application that can be found here: https://github.com/nicklockwood/Concurrency. Clone the app somewhere on your disk and open it in Xcode.
Within Xcode, navigate to the projects root and fix the signing errors you may have by choosing a new, unique bundle identifier and selecting "Automatically manage signing".
With the source code cloned, lets create a directory that will hold our Frida gadget. If you cloned the sample application mentioned above, cd
to the Concurrency
directory. Then:
-
mkdir Frameworks
and cd Frameworks
Next, download the latest Frida gadget frida-gadget-<VERSION>-ios-universal.dylib.xz
from the releases page:
https://github.com/frida/frida/releases
Then extract the .xz archive to obtain the dylib file.
We need to code sign the Frida gadget we just downloaded. If you don't have a code signing certificate yet, check out the Patching-iOS-Applications -> preparing Xcode article for a quick how-to on getting one (don't worry, it's free!). You can list your code signing certificates with:
security find-identity -p codesigning -v
Pick the appropriate certificate and run codesign
on the gadget you just downloaded by replacing <Identity>
with the hash of your certificate:
codesign -f -s <Identity> FridaGadget.dylib
Next, we need to locate the projects AppDelegate.m
file within Xcode. We are going to be adding the newly created Frameworks directory right next to this file. Once located, drag the Frameworks
directory you created using finder into Xcode, dropping it next to the AppDelegate.m
file.
A new prompt will show some options. Make sure you select Copy items of needed and Create folder references. When done, you should see a new Frameworks
folder next to the AppDelegate.m
file.
With the Frameworks folder and therefore the Frida gadget added to the project, its time to tell Xcode to link the new dylib to the library. To do this, Navigate to the project's root on the left, and select the Build Phases tab on the top right. Find the section title Link Binary With Libraries and drag the dylib from the Frameworks folder on the left of Xcode to the existing list.
At this stage, you can go ahead and try and build the project. Depending on the project itself, you may encounter various errors.
If one of those errors relate to something like "FridaGadget.dylib does not contain bytecode", you can easily fix this by disabling it.
For this specific error, it can be resolved by navigating to the projects root again, selecting Build Settings and flipping the Enable Bitcode to No.
Once the application has built successfully, you can deploy it on an iOS device (or the simulator), watching the console for when the Frida gadget as booted and is waiting for connections.
Once this has happened, objection explore
away!