iOS application security part 47 — Inspecting apps with Frida
In this article, we will talk about Frida. Frida is a dynamic instrumentation toolkit which can prove to be extremely useful in iOS application assessments. It can be used to assess apps on jailbroken and non-jailbroken devices (provided you have the source code). We will look at all these examples in this and the coming few articles.
Let's start first with assessment over jailbroken devices. Frida basically works on a client-server model. The client is running on your computer and the server on the iOS device. To install Frida on your computer, simply issue the following command as shown.
Learn Secure Coding
On your jailbroken device, add the source https://build.frida.re. Then go to Search and search for Frida.
One of the important things is to make sure both the Frida versions on the iOS device and the computer are same. Otherwise, Frida won't work.
Now SSH into your jailbroken device and you will see a process with the name frida-server which is running.
From your computer, simply issue the command frida-ps -U. Make sure the jailbroken device is connected to your computer over USB. If you get similar output, it means Frida is all set up and running.
Frida comes with a bunch of command-line tools, as can be seen here.
Issuing the command frida-ps will just show you a list of the processes running on your computer. But right now, we are interested in iDevices. Running the command frida-ls-devices will show all the devices connected to the computer. We can interface with this device with frida-ps -U command. If there is more than one device, you will need to specify the UDID.
.
Ok, so we are all set. Let's now look at what we can do with Frida.
In this case, we will be using the application Damn Vulnerable iOS app which you can download here. You might face issues with installing the older Objective C version of the app on iOS 10 or later, because the original app was signed with SHA-1 but since iOS 10 Apple has been using SHA-256. That means you might need to unzip the IPA file, strip out the 64-bit architecture using jtool (or lipo) and then sign it. You can then repackage the app and install it again to the device using Cydia Impactor.
To see a list of all the applications installed on the device along with their unique identifier, run the frida-ps -Uai command.
To see all the running apps, use the frida-ps -Ua command.
To attach to a specific process, run the frida -U processname command. Make sure that the application is running in the foreground on the device. The Frida CLI can be used to emulate a lot of the features of Cycript.
However, in this article, we will look at the frida-trace CLI. This CLI can help you trace various method calls during the application runtime. This can be extremely useful in understanding the inner workings of the application. It's always a good idea to look at the help output as there are many options here.
To trace a particular function, you can specify it with the -i option. You can also provide a regex in the method section as shown in the figure below. E.g, in the example below, you can trace the Crypto calls.
If you use the -I option, you can determine which module from Frida you want to include, which is essentially the dylib from where all functions will be retrieved.
In case of DVIA (Objective-C version), you can go to the Broken Cryptography section and start the challenge. To trace a particular Objective C method, you can specify it with the -m option. If the method calls match the provided regex, you will see the output as shown in the image below.
This is extremely useful in understanding the inner workings of the application, and the same info can be used to patch or bypass certain methods.
Learn Secure Coding
Thank you for reading! In the next article, we will look at more examples of using Frida.
Learn Secure Coding
Get hands-on experience with common coding mistakes, how they can be exploited and possible mitigations. Learn secure coding in:- Android and iOS
- C/C++, Java, .NET and PHP
- And more
In this Series
- iOS application security part 47 — Inspecting apps with Frida
- Enhancing code security: Tools and techniques for safeguarding your code
- DevSecOps Tools of the trade
- Software dependencies: The silent killer behind the world's biggest attacks
- Software composition analysis and how it can protect your supply chain
- Only 20% of new developers receive secure coding training, says report
- Introduction to Secure Software Development Life Cycle
- How to control the flow of a program in x86 assembly
- Mitigating MFA bypass attacks: 5 tips for developers
- How to diagnose and locate segmentation faults in x86 assembly
- How to use the ObjDump tool with x86
- Debugging your first x86 program
- How to build a program and execute an application entirely built in x86 assembly
- Overview of common x86 instructions
- x86 basics: Data representation, memory and information storage
- What is x86 assembly?
- Introduction to x86 assembly and syntax
- Introduction to variables
- How to mitigate Race Conditions vulnerabilities
- How to avoid Cryptography errors
- Cryptography errors Exploitation Case Study
- How to exploit Cryptography errors in applications
- How to exploit race conditions
- Email-based attacks with Python: Phishing, email bombing and more
- Attacking Web Applications With Python: Recommended Tools
- Attacking Web Applications With Python: Exploiting Web Forms and Requests
- Attacking Web Applications With Python: Web Scraper Python
- Python for Network Penetration Testing: Best Practices and Evasion Techniques
- Python for network penetration testing: Hacking Windows domain controllers with impacket Python tools
- Python Language Basics: Variables, Lists, Loops, Functions and Conditionals
- How to Mitigate Poor HTTP Usage Vulnerabilities
- How to Exploit Poor HTTP Usage
- Introduction to HTTP (What Makes HTTP Vulnerabilities Possible)
- How to Mitigate Integer Overflow and Underflow Vulnerabilities
- How to exploit integer overflow and underflow
- Introduction to Parallel Processing
- What are Race Conditions?
- How Are Credentials Used In Applications?
- How To Exploit Least Privilege Vulnerabilities
- XSS Vulnerabilities Exploitation Case Study
- What is is integer overflow and underflow?
- SQL Injection Vulnerabilities Exploitation Case Study
- How to exploit improper error handling
- Improper Error Handling Exploitation Case Study
- Why Improper Error Handling Happens
- How to exploit CSRF Vulnerabilities
- How to mitigate CSRF Vulnerabilities
- What Causes Command Injection Vulnerabilities? (How are Data and Code Handled in Execution Environments)
- Command Injection Vulnerabilities
- Command Injection Vulnerabilities Exploitation Case Study
- How to mitigate Command Injection Vulnerabilities
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Secure coding