π A tool that helps you can easy using frida. It support script for trace classes, functions, and modify the return values of methods on iOS platform.
π For Android platform: frida-android-hook
π For Intercept Api was encrypted on iOS application: frida-ios-intercept-api
| OS | Supported | Noted |
|---|---|---|
| MacOS | β | Stable |
| Linux | β | Stable |
| Windows | β | Unstable |
| iOS | Frida | Frida-tools | Supported | Stable Version |
|---|---|---|---|---|
| 16.7.11 | 16.7.14 | 13.7.1 | β | |
| 16.7.11 | 16.1.4 | 12.2.1 | β | β |
Note: Using stable versions to fix the ObjC not defined issue present in frida 17.0.1.
Running with python3.x. Support both spawn & attach script to process. All options from ./ioshook -h:
| Category | Option | Description |
|---|---|---|
| General | -h, --help | Show help message and exit |
--cli | Launch iOSHook interactive CLI | |
-p, --package PACKAGE | Bundle identifier of target app (spawn) | |
-n, --name NAME | Display name of target app (attach) | |
--pid PID | Process ID of target app (attach) | |
-s, --script SCRIPT.JS | Path to Frida JavaScript hooking script | |
-c, --check-version | Check for iOSHook updates | |
-u, --update | Update iOSHook to latest version | |
| Quick Method | -m, --method METHOD | app-static, bypass-jb, bypass-ssl, i-url-req, i-crypto (use -n or -p as required) |
| Information | --list-devices | List all connected Frida devices |
--list-apps | List all installed applications on device | |
--list-scripts | List all available Frida scripts | |
--logcat | Show system log of device (idevicesyslog) | |
--conf | Open and edit hook.conf file | |
--shell, --ssh | Open SSH shell to device (default: USB via iproxy) | |
--ssh-port-forward LOCAL:DEVICE | Forward port from local to device (ssh -R) | |
--network HOST:PORT | Connect via network SSH (default port 22) | |
--local | Connect via USB using iproxy | |
| Dump decrypt IPA | -d, --dump-app | Dump and decrypt application IPA file |
-o, --output OUTPUT_IPA | Output filename for decrypted IPA (without .ipa) | |
--dump-output-dir DIR | Output directory for dumped IPA (default: workspaces/dumps) | |
| Dump memory | --dump-memory OPTS | Dump memory of running application (e.g. --string, --read-only) |
| HexByte Scan IPA | --hexbyte-scan MODE | Mode: help, scan, patch, json |
--file FILE.IPA | IPA file to scan/patch | |
--pattern PATTERN | Hex pattern to search (e.g. E103??AA????E0) | |
--address ADDRESS | Address for patch (format: address,bytes,distance) | |
--task TASK.json | JSON task file for hexbyte scan | |
| reFlutter | --reflutter FLUTTER.IPA | Path to Flutter IPA for reFlutter analysis |
[+] Latest version https://github.com/noobpk/frida-ios-hook/releases [+] Develop version git clone -b dev https://github.com/noobpk/frida-ios-hook [+] Python >= v3.0 (Recommend to use pyenv or virtualenv) 1. cd frida-ios-hook/ 2. python3 -m venv py-env 3. source py-env/bin/active 1. pip3 install -r requirements.txt 3. python3 setup.py 4. cd frida-ios-hook 5. ./ioshook -h (--help) If you run the script but it doesn't work, you can try the following: frida -U -f package -l script.js
| Title | Link |
|---|---|
| Frida iOS Hook | Basic Usage | Install - List devices - List apps - List scripts - Logcat - Shell | https://youtu.be/xSndHgTdv4w |
| Frida iOS Hook | Basic Usage | Dump Decrypt IPA - Dump Memory App - Hexbyte-Scan IPA | https://youtu.be/AUsJ9_gnWAI |
| Frida iOS Hook | Basic Usage | App Static - Bypass Jailbreak - Bypass SSL - Intercept URL + Crypto | https://youtu.be/nWhKDSzArf8 |
| Frida iOS Hook | Advance Usage | Memory Dump - Radare2 - Iaito | https://youtu.be/nUqE4EYWiEc |
Because I am not a developer, so my coding skills might not be the best. Therefore, if this tool have any issue or not working for you, create an issue and i will try to fix it. Any suggestions for new feature and discussions are welcome!
