Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.

Overview


Fridax is a Node package for dealing with Xamarin applications while using the Frida API.
GoalInstallationUsageExamplesIssuesLicense
Built with by the Northwave Red Team


Goal

In the Northwave Red Team we conduct security penetration tests on, among other things, mobile applications. During almost every mobile application penetration test we want to modify the behaviour of the application in such a way that it bypasses certain checks (e.g. a PIN code check).

Frida is a toolkit that allows us to do exactly that. It is a dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Using Frida you can, for example, inject and modify code of iOS and Android applications on runtime. However, if the application that is being pentested is a Xamarin application, it becomes more difficult to modify code on runtime, since Xamarin applications are basically wrappers that run a .NET binary.

Fridax to the rescue! Fridax allows you to easily modify the .NET binary inside a Xamarin application on runtime. We've included some example scripts that e.g. modify constructor and function arguments.

Happy hacking!

Installation

Clone this Git repository.

git clone [email protected]:NorthwaveNL/fridax.git

Use the package manager npm to install the dependencies for Fridax.

cd fridax
npm install

Usage

Please check the known issues before your start.

  1. Connect your device (make sure it can be listed).
    • frida-ls-devices
  2. Copy an example script to the scripts folder.
    • cp examples/modify_class_function_argument.js scripts/modify_class_function_argument.js
  3. Adjust some of the config variables in the script (that you copied) to your needs.
    • Update settingClassName, settingMethodName and settingMethodArgCount
  4. Start the application on your device and run your script!
    • ./fridax.js inject --scripts scripts/modify_class_function_argument.js

All options

./fridax.js <command>

Commands:
  ./fridax.js inject [scripts]  Inject the given scripts list.

Options:
  --version   Show version number                                                           [boolean]
  -h, --help  Show help                                                                     [boolean]
  --device    The address of the remote Frida device to connect to (or the string "usb")    [default: "usb"]

Examples:
  ./fridax.js inject --scripts scripts/modify_function_argument.js scripts/intercept_password.js scripts/sql_injection.js

Examples

Example scripts can be found in ./examples. Place an example script in the ./scripts folder to try it out. Using the example scripts, all of the variables/functions in the example class below can be read/intercepted.

namespace CompanyName.ProjectName {

    class Settings {

        // Static int can be read
        public static readonly int secret1 = 1234;

        // Static bool can be read
        public static readonly bool secret2 = false;

        // Static object can be read
        public static readonly ObfuscatedString secret3 = ObfuscatedString("yGVhqI5yzbgYUnCP+ZukDw==");

        // Static string can be read
        public static readonly string secret4 = "SecretValue";

        // Constructor can be intercepted and arguments can be modified
        Settings(string a, string b, string c) {

        }

        // Function can be intercepted and argument can be modified
        GetElement(string id) {

        }

    }

}

For example, to read the public static readonly bool secret2 you can run the command below after copying ./examples/read_static_bool_from_class.js to ./scripts/read_static_bool_from_class.js. You also need to edit the Company.ProjectName.Settings class name and secret2 variable name in that file to your needs. You can find out which names you need by using dnSpy on the Mono binary in the IPA/APK.

./fridax.js inject --scripts scripts/read_static_bool_from_class.js

Issues

Issues or new features can be reported via the GitHub issue tracker. Please make sure your issue or feature has not yet been reported by anyone else before submitting a new one.

Known issues

  • Xamarin app needs to be running before you start this script (see this issue for more information).
  • You get the error Export not found: mono_aot_get_method. This is due to your application being JIT-compiled. Please use the example scripts that are prefixed with jit_ instead of aot_ (AOT-compiled). See issue #3 for more information.

License

Fridax is open-sourced software licensed under the MIT license.

Comments
  • Export not found: `mono_aot_get_method` in JIT-compiled APK

    Export not found: `mono_aot_get_method` in JIT-compiled APK

    Hello,

    I can't get the modify_class_function_argument.js script to work.

    I'm working with this app: https://github.com/xamarin/xamarin-forms-samples/tree/master/WebServices/TodoREST

    I'm trying to intercerpt the GetTasksAsync function of the TodoItemManager:

    using System;
    using System.Collections.Generic;
    using System.Threading.Tasks;
    
    namespace TodoREST
    {
    	public class TodoItemManager
    	{
    		IRestService restService;
    
    		public TodoItemManager (IRestService service)
    		{
    			restService = service;
    		}
    
    		public Task<List<TodoItem>> GetTasksAsync ()
    		{
    			return restService.RefreshDataAsync ();	
    		}
    
    		public Task SaveTaskAsync (TodoItem item, bool isNewItem = false)
    		{
    			return restService.SaveTodoItemAsync (item, isNewItem);
    		}
    
    		public Task DeleteTaskAsync (TodoItem item)
    		{
    			return restService.DeleteTodoItemAsync (item.ID);
    		}
    	}
    }
    

    Source for the class: https://github.com/xamarin/xamarin-forms-samples/blob/master/WebServices/TodoREST/TodoREST/Data/TodoItemManager.cs

    I'm using this script:

    import { MonoApiHelper, MonoApi } from '../vendors/frida-mono-api'
    import ClassHelper from '../libraries/class_helper'
    
    // Intercept settings
    var settingClassName = "TodoREST.TodoItemManager";
    var settingMethodName = "GetTasksAsync";
    var settingMethodArgCount = 0;
    
    // The root AppDomain is the initial domain created by the runtime when it is initialized. Programs execute on this AppDomain.
    const domain = MonoApi.mono_get_root_domain()
    
    console.log('domain: ' + classInformation);
    
    // Get a reference to a certain class within the Xamarin application.
    var classInformation = ClassHelper.getClassByName(settingClassName);
    
    console.log('classInformation: ' + classInformation);
    
    // Get the pointer to the ahead-of-time (AOT) compiled method
    let methodInformation = MonoApiHelper.ClassGetMethodFromName(classInformation, settingMethodName, settingMethodArgCount)
    
    console.log('methodInformation: ' + methodInformation);
    
    // Allocate enough memory for MonoError initialization
    let monoErrorMemory = Memory.alloc(32) 
    
    // Get the pointer to the method
    let nativeMethodPointer = MonoApi.mono_aot_get_method(domain, methodInformation, monoErrorMemory)
    
    // Attach interceptor and fish out the first method argument
    Interceptor.attach(nativeMethodPointer, {
        onEnter: function(args) {
            console.log("Entered " + settingMethodName + " with " + settingMethodArgCount + " argument(s).");
            console.log("Value of `string id`: " + MonoApiHelper.StringToUtf8(args[3]));
    
            args[3] = MonoApiHelper.StringNew('This is the replaced value of `string c`.', domain);
        },
        onLeave: function onLeave(log, retval, state) {
            console.log("Left " + settingMethodName + ".");
        }
    })
    
    console.log(`'modify_function_argument.js' attached and ready.`)
    

    The stacktrace I'm getting:

    node fridax.js inject --scripts scripts/todo-modify.js
    [*] Awaiting storage initialization.
    [*] Awaiting USB device.
    [*] Up and running on Android Emulator 5554.
    ? Which application do you want to inject? TodoREST
    [*] Happy hacking.
    [*] Attached to application (session: 3803).
    [*] Injected a test script (this runs from within the injected application)!
    domain: undefined
    classInformation: 0x98f63330
    methodInformation: 0x84b95058
    Error: Export not found: mono_aot_get_method
        at vendors/frida-mono-api/mono-api.js:799
        at scripts/todo-modify.js:45
        at o (node_modules/browser-pack/_prelude.js:1)
        at r (node_modules/browser-pack/_prelude.js:1)
        at /script2.js:1217
    ^C[*] Script unloaded.
    [*] Script unloaded.```
    
    If you need more info let me know.
    opened by Techbrunch 16
  • Error: Cant find mono!

    Error: Cant find mono!

    Hello,

    Thanks for this project, it looks like this is what I was looking for.

    I'm running into an issue when trying to run a script:

    node fridax.js inject --scripts read_class_static_string_variable
    [*] Awaiting storage initialization.
    [*] Awaiting USB device.
    [*] Up and running on Phone.
    ? Which application do you want to inject? Gadget
    [*] Attached to application (session: 23972).
    [*] Injected a test script (this runs from within the injected application)!
    Error: Cant find mono!
        at node_modules/frida-mono-api/src/mono-module.js:7
        at o (node_modules/browser-pack/_prelude.js:1)
        at node_modules/frida-mono-api/src/mono-api.js:2
        at o (node_modules/browser-pack/_prelude.js:1)
        at /script2.js:119
        at o (node_modules/browser-pack/_prelude.js:1)
        at scripts/read_class_static_string_variable.js:1
        at o (node_modules/browser-pack/_prelude.js:1)
        at r (node_modules/browser-pack/_prelude.js:1)
    [*] Happy hacking.
    

    What I did was:

    • Patch the APK using Objection
    • Install the APK on the phone (real device)
    • Start the APK
    • Start Objection so that the app is running
    • Run node fridax.js inject

    Any idea of what could be wrong ?

    opened by Techbrunch 4
  • Unable to install

    Unable to install

    I have the same issue as #13 and I think it's tied to your toolset rather then node-gyp. You need to include binding.gyp file in your project directory (a sort of Makefile). Tried on two environments (Host - MacOS Catalina, Guest - Kali Linux)

    ┌──(kali㉿kali)-[/tmp/fridax]
    └─$ pwd                                                                                                       130 ⨯ 1 ⚙
    /tmp/fridax
                                                                                                                            
    ┌──(kali㉿kali)-[/tmp/fridax]
    └─$ npm --version                                                                                                   1 ⚙
    7.0.3
    
    ┌──(kali㉿kali)-[/tmp/fridax]
    └─$ rm -rf node_modules package-lock.json && npm i                                                                  1 ⚙
    npm ERR! code 1
    npm ERR! path /tmp/fridax/node_modules/frida
    npm ERR! command failed
    npm ERR! command sh -c prebuild-install || node-gyp rebuild
    npm ERR! gyp info it worked if it ends with ok
    npm ERR! gyp info using [email protected]
    npm ERR! gyp info using [email protected] | linux | x64
    npm ERR! gyp info find Python using Python version 3.8.4 found at "/usr/bin/python3"
    npm ERR! gyp info spawn /usr/bin/python3
    npm ERR! gyp info spawn args [
    npm ERR! gyp info spawn args   '/usr/share/nodejs/node-gyp/gyp/gyp_main.py',
    npm ERR! gyp info spawn args   'binding.gyp',
    npm ERR! gyp info spawn args   '-f',
    npm ERR! gyp info spawn args   'make',
    npm ERR! gyp info spawn args   '-I',
    npm ERR! gyp info spawn args   '/tmp/fridax/node_modules/frida/build/config.gypi',
    npm ERR! gyp info spawn args   '-I',
    npm ERR! gyp info spawn args   '/usr/share/nodejs/node-gyp/addon.gypi',
    npm ERR! gyp info spawn args   '-I',
    npm ERR! gyp info spawn args   '/usr/include/nodejs/common.gypi',
    npm ERR! gyp info spawn args   '-Dlibrary=shared_library',
    npm ERR! gyp info spawn args   '-Dvisibility=default',
    npm ERR! gyp info spawn args   '-Dnode_root_dir=/usr/include/nodejs',
    npm ERR! gyp info spawn args   '-Dnode_gyp_dir=/usr/share/nodejs/node-gyp',
    npm ERR! gyp info spawn args   '-Dnode_lib_file=/usr/include/nodejs/<(target_arch)/node.lib',
    npm ERR! gyp info spawn args   '-Dmodule_root_dir=/tmp/fridax/node_modules/frida',
    npm ERR! gyp info spawn args   '-Dnode_engine=v8',
    npm ERR! gyp info spawn args   '--depth=.',
    npm ERR! gyp info spawn args   '--no-parallel',
    npm ERR! gyp info spawn args   '--generator-output',
    npm ERR! gyp info spawn args   'build',
    npm ERR! gyp info spawn args   '-Goutput_dir=.'
    npm ERR! gyp info spawn args ]
    npm ERR! gyp: binding.gyp not found (cwd: /tmp/fridax/node_modules/frida) while trying to load binding.gyp
    npm ERR! gyp ERR! configure error 
    npm ERR! gyp ERR! stack Error: `gyp` failed with exit code: 1
    npm ERR! gyp ERR! stack     at ChildProcess.onCpExit (/usr/share/nodejs/node-gyp/lib/configure.js:354:16)
    npm ERR! gyp ERR! stack     at ChildProcess.emit (events.js:314:20)
    npm ERR! gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:275:12)
    npm ERR! gyp ERR! System Linux 5.7.0-kali1-amd64
    npm ERR! gyp ERR! command "/usr/bin/node" "/usr/share/nodejs/node-gyp/bin/node-gyp.js" "rebuild"
    npm ERR! gyp ERR! cwd /tmp/fridax/node_modules/frida
    npm ERR! gyp ERR! node -v v12.19.0
    npm ERR! gyp ERR! node-gyp -v v7.0.0
    npm ERR! gyp ERR! not ok
    
    npm ERR! A complete log of this run can be found in:
    npm ERR!     /home/kali/.npm/_logs/2020-12-01T12_42_46_721Z-debug.log
    
    opened by duraki 3
  • Error on installing node dependencies

    Error on installing node dependencies

    fridax $ npm install
    
    > [email protected] install /Users/.../fridax/node_modules/frida
    > prebuild-install || node-gyp rebuild
    
    prebuild-install WARN install No prebuilt binaries found (target=14.7.0 runtime=node arch=x64 libc= platform=darwin)
    gyp: binding.gyp not found (cwd: /Users/.../fridax/node_modules/frida) while trying to load binding.gyp
    gyp ERR! configure error 
    gyp ERR! stack Error: `gyp` failed with exit code: 1
    gyp ERR! stack     at ChildProcess.onCpExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:351:16)
    gyp ERR! stack     at ChildProcess.emit (events.js:314:20)
    gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:276:12)
    gyp ERR! System Darwin 19.6.0
    gyp ERR! command "/usr/local/Cellar/node/14.7.0/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
    gyp ERR! cwd /Users/.../fridax/node_modules/frida
    gyp ERR! node -v v14.7.0
    gyp ERR! node-gyp -v v5.1.0
    gyp ERR! not ok 
    npm ERR! code ELIFECYCLE
    npm ERR! errno 1
    npm ERR! [email protected] install: `prebuild-install || node-gyp rebuild`
    npm ERR! Exit status 1
    npm ERR! 
    npm ERR! Failed at the [email protected] install script.
    npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
    
    npm ERR! A complete log of this run can be found in:
    npm ERR!     /Users/.../.npm/_logs/2020-10-22T09_55_37_804Z-debug.log
    
    opened by stephenreda 3
  • fridax install error with macOS v11.5.1 / node v16.4.2 / frida 15.0.13

    fridax install error with macOS v11.5.1 / node v16.4.2 / frida 15.0.13

    Hi,

    Similar to some closed issues, I'm hitting an error about binding.gyp being missing which may be related to the combination of node and frida versions I'm using

    My frida install is otherwise fully functional (both npm install frida and compiling frida-node from git source)

    It would be helpful if you could state which OS / node / frida version combinations are known to work with fridax?

    npm WARN old lockfile
    npm WARN old lockfile The package-lock.json file was created with an old version of npm,
    npm WARN old lockfile so supplemental metadata must be fetched from the registry.
    npm WARN old lockfile
    npm WARN old lockfile This is a one-time fix-up, please be patient...
    npm WARN old lockfile
    npm WARN deprecated [email protected]: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
    npm WARN deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
    npm ERR! code 1
    npm ERR! path /Users/hubert/fridax/node_modules/frida
    npm ERR! command failed
    npm ERR! command sh -c prebuild-install || node-gyp rebuild
    npm ERR! prebuild-install WARN install No prebuilt binaries found (target=16.4.2 runtime=node arch=x64 libc= platform=darwin)
    npm ERR! gyp info it worked if it ends with ok
    npm ERR! gyp info using [email protected]
    npm ERR! gyp info using [email protected] | darwin | x64
    npm ERR! gyp info find Python using Python version 3.9.6 found at "/usr/local/opt/[email protected]/bin/python3.9"
    npm ERR! (node:70687) [DEP0150] DeprecationWarning: Setting process.config is deprecated. In the future the property will be read-only.
    npm ERR! (Use `node --trace-deprecation ...` to show where the warning was created)
    npm ERR! gyp info spawn /usr/local/opt/[email protected]/bin/python3.9
    npm ERR! gyp info spawn args [
    npm ERR! gyp info spawn args   '/Users/hubert/node_modules/node-gyp/gyp/gyp_main.py',
    npm ERR! gyp info spawn args   'binding.gyp',
    npm ERR! gyp info spawn args   '-f',
    npm ERR! gyp info spawn args   'make',
    npm ERR! gyp info spawn args   '-I',
    npm ERR! gyp info spawn args   '/Users/hubert/fridax/node_modules/frida/build/config.gypi',
    npm ERR! gyp info spawn args   '-I',
    npm ERR! gyp info spawn args   '/Users/hubert/node_modules/node-gyp/addon.gypi',
    npm ERR! gyp info spawn args   '-I',
    npm ERR! gyp info spawn args   '/Users/hubert/Library/Caches/node-gyp/16.4.2/include/node/common.gypi',
    npm ERR! gyp info spawn args   '-Dlibrary=shared_library',
    npm ERR! gyp info spawn args   '-Dvisibility=default',
    npm ERR! gyp info spawn args   '-Dnode_root_dir=/Users/hubert/Library/Caches/node-gyp/16.4.2',
    npm ERR! gyp info spawn args   '-Dnode_gyp_dir=/Users/hubert/node_modules/node-gyp',
    npm ERR! gyp info spawn args   '-Dnode_lib_file=/Users/hubert/Library/Caches/node-gyp/16.4.2/<(target_arch)/node.lib',
    npm ERR! gyp info spawn args   '-Dmodule_root_dir=/Users/hubert/fridax/node_modules/frida',
    npm ERR! gyp info spawn args   '-Dnode_engine=v8',
    npm ERR! gyp info spawn args   '--depth=.',
    npm ERR! gyp info spawn args   '--no-parallel',
    npm ERR! gyp info spawn args   '--generator-output',
    npm ERR! gyp info spawn args   'build',
    npm ERR! gyp info spawn args   '-Goutput_dir=.'
    npm ERR! gyp info spawn args ]
    npm ERR! gyp: binding.gyp not found (cwd: /Users/hubert/fridax/node_modules/frida) while trying to load binding.gyp
    npm ERR! gyp ERR! configure error
    npm ERR! gyp ERR! stack Error: `gyp` failed with exit code: 1
    npm ERR! gyp ERR! stack     at ChildProcess.onCpExit (/Users/hubert/node_modules/node-gyp/lib/configure.js:351:16)
    npm ERR! gyp ERR! stack     at ChildProcess.emit (node:events:394:28)
    npm ERR! gyp ERR! stack     at Process.ChildProcess._handle.onexit (node:internal/child_process:290:12)
    npm ERR! gyp ERR! System Darwin 20.6.0
    npm ERR! gyp ERR! command "/usr/local/Cellar/node/16.4.2/bin/node" "/Users/hubert/node_modules/.bin/node-gyp" "rebuild"
    npm ERR! gyp ERR! cwd /Users/hubert/fridax/node_modules/frida
    npm ERR! gyp ERR! node -v v16.4.2
    npm ERR! gyp ERR! node-gyp -v v7.1.2
    npm ERR! gyp ERR! not ok
    
    npm ERR! A complete log of this run can be found in:
    npm ERR!     /Users/hubert/.npm/_logs/2021-08-17T13_50_57_678Z-debug.log
    
    opened by hubert3 1
  • Bump simple-get from 3.1.0 to 3.1.1

    Bump simple-get from 3.1.0 to 3.1.1

    Bumps simple-get from 3.1.0 to 3.1.1.

    Commits
    Maintainer changes

    This version was pushed to npm by linusu, a new releaser for simple-get since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump shell-quote from 1.7.2 to 1.7.3

    Bump shell-quote from 1.7.2 to 1.7.3

    Bumps shell-quote from 1.7.2 to 1.7.3.

    Changelog

    Sourced from shell-quote's changelog.

    1.7.3

    • Fix a security issue where the regex for windows drive letters allowed some shell meta-characters to escape the quoting rules. (CVE-2021-42740)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump minimist from 1.2.5 to 1.2.6

    Bump minimist from 1.2.5 to 1.2.6

    Bumps minimist from 1.2.5 to 1.2.6.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump cached-path-relative from 1.0.2 to 1.1.0

    Bump cached-path-relative from 1.0.2 to 1.1.0

    Bumps cached-path-relative from 1.0.2 to 1.1.0.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump path-parse from 1.0.6 to 1.0.7

    Bump path-parse from 1.0.6 to 1.0.7

    Bumps path-parse from 1.0.6 to 1.0.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump browserslist from 4.16.3 to 4.16.6

    Bump browserslist from 4.16.3 to 4.16.6

    Bumps browserslist from 4.16.3 to 4.16.6.

    Changelog

    Sourced from browserslist's changelog.

    4.16.6

    • Fixed npm-shrinkwrap.json support in --update-db (by Geoff Newman).

    4.16.5

    • Fixed unsafe RegExp (by Yeting Li).

    4.16.4

    • Fixed unsafe RegExp.
    • Added artifactory support to --update-db (by Ittai Baratz).
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump json5 from 2.2.0 to 2.2.3

    Bump json5 from 2.2.0 to 2.2.3

    Bumps json5 from 2.2.0 to 2.2.3.

    Release notes

    Sourced from json5's releases.

    v2.2.3

    v2.2.2

    • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

    v2.2.1

    • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)
    Changelog

    Sourced from json5's changelog.

    v2.2.3 [code, diff]

    v2.2.2 [code, diff]

    • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

    v2.2.1 [code, diff]

    • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)
    Commits
    • c3a7524 2.2.3
    • 94fd06d docs: update CHANGELOG for v2.2.3
    • 3b8cebf docs(security): use GitHub security advisories
    • f0fd9e1 docs: publish a security policy
    • 6a91a05 docs(template): bug -> bug report
    • 14f8cb1 2.2.2
    • 10cc7ca docs: update CHANGELOG for v2.2.2
    • 7774c10 fix: add proto to objects and arrays
    • edde30a Readme: slight tweak to intro
    • 97286f8 Improve example in readme
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Use fridax to iterate an ObservableCollection

    Use fridax to iterate an ObservableCollection

    Does anyone have any idea how Frida can iterate over an observable collection or collection items?

    The idea is to go over the items in a collection or get a specific item at an index.

    opened by bawarkamalqader 0
  • How to get a variables properties

    How to get a variables properties

    Hello,

    I have the below sample code

    class Person
    {
      private string name; // field
    
      public string Name   // property
      {
        get { return name; }   // get method
        set { name = value; }  // set method
      }
    }
    

    And I found that in compilation, the set method is called as "set_Name(string)"; however, when I try the below code to fetch and modify the data, the console logs an empty argument -no error is returned that shows that the method does not exist- . Can someone tell me what I am doing wrong?

    import { MonoApiHelper, MonoApi } from '../vendors/frida-mono-api'
    import ClassHelper from '../libraries/class_helper'
    var settingClassName = "Person";
    var settingMethodName = "set_Name";
    var settingMethodArgCount = 1;
    
    // The root AppDomain is the initial domain created by the runtime when it is initialized. Programs execute on this AppDomain.
    const domain = MonoApi.mono_get_root_domain()
    
    // Get a reference to a certain class within the Xamarin application.
    var classInformation = ClassHelper.getClassByName(settingClassName);
    
    // Attach interceptor and fish out the first method argument
    MonoApiHelper.Intercept(classInformation, settingMethodName, {
        onEnter: function(args) {
            console.log("Entered " + settingMethodName + " with " + settingMethodArgCount + " argument(s).");
            console.log("Value of `string id`: " + MonoApiHelper.StringToUtf8(args[0]));
        },
        onLeave: function onLeave(log, retval, state) {
            console.log("Left " + settingMethodName + ".");
        }
    })
    
    console.log(`'jit_modify_class_function_argument.js' attached and ready.`)
    
    opened by AmaalK 0
  • Stuck at device.enumerateApplications() when using frida 15.0.3

    Stuck at device.enumerateApplications() when using frida 15.0.3

    Hi, thanks for the nice tools i have an issue when fridax.js stuck in applications = await device.enumerateApplications() when using frida 15.0.3. However, the JS will run normally when using frida 14.2.18.

    using frida 15.0.3:

    ./fridax.js inject  --scripts  scripts/jit_modify_class_function_argument.js 
    [*] Awaiting storage initialization.
    [*] Awaiting USB device.
    [*] Up and running on SM-G5XXX.
    

    and it stays like that forever.

    using frida 14.2.18:

    ./fridax.js inject  --scripts  scripts/jit_modify_class_function_argument.js 
    [*] Awaiting storage initialization.
    [*] Awaiting USB device.
    [*] Up and running on SM-G5XXX.
    ? Which application do you want to inject? 
      App1
      App2
      App3
    ❯ App4
      
    (Move up and down to reveal more choices)
    

    fridax version = 1.0.0 frida-server already running = yes xamarin app already launched = yes expected behavior = fridax can be run in current version of frida (frida 15.0.X)

    opened by hanhanhanz 2
  • Can't find mono runtime

    Can't find mono runtime

    I'm trying to hook a Xamarin-based iOS app and am getting the following error:

    ~/t/s/s/f/fridax > ./fridax.js inject --device usb --scripts scripts/aot_modify_class_function_argument.js
    [*] Awaiting storage initialization.
    [*] Awaiting USB device.
    [*] Up and running on iPhone.
    ? Which application do you want to inject? XXXXX
    [*] Happy hacking.
    [*] Attached to application (session: 74911).
    [*] Injected a test script (this runs from within the injected application)!
    Error: Can't find Mono runtime!
        at <anonymous> (vendors/frida-mono-api/mono-module.js:33)
        at call (native)
        at o (node_modules/browser-pack/_prelude.js:1)
        at <anonymous> (node_modules/browser-pack/_prelude.js:1)
        at <anonymous> (vendors/frida-mono-api/mono-api.js:2)
        at call (native)
        at o (node_modules/browser-pack/_prelude.js:1)
        at <anonymous> (node_modules/browser-pack/_prelude.js:1)
        at <anonymous> (vendors/frida-mono-api/index.js:1)
        at call (native)
        at o (node_modules/browser-pack/_prelude.js:1)
        at <anonymous> (node_modules/browser-pack/_prelude.js:1)
        at <anonymous> (scripts/aot_modify_class_function_argument.js:1)
        at call (native)
        at o (node_modules/browser-pack/_prelude.js:1)
        at r (node_modules/browser-pack/_prelude.js:1)
        at <eval> (/script2.js:1246)
    

    I've looked at https://github.com/NorthwaveSecurity/fridax/issues/1 and the issue was fixed but I'm still having the issue. I've tried poking around but am just getting started with frida. Things I've tried:

    • looking for mono using Process.enumerateModulesSync()
    • looking for mono using Process.enumerateExports()
    • hooking dlopen and looking for any import of mono

    but nothing shows up. Is there anything else I can do to troubleshoot the issue? Sadly I can't share the ipa.

    opened by alexdetrano 1
Owner
Northwave
Intelligent Security Operations
Northwave
🌳 Environment – a nicer, type-safe way of working with environment variables in Swift.

?? Environment Welcome to Environment – a nicer, type-safe way of working with environment variables in Swift. Usage Access Environment Variables The

Will Lisac 31 Dec 17, 2022
Condense string literals into global variables.

Gettysburg This is an implementation of the SAX interface. API Documentation Documentation of the API can be found here: Gettysburg API A note on Char

Galen Rhodes 0 Nov 12, 2021
Swift Programming Basics - Collections, Variables & Constants

Dicee What I learned in this module How to clone an existing Xcode project from GitHub. Create an app with behaviour and functionality. Create links b

null 0 Jan 9, 2022
A universal library that contains everything we need to know about the Xamarin universe.

This is a universal library that contains everything we need to know about the Xamarin universe. This is an open-source project from the community to the community.

Xamarin Universe 260 Dec 22, 2022
Kind of tired to need an Android Device on me, just to read manga, so here we are.

Dokusho Kind of tired to need an Android Device on me, just to read manga, so here we are. I am going to prioritize feature based on how I feel and no

Stephan Deumier 13 Oct 10, 2022
A tool to read the binarycookie format of Cookies on iOS applications

BinaryCookieReader Cloned from http://securitylearn.net/wp-content/uploads/tools/iOS/BinaryCookieReader.py ##Usage Python BinaryCookieReader.py [Cooki

Murphy 77 Nov 15, 2022
Ported scrcpy for mobile platforms, to remotely control Android devices on your iPhone or Android phone.

scrcpy-mobile Ported scrcpy for mobile platforms, to remotely control Android devices on your iPhone or Android phone. Currently only supports control

Ethan 140 Jan 2, 2023
Enables easy, convenient asynchronous asset loading in RealityKit for many different kinds of assets.

RealityKit Asset Loading Discussion This package includes classes and examples that enable easy, convenient asynchronous asset loading in RealityKit f

Grant Jarvis 7 Dec 23, 2022
A macOS menu bar app that enables system-wide navigation functionality for side buttons on third-party mice.

SaneSideButtons macOS mostly ignores the M4/M5 mouse buttons, commonly used for navigation. Third-party apps can bind them to ⌘+[ and ⌘+], but this on

Jan Hülsmann 121 Dec 23, 2022
Allows you to emulate an Android native library, and an experimental iOS emulation

unidbg Allows you to emulate an Android native library, and an experimental iOS emulation. This is an educational project to learn more about the ELF/

Banny 2.5k Dec 30, 2022
Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

Runtime Mobile Security (RMS) ?? ?? by @mobilesecurity_ Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to

Mobile Security 2k Dec 29, 2022
📝 Read, update and write your Xcode projects

XcodeProj XcodeProj is a library written in Swift for parsing and working with Xcode projects. It's heavily inspired by CocoaPods XcodeProj and xcode.

Tuist 1.7k Dec 28, 2022
iOS's Stocks App clone written in React Native for demo purpose (available both iOS and Android).

FinanceReactNative iOS's Stocks App clone written in React Native for demo purpose (available both iOS and Android). Data is pulled from Yahoo Finance

kf 2k Dec 29, 2022
React Native utility library around image and video files for getting metadata like MIME type, timestamp, duration, and dimensions. Works on iOS and Android using Java and Obj-C, instead of Node 🚀.

Qeepsake React Native File Utils Extracts information from image and video files including MIME type, duration (video), dimensions, and timestamp. The

Qeepsake 12 Oct 19, 2022
Joplin - an open source note taking and to-do application with synchronization capabilities for Windows, macOS, Linux, Android and iOS. Forum: https://discourse.joplinapp.org/

Joplin® is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. The notes are sea

Laurent 33.7k Dec 30, 2022
Blazing⚡️Fast BTC and ETH Wallet Generator library for React Native, Android and iOS

Blazing ⚡️ Fast BTC and ETH Wallet Generator library for React Native, Android and iOS.

Coingrig 3 Feb 21, 2022
🏀 iOS and Android NBA app created with React Native

Swish An iOS and Android NBA app created with React Native. If you would like to request a feature, find a bug, have a question, or would like to leav

James Kuczmarski 108 Nov 11, 2022
The Outline Client is a cross-platform VPN or proxy client for Windows, macOS, iOS, Android, and ChromeOS

Outline Client The Outline Client is a cross-platform VPN or proxy client for Windows, macOS, iOS, Android, and ChromeOS. The Outline Client is design

Jigsaw 7.3k Dec 31, 2022
Respresso is a centralized resource manager for shared Android, iOS and Web frontend projects

Introduction Respresso is a centralized resource manager for shared Android, iOS and Web frontend projects. It allows you to simply import the latest

Respresso 10 Nov 8, 2022