Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.

Last update: Jan 3, 2023

Overview

Fridax is a Node package for dealing with Xamarin applications while using the Frida API.
Goal • Installation • Usage • Examples • Issues • License
_{Built with

❤
by the Northwave Red Team}

Goal

In the Northwave Red Team we conduct security penetration tests on, among other things, mobile applications. During almost every mobile application penetration test we want to modify the behaviour of the application in such a way that it bypasses certain checks (e.g. a PIN code check).

Frida is a toolkit that allows us to do exactly that. It is a dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Using Frida you can, for example, inject and modify code of iOS and Android applications on runtime. However, if the application that is being pentested is a Xamarin application, it becomes more difficult to modify code on runtime, since Xamarin applications are basically wrappers that run a .NET binary.

Fridax to the rescue! Fridax allows you to easily modify the .NET binary inside a Xamarin application on runtime. We've included some example scripts that e.g. modify constructor and function arguments.

Happy hacking!

Installation

Clone this Git repository.

git clone [email protected]:NorthwaveNL/fridax.git

Use the package manager npm to install the dependencies for Fridax.

cd fridax
npm install

Usage

Please check the known issues before your start.

Connect your device (make sure it can be listed).
- frida-ls-devices
Copy an example script to the scripts folder.
- cp examples/modify_class_function_argument.js scripts/modify_class_function_argument.js
Adjust some of the config variables in the script (that you copied) to your needs.
- Update settingClassName, settingMethodName and settingMethodArgCount
Start the application on your device and run your script!
- ./fridax.js inject --scripts scripts/modify_class_function_argument.js

All options

./fridax.js <command>

Commands:
  ./fridax.js inject [scripts]  Inject the given scripts list.

Options:
  --version   Show version number                                                           [boolean]
  -h, --help  Show help                                                                     [boolean]
  --device    The address of the remote Frida device to connect to (or the string "usb")    [default: "usb"]

Examples:
  ./fridax.js inject --scripts scripts/modify_function_argument.js scripts/intercept_password.js scripts/sql_injection.js

Examples

Example scripts can be found in ./examples. Place an example script in the ./scripts folder to try it out. Using the example scripts, all of the variables/functions in the example class below can be read/intercepted.

namespace CompanyName.ProjectName {

    class Settings {

        // Static int can be read
        public static readonly int secret1 = 1234;

        // Static bool can be read
        public static readonly bool secret2 = false;

        // Static object can be read
        public static readonly ObfuscatedString secret3 = ObfuscatedString("yGVhqI5yzbgYUnCP+ZukDw==");

        // Static string can be read
        public static readonly string secret4 = "SecretValue";

        // Constructor can be intercepted and arguments can be modified
        Settings(string a, string b, string c) {

        }

        // Function can be intercepted and argument can be modified
        GetElement(string id) {

        }

    }

}

For example, to read the public static readonly bool secret2 you can run the command below after copying ./examples/read_static_bool_from_class.js to ./scripts/read_static_bool_from_class.js. You also need to edit the Company.ProjectName.Settings class name and secret2 variable name in that file to your needs. You can find out which names you need by using dnSpy on the Mono binary in the IPA/APK.

./fridax.js inject --scripts scripts/read_static_bool_from_class.js

Issues

Issues or new features can be reported via the GitHub issue tracker. Please make sure your issue or feature has not yet been reported by anyone else before submitting a new one.

Known issues

Xamarin app needs to be running before you start this script (see this issue for more information).
You get the error Export not found: mono_aot_get_method. This is due to your application being JIT-compiled. Please use the example scripts that are prefixed with jit_ instead of aot_ (AOT-compiled). See issue #3 for more information.

License

Fridax is open-sourced software licensed under the MIT license.

Comments

Export not found: `mono_aot_get_method` in JIT-compiled APK

Hello,

I can't get the modify_class_function_argument.js script to work.

I'm working with this app: https://github.com/xamarin/xamarin-forms-samples/tree/master/WebServices/TodoREST

I'm trying to intercerpt the GetTasksAsync function of the TodoItemManager:

using System;
using System.Collections.Generic;
using System.Threading.Tasks;

namespace TodoREST
{
	public class TodoItemManager
	{
		IRestService restService;

		public TodoItemManager (IRestService service)
		{
			restService = service;
		}

		public Task<List<TodoItem>> GetTasksAsync ()
		{
			return restService.RefreshDataAsync ();	
		}

		public Task SaveTaskAsync (TodoItem item, bool isNewItem = false)
		{
			return restService.SaveTodoItemAsync (item, isNewItem);
		}

		public Task DeleteTaskAsync (TodoItem item)
		{
			return restService.DeleteTodoItemAsync (item.ID);
		}
	}
}

Source for the class: https://github.com/xamarin/xamarin-forms-samples/blob/master/WebServices/TodoREST/TodoREST/Data/TodoItemManager.cs

I'm using this script:

import { MonoApiHelper, MonoApi } from '../vendors/frida-mono-api'
import ClassHelper from '../libraries/class_helper'

// Intercept settings
var settingClassName = "TodoREST.TodoItemManager";
var settingMethodName = "GetTasksAsync";
var settingMethodArgCount = 0;

// The root AppDomain is the initial domain created by the runtime when it is initialized. Programs execute on this AppDomain.
const domain = MonoApi.mono_get_root_domain()

console.log('domain: ' + classInformation);

// Get a reference to a certain class within the Xamarin application.
var classInformation = ClassHelper.getClassByName(settingClassName);

console.log('classInformation: ' + classInformation);

// Get the pointer to the ahead-of-time (AOT) compiled method
let methodInformation = MonoApiHelper.ClassGetMethodFromName(classInformation, settingMethodName, settingMethodArgCount)

console.log('methodInformation: ' + methodInformation);

// Allocate enough memory for MonoError initialization
let monoErrorMemory = Memory.alloc(32) 

// Get the pointer to the method
let nativeMethodPointer = MonoApi.mono_aot_get_method(domain, methodInformation, monoErrorMemory)

// Attach interceptor and fish out the first method argument
Interceptor.attach(nativeMethodPointer, {
    onEnter: function(args) {
        console.log("Entered " + settingMethodName + " with " + settingMethodArgCount + " argument(s).");
        console.log("Value of `string id`: " + MonoApiHelper.StringToUtf8(args[3]));

        args[3] = MonoApiHelper.StringNew('This is the replaced value of `string c`.', domain);
    },
    onLeave: function onLeave(log, retval, state) {
        console.log("Left " + settingMethodName + ".");
    }
})

console.log(`'modify_function_argument.js' attached and ready.`)

The stacktrace I'm getting:

node fridax.js inject --scripts scripts/todo-modify.js
[*] Awaiting storage initialization.
[*] Awaiting USB device.
[*] Up and running on Android Emulator 5554.
? Which application do you want to inject? TodoREST
[*] Happy hacking.
[*] Attached to application (session: 3803).
[*] Injected a test script (this runs from within the injected application)!
domain: undefined
classInformation: 0x98f63330
methodInformation: 0x84b95058
Error: Export not found: mono_aot_get_method
    at vendors/frida-mono-api/mono-api.js:799
    at scripts/todo-modify.js:45
    at o (node_modules/browser-pack/_prelude.js:1)
    at r (node_modules/browser-pack/_prelude.js:1)
    at /script2.js:1217
^C[*] Script unloaded.
[*] Script unloaded.```

If you need more info let me know.

opened by Techbrunch 16

Error: Cant find mono!

Hello,

Thanks for this project, it looks like this is what I was looking for.

I'm running into an issue when trying to run a script:

node fridax.js inject --scripts read_class_static_string_variable
[*] Awaiting storage initialization.
[*] Awaiting USB device.
[*] Up and running on Phone.
? Which application do you want to inject? Gadget
[*] Attached to application (session: 23972).
[*] Injected a test script (this runs from within the injected application)!
Error: Cant find mono!
    at node_modules/frida-mono-api/src/mono-module.js:7
    at o (node_modules/browser-pack/_prelude.js:1)
    at node_modules/frida-mono-api/src/mono-api.js:2
    at o (node_modules/browser-pack/_prelude.js:1)
    at /script2.js:119
    at o (node_modules/browser-pack/_prelude.js:1)
    at scripts/read_class_static_string_variable.js:1
    at o (node_modules/browser-pack/_prelude.js:1)
    at r (node_modules/browser-pack/_prelude.js:1)
[*] Happy hacking.

What I did was:

Patch the APK using Objection
Install the APK on the phone (real device)
Start the APK
Start Objection so that the app is running
Run node fridax.js inject

Any idea of what could be wrong ?

opened by Techbrunch 4

Unable to install

I have the same issue as #13 and I think it's tied to your toolset rather then node-gyp. You need to include binding.gyp file in your project directory (a sort of Makefile). Tried on two environments (Host - MacOS Catalina, Guest - Kali Linux)

┌──(kali㉿kali)-[/tmp/fridax]
└─$ pwd                                                                                                       130 ⨯ 1 ⚙
/tmp/fridax
                                                                                                                        
┌──(kali㉿kali)-[/tmp/fridax]
└─$ npm --version                                                                                                   1 ⚙
7.0.3

┌──(kali㉿kali)-[/tmp/fridax]
└─$ rm -rf node_modules package-lock.json && npm i                                                                  1 ⚙
npm ERR! code 1
npm ERR! path /tmp/fridax/node_modules/frida
npm ERR! command failed
npm ERR! command sh -c prebuild-install || node-gyp rebuild
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using [email protected]
npm ERR! gyp info using [email protected] | linux | x64
npm ERR! gyp info find Python using Python version 3.8.4 found at "/usr/bin/python3"
npm ERR! gyp info spawn /usr/bin/python3
npm ERR! gyp info spawn args [
npm ERR! gyp info spawn args   '/usr/share/nodejs/node-gyp/gyp/gyp_main.py',
npm ERR! gyp info spawn args   'binding.gyp',
npm ERR! gyp info spawn args   '-f',
npm ERR! gyp info spawn args   'make',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/tmp/fridax/node_modules/frida/build/config.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/usr/share/nodejs/node-gyp/addon.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/usr/include/nodejs/common.gypi',
npm ERR! gyp info spawn args   '-Dlibrary=shared_library',
npm ERR! gyp info spawn args   '-Dvisibility=default',
npm ERR! gyp info spawn args   '-Dnode_root_dir=/usr/include/nodejs',
npm ERR! gyp info spawn args   '-Dnode_gyp_dir=/usr/share/nodejs/node-gyp',
npm ERR! gyp info spawn args   '-Dnode_lib_file=/usr/include/nodejs/<(target_arch)/node.lib',
npm ERR! gyp info spawn args   '-Dmodule_root_dir=/tmp/fridax/node_modules/frida',
npm ERR! gyp info spawn args   '-Dnode_engine=v8',
npm ERR! gyp info spawn args   '--depth=.',
npm ERR! gyp info spawn args   '--no-parallel',
npm ERR! gyp info spawn args   '--generator-output',
npm ERR! gyp info spawn args   'build',
npm ERR! gyp info spawn args   '-Goutput_dir=.'
npm ERR! gyp info spawn args ]
npm ERR! gyp: binding.gyp not found (cwd: /tmp/fridax/node_modules/frida) while trying to load binding.gyp
npm ERR! gyp ERR! configure error 
npm ERR! gyp ERR! stack Error: `gyp` failed with exit code: 1
npm ERR! gyp ERR! stack     at ChildProcess.onCpExit (/usr/share/nodejs/node-gyp/lib/configure.js:354:16)
npm ERR! gyp ERR! stack     at ChildProcess.emit (events.js:314:20)
npm ERR! gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:275:12)
npm ERR! gyp ERR! System Linux 5.7.0-kali1-amd64
npm ERR! gyp ERR! command "/usr/bin/node" "/usr/share/nodejs/node-gyp/bin/node-gyp.js" "rebuild"
npm ERR! gyp ERR! cwd /tmp/fridax/node_modules/frida
npm ERR! gyp ERR! node -v v12.19.0
npm ERR! gyp ERR! node-gyp -v v7.0.0
npm ERR! gyp ERR! not ok

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/kali/.npm/_logs/2020-12-01T12_42_46_721Z-debug.log

opened by duraki 3

Error on installing node dependencies

fridax $ npm install

> [email protected] install /Users/.../fridax/node_modules/frida
> prebuild-install || node-gyp rebuild

prebuild-install WARN install No prebuilt binaries found (target=14.7.0 runtime=node arch=x64 libc= platform=darwin)
gyp: binding.gyp not found (cwd: /Users/.../fridax/node_modules/frida) while trying to load binding.gyp
gyp ERR! configure error 
gyp ERR! stack Error: `gyp` failed with exit code: 1
gyp ERR! stack     at ChildProcess.onCpExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:351:16)
gyp ERR! stack     at ChildProcess.emit (events.js:314:20)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:276:12)
gyp ERR! System Darwin 19.6.0
gyp ERR! command "/usr/local/Cellar/node/14.7.0/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /Users/.../fridax/node_modules/frida
gyp ERR! node -v v14.7.0
gyp ERR! node-gyp -v v5.1.0
gyp ERR! not ok 
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: `prebuild-install || node-gyp rebuild`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/.../.npm/_logs/2020-10-22T09_55_37_804Z-debug.log

opened by stephenreda 3

fridax install error with macOS v11.5.1 / node v16.4.2 / frida 15.0.13

Hi,

Similar to some closed issues, I'm hitting an error about binding.gyp being missing which may be related to the combination of node and frida versions I'm using

My frida install is otherwise fully functional (both npm install frida and compiling frida-node from git source)

It would be helpful if you could state which OS / node / frida version combinations are known to work with fridax?

npm WARN old lockfile
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile
npm WARN deprecated [email protected]: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm ERR! code 1
npm ERR! path /Users/hubert/fridax/node_modules/frida
npm ERR! command failed
npm ERR! command sh -c prebuild-install || node-gyp rebuild
npm ERR! prebuild-install WARN install No prebuilt binaries found (target=16.4.2 runtime=node arch=x64 libc= platform=darwin)
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using [email protected]
npm ERR! gyp info using [email protected] | darwin | x64
npm ERR! gyp info find Python using Python version 3.9.6 found at "/usr/local/opt/[email protected]/bin/python3.9"
npm ERR! (node:70687) [DEP0150] DeprecationWarning: Setting process.config is deprecated. In the future the property will be read-only.
npm ERR! (Use `node --trace-deprecation ...` to show where the warning was created)
npm ERR! gyp info spawn /usr/local/opt/[email protected]/bin/python3.9
npm ERR! gyp info spawn args [
npm ERR! gyp info spawn args   '/Users/hubert/node_modules/node-gyp/gyp/gyp_main.py',
npm ERR! gyp info spawn args   'binding.gyp',
npm ERR! gyp info spawn args   '-f',
npm ERR! gyp info spawn args   'make',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/Users/hubert/fridax/node_modules/frida/build/config.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/Users/hubert/node_modules/node-gyp/addon.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/Users/hubert/Library/Caches/node-gyp/16.4.2/include/node/common.gypi',
npm ERR! gyp info spawn args   '-Dlibrary=shared_library',
npm ERR! gyp info spawn args   '-Dvisibility=default',
npm ERR! gyp info spawn args   '-Dnode_root_dir=/Users/hubert/Library/Caches/node-gyp/16.4.2',
npm ERR! gyp info spawn args   '-Dnode_gyp_dir=/Users/hubert/node_modules/node-gyp',
npm ERR! gyp info spawn args   '-Dnode_lib_file=/Users/hubert/Library/Caches/node-gyp/16.4.2/<(target_arch)/node.lib',
npm ERR! gyp info spawn args   '-Dmodule_root_dir=/Users/hubert/fridax/node_modules/frida',
npm ERR! gyp info spawn args   '-Dnode_engine=v8',
npm ERR! gyp info spawn args   '--depth=.',
npm ERR! gyp info spawn args   '--no-parallel',
npm ERR! gyp info spawn args   '--generator-output',
npm ERR! gyp info spawn args   'build',
npm ERR! gyp info spawn args   '-Goutput_dir=.'
npm ERR! gyp info spawn args ]
npm ERR! gyp: binding.gyp not found (cwd: /Users/hubert/fridax/node_modules/frida) while trying to load binding.gyp
npm ERR! gyp ERR! configure error
npm ERR! gyp ERR! stack Error: `gyp` failed with exit code: 1
npm ERR! gyp ERR! stack     at ChildProcess.onCpExit (/Users/hubert/node_modules/node-gyp/lib/configure.js:351:16)
npm ERR! gyp ERR! stack     at ChildProcess.emit (node:events:394:28)
npm ERR! gyp ERR! stack     at Process.ChildProcess._handle.onexit (node:internal/child_process:290:12)
npm ERR! gyp ERR! System Darwin 20.6.0
npm ERR! gyp ERR! command "/usr/local/Cellar/node/16.4.2/bin/node" "/Users/hubert/node_modules/.bin/node-gyp" "rebuild"
npm ERR! gyp ERR! cwd /Users/hubert/fridax/node_modules/frida
npm ERR! gyp ERR! node -v v16.4.2
npm ERR! gyp ERR! node-gyp -v v7.1.2
npm ERR! gyp ERR! not ok

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/hubert/.npm/_logs/2021-08-17T13_50_57_678Z-debug.log

opened by hubert3 1

Bump simple-get from 3.1.0 to 3.1.1
Bumps simple-get from 3.1.0 to 3.1.1.

Commits

496166d 3.1.1

6eb82c0 Bug fix: Thirdparty cookie leak

See full diff in compare view

Maintainer changes

This version was pushed to npm by linusu, a new releaser for simple-get since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump shell-quote from 1.7.2 to 1.7.3
Bumps shell-quote from 1.7.2 to 1.7.3.

Changelog

Sourced from shell-quote's changelog.

1.7.3

Fix a security issue where the regex for windows drive letters allowed some shell meta-characters to escape the quoting rules. (CVE-2021-42740)

Commits

6a8a899 1.7.3

5799416 fix for security issue with windows drive letter regex

c7de931 Add security.md

414853f Update readme.markdown (#43)

0fc4a97 use Github Actions (#42)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump minimist from 1.2.5 to 1.2.6
Bumps minimist from 1.2.5 to 1.2.6.

Commits

7efb22a 1.2.6

ef88b93 security notice for additional prototype pollution issue

c2b9819 isConstructorOrProto adapted from PR

bc8ecee test from prototype pollution PR

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump cached-path-relative from 1.0.2 to 1.1.0
Bumps cached-path-relative from 1.0.2 to 1.1.0.

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump path-parse from 1.0.6 to 1.0.7
Bumps path-parse from 1.0.6 to 1.0.7.

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump browserslist from 4.16.3 to 4.16.6
Bumps browserslist from 4.16.3 to 4.16.6.

Changelog

Sourced from browserslist's changelog.

4.16.6

Fixed npm-shrinkwrap.json support in --update-db (by Geoff Newman).

4.16.5

Fixed unsafe RegExp (by Yeting Li).

4.16.4

Fixed unsafe RegExp.

Added artifactory support to --update-db (by Ittai Baratz).

Commits

6fe3614 Release 4.16.6 version

33ebac9 Update dependencies

2128170 Add support for npm-shrinkwrap files alongside package-lock (#595)

7cc2aed Release 4.16.5 version

27e4afd Update dependencies

1013a18 Fix version RegExp

b879a1a Use Node.js 16 on CI

bd1e9e0 Fix ReDoS (#593)

209adf9 Release 4.16.4 version

3e2ae3b Fix types

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump json5 from 2.2.0 to 2.2.3
Bumps json5 from 2.2.0 to 2.2.3.

Release notes

Sourced from json5's releases.

v2.2.3

Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Commits

c3a7524 2.2.3

94fd06d docs: update CHANGELOG for v2.2.3

3b8cebf docs(security): use GitHub security advisories

f0fd9e1 docs: publish a security policy

6a91a05 docs(template): bug -> bug report

14f8cb1 2.2.2

10cc7ca docs: update CHANGELOG for v2.2.2

7774c10 fix: add proto to objects and arrays

edde30a Readme: slight tweak to intro

97286f8 Improve example in readme

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Use fridax to iterate an ObservableCollection

Does anyone have any idea how Frida can iterate over an observable collection or collection items?

The idea is to go over the items in a collection or get a specific item at an index.

opened by bawarkamalqader 0

How to get a variables properties

Hello,

I have the below sample code

class Person
{
  private string name; // field

  public string Name   // property
  {
    get { return name; }   // get method
    set { name = value; }  // set method
  }
}

And I found that in compilation, the set method is called as "set_Name(string)"; however, when I try the below code to fetch and modify the data, the console logs an empty argument -no error is returned that shows that the method does not exist- . Can someone tell me what I am doing wrong?

import { MonoApiHelper, MonoApi } from '../vendors/frida-mono-api'
import ClassHelper from '../libraries/class_helper'
var settingClassName = "Person";
var settingMethodName = "set_Name";
var settingMethodArgCount = 1;

// The root AppDomain is the initial domain created by the runtime when it is initialized. Programs execute on this AppDomain.
const domain = MonoApi.mono_get_root_domain()

// Get a reference to a certain class within the Xamarin application.
var classInformation = ClassHelper.getClassByName(settingClassName);

// Attach interceptor and fish out the first method argument
MonoApiHelper.Intercept(classInformation, settingMethodName, {
    onEnter: function(args) {
        console.log("Entered " + settingMethodName + " with " + settingMethodArgCount + " argument(s).");
        console.log("Value of `string id`: " + MonoApiHelper.StringToUtf8(args[0]));
    },
    onLeave: function onLeave(log, retval, state) {
        console.log("Left " + settingMethodName + ".");
    }
})

console.log(`'jit_modify_class_function_argument.js' attached and ready.`)

opened by AmaalK 0

Stuck at device.enumerateApplications() when using frida 15.0.3
Hi, thanks for the nice tools i have an issue when fridax.js stuck in applications = await device.enumerateApplications() when using frida 15.0.3. However, the JS will run normally when using frida 14.2.18.

using frida 15.0.3:

./fridax.js inject --scripts scripts/jit_modify_class_function_argument.js [*] Awaiting storage initialization. [*] Awaiting USB device. [*] Up and running on SM-G5XXX.

and it stays like that forever.

using frida 14.2.18:

./fridax.js inject --scripts scripts/jit_modify_class_function_argument.js [*] Awaiting storage initialization. [*] Awaiting USB device. [*] Up and running on SM-G5XXX. ? Which application do you want to inject? App1 App2 App3 ❯ App4 (Move up and down to reveal more choices)

fridax version = 1.0.0 frida-server already running = yes xamarin app already launched = yes expected behavior = fridax can be run in current version of frida (frida 15.0.X)
opened by hanhanhanz 2

Can't find mono runtime

I'm trying to hook a Xamarin-based iOS app and am getting the following error:

~/t/s/s/f/fridax > ./fridax.js inject --device usb --scripts scripts/aot_modify_class_function_argument.js
[*] Awaiting storage initialization.
[*] Awaiting USB device.
[*] Up and running on iPhone.
? Which application do you want to inject? XXXXX
[*] Happy hacking.
[*] Attached to application (session: 74911).
[*] Injected a test script (this runs from within the injected application)!
Error: Can't find Mono runtime!
    at <anonymous> (vendors/frida-mono-api/mono-module.js:33)
    at call (native)
    at o (node_modules/browser-pack/_prelude.js:1)
    at <anonymous> (node_modules/browser-pack/_prelude.js:1)
    at <anonymous> (vendors/frida-mono-api/mono-api.js:2)
    at call (native)
    at o (node_modules/browser-pack/_prelude.js:1)
    at <anonymous> (node_modules/browser-pack/_prelude.js:1)
    at <anonymous> (vendors/frida-mono-api/index.js:1)
    at call (native)
    at o (node_modules/browser-pack/_prelude.js:1)
    at <anonymous> (node_modules/browser-pack/_prelude.js:1)
    at <anonymous> (scripts/aot_modify_class_function_argument.js:1)
    at call (native)
    at o (node_modules/browser-pack/_prelude.js:1)
    at r (node_modules/browser-pack/_prelude.js:1)
    at <eval> (/script2.js:1246)

I've looked at https://github.com/NorthwaveSecurity/fridax/issues/1 and the issue was fixed but I'm still having the issue. I've tried poking around but am just getting started with frida. Things I've tried:

looking for mono using Process.enumerateModulesSync()
looking for mono using Process.enumerateExports()
hooking dlopen and looking for any import of mono

but nothing shows up. Is there anything else I can do to troubleshoot the issue? Sadly I can't share the ipa.

opened by alexdetrano 1

Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.

Related tags

Overview

Goal

Installation

Usage

Examples

Issues

License

Comments

1.7.3

4.16.6

4.16.5

4.16.4

v2.2.3

v2.2.2

v2.2.1

v2.2.3 [code, diff]

v2.2.2 [code, diff]

v2.2.1 [code, diff]

Owner

Northwave

🌳 Environment – a nicer, type-safe way of working with environment variables in Swift.

Condense string literals into global variables.

Swift Programming Basics - Collections, Variables & Constants

A universal library that contains everything we need to know about the Xamarin universe.

Kind of tired to need an Android Device on me, just to read manga, so here we are.

A tool to read the binarycookie format of Cookies on iOS applications

Ported scrcpy for mobile platforms, to remotely control Android devices on your iPhone or Android phone.

Enables easy, convenient asynchronous asset loading in RealityKit for many different kinds of assets.

A macOS menu bar app that enables system-wide navigation functionality for side buttons on third-party mice.

Allows you to emulate an Android native library, and an experimental iOS emulation

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

📝 Read, update and write your Xcode projects

iOS's Stocks App clone written in React Native for demo purpose (available both iOS and Android).

React Native utility library around image and video files for getting metadata like MIME type, timestamp, duration, and dimensions. Works on iOS and Android using Java and Obj-C, instead of Node 🚀.

Joplin - an open source note taking and to-do application with synchronization capabilities for Windows, macOS, Linux, Android and iOS. Forum: https://discourse.joplinapp.org/

Blazing⚡️Fast BTC and ETH Wallet Generator library for React Native, Android and iOS

🏀 iOS and Android NBA app created with React Native

The Outline Client is a cross-platform VPN or proxy client for Windows, macOS, iOS, Android, and ChromeOS

Respresso is a centralized resource manager for shared Android, iOS and Web frontend projects