/
hook.py
65 lines (48 loc) · 1.74 KB
/
hook.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
import frida
import sys
def on_message(message, data):
try:
if message:
print("[*] {0}".format(message["payload"]))
except Exception as e:
print(message)
print(e)
def do_hook():
# https://github.com/frida/frida-gum/blob/34b62d52f41de56ee19693fa430f391115246d8c/tests/gumjs/script-darwin.m#L68
# https://github.com/frida/frida-gum/blob/34b62d52f41de56ee19693fa430f391115246d8c/bindings/gumjs/gumjs-objc.js
# $methods: array containing native method names exposed by this object
hook = """
if(ObjC.available) {
for(var className in ObjC.classes) {
if (ObjC.classes.hasOwnProperty(className)) {
if(className == "Hook") {
send("Found our target class : " + className);
}
}
}
var hook = ObjC.classes.Hook["- hookMe:"];
Interceptor.attach(hook.implementation, {
onEnter: function(args) {
var receiver = new ObjC.Object(args[0]);
send("Target class : " + receiver);
send("Target superclass : " + receiver.$superClass);
var sel = ObjC.selectorAsString(args[1]);
send("Hooked the target method : " + sel);
var obj = ObjC.Object(args[2]);
send("Argument : " + obj.toString());
}
});
} else {
console.log("Objective-C Runtime is not available!");
}
"""
return hook
if __name__ == '__main__':
try:
session = frida.attach("FridaPlayGround")
script = session.create_script(do_hook())
script.on('message', on_message)
script.load()
sys.stdin.read()
except KeyboardInterrupt:
sys.exit(0)