def watch_class_method(args: list) -> None:
"""
Starts an objection jon that hooks into a specific class method
and reports on invocations.
:param args:
:return:
"""
if len(clean_argument_flags(args)) <= 0:
click.secho(('Usage: ios hooking watch method <selector> (eg: -[ClassName methodName:]) '
'(optional: --dump-backtrace) '
'(optional: --dump-args) '
'(optional: --dump-return)'), bold=True)
return
selector = args[0]
argument_count = selector.count(':')
runner = FridaRunner()
runner.set_hook_with_data(ios_hook('hooking/watch-method'), selector=selector,
argument_count=argument_count,
dump_backtrace=_should_dump_backtrace(args),
dump_args=_should_dump_args(args),
dump_return=_should_dump_return_value(args))
runner.run_as_job(name='watch-method', args=args)
def set_method_return_value(args: list = None) -> None:
"""
Sets a Java methods return value to a specified boolean.
:param args:
:return:
"""
if len(clean_argument_flags(args)) < 2:
click.secho(
('Usage: android hooking set return_value '
'"<fully qualified class>" (eg: "com.example.test") '
'"<method (with overload if needed)>" (eg: see help for details) '
'<true/false>'),
bold=True)
return
class_name = args[0]
method_name = args[1].replace('\'', '"') # fun!
retval = args[2]
runner = FridaRunner()
runner.set_hook_with_data(android_hook('hooking/set-return'),
class_name=class_name,
method_name=method_name,
retval=retval)
runner.run_as_job(name='set-return-value', args=args)
def watch_class(args: list) -> None:
"""
Watches for invocations of all methods in an Android
Java class. All overloads for methods found are also watched.
:param args:
:return:
"""
if len(clean_argument_flags(args)) < 1:
click.secho(
'Usage: android hooking watch class <class> '
'(eg: com.example.test) '
'(optional: --dump-args) '
'(optional: --dump-backtrace) '
'(optional: --dump-return)',
bold=True)
return
target_class = args[0]
runner = FridaRunner()
runner.set_hook_with_data(android_hook('hooking/watch-class-methods'),
target_class=target_class,
dump_args=_should_dump_args(args),
dump_return=_should_dump_return_value(args),
dump_backtrace=_should_dump_backtrace(args))
runner.run_as_job(name='watch-java-class', args=args)
def watch_class_method(args: list) -> None:
"""
Starts an objection jon that hooks into a specific class method
and reports on invocations.
:param args:
:return:
"""
if len(args) <= 0:
click.secho((
'Usage: ios hooking watch method <selector>'
' (eg: -[ClassName methodName:]) (optional: --include-backtrace)'),
bold=True)
return
selector = args[0]
runner = FridaRunner()
runner.set_hook_with_data(
ios_hook('hooking/watch-method'),
selector=selector,
include_backtrace=_should_include_backtrace(args))
runner.run_as_job(name='watch-method')
def watch_class_method(args: list) -> None:
"""
Watches for invocations of an Android Java class method.
All overloads are watched.
:param args:
:return:
"""
if len(args) < 2:
click.secho(
('Usage: android hooking watch class_method <class> <method>'
' (eg: com.example.test dologin)'),
bold=True)
return
target_class = args[0]
target_method = args[1]
runner = FridaRunner()
runner.set_hook_with_data(android_hook('hooking/watch-method'),
target_class=target_class,
target_method=target_method)
runner.run_as_job(name='watch-java-method')
def watch_class_method(args: list) -> None:
"""
Watches for invocations of an Android Java class method.
All overloads for the same method are also watched.
Optionally, this method will dump the watched methods arguments,
backtrace as well as return value.
:param args:
:return:
"""
if len(clean_argument_flags(args)) < 2:
click.secho(
('Usage: android hooking watch class_method <class> <method> '
'(eg: com.example.test dologin) '
'(optional: --dump-args) '
'(optional: --dump-backtrace) '
'(optional: --dump-return)'),
bold=True)
return
target_class = args[0]
target_method = args[1]
runner = FridaRunner()
runner.set_hook_with_data(android_hook('hooking/watch-method'),
target_class=target_class,
target_method=target_method,
dump_args=_should_dump_args(args),
dump_return=_should_dump_return_value(args),
dump_backtrace=_should_dump_backtrace(args))
runner.run_as_job(name='watch-java-method', args=args)
def watch_class_methods_var_returns(args: list) -> None:
"""
Starts an objection jon that hooks into a specific all classes
and methods and reports on invocations when specifi
args and return values reached.
:param args:
:return:
"""
if len(clean_argument_flags(args)) <= 0:
click.secho(('Usage: ios hooking watch var_and_returns <classPattern> <methodPattern> <argsPattern> <returnPattern> (eg: Controller login [email protected] false) '
'(optional: --dump-backtrace) '
'(optional: --dump-args) '
'(optional: --dump-return)'), bold=True)
return
classes_Pattern = args[0]
methods_Pattern = args[1]
args_Pattern = args[2]
returns_Pattern = args[3]
runner = FridaRunner()
runner.set_hook_with_data(ios_hook('hooking/watch-class-methods-var-returns'),
classes_Pattern=classes_Pattern,
methods_Pattern=methods_Pattern,
args_Pattern=args_Pattern,
returns_Pattern=returns_Pattern,
dump_backtrace=_should_dump_backtrace(args),
dump_args=_should_dump_args(args),
dump_return=_should_dump_return_value(args))
runner.run_as_job(name='watch-class-methods-var-returns', args=args)
def simulate(args: list = None) -> None:
"""
Attempts to simulate a Jailbroken environment
:param args:
:return:
"""
hook = ios_hook('jailbreak/simulate')
runner = FridaRunner(hook=hook)
runner.run_as_job(name='simulate-jailbroken-environment')
def simulate(args: list = None) -> None:
"""
Simulate a rooted environment.
:param args:
:return:
"""
runner = FridaRunner()
runner.set_hook_with_data(android_hook('root/simulate'))
runner.run_as_job(name='root-simulate')
def disable(args: list = None) -> None:
"""
Performs a generic anti root detection.
:param args:
:return:
"""
runner = FridaRunner()
runner.set_hook_with_data(android_hook('root/disable'))
runner.run_as_job(name='root-disable')
def disable(args: list = None) -> None:
"""
Attempts to disable jailbreak detection.
:param args:
:return:
"""
hook = ios_hook('jailbreak/disable')
runner = FridaRunner(hook=hook)
runner.run_as_job(name='disable-jailbreak-detection')
def monitor(args: list = None) -> None:
"""
Starts a new objection job that monitors the Android clipboard
and reports on new strings found.
:param args:
:return:
"""
hook = android_hook('clipboard/monitor')
runner = FridaRunner(hook=hook)
runner.run_as_job(name='clipboard-monitor')
def ios_disable(args: list = None) -> None:
"""
Starts a new objection job that hooks common classes and functions,
applying new logic in an attempt to bypass SSL pinning.
:param args:
:return:
"""
hook = ios_hook('pinning/disable')
runner = FridaRunner(hook=hook)
runner.run_as_job(name='pinning-disable')
def android_disable(args: list = None) -> None:
"""
Starts a new objection job that hooks common classes and functions,
applying new logic in an attempt to bypass SSL pinning.
:param args:
:return:
"""
hook = android_hook('pinning/disable')
runner = FridaRunner()
runner.set_hook_with_data(hook=hook, quiet=_should_be_quiet(args))
runner.run_as_job(name='pinning-disable')
def dump_ios_method_args(args: list) -> None:
"""
Starts an objection job that hooks into a class method and
dumps the argument values as the method is invoked.
:param args:
:return:
"""
# small helper method to reduce copy/paste code for the usage info
def usage():
click.secho(
'Usage: ios hooking dump method_args <+/-> <class_name> <method_name>',
bold=True)
if len(args) < 3:
usage()
return
class_instance = args[0]
class_name = args[1]
method_name = args[2]
if class_instance not in ['-', '+']:
click.secho(
'Specify a class method (+) or instance method (-) with either a "+" or a "-"',
fg='red')
usage()
return
full_method = '{0}[{1} {2}]'.format(class_instance, class_name,
method_name)
argument_count = full_method.count(':')
click.secho('Full method: {0} ({1} arguments)'.format(
full_method, argument_count))
# prepare a runner for the arg dump hook
runner = FridaRunner()
runner.set_hook_with_data(ios_hook('hooking/dump-arguments'),
method=full_method,
argument_count=argument_count)
runner.run_as_job(name='dump-arguments')
def watch_class(args: list) -> None:
"""
Starts an objection job that hooks into all of the methods
available in a class and reports on invocations.
:param args:
:return:
"""
if len(args) <= 0:
click.secho('Usage: ios hooking watch class <class_name> (--include-parents)', bold=True)
return
class_name = args[0]
runner = FridaRunner()
runner.set_hook_with_data(
ios_hook('hooking/watch-class-methods'),
class_name=class_name, include_parents=_should_include_parent_methods(args))
runner.run_as_job(name='watch-class-methods')
def set_method_return_value(args: list) -> None:
"""
Make an Objective-C method return a specific boolean
value, always.
:param args:
:return:
"""
if len(args) < 2:
click.secho('Usage: ios hooking set_method_return "<selector>" (eg: "-[ClassName methodName:]") <true/false>',
bold=True)
return
selector = args[0]
retval = args[1]
runner = FridaRunner()
runner.set_hook_with_data(
ios_hook('hooking/set-return'), selector=selector, retval=_string_is_true(retval))
runner.run_as_job(name='set-return-value')
def var_class(args: list) -> None:
if len(clean_argument_flags(args)) < 2:
click.secho(('Usage: android hooking watch var <class> <var> '
'(eg: com.example.test [email protected]) '
'(optional: --dump-args) '
'(optional: --dump-backtrace) '
'(optional: --dump-return)'),
bold=True)
return
search_class = args[0]
search_var = args[1]
runner = FridaRunner()
runner.set_hook_with_data(android_hook('hooking/var-class'),
search_class=search_class,
search_var=search_var,
dump_args=_should_dump_args(args),
dump_return=_should_dump_return_value(args),
dump_backtrace=_should_dump_backtrace(args))
runner.run_as_job(name='watch-java-var', args=args)
def dump_android_method_args(args: list) -> None:
"""
Starts an objection job that hooks into a class method and
dumps the argument values as the method is invoked.
:param args:
:return:
"""
if len(args) < 2:
click.secho('Usage: android hooking dump_args <class> <method>',
bold=True)
return
target_class = args[0]
target_method = args[1]
# prepare a runner for the arg dump hook
runner = FridaRunner()
runner.set_hook_with_data(android_hook('hooking/dump-arguments'),
target_class=target_class,
target_method=target_method)
runner.run_as_job(name='dump-arguments')
