Awesome
Fried Apple Framework (FRAPL)
FRAPL is a reverse engineering framework created to simplify dynamic instrumentation with Frida.
The core of FRAPL is FridaLink - TCP/JSON based protocol and IDA plugin for establishing a bridge between Frida client and IDA Pro. It brings runtime information to IDA disassembly and allows monitoring dynamic changes by controlling Frida directly from IDA.
FRAPL requires just three simple steps to actually start reverse engineering. Without a single line of code.
This is a new way of combining static and dynamic analysis.
<center>__FridaLink Overall View__</center> ![FRAPL](./Resources/screenshots/frapl_overall_view.png?raw=true "FRAPL") <center>You can find old FridaLink User Manual [here](./Resources/documents/FridaLinkUserManual_160412.pdf)</center>Publications
Ruxcon 12 (October 2016)
[Slides](./Publications/2016 Ruxon 12/Ruxcon_12_FRAPL.pdf)
Design and Structure
FRAPL
- iOS/* - iOS specific FRAPL headers (classes, helpers, UI)
- macOS/* - macOS specific FRAPL headers (classes, helpers, UI)
- FrAClientCore.js - Node.js Frida client core
- Client script (with
include()
command support) - Executing server script on target
- Frida RPC client/server message handling (client side)
- FridaLink message handling (from Frida server and from/to IDA)
- Shortcut handling
- Client script (with
- FrAServerCore.js - JS Frida server core
- Frida RPC client/server message handling (server side)
- FrAHelperLib.js - JS code to communicate with FRAPL Helper Library
- FrAFridaLink.js - JS Frida server functions for FridaLink
- FrACommon.js - Node.js/JS code to share between Frida client and server
- FrAGCD.js - JS code to add Grand Central Dispatch support to Frida server
- FrAdlfcn.js - JS code to add dl* funtions support from libdyld.dylib
- FrAUtils.js - Node.js/JS utility functions to share between Frida client and server
- Algorithms
- Output formatting
- Dumpers (like memory and ObjC)
- Other helper functions
FridaLink
- FridaLink/ - FridaLink Source Code
- FridaLink.py - IDA Pro script (will be a plugin eventually) to implement FridaLink server
Misc
- package.json - nmp package description to install all dependencies
- create_project.sh - Script for generating minimal scripts for FRAPL and FridaLink
- README.md - this readme file
Architecture
Getting Started
Prerequisites
To install required nmp modules run following command in FRAPL folder:
$ nmp install
FridaLink
FridaLink setup is as simple as 1-2-3 and requires just three steps to attach to app and actually start reverse engineering your target. Without a single line of code.
- In IDA press ALT+F7 and load FridaLink.py
- In terminal run
$ ./create_project.sh -f ~/Projects/TargetApp ; cd ~/Projects/TargetApp
to create project - In terminal to attach to target and establish FridaLink run
$ node ./client.js -c theme.json -l -n TargetApp server.js
for macOS target
$ node ./client.js -c theme.json -l -r -p $(frida-ps -U | grep TargetApp | awk '{print $1}') ./server.js
for iOS target