Home

Awesome

frisky

Instruments to assist in binary application reversing and augmentation, geared towards walled gardens like iOS. Most, if not all, recently tested on iOS 11.1.2 and macOS 10.12.6.

iOS

frida-url-interceptor.js - Intercepts all URLs of an iOS/macOS application, allowing you to trace and alter/intercept all network traffic, including https, per app before encryption and after decryption:
ldid / ldid2 - When building recent iOS jailbreaks dependent on SHA256 signatures, ldid2 is required. This repo will allow you to easily compile ldid and ldid2 for signing and modifying an iOS binary's entitlements, and thus jailbreaking a device.
Extract shared libraries used by apps not directly available on iOS filesystem for static analysis:
Discover and modify library/framework function call arguments and return codes via Frida:
iOS - bypassing TLS certificate pinning / allow untrusted certs in Facebook SocketRocket
  onEnter: function (log, args, state) {
    log('-[SRWebSocket initWithURLRequest:' + args[2] + ' protocols:' + args[3] + ' allowsUntrustedSSLCertificates:' + args[4] + ']')
    args[4] = ptr(1) // set allowsUntrustedSSLCertificates = true
  },
Sniff network traffic from (non-jailbroken/jailbroken) iOS device from your mac:
Decrypt IPA (iOS apps)/Frameworks for static analysis via dumpdecrypted.dylib:
View system logs on iOS live using deviceconsole:
Electra: allow jailbroken Tweaks to appear in Settings:

Contact

Shaped by @SamyKamkar / https://samy.pl