frida-scripts/raptor_frida_ios_enum.js at master · 0xdea/frida-scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
/*
 * raptor_frida_ios_enum.js - ObjC class and method enumerator
 * Copyright (c) 2017-2025 Marco Ivaldi <raptor@0xdeadbeef.info>
 *
 * "For all is like an ocean, all flows and connects;
 * touch it in one place and it echoes at the other end of the world."
 *                        -- Fyodor Dostoevsky, The Brothers Karamazov
 *
 * Frida.re JS code to enumerate ObjC classes and methods declared in an
 * iOS app. See https://www.frida.re/ and https://codeshare.frida.re/ for
 * further information on this world-class dynamic instrumentation toolkit.
 *
 * Example usage:
 * $ uv tool install frida-tools
 * $ frida -U -f com.target.app -l raptor_frida_ios_enum.js
 *
 * Tested with:
 * Frida 17.3.2 on macOS 15.6.1 with iPhone 8 (iOS 16.5 + https://palera.in/)
 *
 * Get the latest version at:
 * https://github.com/0xdea/frida-scripts/
 */

// Enumerate all ObjC classes
function enumAllClasses()
{
	var allClasses = [];

	for (var aClass in ObjC.classes) {
		if (ObjC.classes.hasOwnProperty(aClass)) {
			allClasses.push(aClass);
		}
	}

	return allClasses;
}

// Find all ObjC classes that match a pattern
function findClasses(pattern)
{
	var allClasses = enumAllClasses();
	var foundClasses = [];

	allClasses.forEach(function(aClass) {
		if (aClass.match(pattern)) {
			foundClasses.push(aClass);
		}
	});

	return foundClasses;
}

// Enumerate all methods declared in an ObjC class
function enumMethods(targetClass)
{
	var ownMethods = ObjC.classes[targetClass].$ownMethods;

	return ownMethods;
}

// Enumerate all methods declared in all ObjC classes
function enumAllMethods()
{
	var allClasses = enumAllClasses();
	var allMethods = {};

	allClasses.forEach(function(aClass) {
		enumMethods(aClass).forEach(function(method) {
			if (!allMethods[aClass]) allMethods[aClass] = [];
			allMethods[aClass].push(method);
		});
	});

	return allMethods;
}

// Find all ObjC methods that match a pattern
function findMethods(pattern)
{
	var allMethods = enumAllMethods();
	var foundMethods = {};

	for (var aClass in allMethods) {
		allMethods[aClass].forEach(function(method) {
			if (method.match(pattern)) {
				if (!foundMethods[aClass]) foundMethods[aClass] = [];
				foundMethods[aClass].push(method);
			}
		});
	}

	return foundMethods;
}

// Usage examples
if (ObjC.available) {

	// Enumerate all classes
	/*
	var a = enumAllClasses();
	a.forEach(function(s) {
		console.log(s);
	});
	*/

	// Find classes that match a pattern
	/*
	var a = findClasses(/password/i);
	a.forEach(function(s) {
		console.log(s);
	});
	*/

	// Enumerate all methods in a class
	/*
	var a = enumMethods("PasswordManager")
	a.forEach(function(s) {
		console.log(s);
	});
	*/

	// Enumerate all available methods
	// TODO: understand why this doesn't work in script, but works in REPL
	/*
	var d = enumAllMethods();
	for (k in d) {
		console.log(k);
		d[k].forEach(function(s) {
			console.log("\t" + s);
		});
	}
	*/

	// Find methods that match a pattern
	// TODO: understand why this doesn't work in script, but works in REPL
	/*
	var d = findMethods(/password/i);
	for (k in d) {
		console.log(k);
		d[k].forEach(function(s) {
			console.log("\t" + s);
		});
	}
	*/

} else {
 	send("error: Objective-C Runtime is not available!");
}