📍 A tool that helps you can easy using frida. It support script for trace classes, functions, and modify the return values of methods on iOS platform.
👉 For Android platform: frida-android-hook
👉 For Intercept Api was encrypted on iOS application: frida-ios-intercept-api
| OS | Supported | Noted |
|---|---|---|
| MacOS | ✅ | Stable |
| Linux | ✅ | Stable |
| Windows | ✅ | Unstable |
| iOS | Frida | Frida-tools | Supported | Stable Version |
|---|---|---|---|---|
| 16.7.11 | 16.7.14 | 13.7.1 | ✅ | |
| 16.7.11 | 16.1.4 | 12.2.1 | ✅ | ✅ |
Note: Using stable versions to fix the ObjC not defined issue present in frida 17.0.1.
Running with python3.x. Support both spawn & attach script to process. All options from ./ioshook -h:
| Category | Option | Description |
|---|---|---|
| General | -h, --help |
Show help message and exit |
--cli |
Launch iOSHook interactive CLI | |
-p, --package PACKAGE |
Bundle identifier of target app (spawn) | |
-n, --name NAME |
Display name of target app (attach) | |
--pid PID |
Process ID of target app (attach) | |
-s, --script SCRIPT.JS |
Path to Frida JavaScript hooking script | |
-c, --check-version |
Check for iOSHook updates | |
-u, --update |
Update iOSHook to latest version | |
| Quick Method | -m, --method METHOD |
app-static, bypass-jb, bypass-ssl, i-url-req, i-crypto (use -n or -p as required) |
| Information | --list-devices |
List all connected Frida devices |
--list-apps |
List all installed applications on device | |
--list-scripts |
List all available Frida scripts | |
--logcat |
Show system log of device (idevicesyslog) | |
--conf |
Open and edit hook.conf file | |
--shell, --ssh |
Open SSH shell to device (default: USB via iproxy) | |
--ssh-port-forward LOCAL:DEVICE |
Forward port from local to device (ssh -R) | |
--network HOST:PORT |
Connect via network SSH (default port 22) | |
--local |
Connect via USB using iproxy | |
| Dump decrypt IPA | -d, --dump-app |
Dump and decrypt application IPA file |
-o, --output OUTPUT_IPA |
Output filename for decrypted IPA (without .ipa) | |
--dump-output-dir DIR |
Output directory for dumped IPA (default: workspaces/dumps) |
|
| Dump memory | --dump-memory OPTS |
Dump memory of running application (e.g. --string, --read-only) |
| HexByte Scan IPA | --hexbyte-scan MODE |
Mode: help, scan, patch, json |
--file FILE.IPA |
IPA file to scan/patch | |
--pattern PATTERN |
Hex pattern to search (e.g. E103??AA????E0) | |
--address ADDRESS |
Address for patch (format: address,bytes,distance) | |
--task TASK.json |
JSON task file for hexbyte scan | |
| reFlutter | --reflutter FLUTTER.IPA |
Path to Flutter IPA for reFlutter analysis |
[+] Latest version
https://github.com/noobpk/frida-ios-hook/releases
[+] Develop version
git clone -b dev https://github.com/noobpk/frida-ios-hook
[+] Python >= v3.0 (Recommend to use pyenv or virtualenv)
1. cd frida-ios-hook/
2. python3 -m venv py-env
3. source py-env/bin/active
1. pip3 install -r requirements.txt
3. python3 setup.py
4. cd frida-ios-hook
5. ./ioshook -h (--help)
If you run the script but it doesn't work, you can try the following:
frida -U -f package -l script.js
| Title | Link |
|---|---|
| Frida iOS Hook | Basic Usage | Install - List devices - List apps - List scripts - Logcat - Shell | https://youtu.be/xSndHgTdv4w |
| Frida iOS Hook | Basic Usage | Dump Decrypt IPA - Dump Memory App - Hexbyte-Scan IPA | https://youtu.be/AUsJ9_gnWAI |
| Frida iOS Hook | Basic Usage | App Static - Bypass Jailbreak - Bypass SSL - Intercept URL + Crypto | https://youtu.be/nWhKDSzArf8 |
| Frida iOS Hook | Advance Usage | Memory Dump - Radare2 - Iaito | https://youtu.be/nUqE4EYWiEc |
Because I am not a developer, so my coding skills might not be the best. Therefore, if this tool have any issue or not working for you, create an issue and i will try to fix it. Any suggestions for new feature and discussions are welcome!
