iOS Hooking With Objection
Jifunze kuhusu kudukua AWS kutoka mwanzo hadi kuwa bingwa na htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)!
Njia nyingine za kusaidia HackTricks:
Ikiwa unataka kuona kampuni yako ikionekana kwenye HackTricks au kupakua HackTricks kwa muundo wa PDF Angalia MPANGO WA KUJIUNGA!
Gundua Familia ya PEASS, mkusanyiko wetu wa NFTs ya kipekee
Jiunge na 💬 Kikundi cha Discord au kikundi cha telegram au tufuate kwenye Twitter 🐦 @carlospolopm.
Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye HackTricks na HackTricks Cloud repos za github.
Kwa sehemu hii, zana Objection itatumika. Anza kwa kupata kikao cha objection kwa kutekeleza kitu kama:
objection -d --gadget "iGoat-Swift" explore
objection -d --gadget "OWASP.iGoat-Swift" explore
Unaweza pia kutekeleza frida-ps -Uia
ili kuangalia michakato inayofanya kazi kwenye simu.
Uchunguzi wa Msingi wa Programu
Njia za Programu za Ndani
env
: Tafuta njia ambapo programu imehifadhiwa ndani ya kifaa
env
Jina Njia
----------------- -----------------------------------------------------------------------------------------------
BundlePath /private/var/containers/Bundle/Application/179A6E8B-E7A8-476E-BBE3-B9300F546068/iGoat-Swift.app
CachesDirectory /var/mobile/Containers/Data/Application/A079DF84-726C-4AEA-A194-805B97B3684A/Library/Caches
DocumentDirectory /var/mobile/Containers/Data/Application/A079DF84-726C-4AEA-A194-805B97B3684A/Documents
LibraryDirectory /var/mobile/Containers/Data/Application/A079DF84-726C-4AEA-A194-805B97B3684A/Library
Orodha ya Vifurushi, fremu na maktaba
ios bundles list_bundles
: Orodha ya vifurushi vya programu
ios bundles list_bundles
Executable Bundle Version Njia
------------ -------------------- --------- -------------------------------------------
iGoat-Swift OWASP.iGoat-Swift 1.0 ...8-476E-BBE3-B9300F546068/iGoat-Swift.app
AGXMetalA9 com.apple.AGXMetalA9 172.18.4 ...tem/Library/Extensions/AGXMetalA9.bundle
ios bundles list_frameworks
: Orodha ya fremu za nje zinazotumiwa na programu
ios bundles list_frameworks
Executable Bundle Version Njia
------------------------------ -------------------------------------------- ---------- -------------------------------------------
ReactCommon org.cocoapods.ReactCommon 0.61.5 ...tle.app/Frameworks/ReactCommon.framework
...vateFrameworks/CoreDuetContext.framework
FBReactNativeSpec org.cocoapods.FBReactNativeSpec 0.61.5 ...p/Frameworks/FBReactNativeSpec.framework
...ystem/Library/Frameworks/IOKit.framework
RCTAnimation org.cocoapods.RCTAnimation 0.61.5 ...le.app/Frameworks/RCTAnimation.framework
jsinspector org.cocoapods.jsinspector 0.61.5 ...tle.app/Frameworks/jsinspector.framework
DoubleConversion org.cocoapods.DoubleConversion 1.1.6 ...pp/Frameworks/DoubleConversion.framework
react_native_config org.cocoapods.react-native-config 0.12.0 ...Frameworks/react_native_config.framework
react_native_netinfo org.cocoapods.react-native-netinfo 4.4.0 ...rameworks/react_native_netinfo.framework
PureLayout org.cocoapods.PureLayout 3.1.5 ...ttle.app/Frameworks/PureLayout.framework
GoogleUtilities org.cocoapods.GoogleUtilities 6.6.0 ...app/Frameworks/GoogleUtilities.framework
RCTNetwork org.cocoapods.RCTNetwork 0.61.5 ...ttle.app/Frameworks/RCTNetwork.framework
RCTActionSheet org.cocoapods.RCTActionSheet 0.61.5 ....app/Frameworks/RCTActionSheet.framework
react_native_image_editor org.cocoapods.react-native-image-editor 2.1.0 ...orks/react_native_image_editor.framework
CoreModules org.cocoapods.CoreModules 0.61.5 ...tle.app/Frameworks/CoreModules.framework
RCTVibration org.cocoapods.RCTVibration 0.61.5 ...le.app/Frameworks/RCTVibration.framework
RNGestureHandler org.cocoapods.RNGestureHandler 1.6.1 ...pp/Frameworks/RNGestureHandler.framework
RNCClipboard org.cocoapods.RNCClipboard 1.5.1 ...le.app/Frameworks/RNCClipboard.framework
react_native_image_picker org.cocoapods.react-native-image-picker 2.3.4 ...orks/react_native_image_picker.framework
[..]
memory list modules
: Orodha ya moduli zilizopakiwa kwenye kumbukumbu
memory list modules
Jina Msingi Ukubwa Njia
----------------------------------- ----------- ------------------- ------------------------------------------------------------------------------
iGoat-Swift 0x104ffc000 2326528 (2.2 MiB) /private/var/containers/Bundle/Application/179A6E8B-E7A8-476E-BBE3-B9300F54...
SubstrateBootstrap.dylib 0x105354000 16384 (16.0 KiB) /usr/lib/substrate/SubstrateBootstrap.dylib
SystemConfiguration 0x1aa842000 495616 (484.0 KiB) /System/Library/Frameworks/SystemConfiguration.framework/SystemConfiguratio...
libc++.1.dylib 0x1bdcfd000 368640 (360.0 KiB) /usr/lib/libc++.1.dylib
libz.1.dylib 0x1efd3c000 73728 (72.0 KiB) /usr/lib/libz.1.dylib
libsqlite3.dylib 0x1c267f000 1585152 (1.5 MiB) /usr/lib/libsqlite3.dylib
Foundation 0x1ab550000 2732032 (2.6 MiB) /System/Library/Frameworks/Foundation.framework/Foundation
libobjc.A.dylib 0x1bdc64000 233472 (228.0 KiB) /usr/lib/libobjc.A.dylib
[...]
memory list exports <module_name>
: Exports ya moduli iliyopakiwa
memory list exports iGoat-Swift
Aina Jina Anwani
-------- -------------------------------------------------------------------------------------------------------------------------------------- -----------
variable _mh_execute_header 0x104ffc000
function _mdictof 0x10516cb88
function _ZN9couchbase6differ10BaseDifferD2Ev 0x10516486c
function _ZN9couchbase6differ10BaseDifferD1Ev 0x1051648f4
function _ZN9couchbase6differ10BaseDifferD0Ev 0x1051648f8
function _ZN9couchbase6differ10BaseDiffer5setupEmm 0x10516490c
function _ZN9couchbase6differ10BaseDiffer11allocStripeEmm 0x105164a20
function _ZN9couchbase6differ10BaseDiffer7computeEmmj 0x105164ad8
function _ZN9couchbase6differ10BaseDiffer7changesEv 0x105164de4
function _ZN9couchbase6differ10BaseDiffer9addChangeENS0_6ChangeE 0x105164fa8
function _ZN9couchbase6differlsERNSt3__113basic_ostreamIcNS1_11char_traitsIcEEEERKNS0_6ChangeE 0x1051651d8
function _ZN9couchbase6differlsERNSt3__113basic_ostreamIcNS1_11char_traitsIcEEEERKNS1_6vectorINS0_6ChangeENS1_9allocatorIS8_EEEE 0x105165280
variable _ZTSN9couchbase6differ10BaseDifferE 0x1051d94f0
variable _ZTVN9couchbase6differ10BaseDifferE 0x10523c0a0
variable _ZTIN9couchbase6differ10BaseDifferE 0x10523c0f8
[..]
Orodha ya darasa za programu
ios hooking list classes
: Orodha ya darasa za programu
ios hooking list classes
AAAbsintheContext
AAAbsintheSigner
AAAbsintheSignerContextCache
AAAcceptedTermsController
AAAccount
AAAccountManagementUIResponse
AAAccountManager
AAAddEmailUIRequest
AAAppleIDSettingsRequest
AAAppleTVRequest
AAAttestationSigner
[...]
ios hooking search classes <search_term>
: Tafuta darasa linalo zawadi ya neno. Unaweza kutafuta neno la pekee linalohusiana na jina kuu la pakiti ili kupata darasa kuu za programu kama ilivyo katika mfano:
ios hooking search classes iGoat
iGoat_Swift.CoreDataHelper
iGoat_Swift.RCreditInfo
iGoat_Swift.SideContainmentSegue
iGoat_Swift.CenterContainmentSegue
iGoat_Swift.KeyStorageServerSideVC
iGoat_Swift.HintVC
iGoat_Swift.BinaryCookiesExerciseVC
iGoat_Swift.ExerciseDemoVC
iGoat_Swift.PlistStorageExerciseViewController
iGoat_Swift.CouchBaseExerciseVC
iGoat_Swift.MemoryManagementVC
[...]
Orodha ya njia za darasa
ios hooking list class_methods
: Orodha ya njia za darasa fulani
ios hooking list class_methods iGoat_Swift.RCreditInfo
- cvv
- setCvv:
- setName:
- .cxx_destruct
- name
- cardNumber
- init
- initWithValue:
- setCardNumber:
ios hooking search methods <search_term>
: Tafuta njia inayojumuisha herufi
ios hooking search methods cvv
[AMSFinanceVerifyPurchaseResponse + _dialogRequestForCVVFromPayload:verifyType:]
[AMSFinanceVerifyPurchaseResponse - _handleCVVDialogResult:shouldReattempt:]
[AMSFinanceVerifyPurchaseResponse - _runCVVRequestForCode:error:]
[iGoat_Swift.RCreditInfo - cvv]
[iGoat_Swift.RCreditInfo - setCvv:]
[iGoat_Swift.RealmExerciseVC - creditCVVTextField]
[iGoat_Swift.RealmExerciseVC - setCreditCVVTextField:]
[iGoat_Swift.DeviceLogsExerciseVC - cvvTextField]
[iGoat_Swift.DeviceLogsExerciseVC - setCvvTextField:]
[iGoat_Swift.CloudMisconfigurationExerciseVC - cvvTxtField]
[iGoat_Swift.CloudMisconfigurationExerciseVC - setCvvTxtField:]
Ufundi wa Msingi wa Kukamata
Sasa umepata darasa na moduli zilizotumiwa na programu unaweza kuwa umepata baadhi ya majina ya darasa na njia ya kuvutia.
Kukamata njia zote za darasa
ios hooking watch class <class_name>
: Kukamata njia zote za darasa, kuchapisha vigezo vya awali na kurudi
ios hooking watch class iGoat_Swift.PlistStorageExerciseViewController
Kukamata njia moja
ios hooking watch method "-[<class_name> <method_name>]" --dump-args --dump-return --dump-backtrace
: Kukamata njia maalum ya darasa na kuchapisha vigezo, nyuma na kurudi kwa njia kila wakati inaitwa
ios hooking watch method "-[iGoat_Swift.BinaryCookiesExerciseVC verifyItemPressed]" --dump-args --dump-backtrace --dump-return
Badilisha Kurudi kwa Boolean
ios hooking set return_value "-[<class_name> <method_name>]" false
: Hii itafanya njia iliyochaguliwa irudishe boolean iliyotajwa
ios hooking set return_value "-[iGoat_Swift.BinaryCookiesExerciseVC verifyItemPressed]" false
Jenereta ya Kukamata
ios hooking generate simple <class_name>
:
ios hooking generate simple iGoat_Swift.RCreditInfo
var target = ObjC.classes.iGoat_Swift.RCreditInfo;
Interceptor.attach(target['+ sharedSchema'].implementation, {
onEnter: function (args) {
console.log('Entering + sharedSchema!');
},
onLeave: function (retval) {
console.log('Leaving + sharedSchema');
},
});
Interceptor.attach(target['+ className'].implementation, {
onEnter: function (args) {
console.log('Entering + className!');
},
onLeave: function (retval) {
console.log('Leaving + className');
},
});
Interceptor.attach(target['- cvv'].implementation, {
onEnter: function (args) {
console.log('Entering - cvv!');
},
onLeave: function (retval) {
console.log('Leaving - cvv');
},
});
Interceptor.attach(target['- setCvv:'].implementation, {
onEnter: function (args) {
console.log('Entering - setCvv:!');
},
onLeave: function (retval) {
console.log('Leaving - setCvv:');
},
});
Jifunze kuhusu udukuzi wa AWS kutoka sifuri hadi shujaa na htARTE (HackTricks AWS Red Team Expert)!
Njia nyingine za kusaidia HackTricks:
Ikiwa unataka kuona kampuni yako inayotangazwa katika HackTricks au kupakua HackTricks katika PDF Angalia MPANGO WA KUJIUNGA!
Gundua The PEASS Family, mkusanyiko wetu wa NFTs ya kipekee
Jiunge na 💬 Kikundi cha Discord au kikundi cha telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 @carlospolopm.
Shiriki mbinu zako za udukuzi kwa kuwasilisha PR kwa HackTricks na HackTricks Cloud github repos.
Last updated