[3] Deploy method hooks using frida REPL

Alright, so - time to move on to DBI and inject Frida into our app!

Inject Frida

In the command prompt, navigate to the course scripts directory and type the following:

frida -U --runtime=v8 -l privatePhotoVault.js -F

To quickly pick apart the extra arguments we're passing:

• -U tells frida to look for a device connected via USB (virtually or otherwise)

• --runtime=v8 tells frida to use a newer version of JavaScript which has a number of quality of life improvements. I generally always use it.

• -l privatePhotoVault.js tells frida to inject our course script with some pre-made functions useful for reversing.

• For more reading on frida command line arguments, see .

This should get you to the following terminal view (hereinafter called the ):

If you made it here – excellent! Now, we’re ready to have some fun. If you’ve never written code before, that’s about to change! Don’t worry, we’ll take it slow!

Autocomplete / Intellisense

One thing Frida does that can make life a bit easier is provide a bit of good old intellisense. This means when you start typing, an autocomplete box appears which you can navigate with the up and down arrow keys.

Get your hooks in!

To apply a method hook, we will use the traceMethod command. traceMethod is from the Raptor iOS tracing script and takes the class name as a string.

traceMethod('com.github.browep.privatephotovault.crypto.CryptoUtils.pinsMatch')

If successful, you should see a message from Frida saying:

Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.pinsMatch [1 overload(s)]

Time to see if we are on the right track! Enter the PIN on the device or emulator.

Excellent, so it appears our pinsMatch function is indeed getting called twice. The parameters are the same, except for argument[1] which is "pin" and "pin_decoy".

Now we will head back to our static analysis tool. From here, we have some options. Since our goal is to learn, we'll do a little bit of everything!