# \[3] Deploy method hooks using frida REPL

Alright, so - time to move on to DBI and inject Frida into our app!

#### Inject Frida

In the command prompt, navigate to the course scripts directory and type the following:

`frida -U --runtime=v8 -l privatePhotoVault.js -F`

To quickly pick apart the extra arguments we're passing:

* `-U` tells frida to look for a device connected via USB (virtually or otherwise)
* `--runtime=v8` tells frida to use a newer version of JavaScript which has a number of quality of life improvements. I generally always use it.
* `-l privatePhotoVault.js` tells frida to inject our course script with some pre-made functions useful for reversing.
* For more reading on frida command line arguments, see [frida](https://summit-labs.frida.ninja/frida-tool-reference/frida).

This should get you to the following terminal view (hereinafter called the [REPL](https://summit-labs.frida.ninja/frida-tool-reference/frida)):

![](https://488119401-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Lzm4AJhr7K-rQNi6wbH%2F-M-5XkLPBBbkgyIzx4tG%2F-M-A5kmuF55L6uCFgofl%2Fimage.png?alt=media\&token=a5020522-4223-4b21-97e1-a69eb07c405f)

If you made it here – excellent! Now, we’re ready to have some fun. If you’ve never written code before, that’s about to change! Don’t worry, we’ll take it slow!

#### Autocomplete / Intellisense

One thing Frida does that can make life a bit easier is provide a bit of good old intellisense. This means when you start typing, an autocomplete box appears which you can navigate with the up and down arrow keys.

![](https://488119401-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Lzm4AJhr7K-rQNi6wbH%2F-M6WTh3FQ2SgA9IHFEYy%2F-M6WX99p7pWCpYEWO4zI%2Fimage.png?alt=media\&token=7a8bbdeb-bd33-49c1-8f42-11b0cd742147)

In [Lab 2](https://summit-labs.frida.ninja/lab/2-perform-static-analysis-to-locate-some-functions-of-interest), we identified the pinsMatch function as a candidate for method hooking, so let's start with that.

#### Get your hooks in!

To apply a method hook, we will use the traceMethod command. traceMethod is from the Raptor iOS tracing script and takes the class name as a string.

`traceMethod('com.github.browep.privatephotovault.crypto.CryptoUtils.pinsMatch')`

If successful, you should see a message from Frida saying:

`Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.pinsMatch [1 overload(s)]`

{% hint style="warning" %}
If a class has multiple implementations of the same function name (each with different parameters), these are called **overloads**. This is common when an application has been obfuscated.
{% endhint %}

Time to see if we are on the right track! Enter the PIN on the device or emulator.

![](https://488119401-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Lzm4AJhr7K-rQNi6wbH%2F-M6WTh3FQ2SgA9IHFEYy%2F-M6WYWSKwY9Sv_3_y8KP%2Fimage.png?alt=media\&token=a4e8f9a2-5178-4ad7-b0db-261886a5acae)

Excellent, so it appears our pinsMatch function is indeed getting called twice. The parameters are the same, except for argument\[1] which is "pin" and "pin\_decoy".

Now we will head back to our static analysis tool. From here, we have some options. Since our goal is to learn, we'll do a little bit of everything!

* Continue to push through via static analysis, building our understanding up as we go. This option may appeal to those with more programming experience. \[[Lab 4a](https://summit-labs.frida.ninja/lab/4a-moar-static-analysis)]<br>
* Cast a wider net with method hooks, hooking additional functions of interest, or even an entire class worth of functions. \[[Lab 4b](https://summit-labs.frida.ninja/lab/4b-cast-a-wider-net-with-dbi)]<br>
* Go full ham and write a PIN bruteforce, because it's fun (and **relatively** easy!) \[[Lab 4c](https://summit-labs.frida.ninja/lab/4c-pin-bruteforce)]