Deploy method hooks using frida REPL
Alright, so - time to move on to DBI and inject Frida into our app!
In the command prompt, navigate to the course scripts directory and type the following:
frida -U --runtime=v8 -l privatePhotoVault.js -F
To quickly pick apart the extra arguments we're passing:
-Utells frida to look for a device connected via USB (virtually or otherwise)
-l privatePhotoVault.jstells frida to inject our course script with some pre-made functions useful for reversing.
If you made it here – excellent! Now, we’re ready to have some fun. If you’ve never written code before, that’s about to change! Don’t worry, we’ll take it slow!
One thing Frida does that can make life a bit easier is provide a bit of good old intellisense. This means when you start typing, an autocomplete box appears which you can navigate with the up and down arrow keys.
In Lab 2, we identified the pinsMatch function as a candidate for method hooking, so let's start with that.
To apply a method hook, we will use the traceMethod command. traceMethod is from the Raptor iOS tracing script and takes the class name as a string.
If successful, you should see a message from Frida saying:
Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.pinsMatch [1 overload(s)]
If a class has multiple implementations of the same function name (each with different parameters), these are called overloads. This is common when an application has been obfuscated.
Time to see if we are on the right track! Enter the PIN on the device or emulator.
Excellent, so it appears our pinsMatch function is indeed getting called twice. The parameters are the same, except for argument which is "pin" and "pin_decoy".
Now we will head back to our static analysis tool. From here, we have some options. Since our goal is to learn, we'll do a little bit of everything!